moving everything to active or retired vs incubating and graduated
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
This commit is contained in:
164
active/os_fedora/fedora-kinoite.md
Normal file
164
active/os_fedora/fedora-kinoite.md
Normal file
@@ -0,0 +1,164 @@
|
||||
# Fedora Kinoite
|
||||
|
||||
- [Fedora Kinoite](#fedora-kinoite)
|
||||
- [TPM2 Luks Decryption](#tpm2-luks-decryption)
|
||||
- [Podman](#podman)
|
||||
- [Autostarting services with quadlets](#autostarting-services-with-quadlets)
|
||||
- [rpm-ostree](#rpm-ostree)
|
||||
- [Git, Vim, etc](#git-vim-etc)
|
||||
- [Libvirt, Qemu, KVM](#libvirt-qemu-kvm)
|
||||
- [Network](#network)
|
||||
- [Hostname](#hostname)
|
||||
- [VLAN Setup with nmcli](#vlan-setup-with-nmcli)
|
||||
- [GPU Support in Distrobox](#gpu-support-in-distrobox)
|
||||
|
||||
## TPM2 Luks Decryption
|
||||
|
||||
Mostly taken from here:
|
||||
<https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95>
|
||||
|
||||
PCR reference for `--tpm2-pcrs` args
|
||||
|
||||
```text
|
||||
0: System firmware executable
|
||||
2: Kernel
|
||||
4: Bootloader
|
||||
7: Secure boot state
|
||||
8: Cmdline
|
||||
9: Initrd
|
||||
```
|
||||
|
||||
Basic commands:
|
||||
|
||||
```bash
|
||||
# Show tpm2 devices
|
||||
systemd-cryptenroll --tpm2-device=list
|
||||
# Show crypto luks block devices
|
||||
blkid -t TYPE=crypto_LUKS
|
||||
|
||||
# Enroll the tpm2 device with systemd-cryptenroll
|
||||
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9 /dev/nvme0n1p3
|
||||
|
||||
# Reenroll
|
||||
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9
|
||||
|
||||
# Append to command line args
|
||||
rpm-ostree kargs --append=rd.luks.options=tpm2-device=auto
|
||||
```
|
||||
|
||||
When you update you'll need to reenroll. Add this to your ~/.bashrc
|
||||
|
||||
```bash
|
||||
# LUKS TPM2 commands
|
||||
alias tpm2-reenroll='sudo systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9'
|
||||
```
|
||||
|
||||
## Podman
|
||||
|
||||
Since you'll be using podman for most container-based services, you'll want to set the
|
||||
the podman auth file to somewhere persistent, otherwise it'll get deleted every time you
|
||||
reboot.
|
||||
|
||||
Add this to your `.bashrc`:
|
||||
|
||||
```bash
|
||||
# Podman auth file
|
||||
export REGISTRY_AUTH_FILE=$HOME/.podman-auth.json
|
||||
```
|
||||
|
||||
Source that and then run `podman login` to create the file.
|
||||
|
||||
### Autostarting services with quadlets
|
||||
|
||||
If you want to run something as your user at boot (like a systemd process, think ollama) you can
|
||||
create a user quadlets like so:
|
||||
|
||||
```bash
|
||||
# Generate the .container file
|
||||
podman run --rm ghcr.io/containers/podlet --install --description "Local AI" \
|
||||
podman run \
|
||||
-d \
|
||||
-v ollama:/root/.ollama \
|
||||
-p 11434:11434 \
|
||||
--name ollama \
|
||||
--restart always \
|
||||
docker.io/ollama/ollama > ~/.config/containers/systemd/ollama.container
|
||||
|
||||
# Verify the service (Note the filename:service, this is required! You will get "Failed to prepare filename" without it)
|
||||
systemd-analyze verify ~/.config/containers/systemd/ollama.container:ollama.service
|
||||
|
||||
# Start the service
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user start ollama
|
||||
```
|
||||
|
||||
## rpm-ostree
|
||||
|
||||
Note: if you don't need them, remove extra repos
|
||||
|
||||
I removed:
|
||||
|
||||
1. rpmfusion-nonfree-steam.repo
|
||||
2. rpmfusion-nonfree-nvidia-driver.repo
|
||||
3. google-chrome.repo
|
||||
4. _copr\:copr.fedorainfracloud.org\:phracek\:PyCharm.repo
|
||||
|
||||
```bash
|
||||
# Search for available packages
|
||||
rpm-ostree search git
|
||||
|
||||
# Install a package
|
||||
rpm-ostree install git
|
||||
|
||||
# Apply the installed package live
|
||||
rpm-ostree apply-live
|
||||
|
||||
# Check what's been layered
|
||||
rpm-ostree status
|
||||
```
|
||||
|
||||
### Git, Vim, etc
|
||||
|
||||
Some packages are nice to have at the system level.
|
||||
|
||||
```bash
|
||||
rpm-ostree install git vim
|
||||
```
|
||||
|
||||
### Libvirt, Qemu, KVM
|
||||
|
||||
```bash
|
||||
rpm-ostree install virt-manager libvirt
|
||||
systemctl enable --now libvirtd
|
||||
```
|
||||
|
||||
## Network
|
||||
|
||||
### Hostname
|
||||
|
||||
```bash
|
||||
sudo hostnamectl hostname reesework16
|
||||
```
|
||||
|
||||
### VLAN Setup with nmcli
|
||||
|
||||
```bash
|
||||
# VLAN 2
|
||||
nmcli conn
|
||||
export NMCLI_DEVICE=enp195s0f4u1u3
|
||||
nmcli connection add type VLAN con-name $NMCLI_DEVICE.2 dev $NMCLI_DEVICE id 2
|
||||
```
|
||||
|
||||
## GPU Support in Distrobox
|
||||
|
||||
Fix for `error="failed to check permission on /dev/kfd: open /dev/kfd: invalid argument"`
|
||||
|
||||
```bash
|
||||
# You have to create the video and render group to /etc/group before you can use it
|
||||
sudo grep -E '^video:' /usr/lib/group | sudo tee -a /etc/group
|
||||
sudo grep -E '^render:' /usr/lib/group | sudo tee -a /etc/group
|
||||
sudo usermod -aG video $USER
|
||||
sudo usermod -aG render $USER
|
||||
```
|
||||
|
||||
Logout and log back in to adopt new groups.
|
||||
Reference in New Issue
Block a user