# Fedora on the Framework Mostly stolen from https://mutschler.eu/linux/install-guides/fedora-post-install/ ## Dual Boot with Fingerprint Scanner Issues https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206 ## Revert Kernel (if needed) ```bash # Find the kernels you have installed sudo rpm -qa kernel # Revert to a previous kernel grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64 ``` ## Make DNF Fast ```bash echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf cat /etc/dnf/dnf.conf ``` ## Set Hostname ```bash hostnamectl set-hostname ducolaptop ``` ## BTRFS Optimizations ```bash sudo vim /etc/fstab # subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0 # subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0 sudo vim /etc/crypttab # luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard sudo systemctl enable fstrim.timer ``` ## Install updates ```bash sudo dnf upgrade --refresh sudo dnf check sudo dnf autoremove sudo fwupdmgr get-devices sudo fwupdmgr refresh --force sudo fwupdmgr get-updates sudo fwupdmgr update sudo reboot now ``` ## Install Fish ```bash sudo dnf install -y fish util-linux-user chsh -s /usr/bin/fish ``` ```bash mkdir -p /home/$USER/.local/bin set -Ua fish_user_paths /home/$USER/.local/bin ``` ## ISCSI ```bash # Login to portal iscsiadm -m discovery -t st -p driveripper.reeselink.com # Mount all targets iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l iscsiadm -m node --loginall all # Mount at boot vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1 (/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora node.startup = automatic # Log out of all sessions iscsiadm -m node -u ``` ## Gnome Tweaks 1. Fonts -> Monospace Text -> Fira Code Regular 2. Keyboard & Mouse -> Acceleration Profile -> Flat 3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers 4. Top Bar -> Activities Overview Hot Corner -> Off 5. Top Bar -> Battery Percentage -> On 6. Top Bar -> Clock -> Weekday -> On 7. Top Bar -> Clock -> Seconds -> On 8. Windows -> Center New Windows -> On ## Flatpack ```bash flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak update ``` ## Snap ```bash sudo dnf install -y snapd sudo ln -s /var/lib/snapd/snap /snap # for classic snap support ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome sudo reboot now ``` ## AppImage Launcher Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0 ## Ansible ```bash ansible-playbook --ask-become-pass ansible/framework_fedora.yml ``` ## BTRBK ### Create Encrypted Drive ```bash # Create an encrypted drive sudo cryptsetup luksFormat # LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device. # cryptsetup luksDump /dev/sda # Create a lukskeys mkdir -p /home/ducoterra/.lukskeys # Generate key dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup # Change key mode chmod 600 /home/ducoterra/.lukskeys # Luks add a key sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup # Get UUID of disk with sudo blkid /dev/sda1 # Add key to crypttab echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab # Create read-only backup mount point sudo btrfs sub create /mnt/btr_backup sudo btrfs property set /mnt/btr_backup ro true # Add to fstab echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab # mount sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0 # close (or fix issues) sudo cryptsetup luksClose backup0 ``` ### Create BTRBK Config `sudo vim /etc/btrbk/btrbk.conf` ```conf snapshot_create ondemand snapshot_preserve_min 2d snapshot_preserve 14d snapshot_dir snapshots target_preserve_min no target_preserve 20d 10w *m volume /mnt/btr_pool target /mnt/btr_backup subvolume root subvolume home ``` ### Create Systemd Timer `sudo vim /etc/systemd/system/btrbk.service` ```conf [Unit] Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf [Service] ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run ``` `sudo vim /etc/systemd/system/btrbk.timer` ```conf [Unit] Description=Run btrbk every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk.service [Install] WantedBy=timers.target ``` ### Test, Start and Enable service Test your service:the available storage space on our NAS to the iSCSI target and the other half ```bash sudo btrbk -c /etc/btrbk/btrbk.conf -v run ``` Enable your service: ```bash sudo systemctl start btrbk.timer sudo systemctl enable btrbk.timer ``` ### Minecraft 1. You can find extra java versions at /etc/alternatives 2. You need to `dnf install xrandr` to launch any modpacks 3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop: ``` [Desktop Entry] Encoding=UTF-8 Name=Technic Launcher Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar Icon=/home/ducoterra/.icons/minecraft-launcher.png Type=Application Categories=Games; ``` ### Firewall CMD 1. Enable firewall ```bash systemctl start firewall-cmd systemctl enable firewall-cmd ``` 2. Set default behavior to drop everything ```bash firewall-cmd --set-default-zone=drop systemctl reload firewall-cmd ``` ### Resources Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system ## Backups ### Full system backup In the event you need to restore your system from a disaster do the following: 1. Reinstall fedora via a live image 2. After install, disk should be mounted at /mnt/sysimage 3. Copy the new fstab and crypttab to somewhere safe 4. rsync -av [etc, home, opt, root, usr, var] 5. `mount /dev/Y /mnt/sysimage/boot` 6. `mount /dev/Z /mnt/sysimage/boot/efi` 7. `mount --bind /dev /mnt/sysimage/dev` 8. `mount --bind /proc /mnt/sysimage/proc` 9. `mount --bind /sys /mnt/sysimage/sys` 10. `chroot /mnt/sysimage` 11. Edit fstab and crypttab so they match the new partitions 12. Update /etc/default/grub to match the new luks uuid 13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg 14. reboot ## Libvirt ### Snapshots on secure-boot VMs ```bash # list snapshots qemu-img snapshot -l win10.qcow2 # create a snapshot qemu-img snapshot -c 1-welcome win10.qcow2 # restore a snapshot qemu-img snapshot -a 1-welcome win10.qcow2 ``` ### Connecting to Truenas via virt-manager You should be able to use the following custom URL: ```text qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock ``` This assumes the correct socket path from `/etc/libvirt/libvirtd.conf` and ability to log in as the root user via ssh. ## bluetooth ### Airpods Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr restart bluetooth service connect airpods comment line out restart bluetooth service again ## ZRAM Edit /etc/systemd/zram-generator.conf ```conf [zram0] zram-size = min(ram / 2, 16384) compression-algorithm = lzo-rle options = writeback-device = /dev/zvol/tarta-zoot/swap-writeback ``` ## Automatic Disk Decryption with TPM2 https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95 ```bash # Add decryption key to tpm. systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3 # Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade. systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7 # Add tpm2 configuration option to /etc/crypttab luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard # Add rd.luks.options=tpm2-device=auto to grub grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL dracut -f ``` ## Firefox GPU Rendering https://community.frame.work/t/linux-battery-life-tuning/6665 ```bash dnf install intel-media-driver intel-gpu-tools ``` Type in about:config in the address bar and hit enter. Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true. Close and reopen your browser Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00% ## Gnome Software Updates (packagekitd and software) To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there. Disable auto-updates ```bash sudo systemctl disable packagekit sudo systemctl stop packagekit dconf write /org/gnome/software/allow-updates false dconf write /org/gnome/software/download-updates false ```