Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

francoism90/dotfiles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

143 Commits
.config
.config
 
 
.var/app
.var/app
 
 
etc
etc
 
 
.alias
.alias
 
 
.gitconfig
.gitconfig
 
 
.gitignore
.gitignore
 
 
.nanorc
.nanorc
 
 
README.md
README.md
 
 

Repository files navigation

dotfiles

This is a selection of settings and preferences for my personal OpenSUSE Aeon Desktop and MicroOS installation.

Hopefully the provided instructions are useful, when you also run or decide to move to OpenSUSE. :)

System

To learn more about transactional-update: https://kubic.opensuse.org/documentation/man-pages/transactional-update.8.html.

For example, sometimes you may want to use the --continue arg, shell to use zypper commands, or use apply to prevent a reboot.

Updating

Note: Aeon and MicroOS uses the transactional-update.timer to apply updates daily.

To update the system, the preferred approach is to use dup:

# transactional-update dup
# transactional-update reboot

To disable automatic rebooting after upgrades, which may be useful when you run MicroOS as a server:

# systemctl disable rebootmgr.service

To update Flatpaks:

$ flatpak update
# flatpak update

Maintenance

To clean-up old snapshots:

# transactional-update cleanup
# transactional-update reboot

To view current repositories:

$ zypper lr

To view the packages installed by a repository:

$ zypper search -i -r <repo alias|#|URI>
$ zypper search -i -r packman

To list every package in a repository:

$ zypper pa -ir packman

Kernel

Note: only do this for testing or troubleshooting, it's recommended to always use the provided kernel.

If you want to run the latest kernel, see https://kernel.opensuse.org/master.html for details:

# transactional-update shell
# zypper addrepo https://download.opensuse.org/repositories/Kernel:HEAD/standard/Kernel:HEAD.repo
# zypper refresh
$ zypper lr

To install a version of the master branch:

# transactional-update -i pkg install kernel-default-6.14~rc4 kernel-default-devel-6.14~rc4
$ systemctl reboot

NVIDIA

See the OpenSUSE Wiki for details:

You may get conflicts or warnings, it seems to work fine when you choose to ignore the missing library or package. This seems to happen because the actual depency hasn't been provided yet. It's recommended to keep the snapshot without the NVIDIA drivers applied, just to always to be able to return to a clean state.

Secure Boot

If you use Secure Boot, make sure to always sign the module (you may need to redo this on updates):

# mokutil --import /usr/share/nvidia-pubkeys/MOK-nvidia-driver-<version>-default.der
$ systemctl reboot

After a reboot, enroll the key using the provided password, and validate if the NVIDIA modules are loaded using something like lsmod | grep nv after startup.

Custom Kernel

To built the latest NVIDIA drivers on the master kernel for example, see https://forums.developer.nvidia.com/t/570-release-feedback-discussion/321956/70?page=3:

# transactional-update shell
# cd /usr/src/kernel-modules/nvidia-<version>-default
# <patch> (if needed)
# dracut -vf --regenerate-all
# exit
$ systemctl reboot

It's important to reboot first, afterwards re-run initrd (see Kernel instructions):

# transactional-update initrd
# mokutil --import /usr/share/nvidia-pubkeys/MOK-nvidia-driver-<version>-default.der
# systemctl reboot

Encryption

If you are using encryption on a NVMe/SSD, you may want to improve performance by disabling the workqueue and allow discards (e.g. trim):

# cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --allow-discards --persistent refresh aeon_root

See https://wiki.archlinux.org/title/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance for details.

TPM

The following resources may be helpful:

If you want to use Full Disk Encryption (FDE) with TPM, make sure to (re)enroll when needed:

# SYSTEMD_LOG_LEVEL=debug sdbootutil --ask-pin update-predictions

To verify the current enrollment:

# systemd-cryptenroll /dev/nvme0n1p2
SLOT TYPE
   0 password
   1 tpm2
   2 recovery

If for some reason the enrollment wasn't successful, you may want to reset the TPM and enroll a new key:

# sdbootutil unenroll --method=tpm2
# sdbootutil enroll --method=tpm2 --ask-pw

If for some reason you want to manually enroll:

# cat /etc/sysconfig/fde-tools | grep FDE_SEAL_PCR_LIST=
# systemd-cryptenroll --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=4+5+7+9 /dev/nvme0n1p2

Please note this may require a couple of reboots, and possibly a TPM reset in the BIOS as well.

Filesystem

Trim

Enable the fstrim.timer when using SSD/NVme drives:

# systemctl enable fstrim.timer --now

Btrfs

If you are using Btrfs, you may want to configure https://github.com/kdave/btrfsmaintenance:

# nano /etc/sysconfig/btrfsmaintenance

Enable the Btrfs maintenance timers:

# systemctl enable btrfs-balance.timer btrfs-defrag.timer btrfs-scrub.timer btrfs-trim.timer --now

zram

To enable zwramswap:

# transactional-update -i pkg install systemd-zram-service
# systemctl enable zramswap.service --now

tuned

To enable tuned when using MicroOS:

# transactional-update -i pkg install tuned tuned-profiles-atomic tuned-utils
# systemctl enable tuned --now
# tuned-adm profile atomic-host
# tuned-adm profile

Other tuned profiles exists, for example for database servers.

Software

It is discourage to install software on the root filesystem, see the Aeon Wiki for details.

Codecs

Note this is unsupported, and should only be needed if you want to use codecs outsides Flatpaks and containers.

You may need to install codecs for additional audio and video support.

For full instructions, see https://en.opensuse.org/SDB:Installing_codecs_from_Packman_repositories.

Samba

See the following links for details:

To install Samba:

# transactional-update --continue -i pkg install samba
# smbpasswd -a <username>
# systemctl enable smb nmb --now

When you use firewalld:

# firewall-cmd --permanent --add-service={samba,samba-client,samba-dc}
# firewall-cmd --reload

To allow the sharing of home folders:

# setsebool -P samba_enable_home_dirs 1
# systemctl restart smb nmb

Brave

Depending on your hardware, you may want to enable VA-API and/or Vulkan flags in .var/app/com.brave.Browser/config /brave-flags.conf.

See the following resources for details:

Podman

Enable and use rootless containers:

To learn more about Podman Quadlet, see the following resources:

To enable linger, e.g. keep containers running when logged out:

$ loginctl enable-linger $USER
# loginctl enable-linger root

Firewall

Aeon doesn't come with any firewall, this is by design. Instead you should control ports and services using Podman Quadlet and containers. On MicroOS firewalld should be included.

It's still possible to install firewalld on Aeon, but this may cause Flatpak and container network issues:

# transactional-update -i pkg install firewalld firewalld-bash-completion
# systemctl enable firewalld.service --now

To open ports/services:

# firewall-cmd --permanent --add-service=https
# firewall-cmd --permanent --add-port=8920/tcp
# firewall-cmd --reload

VSCodium / VSCode

The following resources may be useful when you want to use devcontainers and Podman integration:

You may want to use Flatseal to set the following overwrites:

  • Add to Other files: xdg-run/podman:ro
  • Add to Other files: /tmp:rw

Wayland

To enable Wayland support:

$ flatpak override --user --socket=wayland --socket=fallback-x11 --env=ELECTRON_OZONE_PLATFORM_HINT=auto com.visualstudio.code

See flathub/com.visualstudio.code#471 for details.

Ptyxis (Terminal)

To apply opacity (credits):

$ dconf read /org/gnome/Ptyxis/default-profile-uuid
$ dconf write /org/gnome/Ptyxis/Profiles/{profile-uuid}/opacity 0.95

Fish

Install fish in the OpenSUSE distrobox container using BoxBuddy (this is recommended over system packages):

# zypper install fish ibm-plex-mono-fonts ibm-plex-sans-fonts ibm-plex-serif-fonts

To add fish path lookups:

$ fish_add_path ~/.local/bin ~/.config/yarn/global/node_modules/.bin

To disable greeting (welcome message):

$ set -U fish_greeting

Follow https://starship.rs/guide/ to setup Starship, and make sure to set it as default container in Ptyxis and/or BoxBuddy.

Appearance

See https://itsfoss.com/flatpak-app-apply-theme/ instructions for Flatpak theming.

Use Refine to apply customization or dconf-editor - look up keys in /org/gnome/.

Current Theme

Icon Theme (GTK - non-root): https://github.com/PapirusDevelopmentTeam/papirus-icon-theme

Cursor Theme: https://github.com/phisch/phinger-cursors

Fonts: Inter + FiraCode Nerd Font

About

Personal instructions for OpenSUSE Aeon + MicroOS

en.opensuse.org/Portal:Aeon

Topics

linux dotfiles docs atomic containers guide suse opensuse aeon microos podman distrobox

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages