essentialsoftware.md: locklayering was supposed to be false

n/essentialsoftware.md

@@ -91,12 +91,16 @@ _{{ page.excerpt }}_
   had it connect to upstream dns\[crypt\]proxy
   - alternatively configure `systemd-resolved`. Simultaneously
     `systemd-networkd` may be a good idea.
-- `unattended-upgrades` or `dnf-automatic` so security updates are at least
-  downloaded if not even directly installed (see configuration and systemd
-  units!)
+- `unattended-upgrades`, `dnf-automatic` or `rpm-ostreed-automatic` so security
+  updates are at least downloaded if not even directly installed (see
+  configuration and systemd units!)
   - if `dnf-automatic`, consider
     `sudo systemctl enable dnf-automatic-install.{timer,service}` or at least
     `sudo systemctl enable dnf-automatic-download.{timer,service}`
+  - for `rpm-ostree`, `systemctl enable rpm-ostreed-automatic.timer --now`
+    - Remember to check `/etc/rpm-ostreed.conf`, it should say
+      `AutomaticUpdatePolicy=stage` and likely `LockLayering=false` under
+      `[Daemon]`
 
 ## Usability
 
@@ -175,10 +179,12 @@ bit...
 # Ensure third party Fedora repos are available, this is part of KDE Prompt?
 sudo fedora-third-party enable
 # Layer packages I need on top of the base image.
-sudo rpm-ostree install aircrack-ng android-tools btop clang cronie cronie-anacron darkman duperemove foot foot-terminfo gamescope git-lfs haveged htop inxi iucode-tool iwd kate mangohud mosh mpv neovim nmap npm pipx pre-commit qrencode rng-tools rubygem-bundler setroubleshoot sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound vlc zsh
+sudo rpm-ostree install aircrack-ng android-tools btop cronie cronie-anacron darkman duperemove foot foot-terminfo gamescope git-lfs haveged htop inxi iwd mangohud mosh mpv neovim nmap npm pipx pre-commit qrencode rng-tools rubygem-bundler setroubleshoot sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound vlc zsh
 # Remove packages I don't need from the base image. (Challenge to remove
 # nothing failed by using rpmfusion codecs anyway)
 sudo rpm-ostree override remove firefox firefox-langpacks
+# Enable automatic updates (check /etc/rpm-ostreed.conf for AutomaticUpdatePolicy=stage and LockLayering=false)
+sudo systemctl enable rpm-ostreed-automatic.timer --now
 # Disable bootsplash and kernel message hiding, adjust rootfs fstab,
 # REMEMBER TO REMOVE SSD FOR NON-SSD setups! Legacy interface names (eth0,
 # wlan0) are also nice. Ensure CPU vulnerability mitigation while at kargs too.
@@ -187,6 +193,8 @@ sudo rpm-ostree kargs --delete=rhgb --delete=quiet --delete=rootflags=subvol=roo
 # I would additionally use lockdown=confidentiality (or lockdown=integrity if
 # less privacy and security was required, but that prevents shipped osnoise
 # module from working.
+# footclient (or server) for all users on-demand
+sudo systemctl --global enable foot-server.socket
 ```
 
 Consider also adding
@@ -278,7 +286,7 @@ sudo flatpak install --assumeyes flathub org.freedesktop.Platform.VulkanLayer.Ma
 
 ##### Flatpakked Steam for the flatpak-unaware
 
-Looking at you, handhelddaemon, 2025-05-2025.
+Looking at you, handhelddaemon, 2025-05-28.
 
 ```
 mkdir -vp $HOME/.local/share/
@@ -289,7 +297,7 @@ ln -nsfv $HOME/.var/app/com.valvesoftware.Steam/.steam $HOME/.steam
 #### General purpose
 
 ```bash
-sudo flatpak install --assumeyes flathub com.calibre_ebook.calibre com.dropbox.Client com.github.tchx84.Flatseal com.github.wwmm.easyeffects com.nextcloud.desktopclient.nextcloud com.rafaelmardojai.Blanket de.haeckerfelix.Shortwave io.mpv.Mpv it.mijorus.gearlever me.kozec.syncthingtk org.fedoraproject.MediaWriter org.gnome.eog org.kde.kate org.pulseaudio.pavucontrol org.qbittorrent.qBittorrent org.torproject.torbrowser-launcher org.mozilla.firefox org.videolan.VLC
+sudo flatpak install --assumeyes flathub com.calibre_ebook.calibre com.dropbox.Client com.github.tchx84.Flatseal com.github.wwmm.easyeffects com.nextcloud.desktopclient.nextcloud com.rafaelmardojai.Blanket de.haeckerfelix.Shortwave io.mpv.Mpv it.mijorus.gearlever me.kozec.syncthingtk org.fedoraproject.MediaWriter org.gnome.eog org.kde.kate org.pulseaudio.pavucontrol org.kde.kwrite org.kde.okular org.qbittorrent.qBittorrent org.torproject.torbrowser-launcher org.mozilla.firefox org.videolan.VLC
 ```
 
 - Calibre is the VLC of ebooks, especially if you have an ebook reader
@@ -319,6 +327,8 @@ sudo flatpak install --assumeyes flathub com.calibre_ebook.calibre com.dropbox.C
   install...
 - pavucontrol is the volume manager and needs no introduction especially if one
   looks at it
+- kwrite is the KDE text editor
+- Okular is the KDE document viewer
 - qBittorrent just is the best way to download Linux images since the Fedora
   Media Writer doesn't use P2P and may be a burden for servers, while it does
   have the capacity to write any image and also restore the USB stick
@@ -332,11 +342,12 @@ sudo flatpak install --assumeyes flathub com.calibre_ebook.calibre com.dropbox.C
 #### Office
 
 ```bash
-sudo flatpak install --assumeyes flathub org.libreoffice.LibreOffice org.libreoffice.LibreOffice.BundledExtension.Voikko
+sudo flatpak install --assumeyes flathub org.kde.skanpage org.libreoffice.LibreOffice org.libreoffice.LibreOffice.BundledExtension.Voikko
 # May be huge, especially TeXlive
 sudo flatpak install --assumeyes flathub org.freedesktop.Sdk.Extension.texlive org.kde.kile
 ```
 
+- KDE Scanner app (in case of removing all flatpaks)
 - LibreOffice is world-famous office suite
 - Voikko is Finnish spellchecking support for it
 

txt/obtainium2.txt

@@ -55,6 +55,7 @@ https://github.com/mjaakko/NeoStumbler
 https://github.com/mollyim/mollyim-android
 https://github.com/mollyim/mollyim-android-unifiedpush
 https://github.com/mollyim/mollyim-insider-android
+https://github.com/mpv-android/mpv-android
 https://github.com/Neamar/KISS
 https://github.com/nextcloud/android
 https://github.com/ooni/probe-android