server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
5cc4c9b9cf753fc4a217e1b8e52c3577af471af2
Workstation/framework_fedora.md
ducoterra 5cc4c9b9cf WIP: Notes
2023-01-22 10:23:32 -05:00

392 lines
9.1 KiB
Markdown
Raw Blame History

# Fedora on the Framework
Mostly stolen from https://mutschler.eu/linux/install-guides/fedora-post-install/
## Dual Boot with Fingerprint Scanner Issues
https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/206
## Revert Kernel (if needed)
```bash
# Find the kernels you have installed
sudo rpm -qa kernel
# Revert to a previous kernel
grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64
```
## Make DNF Fast
```bash
echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf
echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf
cat /etc/dnf/dnf.conf
```
## Set Hostname
```bash
hostnamectl set-hostname ducolaptop
```
## BTRFS Optimizations
```bash
sudo vim /etc/fstab
# subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
# subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
sudo vim /etc/crypttab
# luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard
sudo systemctl enable fstrim.timer
```
## Install updates
```bash
sudo dnf upgrade --refresh
sudo dnf check
sudo dnf autoremove
sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates
sudo fwupdmgr update
sudo reboot now
```
## Install Fish
```bash
sudo dnf install -y fish util-linux-user
chsh -s /usr/bin/fish
```
```bash
mkdir -p /home/$USER/.local/bin
set -Ua fish_user_paths /home/$USER/.local/bin
```
## ISCSI
```bash
# Login to portal
iscsiadm -m discovery -t st -p driveripper.reeselink.com
# Mount all targets
iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l
iscsiadm -m node --loginall all
# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
(/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora
node.startup = automatic
# Log out of all sessions
iscsiadm -m node -u
```
## Gnome Tweaks
1. Fonts -> Monospace Text -> Fira Code Regular
2. Keyboard & Mouse -> Acceleration Profile -> Flat
3. Keyboard & Mouse -> Mouse Click Emulation -> Fingers
4. Top Bar -> Activities Overview Hot Corner -> Off
5. Top Bar -> Battery Percentage -> On
6. Top Bar -> Clock -> Weekday -> On
7. Top Bar -> Clock -> Seconds -> On
8. Windows -> Center New Windows -> On
## Flatpack
```bash
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update
```
## Snap
```bash
sudo dnf install -y snapd
sudo ln -s /var/lib/snapd/snap /snap # for classic snap support
ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome
sudo reboot now
```
## AppImage Launcher
Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0
## Ansible
```bash
ansible-playbook --ask-become-pass ansible/framework_fedora.yml
```
## BTRBK
### Create Encrypted Drive
```bash
# Create an encrypted drive
sudo cryptsetup luksFormat
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir -p /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup
# Get UUID of disk with
sudo blkid /dev/sda1
# Add key to crypttab
echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab
# Create read-only backup mount point
sudo btrfs sub create /mnt/btr_backup
sudo btrfs property set /mnt/btr_backup ro true
# Add to fstab
echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0
```
### Create BTRBK Config
`sudo vim /etc/btrbk/btrbk.conf`
```conf
snapshot_create ondemand
snapshot_preserve_min 2d
snapshot_preserve 14d
snapshot_dir snapshots
target_preserve_min no
target_preserve 20d 10w *m
volume /mnt/btr_pool
target /mnt/btr_backup
subvolume root
subvolume home
```
### Create Systemd Timer
`sudo vim /etc/systemd/system/btrbk.service`
```conf
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
[Service]
ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run
```
`sudo vim /etc/systemd/system/btrbk.timer`
```conf
[Unit]
Description=Run btrbk every hour
[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk.service
[Install]
WantedBy=timers.target
```
### Test, Start and Enable service
Test your service:the available storage space on our NAS to the iSCSI target and the other half
```bash
sudo btrbk -c /etc/btrbk/btrbk.conf -v run
```
Enable your service:
```bash
sudo systemctl start btrbk.timer
sudo systemctl enable btrbk.timer
```
### Minecraft
1. You can find extra java versions at /etc/alternatives
2. You need to `dnf install xrandr` to launch any modpacks
3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop:
```
[Desktop Entry]
Encoding=UTF-8
Name=Technic Launcher
Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar
Icon=/home/ducoterra/.icons/minecraft-launcher.png
Type=Application
Categories=Games;
```
### Firewall CMD
1. Enable firewall
```bash
systemctl start firewall-cmd
systemctl enable firewall-cmd
```
2. Set default behavior to drop everything
```bash
firewall-cmd --set-default-zone=drop
systemctl reload firewall-cmd
```
### Resources
Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system
## Backups
### Full system backup
In the event you need to restore your system from a disaster do the following:
1. Reinstall fedora via a live image
2. After install, disk should be mounted at /mnt/sysimage
3. Copy the new fstab and crypttab to somewhere safe
4. rsync -av [etc, home, opt, root, usr, var]
5. `mount /dev/Y /mnt/sysimage/boot`
6. `mount /dev/Z /mnt/sysimage/boot/efi`
7. `mount --bind /dev /mnt/sysimage/dev`
8. `mount --bind /proc /mnt/sysimage/proc`
9. `mount --bind /sys /mnt/sysimage/sys`
10. `chroot /mnt/sysimage`
11. Edit fstab and crypttab so they match the new partitions
12. Update /etc/default/grub to match the new luks uuid
13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
14. reboot
## Libvirt
### Snapshots on secure-boot VMs
```bash
# list snapshots
qemu-img snapshot -l win10.qcow2
# create a snapshot
qemu-img snapshot -c 1-welcome win10.qcow2
# restore a snapshot
qemu-img snapshot -a 1-welcome win10.qcow2
```
### Connecting to Truenas via virt-manager
You should be able to use the following custom URL:
```text
qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock
```
This assumes the correct socket path from `/etc/libvirt/libvirtd.conf` and ability to log in as the root user via ssh.
## bluetooth
### Airpods
Edit: /etc/bluetooth/main.conf
Set ControllerMode = bredr
restart bluetooth service
connect airpods
comment line out
restart bluetooth service again
## ZRAM
Edit /etc/systemd/zram-generator.conf
```conf
[zram0]
zram-size = min(ram / 2, 16384)
compression-algorithm = lzo-rle
options =
writeback-device = /dev/zvol/tarta-zoot/swap-writeback
```
## Automatic Disk Decryption with TPM2
https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95
```bash
# Add decryption key to tpm.
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3
# Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade.
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7
# Add tpm2 configuration option to /etc/crypttab
luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard
# Add rd.luks.options=tpm2-device=auto to grub
grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL
dracut -f
```
## Firefox GPU Rendering
https://community.frame.work/t/linux-battery-life-tuning/6665
```bash
dnf install intel-media-driver intel-gpu-tools
```
Type in about:config in the address bar and hit enter.
Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true.
Close and reopen your browser
Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00%
## Gnome Software Updates (packagekitd and software)
To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there.
Disable auto-updates
```bash
dconf write /org/gnome/software/allow-updathe available storage space on our NAS to the iSCSI target and the other halftes false
dconf write /org/gnome/software/download-updates false
```
## Hibernate + Secure Boot
713676533760/4096 = 174237435
Reference in New Issue View Git Blame Copy Permalink