services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab2b033c543df530a25f84be08fed7436df81f9d
homelab/active/os_fedora/fedora-kinoite.md
ducoterra ab2b033c54
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 9m54s
Details
wyoming, borg, grayjay, oh my
2025-05-04 02:34:10 -04:00

218 lines
5.0 KiB
Markdown
Raw Blame History

# Fedora Kinoite
- [Fedora Kinoite](#fedora-kinoite)
- [TPM2 Luks Decryption](#tpm2-luks-decryption)
- [Podman](#podman)
- [Autostarting services with quadlets](#autostarting-services-with-quadlets)
- [rpm-ostree](#rpm-ostree)
- [Git, Vim, etc](#git-vim-etc)
- [Libvirt, Qemu, KVM](#libvirt-qemu-kvm)
- [Network](#network)
- [Hostname](#hostname)
- [VLAN Setup with nmcli](#vlan-setup-with-nmcli)
- [GPU Support in Distrobox](#gpu-support-in-distrobox)
- [Automatic Display Switching](#automatic-display-switching)
## TPM2 Luks Decryption
Mostly taken from here:
<https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95>
PCR reference for `--tpm2-pcrs` args
```text
0: System firmware executable
2: Kernel
4: Bootloader
7: Secure boot state
8: Cmdline
9: Initrd
```
Basic commands:
```bash
# Show tpm2 devices
systemd-cryptenroll --tpm2-device=list
# Show crypto luks block devices
blkid -t TYPE=crypto_LUKS
# Enroll the tpm2 device with systemd-cryptenroll
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9 /dev/nvme0n1p3
# Reenroll
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9
# Append to command line args
rpm-ostree kargs --append=rd.luks.options=tpm2-device=auto
```
When you update you'll need to reenroll. Add this to your ~/.bashrc
```bash
# LUKS TPM2 commands
alias tpm2-reenroll='sudo systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7,8,9'
```
## Podman
Since you'll be using podman for most container-based services, you'll want to set the
the podman auth file to somewhere persistent, otherwise it'll get deleted every time you
reboot.
Add this to your `.bashrc`:
```bash
# Podman auth file
export REGISTRY_AUTH_FILE=$HOME/.podman-auth.json
```
Source that and then run `podman login` to create the file.
### Autostarting services with quadlets
If you want to run something as your user at boot (like a systemd process, think ollama) you can
create a user quadlets like so:
```bash
# Generate the .container file
podman run --rm ghcr.io/containers/podlet --install --description "Local AI" \
podman run \
-d \
-v ollama:/root/.ollama \
-p 11434:11434 \
--name ollama \
--restart always \
docker.io/ollama/ollama > ~/.config/containers/systemd/ollama.container
# Verify the service (Note the filename:service, this is required! You will get "Failed to prepare filename" without it)
systemd-analyze verify ~/.config/containers/systemd/ollama.container:ollama.service
# Start the service
systemctl --user daemon-reload
systemctl --user start ollama
```
## rpm-ostree
Note: if you don't need them, remove extra repos
I removed:
1. rpmfusion-nonfree-steam.repo
2. rpmfusion-nonfree-nvidia-driver.repo
3. google-chrome.repo
4. _copr\:copr.fedorainfracloud.org\:phracek\:PyCharm.repo
```bash
# Search for available packages
rpm-ostree search git
# Install a package
rpm-ostree install git
# Apply the installed package live
rpm-ostree apply-live
# Check what's been layered
rpm-ostree status
```
### Git, Vim, etc
Some packages are nice to have at the system level.
```bash
rpm-ostree install git vim
```
### Libvirt, Qemu, KVM
```bash
rpm-ostree install virt-manager libvirt
systemctl enable --now libvirtd
```
## Network
### Hostname
```bash
sudo hostnamectl hostname reesework16
```
### VLAN Setup with nmcli
```bash
# VLAN 2
nmcli conn
export NMCLI_DEVICE=enp195s0f4u1u3
nmcli connection add type VLAN con-name $NMCLI_DEVICE.2 dev $NMCLI_DEVICE id 2
```
## GPU Support in Distrobox
Fix for `error="failed to check permission on /dev/kfd: open /dev/kfd: invalid argument"`
```bash
# You have to create the video and render group to /etc/group before you can use it
sudo grep -E '^video:' /usr/lib/group | sudo tee -a /etc/group
sudo grep -E '^render:' /usr/lib/group | sudo tee -a /etc/group
sudo usermod -aG video $USER
sudo usermod -aG render $USER
```
Logout and log back in to adopt new groups.
## Automatic Display Switching
```bash
# List displays
# Builtin: eDP-2
# Roku: DP-13
# Lenovo: DP-11
kscreen-doctor -o
# Put the builtin display back to normal
kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.2560x1600@60 \
output.eDP-2.scale.1.25
# Show on Roku TV and Monitor
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.mode.2560x1440@60 \
output.DP-11.scale.1 \
output.DP-13.enable \
output.DP-13.position.0,0 \
output.DP-13.mode.2560x1440@100 \
output.DP-13.scale.1 \
output.DP-13.primary \
output.eDP-2.disable
# Show only on the roku TV
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.primary \
output.DP-11.mode.3840x2160@60 \
output.DP-11.scale.2 \
output.DP-13.disable \
output.eDP-2.disable
# Mirror the builtin display to the roku tv
kscreen-doctor \
output.DP-11.enable \
output.DP-11.position.0,0 \
output.DP-11.primary \
output.DP-11.mode.3840x2160@60 \
output.DP-11.scale.2 \
output.eDP-2.enable \
output.eDP-2.mode.1920x1080@60 \
output.eDP-2.scale.1 \
output.eDP-2.position.0,0
```
Reference in New Issue View Git Blame Copy Permalink