services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b474c7190b4297026c64d5ca1218dbc73fffe67
homelab/active/os_fedora/fedora-kinoite.md
ducoterra 5184c84d50
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
Details
overhauls of most service docs
2025-07-22 18:29:07 -04:00

289 lines
6.6 KiB
Markdown
Raw Blame History

# Fedora Kinoite
- [Fedora Kinoite](#fedora-kinoite)
- [TPM2 Luks Decryption](#tpm2-luks-decryption)
- [Podman](#podman)
- [Autostarting services with quadlets](#autostarting-services-with-quadlets)
- [rpm-ostree](#rpm-ostree)
- [Git, Vim, etc](#git-vim-etc)
- [Libvirt, Qemu, KVM](#libvirt-qemu-kvm)
- [ROCM](#rocm)
- [Ollama](#ollama)
- [Network](#network)
- [Hostname](#hostname)
- [VLAN Setup with nmcli](#vlan-setup-with-nmcli)
- [GPU Support in Distrobox](#gpu-support-in-distrobox)
- [Automatic Display Switching](#automatic-display-switching)
## TPM2 Luks Decryption
Mostly taken from here:
<https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95>
PCR reference for `--tpm2-pcrs` args
```text
0: System firmware executable
2: Kernel
4: Bootloader
7: Secure boot state
8: Cmdline
9: Initrd
```
Basic commands:
```bash
# Show tpm2 devices
systemd-cryptenroll --tpm2-device=list
# Show crypto luks block devices
blkid -t TYPE=crypto_LUKS
# Enroll the tpm2 device with systemd-cryptenroll
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9 /dev/nvme0n1p3
# Reenroll
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9
# Append to command line args
rpm-ostree kargs --append=rd.luks.options=tpm2-device=auto
```
When you update you'll need to reenroll. Add this to your ~/.bashrc
```bash
# LUKS TPM2 commands
alias tpm2-reenroll='sudo systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9'
```
## Podman
Since you'll be using podman for most container-based services, you'll want to set the
the podman auth file to somewhere persistent, otherwise it'll get deleted every time you
reboot.
Add this to your `.bashrc`:
```bash
# Podman auth file
export REGISTRY_AUTH_FILE=$HOME/.podman-auth.json
```
Source that and then run `podman login` to create the file.
### Autostarting services with quadlets
If you want to run something as your user at boot (like a systemd process, think ollama) you can
create a user quadlets like so:
```bash
# Generate the .container file
podman run --rm ghcr.io/containers/podlet --install --description "Local AI" \
podman run \
-d \
-v ollama:/root/.ollama \
-p 11434:11434 \
--name ollama \
--restart always \
docker.io/ollama/ollama > ~/.config/containers/systemd/ollama.container
# Verify the service (Note the filename:service, this is required! You will get "Failed to prepare filename" without it)
systemd-analyze verify ~/.config/containers/systemd/ollama.container:ollama.service
# Start the service
systemctl --user daemon-reload
systemctl --user start ollama
```
## rpm-ostree
Note: if you don't need them, remove extra repos
I removed:
1. rpmfusion-nonfree-steam.repo
2. rpmfusion-nonfree-nvidia-driver.repo
3. google-chrome.repo
4. _copr\:copr.fedorainfracloud.org\:phracek\:PyCharm.repo
```bash
# Search for available packages
rpm-ostree search git
# Install a package
rpm-ostree install git
# Apply the installed package live
rpm-ostree apply-live
# Check what's been layered
rpm-ostree status
```
### Git, Vim, etc
Some packages are nice to have at the system level.
```bash
rpm-ostree install git vim
```
### Libvirt, Qemu, KVM
```bash
rpm-ostree install virt-manager libvirt
systemctl enable --now libvirtd
```
### ROCM
Credit to:
<https://medium.com/@seancheo/running-generative-ai-on-amd-in-fedora-40-28aa3bebb187>
Here are most of the ROCM packages that you'll need.
Fedora is currently working on a ROCM meta package here:
<https://packages.fedoraproject.org/pkgs/rocm/rocm/>
```bash
rpm-ostree install \
hipblas-devel \
hipblaslt-devel \
hipcc \
hipcc-libomp-devel \
hipcub-devel \
hipfft-devel \
hipfort-devel \
hiprand-devel \
hiprt-devel \
hipsolver-devel \
hipsparse-devel \
rocalution-devel \
rocblas-devel \
rocfft-devel \
rocm-clang-devel \
rocm-clang-tools-extra-devel \
rocm-cmake \
rocm-comgr-devel \
rocm-core-devel \
rocm-hip-devel \
rocm-libc++-devel \
rocm-libc++-static \
rocm-llvm-devel \
rocm-omp-devel \
rocm-runtime-devel \
rocm-rpp-devel \
rocm-smi-devel \
rocminfo \
rocdecode-devel \
rocjpeg-devel \
rocprim-devel \
rocrand-devel \
rocsolver-devel \
rocsparse-devel \
rocthrust-devel \
roctracer-devel \
miopen
```
### Ollama
<https://ollama.com/download>
Run the installation script as normal. Make sure you have the [ROCM](#rocm) drivers installed
for GPU acceleration. The script *should* automatically pull the ROCM drivers after installing
the base packages. If not, you should install them manually.
For starting ollama as a service, follow the link below with one exception.
<https://github.com/ollama/ollama/blob/main/docs/linux.md#adding-ollama-as-a-startup-service-recommended>
```bash
# Change the recommended home dir to /var/home/ollama
sudo useradd -r -s /bin/false -U -m -d /var/home/ollama ollama
```
## Network
### Hostname
```bash
sudo hostnamectl hostname reesework16
```
### VLAN Setup with nmcli
```bash
# VLAN 2
nmcli conn
export NMCLI_DEVICE=enp195s0f4u1u3
nmcli connection add type VLAN con-name $NMCLI_DEVICE.2 dev $NMCLI_DEVICE id 2
```
## GPU Support in Distrobox
Fix for `error="failed to check permission on /dev/kfd: open /dev/kfd: invalid argument"`
```bash
# You have to create the video and render group to /etc/group before you can use it
sudo grep -E '^video:' /usr/lib/group | sudo tee -a /etc/group
sudo grep -E '^render:' /usr/lib/group | sudo tee -a /etc/group
sudo usermod -aG video $USER
sudo usermod -aG render $USER
```
Logout and log back in to adopt new groups.
## Automatic Display Switching
```bash
# List displays
# Builtin: eDP-2
# Roku: DP-13
# Lenovo: DP-11
kscreen-doctor -o
# Put the builtin display back to normal
kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.2560x1600@165 \
output.eDP-2.scale.1.25
# Show on Roku TV and Monitor
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.mode.2560x1440@60 \
output.DP-11.scale.1 \
output.DP-13.enable \
output.DP-13.position.0,0 \
output.DP-13.mode.2560x1440@100 \
output.DP-13.scale.1 \
output.DP-13.primary \
output.eDP-2.disable
# Show only on the roku TV
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.primary \
output.DP-11.mode.3840x2160@60 \
output.DP-11.scale.2 \
output.DP-13.disable \
output.eDP-2.disable
# Mirror the builtin display to the roku tv
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.primary \
output.DP-11.mode.3840x2160@60 \
output.DP-11.scale.2 \
output.eDP-2.enable \
output.eDP-2.mode.1920x1080@60 \
output.eDP-2.scale.1 \
output.eDP-2.position.0,0
```
Reference in New Issue View Git Blame Copy Permalink