Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-10-15 15:47:23 +02:00
Code Issues Projects Releases Wiki Activity

n/essentialsoftware.md: improve legibility, restore atomic firefox defaults

Browse Source
This commit is contained in:
Aminda Suomalainen 2025-07-19 09:58:48 +03:00
parent 4ba8b17f1b
commit 869ac389fe
Signed by: Mikaela
GPG Key ID: 99392F62BAE30723
1 changed files with 44 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
n/essentialsoftware.md
View File

@ -27,7 +27,9 @@ _{{ page.excerpt }}_
- [pipx](#pipx) - [pipx](#pipx)
- [Homebrew](#homebrew) - [Homebrew](#homebrew)
- [Fedora Atomic](#fedora-atomic) - [Fedora Atomic](#fedora-atomic)
- [Additional rpm-ostree install](#additional-rpm-ostree-install) - [`rpm-ostree install` everywhere](#rpm-ostree-install-everywhere)
- [`rpm-ostree kargs`](#rpm-ostree-kargs)
- [Situational `rpm-ostree install`](#situational-rpm-ostree-install)
- [Flatpaks](#flatpaks) - [Flatpaks](#flatpaks)
- [Communication](#communication) - [Communication](#communication)
- [Gayming](#gayming) - [Gayming](#gayming)
@ -187,26 +189,27 @@ _By which I mean Fedora Kinoite unless otherwise specified._ A system where
everyone runs the same image, except that as this section shows, I add to it a everyone runs the same image, except that as this section shows, I add to it a
bit... bit...
### `rpm-ostree install` everywhere
```bash ```bash
# Ensure third party Fedora repos are available, this is part of KDE Prompt? # Ensure third party Fedora repos are available, this is part of the KDE
# welcome prompt, maybe?
sudo fedora-third-party enable sudo fedora-third-party enable
# Layer packages I need on top of the base image. # Layer packages I need on top of the base image.
sudo rpm-ostree install android-tools cronie cronie-anacron darkman duperemove foot foot-terminfo gamescope git-lfs haveged iwd mangohud mosh mpv oidentd rng-tools setroubleshoot snapd sshguard steam-devices syncthing terminus-fonts-console tmux tor torsocks unbound zsh sudo rpm-ostree install android-tools cronie cronie-anacron darkman duperemove foot foot-terminfo gamescope git-lfs haveged iwd mangohud mosh mpv oidentd rng-tools setroubleshoot snapd sshguard steam-devices syncthing terminus-fonts-console tmux tor torsocks unbound zsh
# Remove packages I don't need from the base image. (Challenge to remove
# nothing failed by using rpmfusion codecs anyway) # Enable automatic updates (check /etc/rpm-ostreed.conf for
sudo rpm-ostree override remove firefox firefox-langpacks # AutomaticUpdatePolicy=stage (or apply for automatic reboots at probably
# Enable automatic updates (check /etc/rpm-ostreed.conf for AutomaticUpdatePolicy=stage (or apply for automatic reboots) and LockLayering=false) # unwanted times & difficulties with encryption passphrase) and
# LockLayering=false unless you want to be stuck with the base image)
sudo systemctl enable rpm-ostreed-automatic.timer --now sudo systemctl enable rpm-ostreed-automatic.timer --now
# Disable bootsplash and kernel message hiding, adjust rootfs fstab,
# REMEMBER TO REMOVE SSD FOR NON-SSD setups! Legacy interface names (eth0, # Apply changes now, fix permission for my /root config
# wlan0) are also nice, like is not letting invalid LUKS password drop into sudo rpm-ostree apply-live && sudo chmod a+x /var/roothome
# root emergency shell. Ensure CPU vulnerability mitigation while at kargs too.
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --delete=rootflags=subvol=root --append=rootflags=subvol=root,noatime,compress-force=zstd:0,ssd --append=net.ifnames=0 --append=rd.shell=0 --append=rd.emergency=halt --append=mitigations=auto,nosmt # footclient (or server) for all users on-demand. Requires
# Another reminder to not use flag SSD above if there is no SSD on the system. # the previous command or reboot
# I would additionally use lockdown=confidentiality (or lockdown=integrity if
# less privacy and security was required, but that prevents shipped osnoise
# module from working.
# footclient (or server) for all users on-demand
sudo systemctl --global enable foot-server.socket sudo systemctl --global enable foot-server.socket
``` ```
@ -222,7 +225,30 @@ Consider also adding
- You need it when using e.g. Broadcom WiFi or `mpv` and receiving - You need it when using e.g. Broadcom WiFi or `mpv` and receiving
`Failed to initialize a decoder for codec 'hevc'.` `Failed to initialize a decoder for codec 'hevc'.`
### Additional rpm-ostree install ### `rpm-ostree kargs`
```bash
# REMOVE ssd FROM rootflags if not on SSD!
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --delete=rootflags=subvol=root --append=rootflags=subvol=root,noatime,compress-force=zstd:0,ssd --append=net.ifnames=0 --append=rd.shell=0 --append=rd.emergency=halt --append=mitigations=auto,nosmt
```
- `rhgb quiet` - These enable graphical boot screen and suppressing more verbose
kernel messages (the other text than `[OK]` from systemd)
- `rootflags=` - the `/etc/fstab` entries for `/` as the file has no effect on
`/` on Atomic. The parameters are explained later on this page.
- `net.ifnames=0` - disables the predictable interface names returning to `eth0`
and `wlan0`. People say the only predictable thing about them is amount of
complaints.
- `rd.shell=0 rd.emergency=halt` - hardening to not enter debug shell upon wrong
encryption password
- `mitigations=auto,nosmt` - enable automatic mitigations for CPU
vulnerabilities including disabling hyperthreading (not default).
- `lockdown={confidentiality,integrity}` - hardening from secure boot being
enabled, locks down realtime changes to kernel including unsigned kernel
modules and in form of blocking default `osnoise` increases hardware
noisiness.
### Situational `rpm-ostree install`
- In general `neilalexander`'s yggdrasil copr makes life easier with - In general `neilalexander`'s yggdrasil copr makes life easier with
`sudo rpm-ostree install yggdrasil` `sudo rpm-ostree install yggdrasil`
@ -313,7 +339,7 @@ ln -nsfv $HOME/.var/app/com.valvesoftware.Steam/.steam $HOME/.steam
#### General purpose #### General purpose
```bash ```bash
sudo flatpak install --assumeyes flathub app.devsuite.Ptyxis com.calibre_ebook.calibre com.dropbox.Client com.github.tchx84.Flatseal com.github.wwmm.easyeffects com.nextcloud.desktopclient.nextcloud com.rafaelmardojai.Blanket de.haeckerfelix.Shortwave io.github.celluloid_player.Celluloid io.mpv.Mpv it.mijorus.gearlever me.kozec.syncthingtk org.fedoraproject.MediaWriter org.gnome.eog org.kde.haruna org.kde.kate org.pulseaudio.pavucontrol org.kde.kwrite org.kde.okular org.qbittorrent.qBittorrent org.torproject.torbrowser-launcher org.mozilla.firefox org.videolan.VLC sudo flatpak install --assumeyes flathub app.devsuite.Ptyxis com.calibre_ebook.calibre com.dropbox.Client com.github.tchx84.Flatseal com.github.wwmm.easyeffects com.nextcloud.desktopclient.nextcloud com.rafaelmardojai.Blanket de.haeckerfelix.Shortwave io.github.celluloid_player.Celluloid io.mpv.Mpv it.mijorus.gearlever me.kozec.syncthingtk org.fedoraproject.MediaWriter org.gnome.eog org.kde.haruna org.kde.kate org.pulseaudio.pavucontrol org.kde.kwrite org.kde.okular org.qbittorrent.qBittorrent org.torproject.torbrowser-launcher org.videolan.VLC
``` ```
- Ptyxis reminds me of a Windows Terminal for Linux - Ptyxis reminds me of a Windows Terminal for Linux
@ -355,8 +381,6 @@ sudo flatpak install --assumeyes flathub app.devsuite.Ptyxis com.calibre_ebook.c
have the capacity to write any image and also restore the USB stick have the capacity to write any image and also restore the USB stick
afterwards. afterwards.
- Tor Browser just must exist everywhere just in case! - Tor Browser just must exist everywhere just in case!
- Firefox is the last major non-Chromium web browser and while installed by
default, it may not survive `flatpak uninstall --all`.
- VLC is a world-famous media player supporting ~everything and the flathub - VLC is a world-famous media player supporting ~everything and the flathub
apparently bundles libdvdcss having the capacity to play DVDs. apparently bundles libdvdcss having the capacity to play DVDs.