framework-fedora/README.md

Fedora on the Framework

Mostly stolen from https://mutschler.dev/linux/fedora-post-install/

Dual Boot with Fingerprint Scanner Issues

https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206

The script below will clear the existing fingerprints from the internal storage.

#! /usr/bin/python3

import gi
gi.require_version('FPrint', '2.0')
from gi.repository import FPrint

ctx = FPrint.Context()

for dev in ctx.get_devices():
    print(dev)
    print(dev.get_driver())
    print(dev.props.device_id);

    dev.open_sync()

    dev.clear_storage_sync()
    print("All prints deleted.")

    dev.close_sync()

Revert Kernel (if needed)

With koji

sudo dnf install koji
mkdir /tmp/kernel-download
cd /tmp/kernel-download
koji search build kernel-6.0.12*
koji download-build --arch=x86_64 kernel-6.0.12-300.fc37
sudo dnf install ./*.rpm

# Find the kernels you have installed
sudo rpm -qa kernel

# List available kernels
sudo ls /boot | grep vmlinuz

# Revert to a previous kernel
sudo grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64

Make DNF Fast

echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf
echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf

/etc/dnf/dnf.conf

[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=False
skip_if_unavailable=True
fastestmirror=1
max_parallel_downloads=10
deltarpm=true

Install Useful Packages

sudo dnf install vim

Set Hostname

hostnamectl set-hostname ducolaptop

BTRFS Optimizations

sudo nano /etc/fstab
# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /                       btrfs   subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
# UUID=04ae92cd-717c-4aaf-bb24-58001be8d334 /boot                   ext4    defaults        1 2
# UUID=C17B-722D                            /boot/efi               vfat    umask=0077,shortname=winnt 0 2
# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /home                   btrfs   subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
# UUID=47faf958-b80a-43e1-a36f-ca5a932474f7 /btrfs_pool             btrfs   subvolid=5,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
sudo mkdir -p /btrfs_pool
sudo mount -a

sudo vim /etc/crypttab
# luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard

sudo systemctl enable fstrim.timer

Install updates

sudo dnf upgrade --refresh
sudo dnf check
sudo dnf autoremove
sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates
sudo fwupdmgr update
sudo reboot now

Extensions

sudo dnf install -y gnome-extensions-app gnome-tweaks
sudo dnf install -y gnome-shell-extension-appindicator

1. Another Window Session Manager by 5q0Fw

   Restores windows on shutdown/reboot. Can be configured to automatically save the last state before restart. Pair this with "restore session" in firefox/chrome and you've got yourself a really good mac hibernate equivalent.

2. Dash to Dock by michele_g

   Make the dock behave like macos. Hide when it would cover a window. Show when the mouse hovers over the bottom of the screen. Add some sane default shortcuts. Etc.

3. Tactile by lundal

   Power-user tiling! Behaves like Windows Power Toys FancyZones.

4. Vitals by corecoding

   Adds quick-glance stats about your system to the menu bar. Use to monitor CPU usage, memory availability, network speed, battery wattage, etc.

Gnome Tweaks

1. Fonts -> Monospace Text -> Fira Code Regular
2. Keyboard & Mouse -> Acceleration Profile -> Flat
3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers
4. Top Bar -> Activities Overview Hot Corner -> Off
5. Top Bar -> Battery Percentage -> On
6. Top Bar -> Clock -> Weekday -> On
7. Top Bar -> Clock -> Seconds -> On
8. Windows -> Center New Windows -> On

Flatpack

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update

Snap

sudo dnf install -y snapd
sudo ln -s /var/lib/snapd/snap /snap # for classic snap support
ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome
sudo reboot now

AppImage Launcher

Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0

Backups

Create Encrypted Drive

# Create an encrypted drive
sudo cryptsetup luksFormat /dev/sdb1

# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda

# Create a lukskeys
mkdir -p /home/ducoterra/.lukskeys

# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup

# Change key mode
chmod 600 /home/ducoterra/.lukskeys

# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup

# Get UUID of disk with
sudo blkid /dev/sda1

# Add key to crypttab
echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab

# Create read-only backup mount point
sudo btrfs sub create /mnt/btr_backup
sudo btrfs property set /mnt/btr_backup ro true

# Add to fstab
echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab

# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0

# close (or fix issues)
sudo cryptsetup luksClose backup0

Backup Disks

Backup disks will respect the following naming convention:

brand_size_purpose_year_month

So for a backup drive you would create:

wd_4tb_backup_2023_01

Or for an archive drive:

samsung_1tb_archive_2023_01

Disk Health

smartctl -a /dev/sda

Create BTRBK Config

sudo vim /etc/btrbk/btrbk.conf

snapshot_create         ondemand
snapshot_preserve_min   2d
snapshot_preserve       14d
snapshot_dir snapshots

target_preserve_min     no
target_preserve         20d 10w *m

volume /mnt/btr_pool
    target       /mnt/btr_backup
    subvolume    root
    subvolume    home

Create Systemd Timer

sudo vim /etc/systemd/system/btrbk.service

[Unit]
Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf

[Service]
ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run

sudo vim /etc/systemd/system/btrbk.timer

[Unit]
Description=Run btrbk every hour

[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk.service

[Install]
WantedBy=timers.target

Test, Start and Enable service

Test your service:the available storage space on our NAS to the iSCSI target and the other half

sudo btrbk -c /etc/btrbk/btrbk.conf -v run

Enable your service:

sudo systemctl start btrbk.timer

sudo systemctl enable btrbk.timer

Restore

In the event you need to restore your system from a disaster do the following:

1. Reinstall fedora via a live image
2. After install, disk should be mounted at /mnt/sysimage
3. Copy the new fstab and crypttab to somewhere safe
4. rsync -av [etc, home, opt, root, usr, var]
5. mount /dev/Y /mnt/sysimage/boot
6. mount /dev/Z /mnt/sysimage/boot/efi
7. mount --bind /dev /mnt/sysimage/dev
8. mount --bind /proc /mnt/sysimage/proc
9. mount --bind /sys /mnt/sysimage/sys
10. chroot /mnt/sysimage
11. Edit fstab and crypttab so they match the new partitions
12. Update /etc/default/grub to match the new luks uuid
13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
14. reboot

Firewall CMD

1. Enable firewall

   systemctl start firewall-cmd
   systemctl enable firewall-cmd
   

2. Set default behavior to drop everything

   firewall-cmd --set-default-zone=drop
   systemctl reload firewall-cmd
   

Bluetooth

Airpods

Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr

1. restart bluetooth service
2. connect airpods
3. comment line out
4. restart bluetooth service again

ZRAM

Edit /etc/systemd/zram-generator.conf

[zram0]
zram-size = min(ram / 2, 16384)
compression-algorithm = lzo-rle
options =
writeback-device = /dev/zvol/tarta-zoot/swap-writeback

Automatic Disk Decryption with TPM2

It's a friendlier experience to just encrypt your root partition with tpm and lunlock your remaining drives with key files stored at /etc/ukskeys. This way you only need to reregister one key with your tpm and the remaining drives will be unlocked automatically.

Add your luks keys to the tpm module and set up boot parameters:

# Enroll for the first time
sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme1n1p3

# Add tpm2 configuration option to /etc/crypttab
# You can get the uuid with lsblk and blkid
luks-d9828faa-2b8c-4184-9e74-9054ae328c6d UUID=d9828faa-2b8c-4184-9e74-9054ae328c6d none tpm2-device=auto,discard

# Add rd.luks.options=tpm2-device=auto to grub
sudo grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL

# Regenerate the boot parameters
sudo dracut -f

We can configure our system to automatically reenroll the tpm device on boot so you only need to enter your password on kernel updates.

# Create a new random password for your disk
sudo cryptsetup luksAddKey /dev/nvme0n1p3

/etc/systemd/system/tpm_luks_cryptenroll.service

[Unit]
Description=Automatically runs systemd-cryptenroll on login

[Service]
Type=oneshot
ExecStart=/usr/bin/systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme0n1p3
# new random password you just created
Environment=PASSWORD=

[Install]
WantedBy=multi-user.target

# Now enable the service
sudo systemctl enable tpm_luks_cryptenroll.service

Firefox GPU Rendering

https://community.frame.work/t/linux-battery-life-tuning/6665

dnf install intel-media-driver intel-gpu-tools

Type in about:config in the address bar and hit enter.

Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true.

Close and reopen your browser

Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00%

Gnome Software Updates (packagekitd and software)

To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there.

Disable auto-updates

sudo systemctl disable packagekit
sudo systemctl stop packagekit

dconf write /org/gnome/software/allow-updates false
dconf write /org/gnome/software/download-updates false

Turn Off Fingerprint When Laptop Lid Closed

To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open.

We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status.

Follow the steps below:

1. Create a .locks file in your home dir: mkdir ~/.locks

2. Create file /etc/acpi/laptop-lid.sh with the following contents:

   #!/bin/bash
   
   lock=/home/ducoterra/.locks/fprint-disabled.lock
   
   if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
       # This is used to detect if a display is connected.
       # For USB C displayport use: 
       # grep -Fxq connected /sys/class/drm/card1-DP-2/status
       # For hdmi use:
       # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
   then
       touch "$lock"
       systemctl stop fprintd
       systemctl mask fprintd
   elif [ -f "$lock" ]
   then
       systemctl unmask fprintd
       systemctl start fprintd
       rm -f "$lock"
   fi
   

3. Make the file executable with

   chmod +x /etc/acpi/laptop-lid.sh

4. Create file /etc/acpi/events/laptop-lid with the following contents:

   event=button/lid.*
   action=/etc/acpi/laptop-lid.sh
   

5. Restart the acpid service with:

   sudo service acpid restart

Now the fingerprint will be used only when the lid is open.

In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following:

1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents:

   [Unit]
   Description=Laptop Lid
   After=suspend.target
   
   [Service]
   ExecStart=/etc/acpi/laptop-lid.sh
   
   [Install]
   WantedBy=multi-user.target
   WantedBy=suspend.target
   

2. Reload the systemd config files with

   sudo systemctl daemon-reload

3. Start the service with

   sudo systemctl start laptop-lid.service

4. Enable the service so that it starts automatically on boot

   sudo systemctl enable laptop-lid.service

Now the status should be correct even after connecting/disconnecting when the computer is off.

Power Button Behavior

The power button is controlled from 2 locations:

1. DCONF (or gnoem settings) at gnome.settings-daemon.plugins.power
2. ACPI at /etc/acpi/events/powerconf

The powerconf acpi configuration will execute at the same time the gnome settings do. This can lead to situations where the gnome settings say "suspend" but the acpi settings say "shutdown". On waking up your laptop it will immediately shutdown.

The solution is to comment out everything in /etc/acpi/events/powerconf and rely on the gnome settings OR set the gnome settings to "nothing" and edit /etc/acpi/actions/power.sh with the behavior you expect. Either way you should pick one to control power button behavior.

Discord

vim ~/.local/share/applications/Discord.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Discord
Exec=/home/ducoterra/Applications/Discord/Discord
Icon=/home/ducoterra/Applications/Discord/discord.png
Type=Application
Categories=Communication;

Discord sharing not working

THIS IS PROBABLY A PER-APP THING

Likely the thing you're trying to share doesn't work, it's not wayland's fault.

If you're trying to share firefox - download the firefox binary and dnf uninstall the other one. For whatever reason the preinstalled binary doesn't like screen share. You can use the following:

~/.local/share/applications/firefox.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Exec=/home/ducoterra/Applications/firefox/firefox-bin
Icon=/home/ducoterra/.icons/firefox.svg
Type=Application
Categories=Browser;

Minecraft

1. You can find extra java versions at /etc/alternatives
2. You need to dnf install xrandr to launch any modpacks
3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop:

[Desktop Entry]
Type=Application
Version=1.0
Name=Minecraft
Comment=Minecraft Launcher
Path=/home/ducoterra/Applications
Exec=minecraft-launcher
Icon=/home/ducoterra/Icons/minecraft-launcher.png
Terminal=false
Categories=Games;

Sound Devices

If you want to disable a specific device or tell Fedora not to use a specific device as output or input (looking at you yeti microphone, you're not a speaker), you can install pulse audio control for much more fine-tuned... control.

Setting your speakers to analog output seems to work best for a USB dac if it has a separate volume knob since this ties the volume knob on the dac to the internal volume of your computer.

Setting your mic to analog input works just fine on a yeti usb mic.

sudo dnf install pavucontrol

Install ffmpegthumbnailer, remove totem

totem-thumbnailer crashes all the time and isn't as good as ffmpeg's thumbnailer. What's more, totem video player ("Videos" by default on gnome) is not as good as vlc and doesn't work very well for anything more than basic video playback.

sudo dnf remove totem
sudo dnf install ffmpegthumbnailer

Add compatibility for HEIC to mogrify

sudo dnf install libheic-freeworld