# Fedora

- [Fedora](#fedora)
  - [Framework 16 Fixes](#framework-16-fixes)
    - [Wake from Sleep](#wake-from-sleep)
    - [Wrong keys pressed in the browser](#wrong-keys-pressed-in-the-browser)
  - [Podman](#podman)
    - [Autostarting services with quadlets](#autostarting-services-with-quadlets)
  - [Toolbox](#toolbox)
  - [Network](#network)
    - [Firewall](#firewall)
    - [VLAN Setup with nmcli](#vlan-setup-with-nmcli)
  - [ZRAM](#zram)
  - [Libraries](#libraries)
    - [Common Libraries](#common-libraries)
  - [Backups](#backups)
    - [BTRFS Snapshots](#btrfs-snapshots)
  - [ROCM](#rocm)
  - [Display](#display)
    - [Scripted Display Modes](#scripted-display-modes)
  - [Fixing generic Wayland icons on task alt tab](#fixing-generic-wayland-icons-on-task-alt-tab)
  - [Tuned Power Profiles](#tuned-power-profiles)

## Framework 16 Fixes

### Wake from Sleep

The keyboard/mouse can be pressed through the lid while in a backpack. Disable
them to prevent wake from sleep.

`/etc/udev/rules.d/69-suspend.rules`

```conf
ACTION=="add", SUBSYSTEM=="acpi", DRIVERS=="button", ATTRS{hid}=="PNP0C0D", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"

# https://askubuntu.com/questions/848698/wake-up-from-suspend-using-usb-device
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", RUN+="/bin/sh -c 'echo disabled > /sys$env{DEVPATH}/power/wakeup'"
```

Reload

```bash
sudo udevadm control --reload-rules && sudo udevadm trigger
```

### Wrong keys pressed in the browser

Sometimes keys will stop working when using search bars or do strange things
like move the page around. This seems to be caused by some "alt" keypress
combination. Pressing "alt" twice fixes it.

## Podman

Since you'll be using podman for most container-based services, you'll want to
set the the podman auth file to somewhere persistent, otherwise it'll get
deleted every time you reboot.

Add this to your `.bashrc`:

```bash
# Podman auth file
export REGISTRY_AUTH_FILE=$HOME/.podman-auth.json
```

Source that and then run `podman login` to create the file.

### Autostarting services with quadlets

If you want to run something as your user at boot (like a systemd process,
think ollama) you can create a user quadlets like so:

```bash
# Generate the .container file
podman run --rm ghcr.io/containers/podlet --install --description "Local AI" \
  podman run \
  -d \
  -v ollama:/root/.ollama \
  -p 11434:11434 \
  --name ollama \
  --restart always \
  docker.io/ollama/ollama > ~/.config/containers/systemd/ollama.container

# Verify the service (Note the filename:service, this is required! You will get "Failed to prepare filename" without it)
systemd-analyze verify ~/.config/containers/systemd/ollama.container:ollama.service

# Start the service
systemctl --user daemon-reload
systemctl --user start ollama
```

## Toolbox

```bash
toolbox create
toolbox enter
```

## Network

### Firewall

Set the default firewall to `drop`

```bash
sudo firewall-cmd --set-default-zone=drop
sudo firewall-cmd --reload
```

Allow KDE Connect via 1714-1764 tcp/udp

```bash
# Set source address to allow connections
sudo firewall-cmd \
--zone=drop \
--permanent \
--add-port=1714-1764/udp \
--add-port=1714-1764/tcp

sudo firewall-cmd --reload
```

You can check if the firewall is working via `nmap` from another machine

Note, add `-r` to scan ports in order.

Note, add `-vv` to increase verbosity.

Note, add `-A` to perform OS detection, host lookup, etc.

Note, use `-F` to perform a quick scan against common ports.

```bash
export NMAP_HOST=10.2.0.49

# Scan for common ports on TCP
nmap -sT $NMAP_HOST

# Scan all ports on TCP
nmap -sT -p- $NMAP_HOST

# Scan specific port on TCP
nmap -sT -p5432 $NMAP_HOST

# Scan range of ports on TCP
nmap -sT -p1024-9999 $NMAP_HOST

# Scan for common ports on UDP
nmap -sU $NMAP_HOST

# Skip host up checking
nmap -Pn -sT $NMAP_HOST

# Scan all ports for everything (takes a really really long time)
nmap -Pn -sT -sU -p- $NMAP_HOST

# Scan using TCP ACK Ping (More serious check that attempts to bypass firewall, See nmap man page)
nmap -PA -p- $NMAP_HOST
```

Then, while running a scan:

v / V: Increase / decrease the verbosity level d / D: Increase / decrease the
debugging Level p / P: Turn on / off packet tracing ?: Print a runtime
interaction help screen

### VLAN Setup with nmcli

```bash
# VLAN 2
nmcli conn
export NMCLI_DEVICE=enp195s0f4u1u3
nmcli connection add type VLAN con-name $NMCLI_DEVICE.2 dev $NMCLI_DEVICE id 2
```

## ZRAM

Increasing zram size

```bash
# Show existing configuration
zramctl
# 
swapoff /dev/zram0
# Reset swap
zramctl -r /dev/zram0

# Set a new size
zramctl --size 4G /dev/zram0
```

## Libraries

### Common Libraries

```bash
sudo dnf install -y \
make \
gcc \
zlib-devel \
bzip2 \
bzip2-devel \
readline-devel \
sqlite \
sqlite-devel \
openssl-devel \
tk-devel \
libffi-devel \
xz-devel \
libgle-devel
```

## Backups

### BTRFS Snapshots

<https://en.opensuse.org/openSUSE:Snapper_Tutorial>

<http://snapper.io/manpages/snapper-configs.html>

We'll be using snapper, a tool for automating and controlling snapshot
behavior.

```bash
dnf install snapper dnf-plugin-snapper

# Allow selinux management
semanage permissive -a snapperd_t

# Note, if you mess something up you can run snapper -c root delete-config to delete
# System configs are stored in /etc/sysconfig/snapper as well as /etc/snapper
snapper -c root create-config /
snapper -c data create-config /path/to/other/data

# Enable automatic snapshots
systemctl enable --now snapper-timeline.timer
# Enable automatic cleanup
systemctl enable --now snapper-cleanup.timer
# Enable snapshots on boot
systemctl enable --now snapper-boot.timer

# List snapshots
snapper -c root list
# Create snapshot manually
snapper -c root create --description "test snapshot"
# Delete first snapshot
snapper -c root delete 1
```

Note - you probably don't want to keep yearly snapshots. Edit
`/etc/snapper/configs/root` and change `TIMELINE_LIMIT_YEARLY=` to `0`.

## ROCM

```bash
sudo dnf install \
hipblas-develhipblaslt-devel \
hipcc \
hipcc-libomp-devel \
hipcub-devel \
hipfft-devel \
hipfort-devel \
hiprand-devel \
hiprt-devel \
hipsolver-devel \
hipsparse-devel \
rocalution-devel \
rocblas-devel \
rocfft-devel \
rocm-clang-devel \
rocm-clang-tools-extra-devel \
rocm-cmake \
rocm-comgr-devel \
rocm-core-devel \
rocm-hip-devel \
rocm-libc++-devel \
rocm-libc++-static \
rocm-llvm-devel \
rocm-omp-devel \
rocm-runtime-devel \
rocm-rpp-devel \
rocm-smi-devel \
rocminfo \
rocdecode-devel \
rocjpeg-devel \
rocprim-devel \
rocrand-devel \
rocsolver-devel \
rocsparse-devel \
rocthrust-devel \
roctracer-devel \
miopen
```

## Display

### Scripted Display Modes

Put something like these in `~/.bashrc.d/screen.sh`

```bash
alias screen-reset='kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.2560x1600@165 \
output.eDP-2.scale.1.25'

alias screen-1080='kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.1920x1080@165 \
output.eDP-2.scale.1'
```

## Fixing generic Wayland icons on task alt tab

<https://epergo.com/posts/fix-generic-wayland-icon/>

1. Access Window Rules

    Go to “System Settings > Window Management > Window Rules”.

2. Create a New Rule (If None Exist)

    If the application does not have any rules already, create a new one:

    1. Click on “Add New…”
    2. Add a description (e.g., “Application settings for sublime_merge”)
    3. Specify the “Window class (application)”

    If you’re unsure of the value for the window class, click “Detect Window
    Properties”, then click on the application window. A pop-up with the
    detected properties will be shown, and you can select the correct value.

3. Add Property

    1. Click on “Add Property” and select “Desktop File Name”.

4. Find the Correct Desktop File Name

    Standard Applications: If the application is installed using your distro’s
    repositories, check the name in /usr/share/applications/. Flatpak
    Applications: If it’s a Flatpak package, check the name in
    /var/lib/flatpak/exports/share/applications/. For example, for Obsidian, it
    will be md.obsidian.Obsidian (do not include the .desktop suffix).

5. Apply Settings

    Apply the new settings and close the application if it was open. The next
    time you open the application, it should show the correct icon.

## Tuned Power Profiles

Default profiles are in `/usr/lib/tuned/profiles`.

Configuration file is in `/etc/tuned/ppd.conf`.

Used `tuned-adm` CLI to interface with tuned.