# Fedora on the Framework Mostly stolen from https://mutschler.eu/linux/install-guides/fedora-post-install/ ## Dual Boot with Fingerprint Scanner Issues https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206 ## Revert Kernel (if needed) With koji ```bash sudo dnf install koji mkdir /tmp/kernel-download cd /tmp/kernel-download koji search build kernel-6.0.12* koji download-build --arch=x86_64 kernel-6.0.12-300.fc37 sudo dnf install ./*.rpm ``` ```bash # Find the kernels you have installed sudo rpm -qa kernel # List available kernels sudo ls /boot | grep vmlinuz # Revert to a previous kernel sudo grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64 ``` ## Make DNF Fast ```bash echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf cat /etc/dnf/dnf.conf ``` ## Set Hostname ```bash hostnamectl set-hostname ducolaptop ``` ## BTRFS Optimizations ```bash sudo vim /etc/fstab # subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0 # subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0 sudo vim /etc/crypttab # luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard sudo systemctl enable fstrim.timer ``` ## Install updates ```bash sudo dnf upgrade --refresh sudo dnf check sudo dnf autoremove sudo fwupdmgr get-devices sudo fwupdmgr refresh --force sudo fwupdmgr get-updates sudo fwupdmgr update sudo reboot now ``` ## Install Fish ```bash sudo dnf install -y fish util-linux-user chsh -s /usr/bin/fish ``` ```bash mkdir -p /home/$USER/.local/bin set -Ua fish_user_paths /home/$USER/.local/bin ``` ## ISCSI ```bash # Login to portal iscsiadm -m discovery -t st -p driveripper.reeselink.com # Mount all targets iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l iscsiadm -m node --loginall all # Mount at boot vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1 (/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora node.startup = automatic # Log out of all sessions iscsiadm -m node -u ``` ## Gnome Tweaks 1. Fonts -> Monospace Text -> Fira Code Regular 2. Keyboard & Mouse -> Acceleration Profile -> Flat 3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers 4. Top Bar -> Activities Overview Hot Corner -> Off 5. Top Bar -> Battery Percentage -> On 6. Top Bar -> Clock -> Weekday -> On 7. Top Bar -> Clock -> Seconds -> On 8. Windows -> Center New Windows -> On ## Flatpack ```bash flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak update ``` ## Snap ```bash sudo dnf install -y snapd sudo ln -s /var/lib/snapd/snap /snap # for classic snap support ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome sudo reboot now ``` ## AppImage Launcher Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0 ## Ansible ```bash ansible-playbook --ask-become-pass ansible/framework_fedora.yml ``` ## BTRBK ### Create Encrypted Drive ```bash # Create an encrypted drive sudo cryptsetup luksFormat /dev/sdb1 # LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device. # cryptsetup luksDump /dev/sda # Create a lukskeys mkdir -p /home/ducoterra/.lukskeys # Generate key dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup # Change key mode chmod 600 /home/ducoterra/.lukskeys # Luks add a key sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup # Get UUID of disk with sudo blkid /dev/sda1 # Add key to crypttab echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab # Create read-only backup mount point sudo btrfs sub create /mnt/btr_backup sudo btrfs property set /mnt/btr_backup ro true # Add to fstab echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab # mount sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0 # close (or fix issues) sudo cryptsetup luksClose backup0 ``` ### Backup Disks Backup disks will respect the following naming convention: brand_size_purpose_year_month So for a backup drive you would create: `wd_4tb_backup_2023_01` Or for an archive drive: `samsung_1tb_archive_2023_01` #### Disk Health `smartctl -a /dev/sda` ### Create BTRBK Config `sudo vim /etc/btrbk/btrbk.conf` ```conf snapshot_create ondemand snapshot_preserve_min 2d snapshot_preserve 14d snapshot_dir snapshots target_preserve_min no target_preserve 20d 10w *m volume /mnt/btr_pool target /mnt/btr_backup subvolume root subvolume home ``` ### Create Systemd Timer `sudo vim /etc/systemd/system/btrbk.service` ```conf [Unit] Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf [Service] ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run ``` `sudo vim /etc/systemd/system/btrbk.timer` ```conf [Unit] Description=Run btrbk every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk.service [Install] WantedBy=timers.target ``` ### Test, Start and Enable service Test your service:the available storage space on our NAS to the iSCSI target and the other half ```bash sudo btrbk -c /etc/btrbk/btrbk.conf -v run ``` Enable your service: ```bash sudo systemctl start btrbk.timer sudo systemctl enable btrbk.timer ``` ### Minecraft 1. You can find extra java versions at /etc/alternatives 2. You need to `dnf install xrandr` to launch any modpacks 3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop: ``` [Desktop Entry] Encoding=UTF-8 Name=Technic Launcher Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar Icon=/home/ducoterra/.icons/minecraft-launcher.png Type=Application Categories=Games; ``` ### Firewall CMD 1. Enable firewall ```bash systemctl start firewall-cmd systemctl enable firewall-cmd ``` 2. Set default behavior to drop everything ```bash firewall-cmd --set-default-zone=drop systemctl reload firewall-cmd ``` ### Resources Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system ## Backups ### Full system backup In the event you need to restore your system from a disaster do the following: 1. Reinstall fedora via a live image 2. After install, disk should be mounted at /mnt/sysimage 3. Copy the new fstab and crypttab to somewhere safe 4. rsync -av [etc, home, opt, root, usr, var] 5. `mount /dev/Y /mnt/sysimage/boot` 6. `mount /dev/Z /mnt/sysimage/boot/efi` 7. `mount --bind /dev /mnt/sysimage/dev` 8. `mount --bind /proc /mnt/sysimage/proc` 9. `mount --bind /sys /mnt/sysimage/sys` 10. `chroot /mnt/sysimage` 11. Edit fstab and crypttab so they match the new partitions 12. Update /etc/default/grub to match the new luks uuid 13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg 14. reboot ## Libvirt ### Snapshots on secure-boot VMs ```bash # list snapshots qemu-img snapshot -l win10.qcow2 # create a snapshot qemu-img snapshot -c 1-welcome win10.qcow2 # restore a snapshot qemu-img snapshot -a 1-welcome win10.qcow2 ``` ### Connecting to Truenas via virt-manager You should be able to use the following custom URL: ```text qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock ``` This assumes the correct socket path from `/etc/libvirt/libvirtd.conf` and ability to log in as the root user via ssh. ## bluetooth ### Airpods Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr restart bluetooth service connect airpods comment line out restart bluetooth service again ## ZRAM Edit /etc/systemd/zram-generator.conf ```conf [zram0] zram-size = min(ram / 2, 16384) compression-algorithm = lzo-rle options = writeback-device = /dev/zvol/tarta-zoot/swap-writeback ``` ## Automatic Disk Decryption with TPM2 https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95 ```bash # Add decryption key to tpm. systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3 # Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade. systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7 # Add tpm2 configuration option to /etc/crypttab luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard # Add rd.luks.options=tpm2-device=auto to grub grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL dracut -f ``` ## Firefox GPU Rendering https://community.frame.work/t/linux-battery-life-tuning/6665 ```bash dnf install intel-media-driver intel-gpu-tools ``` Type in about:config in the address bar and hit enter. Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true. Close and reopen your browser Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00% ## Gnome Software Updates (packagekitd and software) To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there. Disable auto-updates ```bash sudo systemctl disable packagekit sudo systemctl stop packagekit dconf write /org/gnome/software/allow-updates false dconf write /org/gnome/software/download-updates false ``` ## Battery Life ```bash grubby --args="nvme.noacpi=1" --update-kernel=ALL ``` Enable automatic power profile switching on AC/Battery 1. `sudo mkdir /lib/udev/power-profiles` 1. `sudo vim /lib/udev/power-profiles/power-saver` ```bash powerprofilesctl set power-saver ``` 1. `sudo chmod +x /lib/udev/power-profiles/power-saver` 1. `sudo vim /lib/udev/power-profiles/performance` ```bash powerprofilesctl set performance ``` 1. `sudo chmod +x /lib/udev/power-profiles/performance` sudo vim /etc/udev/rules.d/10-power.rules ```bash SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="/bin/bash /lib/udev/power-profiles/power-saver" SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="/bin/bash /lib/udev/power-profiles/performance" ``` ~~Calibrate with powertop~~ Powertop causes connection issues with USB while the computer is plugged in. Do not recommend. ```bash sudo dnf install powertop # This will take a while sudo powertop --calibrate sudo powertop ``` ~~Install and enable tlp~~ TLP seems to limit maximum performance. I'm leaving it here for posterity. Stick with powertop and power profiles daemon. ```bash sudo systemctl stop power-profiles-daemon.service sudo systemctl disable power-profiles-daemon.service sudo systemctl mask power-profiles-daemon.service sudo dnf install tlp sudo systemctl mask systemd-rfkill.service sudo systemctl mask systemd-rfkill.socket sudo systemctl enable tlp.service --now sudo systemctl status tlp.service ``` ### Simple Battery Monitoring App alarm charge_full_design device power subsystem voltage_min_design capacity charge_now hwmon2 present technology voltage_now capacity_level current_now manufacturer serial_number type charge_full cycle_count model_name status uevent ```bash sudo mkdir /etc/battery_monitor sudo vim /etc/battery_monitor/battery_monitor.sh ``` ```bash #!/bin/bash CSV_LOCATION="/home/ducoterra/data" CSV_NAME="battery_monitor.csv" BATTERY_DATA_LOCATION="/sys/class/power_supply/BAT1" if [ ! -f $CSV_LOCATION/$CSV_NAME ]; then mkdir -p $CSV_LOCATION; echo "time,percent,charge_now,charge_full,voltage_now,current_now,cycle_count,status" > $CSV_LOCATION/$CSV_NAME chown -R ducoterra:ducoterra $CSV_LOCATION fi time=$(date --iso-8601=seconds) percent=$(cat $BATTERY_DATA_LOCATION/capacity) charge_now=$(cat $BATTERY_DATA_LOCATION/charge_now) charge_full=$(cat $BATTERY_DATA_LOCATION/charge_full) voltage_now=$(cat $BATTERY_DATA_LOCATION/voltage_now) current_now=$(cat $BATTERY_DATA_LOCATION/current_now) cycle_count=$(cat $BATTERY_DATA_LOCATION/cycle_count) status=$(cat $BATTERY_DATA_LOCATION/status) echo "$time,$percent,$charge_now,$charge_full,$voltage_now,$current_now,$cycle_count,$status" >> $CSV_LOCATION/$CSV_NAME ``` `sudo vim /etc/systemd/system/battery_monitor.service` ```conf [Unit] Description=Records the current battery level [Service] Type=oneshot ExecStart=/bin/bash /etc/battery_monitor/battery_monitor.sh [Install] WantedBy=multi-user.target ``` `sudo vim /etc/systemd/system/battery_monitor.timer` ```conf [Unit] Description=Run battery_monitor every 15 seconds [Timer] OnCalendar=*:*:0,15,30,45 AccuracySec=10sec Persistent=true Unit=battery_monitor.service [Install] WantedBy=timers.target ``` `sudo systemctl start battery_monitor.timer` ## Turn Off Fingerprint When Laptop Lid Closed To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open. We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status. Follow the steps below: 1. Create a .locks file in your home dir: `mkdir ~/.locks` 1. Create file /etc/acpi/laptop-lid.sh with the following contents: ```bash #!/bin/bash lock=/home/ducoterra/.locks/fprint-disabled.lock if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then touch "$lock" systemctl stop fprintd systemctl mask fprintd elif [ -f "$lock" ] then systemctl unmask fprintd systemctl start fprintd rm -f "$lock" fi ``` 2. Make the file executable with `chmod +x /etc/acpi/laptop-lid.sh` 3. Create file /etc/acpi/events/laptop-lid with the following contents: ```bash event=button/lid.* action=/etc/acpi/laptop-lid.sh ``` 4. Restart the acpid service with: `sudo service acpid restart` Now the fingerprint will be used only when the lid is open. In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following: 1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: ```bash [Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target ``` 2. Reload the systemd config files with `sudo systemctl daemon-reload` 3. Start the service with `sudo systemctl start laptop-lid.service` 4. Enable the service so that it starts automatically on boot `sudo systemctl enable laptop-lid.service` Now the status should be correct even after connecting/disconnecting when the computer is off.