essentialsoftware.md: apparently /etc/fstab doesn't affect root on Fedora Atomic and thus rootflags in kargs is used instead

I read somewhere and updated my Steam Deck and this page with it, while I am supposed to be recovering from common cold or whatever it is in bed, not doing possibly evil things on my systems and Steam Deck is meant for gayming, not whatever the fluff I am doing?
n/essentialsoftware: add setroubleshoot
2025-08-04 19:57:22 +02:00 · 2025-05-10 13:47:02 +03:00 · 2025-05-10 08:36:34 +03:00
1 changed files with 8 additions and 3 deletions
--- a/n/essentialsoftware.md
+++ b/n/essentialsoftware.md
@ -68,6 +68,10 @@ _{{ page.excerpt }}_
    and before `initrd /initramfs-linux-lts.img`...
 - `ufw` for Deb-based or `firewalld` on Fedora (and Kali and Arch Linux, if you
  so choose in the last)
 - `setroubleshoot` on distributions using it gives graphical notifications when
  SELinux has a security warning and thus hints that it might be a good idea to
  take a look at journalctl to see whether it's something that requires action
  either incorrect rule or actually nefarious activity.
 - `sshguard` for mitigating shared systems where others refuse to use keys
 - `needrestart` for knowing when updates actually require services to be
  restarted or a kernel upgrade happens and requires reboot
@ -163,9 +167,10 @@ bit...
 # Ensure third party Fedora repos are available, this is part of KDE Prompt?
 sudo fedora-third-party enable
 # Layer packages I need on top of the base image.
-sudo rpm-ostree install aircrack-ng android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim nmap pipx pre-commit sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound zsh
+sudo rpm-ostree install aircrack-ng android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim nmap pipx pre-commit setroubleshoot sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor torsocks unbound zsh
-# Disable bootscreen, ensure CPU vulnerability mitigation.
+# Disable bootscreen, enable btrfs compression etc. REMEMBER TO REMOVE SSD FOR NON-SSD setups! Ensure CPU vulnerability mitigation.
-sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt
+sudo rpm-ostree kargs --delete=rhgb --delete=quiet --delete=rootflags=subvol=root --append=rootflags=subvol=root,noatime,compress-force=zstd:0,ssd --append=mitigations=auto,nosmt
 # Another reminder to not use flag SSD above if there is no SSD on the system.
 # I would additionally use lockdown=confidentiality (or lockdown=integrity if
 # less privacy and security was required, but that prevents shipped osnoise
 # module from working.
Author	SHA1	Message	Date
Aminda Suomalainen	014af1b56c	essentialsoftware.md: apparently /etc/fstab doesn't affect root on Fedora Atomic and thus rootflags in kargs is used instead I read somewhere and updated my Steam Deck and this page with it, while I am supposed to be recovering from common cold or whatever it is in bed, not doing possibly evil things on my systems and Steam Deck is meant for gayming, not whatever the fluff I am doing?	2025-05-10 13:47:02 +03:00
Aminda Suomalainen	4eaca7b946	n/essentialsoftware: add setroubleshoot	2025-05-10 08:36:34 +03:00