server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
5cc4c9b9cf753fc4a217e1b8e52c3577af471af2
Workstation/framework_fedora.md
ducoterra 5cc4c9b9cf WIP: Notes
2023-01-22 10:23:32 -05:00

9.1 KiB
Raw Blame History

Fedora on the Framework

Mostly stolen from https://mutschler.eu/linux/install-guides/fedora-post-install/

Dual Boot with Fingerprint Scanner Issues

https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206

Revert Kernel (if needed)

# Find the kernels you have installed
sudo rpm -qa kernel

# Revert to a previous kernel
grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64

Make DNF Fast

echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf
echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf
cat /etc/dnf/dnf.conf

Set Hostname

hostnamectl set-hostname ducolaptop

BTRFS Optimizations

sudo vim /etc/fstab
# subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
# subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0

sudo vim /etc/crypttab
# luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard

sudo systemctl enable fstrim.timer

Install updates

sudo dnf upgrade --refresh
sudo dnf check
sudo dnf autoremove
sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates
sudo fwupdmgr update
sudo reboot now

Install Fish

sudo dnf install -y fish util-linux-user
chsh -s /usr/bin/fish

mkdir -p /home/$USER/.local/bin
set -Ua fish_user_paths /home/$USER/.local/bin

ISCSI

# Login to portal
iscsiadm -m discovery -t st -p driveripper.reeselink.com

# Mount all targets
iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l

iscsiadm -m node --loginall all

# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
    (/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora

node.startup = automatic

# Log out of all sessions
iscsiadm -m node -u

Gnome Tweaks

  1. Fonts -> Monospace Text -> Fira Code Regular
  2. Keyboard & Mouse -> Acceleration Profile -> Flat
  3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers
  4. Top Bar -> Activities Overview Hot Corner -> Off
  5. Top Bar -> Battery Percentage -> On
  6. Top Bar -> Clock -> Weekday -> On
  7. Top Bar -> Clock -> Seconds -> On
  8. Windows -> Center New Windows -> On

Flatpack

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update

Snap

sudo dnf install -y snapd
sudo ln -s /var/lib/snapd/snap /snap # for classic snap support
ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome
sudo reboot now

AppImage Launcher

Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0

Ansible

ansible-playbook --ask-become-pass ansible/framework_fedora.yml

BTRBK

Create Encrypted Drive

# Create an encrypted drive
sudo cryptsetup luksFormat

# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda

# Create a lukskeys
mkdir -p /home/ducoterra/.lukskeys

# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup

# Change key mode
chmod 600 /home/ducoterra/.lukskeys

# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup

# Get UUID of disk with
sudo blkid /dev/sda1

# Add key to crypttab
echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab

# Create read-only backup mount point
sudo btrfs sub create /mnt/btr_backup
sudo btrfs property set /mnt/btr_backup ro true

# Add to fstab
echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab

# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0

# close (or fix issues)
sudo cryptsetup luksClose backup0

Create BTRBK Config

sudo vim /etc/btrbk/btrbk.conf

snapshot_create         ondemand
snapshot_preserve_min   2d
snapshot_preserve       14d
snapshot_dir snapshots

target_preserve_min     no
target_preserve         20d 10w *m

volume /mnt/btr_pool
	target       /mnt/btr_backup
	subvolume    root
	subvolume    home

Create Systemd Timer

sudo vim /etc/systemd/system/btrbk.service

[Unit]
Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf

[Service]
ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run

sudo vim /etc/systemd/system/btrbk.timer

[Unit]
Description=Run btrbk every hour

[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk.service

[Install]
WantedBy=timers.target

Test, Start and Enable service

Test your service:the available storage space on our NAS to the iSCSI target and the other half

sudo btrbk -c /etc/btrbk/btrbk.conf -v run

Enable your service:

sudo systemctl start btrbk.timer

sudo systemctl enable btrbk.timer

Minecraft

  1. You can find extra java versions at /etc/alternatives
  2. You need to dnf install xrandr to launch any modpacks
  3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=Technic Launcher
Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar
Icon=/home/ducoterra/.icons/minecraft-launcher.png
Type=Application
Categories=Games;

Firewall CMD

  1. Enable firewall
systemctl start firewall-cmd
systemctl enable firewall-cmd
  1. Set default behavior to drop everything
firewall-cmd --set-default-zone=drop
systemctl reload firewall-cmd

Resources

Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system

Backups

Full system backup

In the event you need to restore your system from a disaster do the following:

  1. Reinstall fedora via a live image
  2. After install, disk should be mounted at /mnt/sysimage
  3. Copy the new fstab and crypttab to somewhere safe
  4. rsync -av [etc, home, opt, root, usr, var]
  5. mount /dev/Y /mnt/sysimage/boot
  6. mount /dev/Z /mnt/sysimage/boot/efi
  7. mount --bind /dev /mnt/sysimage/dev
  8. mount --bind /proc /mnt/sysimage/proc
  9. mount --bind /sys /mnt/sysimage/sys
  10. chroot /mnt/sysimage
  11. Edit fstab and crypttab so they match the new partitions
  12. Update /etc/default/grub to match the new luks uuid
  13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
  14. reboot

Libvirt

Snapshots on secure-boot VMs

# list snapshots
qemu-img snapshot -l win10.qcow2

# create a snapshot
qemu-img snapshot -c 1-welcome win10.qcow2

# restore a snapshot
qemu-img snapshot -a 1-welcome win10.qcow2

Connecting to Truenas via virt-manager

You should be able to use the following custom URL:

qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock

This assumes the correct socket path from /etc/libvirt/libvirtd.conf and ability to log in as the root user via ssh.

bluetooth

Airpods

Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr

restart bluetooth service connect airpods comment line out restart bluetooth service again

ZRAM

Edit /etc/systemd/zram-generator.conf

[zram0]
zram-size = min(ram / 2, 16384)
compression-algorithm = lzo-rle
options =
writeback-device = /dev/zvol/tarta-zoot/swap-writeback

Automatic Disk Decryption with TPM2

https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95

# Add decryption key to tpm. 
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3

# Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade.
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7

# Add tpm2 configuration option to /etc/crypttab
luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard

# Add rd.luks.options=tpm2-device=auto to grub
grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL

dracut -f

Firefox GPU Rendering

https://community.frame.work/t/linux-battery-life-tuning/6665

dnf install intel-media-driver intel-gpu-tools

Type in about:config in the address bar and hit enter.

Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true.

Close and reopen your browser

Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00%

Gnome Software Updates (packagekitd and software)

To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there.

Disable auto-updates

dconf write /org/gnome/software/allow-updathe available storage space on our NAS to the iSCSI target and the other halftes false
dconf write /org/gnome/software/download-updates false

Hibernate + Secure Boot

713676533760/4096 = 174237435

Reference in New Issue View Git Blame Copy Permalink