homelab/active/os_fedora/fedora-workstation.md

Fedora

• Fedora
  • Framework 16 Fixes
    • Wake from Sleep
    • Wrong keys pressed in the browser
  • Podman
    • Autostarting services with quadlets
  • Toolbox
  • Network
    • Firewall
    • VLAN Setup with nmcli
  • ZRAM
  • Libraries
    • Common Libraries
  • Backups
    • BTRFS Snapshots
  • ROCM
  • Display
    • Scripted Display Modes
  • Fixing generic Wayland icons on task alt tab
  • Tuned Power Profiles

Framework 16 Fixes

Wake from Sleep

The keyboard/mouse can be pressed through the lid while in a backpack. Disable them to prevent wake from sleep.

/etc/udev/rules.d/69-suspend.rules

ACTION=="add", SUBSYSTEM=="acpi", DRIVERS=="button", ATTRS{hid}=="PNP0C0D", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"

# https://askubuntu.com/questions/848698/wake-up-from-suspend-using-usb-device
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", RUN+="/bin/sh -c 'echo disabled > /sys$env{DEVPATH}/power/wakeup'"

Reload

sudo udevadm control --reload-rules && sudo udevadm trigger

Wrong keys pressed in the browser

Sometimes keys will stop working when using search bars or do strange things like move the page around. This seems to be caused by some "alt" keypress combination. Pressing "alt" twice fixes it.

Podman

Since you'll be using podman for most container-based services, you'll want to set the the podman auth file to somewhere persistent, otherwise it'll get deleted every time you reboot.

Add this to your .bashrc:

# Podman auth file
export REGISTRY_AUTH_FILE=$HOME/.podman-auth.json

Source that and then run podman login to create the file.

Autostarting services with quadlets

If you want to run something as your user at boot (like a systemd process, think ollama) you can create a user quadlets like so:

# Generate the .container file
podman run --rm ghcr.io/containers/podlet --install --description "Local AI" \
  podman run \
  -d \
  -v ollama:/root/.ollama \
  -p 11434:11434 \
  --name ollama \
  --restart always \
  docker.io/ollama/ollama > ~/.config/containers/systemd/ollama.container

# Verify the service (Note the filename:service, this is required! You will get "Failed to prepare filename" without it)
systemd-analyze verify ~/.config/containers/systemd/ollama.container:ollama.service

# Start the service
systemctl --user daemon-reload
systemctl --user start ollama

Toolbox

toolbox create
toolbox enter

Network

Firewall

Set the default firewall to drop

sudo firewall-cmd --set-default-zone=drop
sudo firewall-cmd --reload

Allow KDE Connect via 1714-1764 tcp/udp

# Set source address to allow connections
sudo firewall-cmd \
--zone=drop \
--permanent \
--add-port=1714-1764/udp \
--add-port=1714-1764/tcp

sudo firewall-cmd --reload

You can check if the firewall is working via nmap from another machine

Note, add -r to scan ports in order.

Note, add -vv to increase verbosity.

Note, add -A to perform OS detection, host lookup, etc.

Note, use -F to perform a quick scan against common ports.

export NMAP_HOST=10.2.0.49

# Scan for common ports on TCP
nmap -sT $NMAP_HOST

# Scan all ports on TCP
nmap -sT -p- $NMAP_HOST

# Scan specific port on TCP
nmap -sT -p5432 $NMAP_HOST

# Scan range of ports on TCP
nmap -sT -p1024-9999 $NMAP_HOST

# Scan for common ports on UDP
nmap -sU $NMAP_HOST

# Skip host up checking
nmap -Pn -sT $NMAP_HOST

# Scan all ports for everything (takes a really really long time)
nmap -Pn -sT -sU -p- $NMAP_HOST

# Scan using TCP ACK Ping (More serious check that attempts to bypass firewall, See nmap man page)
nmap -PA -p- $NMAP_HOST

Then, while running a scan:

v / V: Increase / decrease the verbosity level d / D: Increase / decrease the debugging Level p / P: Turn on / off packet tracing ?: Print a runtime interaction help screen

VLAN Setup with nmcli

# VLAN 2
nmcli conn
export NMCLI_DEVICE=enp195s0f4u1u3
nmcli connection add type VLAN con-name $NMCLI_DEVICE.2 dev $NMCLI_DEVICE id 2

ZRAM

Increasing zram size

# Show existing configuration
zramctl
# 
swapoff /dev/zram0
# Reset swap
zramctl -r /dev/zram0

# Set a new size
zramctl --size 4G /dev/zram0

Libraries

Common Libraries

sudo dnf install -y \
make \
gcc \
zlib-devel \
bzip2 \
bzip2-devel \
readline-devel \
sqlite \
sqlite-devel \
openssl-devel \
tk-devel \
libffi-devel \
xz-devel \
libgle-devel

Backups

BTRFS Snapshots

https://en.opensuse.org/openSUSE:Snapper_Tutorial

http://snapper.io/manpages/snapper-configs.html

We'll be using snapper, a tool for automating and controlling snapshot behavior.

dnf install snapper dnf-plugin-snapper

# Allow selinux management
semanage permissive -a snapperd_t

# Note, if you mess something up you can run snapper -c root delete-config to delete
# System configs are stored in /etc/sysconfig/snapper as well as /etc/snapper
snapper -c root create-config /
snapper -c data create-config /path/to/other/data

# Enable automatic snapshots
systemctl enable --now snapper-timeline.timer
# Enable automatic cleanup
systemctl enable --now snapper-cleanup.timer
# Enable snapshots on boot
systemctl enable --now snapper-boot.timer

# List snapshots
snapper -c root list
# Create snapshot manually
snapper -c root create --description "test snapshot"
# Delete first snapshot
snapper -c root delete 1

Note - you probably don't want to keep yearly snapshots. Edit /etc/snapper/configs/root and change TIMELINE_LIMIT_YEARLY= to 0.

ROCM

sudo dnf install \
hipblas-develhipblaslt-devel \
hipcc \
hipcc-libomp-devel \
hipcub-devel \
hipfft-devel \
hipfort-devel \
hiprand-devel \
hiprt-devel \
hipsolver-devel \
hipsparse-devel \
rocalution-devel \
rocblas-devel \
rocfft-devel \
rocm-clang-devel \
rocm-clang-tools-extra-devel \
rocm-cmake \
rocm-comgr-devel \
rocm-core-devel \
rocm-hip-devel \
rocm-libc++-devel \
rocm-libc++-static \
rocm-llvm-devel \
rocm-omp-devel \
rocm-runtime-devel \
rocm-rpp-devel \
rocm-smi-devel \
rocminfo \
rocdecode-devel \
rocjpeg-devel \
rocprim-devel \
rocrand-devel \
rocsolver-devel \
rocsparse-devel \
rocthrust-devel \
roctracer-devel \
miopen

Display

Scripted Display Modes

Put something like these in ~/.bashrc.d/screen.sh

alias screen-reset='kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.2560x1600@165 \
output.eDP-2.scale.1.25'

alias screen-1080='kscreen-doctor \
output.eDP-2.enable \
output.eDP-2.position.0,0 \
output.eDP-2.primary \
output.eDP-2.mode.1920x1080@165 \
output.eDP-2.scale.1'

Fixing generic Wayland icons on task alt tab

https://epergo.com/posts/fix-generic-wayland-icon/

1. Access Window Rules

   Go to “System Settings > Window Management > Window Rules”.

2. Create a New Rule (If None Exist)

   If the application does not have any rules already, create a new one:

   1. Click on “Add New…”
   2. Add a description (e.g., “Application settings for sublime_merge”)
   3. Specify the “Window class (application)”

   If you’re unsure of the value for the window class, click “Detect Window Properties”, then click on the application window. A pop-up with the detected properties will be shown, and you can select the correct value.

3. Add Property

   1. Click on “Add Property” and select “Desktop File Name”.

4. Find the Correct Desktop File Name

   Standard Applications: If the application is installed using your distro’s repositories, check the name in /usr/share/applications/. Flatpak Applications: If it’s a Flatpak package, check the name in /var/lib/flatpak/exports/share/applications/. For example, for Obsidian, it will be md.obsidian.Obsidian (do not include the .desktop suffix).

5. Apply Settings

   Apply the new settings and close the application if it was open. The next time you open the application, it should show the correct icon.

Tuned Power Profiles

Default profiles are in /usr/lib/tuned/profiles.

Configuration file is in /etc/tuned/ppd.conf.

Used tuned-adm CLI to interface with tuned.