15 KiB
Fedora on the Framework
Mostly stolen from https://mutschler.eu/linux/install-guides/fedora-post-install/
Dual Boot with Fingerprint Scanner Issues
Revert Kernel (if needed)
With koji
sudo dnf install koji
mkdir /tmp/kernel-download
cd /tmp/kernel-download
koji search build kernel-6.0.12*
koji download-build --arch=x86_64 kernel-6.0.12-300.fc37
sudo dnf install ./*.rpm
# Find the kernels you have installed
sudo rpm -qa kernel
# List available kernels
sudo ls /boot | grep vmlinuz
# Revert to a previous kernel
sudo grubby --set-default /boot/vmlinuz-5.14.10-300.fc35.x86_64
Make DNF Fast
echo 'fastestmirror=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf
echo 'deltarpm=true' | sudo tee -a /etc/dnf/dnf.conf
cat /etc/dnf/dnf.conf
Set Hostname
hostnamectl set-hostname ducolaptop
BTRFS Optimizations
sudo vim /etc/fstab
# subvol=root,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
# subvol=home,x-systemd.device-timeout=0,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async 0 0
sudo vim /etc/crypttab
# luks-fcc669e7-32d5-43b2-ba03-2db6a7f5b33d UUID=fcc669e7-32d5-43b2-ba03-2db6a7f5b33d none discard
sudo systemctl enable fstrim.timer
Install updates
sudo dnf upgrade --refresh
sudo dnf check
sudo dnf autoremove
sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force
sudo fwupdmgr get-updates
sudo fwupdmgr update
sudo reboot now
Install Fish
sudo dnf install -y fish util-linux-user
chsh -s /usr/bin/fish
mkdir -p /home/$USER/.local/bin
set -Ua fish_user_paths /home/$USER/.local/bin
ISCSI
# Login to portal
iscsiadm -m discovery -t st -p driveripper.reeselink.com
# Mount all targets
iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l
iscsiadm -m node --loginall all
# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
(/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora
node.startup = automatic
# Log out of all sessions
iscsiadm -m node -u
Gnome Tweaks
- Fonts -> Monospace Text -> Fira Code Regular
- Keyboard & Mouse -> Acceleration Profile -> Flat
- Keyboard & Mouse -> Mouse Click Emulation -> Fingers
- Top Bar -> Activities Overview Hot Corner -> Off
- Top Bar -> Battery Percentage -> On
- Top Bar -> Clock -> Weekday -> On
- Top Bar -> Clock -> Seconds -> On
- Windows -> Center New Windows -> On
Flatpack
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update
Snap
sudo dnf install -y snapd
sudo ln -s /var/lib/snapd/snap /snap # for classic snap support
ln -s /var/lib/snapd/desktop/applications ~/.local/share/applications/snap # make apps show up in gnome
sudo reboot now
AppImage Launcher
Download RPM from https://github.com/TheAssassin/AppImageLauncher/releases/tag/v2.2.0
Ansible
ansible-playbook --ask-become-pass ansible/framework_fedora.yml
BTRBK
Create Encrypted Drive
# Create an encrypted drive
sudo cryptsetup luksFormat /dev/sdb1
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir -p /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/btr_backup
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/btr_backup
# Get UUID of disk with
sudo blkid /dev/sda1
# Add key to crypttab
echo 'btr_backup UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/btr_backup luks' >> /etc/crypttab
# Create read-only backup mount point
sudo btrfs sub create /mnt/btr_backup
sudo btrfs property set /mnt/btr_backup ro true
# Add to fstab
echo '/dev/mapper/btr_backup /mnt/btr_backup btrfs x-systemd.device-timeout=0,x-gvfs-show,x-gvfs-name=btr_backup,ssd,nofail,noatime,discard=async,compress=zstd 0 0' >> /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0
Backup Disks
Backup disks will respect the following naming convention:
brand_size_purpose_year_month
So for a backup drive you would create:
wd_4tb_backup_2023_01
Or for an archive drive:
samsung_1tb_archive_2023_01
Disk Health
smartctl -a /dev/sda
Create BTRBK Config
sudo vim /etc/btrbk/btrbk.conf
snapshot_create ondemand
snapshot_preserve_min 2d
snapshot_preserve 14d
snapshot_dir snapshots
target_preserve_min no
target_preserve 20d 10w *m
volume /mnt/btr_pool
target /mnt/btr_backup
subvolume root
subvolume home
Create Systemd Timer
sudo vim /etc/systemd/system/btrbk.service
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
[Service]
ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run
sudo vim /etc/systemd/system/btrbk.timer
[Unit]
Description=Run btrbk every hour
[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk.service
[Install]
WantedBy=timers.target
Test, Start and Enable service
Test your service:the available storage space on our NAS to the iSCSI target and the other half
sudo btrbk -c /etc/btrbk/btrbk.conf -v run
Enable your service:
sudo systemctl start btrbk.timer
sudo systemctl enable btrbk.timer
Minecraft
- You can find extra java versions at /etc/alternatives
- You need to
dnf install xrandrto launch any modpacks - You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=Technic Launcher
Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar
Icon=/home/ducoterra/.icons/minecraft-launcher.png
Type=Application
Categories=Games;
Firewall CMD
- Enable firewall
systemctl start firewall-cmd
systemctl enable firewall-cmd
- Set default behavior to drop everything
firewall-cmd --set-default-zone=drop
systemctl reload firewall-cmd
Resources
Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system
Backups
Full system backup
In the event you need to restore your system from a disaster do the following:
- Reinstall fedora via a live image
- After install, disk should be mounted at /mnt/sysimage
- Copy the new fstab and crypttab to somewhere safe
- rsync -av [etc, home, opt, root, usr, var]
mount /dev/Y /mnt/sysimage/bootmount /dev/Z /mnt/sysimage/boot/efimount --bind /dev /mnt/sysimage/devmount --bind /proc /mnt/sysimage/procmount --bind /sys /mnt/sysimage/syschroot /mnt/sysimage- Edit fstab and crypttab so they match the new partitions
- Update /etc/default/grub to match the new luks uuid
- grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
- reboot
Libvirt
Snapshots on secure-boot VMs
# list snapshots
qemu-img snapshot -l win10.qcow2
# create a snapshot
qemu-img snapshot -c 1-welcome win10.qcow2
# restore a snapshot
qemu-img snapshot -a 1-welcome win10.qcow2
Connecting to Truenas via virt-manager
You should be able to use the following custom URL:
qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock
This assumes the correct socket path from /etc/libvirt/libvirtd.conf and ability to log in as the root user via ssh.
bluetooth
Airpods
Edit: /etc/bluetooth/main.conf Set ControllerMode = bredr
restart bluetooth service connect airpods comment line out restart bluetooth service again
ZRAM
Edit /etc/systemd/zram-generator.conf
[zram0]
zram-size = min(ram / 2, 16384)
compression-algorithm = lzo-rle
options =
writeback-device = /dev/zvol/tarta-zoot/swap-writeback
Automatic Disk Decryption with TPM2
https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95
# Add decryption key to tpm.
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3
# Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade.
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7
# Add tpm2 configuration option to /etc/crypttab
luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard
# Add rd.luks.options=tpm2-device=auto to grub
grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL
dracut -f
Firefox GPU Rendering
https://community.frame.work/t/linux-battery-life-tuning/6665
dnf install intel-media-driver intel-gpu-tools
Type in about:config in the address bar and hit enter.
Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true.
Close and reopen your browser
Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00%
Gnome Software Updates (packagekitd and software)
To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there.
Disable auto-updates
sudo systemctl disable packagekit
sudo systemctl stop packagekit
dconf write /org/gnome/software/allow-updates false
dconf write /org/gnome/software/download-updates false
Battery Life
grubby --args="nvme.noacpi=1" --update-kernel=ALL
Enable automatic power profile switching on AC/Battery
-
sudo mkdir /lib/udev/power-profiles -
sudo vim /lib/udev/power-profiles/power-saverpowerprofilesctl set power-saver -
sudo chmod +x /lib/udev/power-profiles/power-saver -
sudo vim /lib/udev/power-profiles/performancepowerprofilesctl set performance -
sudo chmod +x /lib/udev/power-profiles/performance
sudo vim /etc/udev/rules.d/10-power.rules
SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="/bin/bash /lib/udev/power-profiles/power-saver"
SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="/bin/bash /lib/udev/power-profiles/performance"
Calibrate with powertop
Powertop causes connection issues with USB while the computer is plugged in. Do not recommend.
sudo dnf install powertop
# This will take a while
sudo powertop --calibrate
sudo powertop
Install and enable tlp
TLP seems to limit maximum performance. I'm leaving it here for posterity. Stick with powertop and power profiles daemon.
sudo systemctl stop power-profiles-daemon.service
sudo systemctl disable power-profiles-daemon.service
sudo systemctl mask power-profiles-daemon.service
sudo dnf install tlp
sudo systemctl mask systemd-rfkill.service
sudo systemctl mask systemd-rfkill.socket
sudo systemctl enable tlp.service --now
sudo systemctl status tlp.service
Simple Battery Monitoring App
alarm charge_full_design device power subsystem voltage_min_design capacity charge_now hwmon2 present technology voltage_now capacity_level current_now manufacturer serial_number type charge_full cycle_count model_name status uevent
sudo mkdir /etc/battery_monitor
sudo vim /etc/battery_monitor/battery_monitor.sh
#!/bin/bash
CSV_LOCATION="/home/ducoterra/data"
CSV_NAME="battery_monitor.csv"
BATTERY_DATA_LOCATION="/sys/class/power_supply/BAT1"
if [ ! -f $CSV_LOCATION/$CSV_NAME ];
then
mkdir -p $CSV_LOCATION;
echo "time,percent,charge_now,charge_full,voltage_now,current_now,cycle_count,status" > $CSV_LOCATION/$CSV_NAME
chown -R ducoterra:ducoterra $CSV_LOCATION
fi
time=$(date --iso-8601=seconds)
percent=$(cat $BATTERY_DATA_LOCATION/capacity)
charge_now=$(cat $BATTERY_DATA_LOCATION/charge_now)
charge_full=$(cat $BATTERY_DATA_LOCATION/charge_full)
voltage_now=$(cat $BATTERY_DATA_LOCATION/voltage_now)
current_now=$(cat $BATTERY_DATA_LOCATION/current_now)
cycle_count=$(cat $BATTERY_DATA_LOCATION/cycle_count)
status=$(cat $BATTERY_DATA_LOCATION/status)
echo "$time,$percent,$charge_now,$charge_full,$voltage_now,$current_now,$cycle_count,$status" >> $CSV_LOCATION/$CSV_NAME
sudo vim /etc/systemd/system/battery_monitor.service
[Unit]
Description=Records the current battery level
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/battery_monitor/battery_monitor.sh
[Install]
WantedBy=multi-user.target
sudo vim /etc/systemd/system/battery_monitor.timer
[Unit]
Description=Run battery_monitor every 15 seconds
[Timer]
OnCalendar=*:*:0,15,30,45
AccuracySec=10sec
Persistent=true
Unit=battery_monitor.service
[Install]
WantedBy=timers.target
sudo systemctl start battery_monitor.timer
Turn Off Fingerprint When Laptop Lid Closed
To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open.
We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status.
Follow the steps below:
-
Create a .locks file in your home dir:
mkdir ~/.locks -
Create file /etc/acpi/laptop-lid.sh with the following contents:
#!/bin/bash lock=/home/ducoterra/.locks/fprint-disabled.lock if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then touch "$lock" systemctl stop fprintd systemctl mask fprintd elif [ -f "$lock" ] then systemctl unmask fprintd systemctl start fprintd rm -f "$lock" fi -
Make the file executable with
chmod +x /etc/acpi/laptop-lid.sh -
Create file /etc/acpi/events/laptop-lid with the following contents:
event=button/lid.* action=/etc/acpi/laptop-lid.sh -
Restart the acpid service with:
sudo service acpid restart
Now the fingerprint will be used only when the lid is open.
In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following:
-
Create a file named /etc/systemd/system/laptop-lid.service with the following contents:
[Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target -
Reload the systemd config files with
sudo systemctl daemon-reload -
Start the service with
sudo systemctl start laptop-lid.service -
Enable the service so that it starts automatically on boot
sudo systemctl enable laptop-lid.service
Now the status should be correct even after connecting/disconnecting when the computer is off.