From 595ceb3bbcccfba8b824a7f85737304bc29de355 Mon Sep 17 00:00:00 2001
From: ducoterra <ducoterra@gmail.com>
Date: Sun, 11 Jun 2023 11:15:20 -0400
Subject: [PATCH] init

---
 README.md | 646 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 646 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5f981a3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,646 @@
+# Fedora on the Framework
+
+Mostly stolen from <https://mutschler.dev/linux/fedora-post-install/>
+
+## Dual Boot with Fingerprint Scanner Issues
+
+<https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206>
+
+The script below will clear the existing fingerprints from the internal
+storage.
+
+```bash
+#! /usr/bin/python3
+
+import gi
+gi.require_version('FPrint', '2.0')
+from gi.repository import FPrint
+
+ctx = FPrint.Context()
+
+for dev in ctx.get_devices():
+    print(dev)
+    print(dev.get_driver())
+    print(dev.props.device_id);
+
+    dev.open_sync()
+
+    dev.clear_storage_sync()
+    print("All prints deleted.")
+
+    dev.close_sync()
+```
+
+## Revert Kernel (if needed)
+
+With koji
+
+```bash
+sudo dnf install koji
+mkdir /tmp/kernel-download
+cd /tmp/kernel-download
+koji search build kernel-6.0.12*
+koji download-build --arch=x86_64 kernel-6.0.12-300.fc37
+sudo dnf install ./*.rpm
+```
+
+```bash
+# Find the kernels you have installed
+sudo rpm -qa kernel
+
+# List available kernels
+sudo ls /boot | grep vmlinuz
+
+# Revert to a previous kernel
+sudo grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64
+```
+
+## Make DNF Fast
+
+```bash
+echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf
+echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf
+echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf
+```
+
+/etc/dnf/dnf.conf
+
+```conf
+[main]
+gpgcheck=1
+installonly_limit=3
+clean_requirements_on_remove=True
+best=False
+skip_if_unavailable=True
+fastestmirror=1
+max_parallel_downloads=10
+deltarpm=true
+```
+
+## Install Useful Packages
+
+```bash
+sudo dnf install vim
+```
+
+## Set Hostname
+
+```bash
+hostnamectl set-hostname ducolaptop
+```
+
+## BTRFS Optimizations
+
+```bash
+sudo nano /etc/fstab
+# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /                       btrfs   subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
+# UUID=04ae92cd-717c-4aaf-bb24-58001be8d334 /boot                   ext4    defaults        1 2
+# UUID=C17B-722D                            /boot/efi               vfat    umask=0077,shortname=winnt 0 2
+# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /home                   btrfs   subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
+# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /btrfs_pool             btrfs   subvolid=5,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
+sudo mkdir -p /btrfs_pool
+sudo mount -a
+
+sudo vim /etc/crypttab
+# luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard
+
+sudo systemctl enable fstrim.timer
+```
+
+## Install updates
+
+```bash
+sudo dnf upgrade --refresh
+sudo dnf check
+sudo dnf autoremove
+sudo fwupdmgr get-devices
+sudo fwupdmgr refresh --force
+sudo fwupdmgr get-updates
+sudo fwupdmgr update
+sudo reboot now
+```
+
+## Extensions
+
+```bash
+sudo dnf install -y gnome-extensions-app gnome-tweaks
+sudo dnf install -y gnome-shell-extension-appindicator
+```
+
+1. Another Window Session Manager by 5q0Fw
+
+    Restores windows on shutdown/reboot. Can be configured to automatically
+    save the last state before restart. Pair this with "restore session" in
+    firefox/chrome and you've got yourself a really good mac hibernate
+    equivalent.
+
+2. Dash to Dock by michele_g
+
+    Make the dock behave like macos. Hide when it would cover a window. Show
+    when the mouse hovers over the bottom of the screen. Add some sane default
+    shortcuts. Etc.
+
+3. Tactile by lundal
+
+    Power-user tiling! Behaves like Windows Power Toys FancyZones.
+
+4. Vitals by corecoding
+
+    Adds quick-glance stats about your system to the menu bar. Use to monitor
+    CPU usage, memory availability, network speed, battery wattage, etc.
+
+## Gnome Tweaks
+
+1. Fonts -> Monospace Text -> Fira Code Regular
+2. Keyboard & Mouse -> Acceleration Profile -> Flat
+3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers
+4. Top Bar -> Activities Overview Hot Corner -> Off
+5. Top Bar -> Battery Percentage -> On
+6. Top Bar -> Clock -> Weekday -> On
+7. Top Bar -> Clock -> Seconds -> On
+8. Windows -> Center New Windows -> On
+
+## Flatpack
+
+```bash
+flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+flatpak update
+```
+
+## Snap
+
+```bash
+sudo dnf install -y snapd
+sudo ln -s /var/lib/snapd/snap /snap # for classic snap support
+ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome
+sudo reboot now
+```
+
+## AppImage Launcher
+
+Download RPM from
+<https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0>
+
+## Backups
+
+### Create Encrypted Drive
+
+```bash
+# Create an encrypted drive
+sudo cryptsetup luksFormat /dev/sdb1
+
+# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
+# cryptsetup luksDump /dev/sda
+
+# Create a lukskeys
+mkdir -p /home/ducoterra/.lukskeys
+
+# Generate key
+dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup
+
+# Change key mode
+chmod 600 /home/ducoterra/.lukskeys
+
+# Luks add a key
+sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup
+
+# Get UUID of disk with
+sudo blkid /dev/sda1
+
+# Add key to crypttab
+echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab
+
+# Create read-only backup mount point
+sudo btrfs sub create /mnt/btr_backup
+sudo btrfs property set /mnt/btr_backup ro true
+
+# Add to fstab
+echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab
+
+# mount
+sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
+
+# close (or fix issues)
+sudo cryptsetup luksClose backup0
+```
+
+### Backup Disks
+
+Backup disks will respect the following naming convention:
+
+brand_size_purpose_year_month
+
+So for a backup drive you would create:
+
+`wd_4tb_backup_2023_01`
+
+Or for an archive drive:
+
+`samsung_1tb_archive_2023_01`
+
+#### Disk Health
+
+`smartctl -a /dev/sda`
+
+### Create BTRBK Config
+
+`sudo vim /etc/btrbk/btrbk.conf`
+
+```conf
+snapshot_create         ondemand
+snapshot_preserve_min   2d
+snapshot_preserve       14d
+snapshot_dir snapshots
+
+target_preserve_min     no
+target_preserve         20d 10w *m
+
+volume /mnt/btr_pool
+    target       /mnt/btr_backup
+    subvolume    root
+    subvolume    home
+```
+
+### Create Systemd Timer
+
+`sudo vim /etc/systemd/system/btrbk.service`
+
+```conf
+[Unit]
+Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
+
+[Service]
+ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run
+```
+
+`sudo vim /etc/systemd/system/btrbk.timer`
+
+```conf
+[Unit]
+Description=Run btrbk every hour
+
+[Timer]
+OnCalendar=hourly
+AccuracySec=10min
+Persistent=true
+Unit=btrbk.service
+
+[Install]
+WantedBy=timers.target
+```
+
+### Test, Start and Enable service
+
+Test your service:the available storage space on our NAS to the iSCSI target
+and the other half
+
+```bash
+sudo btrbk -c /etc/btrbk/btrbk.conf -v run
+```
+
+Enable your service:
+
+```bash
+sudo systemctl start btrbk.timer
+
+sudo systemctl enable btrbk.timer
+```
+
+### Restore
+
+In the event you need to restore your system from a disaster do the following:
+
+1. Reinstall fedora via a live image
+2. After install, disk should be mounted at /mnt/sysimage
+3. Copy the new fstab and crypttab to somewhere safe
+4. rsync -av [etc, home, opt, root, usr, var]
+5. `mount /dev/Y /mnt/sysimage/boot`
+6. `mount /dev/Z /mnt/sysimage/boot/efi`
+7. `mount --bind /dev /mnt/sysimage/dev`
+8. `mount --bind /proc /mnt/sysimage/proc`
+9. `mount --bind /sys /mnt/sysimage/sys`
+10. `chroot /mnt/sysimage`
+11. Edit fstab and crypttab so they match the new partitions
+12. Update /etc/default/grub to match the new luks uuid
+13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
+14. reboot
+
+## Firewall CMD
+
+1. Enable firewall
+
+    ```bash
+    systemctl start firewall-cmd
+    systemctl enable firewall-cmd
+    ```
+
+2. Set default behavior to drop everything
+
+    ```bash
+    firewall-cmd --set-default-zone=drop
+    systemctl reload firewall-cmd
+    ```
+
+## Bluetooth
+
+### Airpods
+
+Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr
+
+1. restart bluetooth service
+2. connect airpods
+3. comment line out
+4. restart bluetooth service again
+
+## ZRAM
+
+Edit /etc/systemd/zram-generator.conf
+
+```conf
+[zram0]
+zram-size = min(ram / 2, 16384)
+compression-algorithm = lzo-rle
+options =
+writeback-device = /dev/zvol/tarta-zoot/swap-writeback
+```
+
+## Automatic Disk Decryption with TPM2
+
+It's a friendlier experience to just encrypt your root partition with tpm and
+lunlock your remaining drives with key files stored at /etc/ukskeys. This way
+you only need to reregister one key with your tpm and the remaining drives will
+be unlocked automatically.
+
+Add your luks keys to the tpm module and set up boot parameters:
+
+```bash
+# Enroll for the first time
+sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme1n1p3
+
+# Add tpm2 configuration option to /etc/crypttab
+# You can get the uuid with lsblk and blkid
+luks-d9828faa-2b8c-4184-9e74-9054ae328c6d UUID=d9828faa-2b8c-4184-9e74-9054ae328c6d none tpm2-device=auto,discard
+
+# Add rd.luks.options=tpm2-device=auto to grub
+sudo grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL
+
+# Regenerate the boot parameters
+sudo dracut -f
+```
+
+We can configure our system to automatically reenroll the tpm device on boot so
+you only need to enter your password on kernel updates.
+
+```bash
+# Create a new random password for your disk
+sudo cryptsetup luksAddKey /dev/nvme0n1p3
+```
+
+/etc/systemd/system/tpm_luks_cryptenroll.service
+
+```conf
+[Unit]
+Description=Automatically runs systemd-cryptenroll on login
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme0n1p3
+# new random password you just created
+Environment=PASSWORD=
+
+[Install]
+WantedBy=multi-user.target
+```
+
+```bash
+# Now enable the service
+sudo systemctl enable tpm_luks_cryptenroll.service
+```
+
+## Firefox GPU Rendering
+
+<https://community.frame.work/t/linux-battery-life-tuning/6665>
+
+```bash
+dnf install intel-media-driver intel-gpu-tools
+```
+
+Type in about:config in the address bar and hit enter.
+
+Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and
+media.navigator.mediadatadecoder_vpx_enabled to true.
+
+Close and reopen your browser
+
+Run the command sudo intel_gpu_top, play a 4k video and check whether the Video
+section is above 0.00%
+
+## Gnome Software Updates (packagekitd and software)
+
+To prevent Gnome Shell from starting Software open Settings->Search and disable
+Software from there.
+
+Disable auto-updates
+
+```bash
+sudo systemctl disable packagekit
+sudo systemctl stop packagekit
+
+dconf write /org/gnome/software/allow-updates false
+dconf write /org/gnome/software/download-updates false
+```
+
+## Turn Off Fingerprint When Laptop Lid Closed
+
+To disable fingerprint authentication when the laptop lid is closed, and
+re-enable when it is reopened, we will use acpid to bind to the button/lid.*
+event to a custom script that will stop and mask the fprintd service on lid
+close, and unmask and start the fprintd service on lid open.
+
+We also check that the HDMI cable is connected by testing the contents of
+/sys/class/drm/card0-HDMI-A-1/status.
+
+Follow the steps below:
+
+1. Create a .locks file in your home dir: `mkdir ~/.locks`
+2. Create file /etc/acpi/laptop-lid.sh with the following contents:
+
+    ```bash
+    #!/bin/bash
+
+    lock=/home/ducoterra/.locks/fprint-disabled.lock
+
+    if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
+        # This is used to detect if a display is connected.
+        # For USB C displayport use: 
+        # grep -Fxq connected /sys/class/drm/card1-DP-2/status
+        # For hdmi use:
+        # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
+    then
+        touch "$lock"
+        systemctl stop fprintd
+        systemctl mask fprintd
+    elif [ -f "$lock" ]
+    then
+        systemctl unmask fprintd
+        systemctl start fprintd
+        rm -f "$lock"
+    fi
+    ```
+
+3. Make the file executable with
+
+    `chmod +x /etc/acpi/laptop-lid.sh`
+
+4. Create file /etc/acpi/events/laptop-lid with the following contents:
+
+    ```bash
+    event=button/lid.*
+    action=/etc/acpi/laptop-lid.sh
+    ```
+
+5. Restart the acpid service with:
+
+    `sudo service acpid restart`
+
+Now the fingerprint will be used only when the lid is open.
+
+In order to restore the correct state of the fprintd service if you
+disconnect/reconnect while the laptop is off, you may call the above script
+from a systemd init file. The steps to do this are the following:
+
+1. Create a file named /etc/systemd/system/laptop-lid.service with the
+   following contents:
+
+    ```bash
+    [Unit]
+    Description=Laptop Lid
+    After=suspend.target
+
+    [Service]
+    ExecStart=/etc/acpi/laptop-lid.sh
+
+    [Install]
+    WantedBy=multi-user.target
+    WantedBy=suspend.target
+    ```
+
+2. Reload the systemd config files with
+
+    `sudo systemctl daemon-reload`
+
+3. Start the service with
+
+    `sudo systemctl start laptop-lid.service`
+
+4. Enable the service so that it starts automatically on boot
+
+    `sudo systemctl enable laptop-lid.service`
+
+Now the status should be correct even after connecting/disconnecting when the
+computer is off.
+
+## Power Button Behavior
+
+The power button is controlled from 2 locations:
+
+1. DCONF (or gnoem settings) at `gnome.settings-daemon.plugins.power`
+2. ACPI at /etc/acpi/events/powerconf
+
+The powerconf acpi configuration will execute at the same time the gnome settings do.
+This can lead to situations where the gnome settings say "suspend" but the acpi settings
+say "shutdown". On waking up your laptop it will immediately shutdown.
+
+The solution is to comment out everything in /etc/acpi/events/powerconf and rely on the
+gnome settings **OR** set the gnome settings to "nothing" and edit
+`/etc/acpi/actions/power.sh` with the behavior you expect. Either way you should pick
+one to control power button behavior.
+
+## Discord
+
+vim ~/.local/share/applications/Discord.desktop
+
+```conf
+[Desktop Entry]
+Encoding=UTF-8
+Name=Discord
+Exec=/home/ducoterra/Applications/Discord/Discord
+Icon=/home/ducoterra/Applications/Discord/discord.png
+Type=Application
+Categories=Communication;
+```
+
+### Discord sharing not working
+
+THIS IS PROBABLY A PER-APP THING
+
+Likely the thing you're trying to share doesn't work, it's not wayland's fault.
+
+If you're trying to share firefox - download the firefox binary and dnf
+uninstall the other one. For whatever reason the preinstalled binary doesn't
+like screen share. You can use the following:
+
+~/.local/share/applications/firefox.desktop
+
+```conf
+[Desktop Entry]
+Encoding=UTF-8
+Name=Firefox
+Exec=/home/ducoterra/Applications/firefox/firefox-bin
+Icon=/home/ducoterra/.icons/firefox.svg
+Type=Application
+Categories=Browser;
+```
+
+## Minecraft
+
+1. You can find extra java versions at /etc/alternatives
+2. You need to `dnf install xrandr` to launch any modpacks
+3. You can create a desktop icon by putting this at
+   ~/.local/share/applications/*.desktop:
+
+```conf
+[Desktop Entry]
+Type=Application
+Version=1.0
+Name=Minecraft
+Comment=Minecraft Launcher
+Path=/home/ducoterra/Applications
+Exec=minecraft-launcher
+Icon=/home/ducoterra/Icons/minecraft-launcher.png
+Terminal=false
+Categories=Games;
+```
+
+## Sound Devices
+
+If you want to disable a specific device or tell Fedora not to use a specific device
+as output or input (looking at you yeti microphone, you're not a speaker), you can
+install pulse audio control for much more fine-tuned... control.
+
+Setting your speakers to analog output seems to work best for a USB dac if it has
+a separate volume knob since this ties the volume knob on the dac to the internal
+volume of your computer.
+
+Setting your mic to analog input works just fine on a yeti usb mic.
+
+```bash
+sudo dnf install pavucontrol
+```
+
+## Install ffmpegthumbnailer, remove totem
+
+totem-thumbnailer crashes all the time and isn't as good as ffmpeg's thumbnailer.
+What's more, totem video player ("Videos" by default on gnome) is not as good as vlc
+and doesn't work very well for anything more than basic video playback.
+
+```bash
+sudo dnf remove totem
+sudo dnf install ffmpegthumbnailer
+```
+
+## Add compatibility for HEIC to mogrify
+
+```bash
+sudo dnf install libheic-freeworld
+```