Tested with:
- Fedora 36
- Fedora 37
- Fedora 38
Unable to install due to hard requirement on kernel version 6.0.18-300, which isn't built for Fedora 38
- Fedora 41
- Download latest Fedora Server ISO
- https://alt.fedoraproject.org/
- Older versions can be downloaded from here
netinstis the one to choose
- Create live installation image
- https://docs.fedoraproject.org/en-US/quick-docs/creating-and-using-a-live-installation-image/
- Fedora Media Writer can be installed with
sudo dnf install liveusb-creator
- Boot to USB drive
- Spam
Esckey to enter Startup menu
- Spam
- Choose English as installation language
- Under Software Selection choose KDE Plasma Workspaces
- Additional software:
- KDE Applications
- Firefox
- Additional software:
- Add Estonian to keyboard layouts
- Under Installation Destination choose custom Storage Configuration
- When sparing existing
homepartition just wipe all other existing "Unknown" partitions when manually partitioning - Be sure not to tick the little box that asks to wipe all other file systems under "Unknown"
- When sparing existing
- Click + icon and set up partitions as follows:
- Mount point: /boot/efi
- Desired capacity: 500M
- Device type: Standard Partition
- File System: EFI System Partition
- Mount point: /boot
- Desired capacity: 1G
- Device type: Standard Partition
- File System: xfs
- Mount point: /
- Desired capacity: 100G
- Device type: LVM
- File System: xfs
- Encrypt: yes
- Volume Group: fedora
- LUKS version: luks2
- Label: root
- Update Settings
- /home
- Desired capacity: leave blank and that fill up everything else
- Device type: LVM
- File System: xfs
- Encrypt: yes
- Volume Group: fedora
- LUKS version: luks2
- Label: home
- Update Settings
- Enter disk encryption passphrase
- Use one from previous install or enter new one
- 5779225450
- Mount point: /boot/efi
- When creating users make non-root user an administrator
- Reboot into system
- Set up passwordless
sudo:- Last line in file
$ sudo visudo
...
#includedir /etc/sudoers.d
+ usrme ALL=(ALL) NOPASSWD:ALLsudo dnf install git -y- This is installed prior to make the rest of the bootstrap steps easier
- Install Chezmoi:
sudo dnf install https://github.com/twpayne/chezmoi/releases/download/v2.53.1/chezmoi-2.53.1-x86_64.rpm -y
- Install Starship:
sudo dnf copr enable atim/starshipsudo dnf install starship
- Install Tailscale
- Install packages
sudo dnf install bat go parallel neovim transmission gopls
- Install 1Password extension in Firefox
- Enable forwarding
- https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
/etc/ssh/ssh_configForwardAgent yes
- JetBrains Mono Nerd Font: https://www.nerdfonts.com/font-downloads
- Atkinson Hyperlegible: https://www.brailleinstitute.org/freefont/
- Just the "Next" variant
- Right click downloaded archive
- Extract
- Extract archive here, autodetect subfolder
- Extract
- Alt+F2 and Font Management
- Install from File
- Select all files from relevant directories
- Install system-wide
- Install from File
- Set system fonts
- Alt+F2 and Fonts
- General: Atkinson Hyperlegible Next 10pt Regular
- Fixed width: JetBrainsMono Nerd Font 10pt Bold
- Small: Atkinson Hyperlegible Next 8pt Regular
- Toolbar: Atkinson Hyperlegible Next 9pt Medium
- Menu: Atkinson Hyperlegible Next 10pt Medium
- Window title: Atkinson Hyperlegible Next 10pt Medium
- Anti-aliasing: Enable
- Sub-pixel rendering: None
- Hinting: Slight
- Alt+F2 and Fonts
- Download bookmark backup from Nextcloud and restore
- Extensions
- uBlock Origin
- Dark Reader
- https://addons.mozilla.org/en-US/firefox/addon/darkreader/
- Open extension, Site List, Invert listed only
- Fonts:
- Proportional: Serif, Size: 16
- Serif: Atkinson Hyperlegible Next
- Sans-serif: Atkinson Hyperlegible Next
- Monospace: JetbrainsMonoNL Nerd Font Mono, Size: 12, Minimum font size: None
- Allow pages to choose their own fonts, instead of your selections above: yes
- Apply Nord theme:
#2E3440,#3B4252,#88C0D0,#2E3440,#3B4252,#D8DEE9,#A3BE8C,#81A1C1,#3B4252,#D8DEE9 - Apply Catppuccin theme:
#303446,#F8F8FA,#A6D189,#303446,#232634,#C6D0F5,#A6D189,#EA999C,#303446,#C6D0F5 - Apply Everforest dark medium theme:
#2B3339,#7A8478,#83C092,#BD6769- Other Everforest themes: https://github.com/itendtostare/everforest-slack
- Flatpak documentation
- Add remote for Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - Install Signal:
flatpak install flathub org.signal.Signal -y - Modify Signal's
.desktopfile at/var/lib/flatpak/app/org.signal.Signal/current/active/export/share/applications/org.signal.Signal.desktop:- Gleaned from: flathub/org.signal.Signal#116
-Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=signal --file-forwarding org.signal.Signal @@u %U @@
+Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=signal --file-forwarding org.signal.Signal @@u %U @@ --use-tray-icon- Start Signal from that same file from a file manager
- Pin to Task Manager
- Initial guide modified as follows
- Follow every relevant portion, but to just set up YubiKey to easily bypass lockscreen, then do not modify anything else except
/etc/pam.d/kdeas follows:- Adding the
auth sufficient pam_u2f.soline below as the guide suggests will not work, which is why it is added above - While the initial portion works just fine, then you'll still need to input a password for KWallet, which kind of negates the comfort
- Another useful link
- Adding the
#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth sufficient pam_u2f.so
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
#-session optional pam_ck_connector.so
- Identify encrypted device:
$ sudo lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
zram0 [SWAP]
nvme0n1
├─nvme0n1p1 vfat FAT16 63FA-5AF2 493,6M 1% /boot/efi
├─nvme0n1p2 xfs ea62f33e-9e16-462d-9797-9a79c6ca166c 806,9M 20% /boot
└─nvme0n1p3 LVM2_member LVM2 001 gysTys-KwoA-84Qj-ypUA-dG0T-auCy-reXsYT
├─fedora_fedora-root crypto_LUKS 2 ed78d89a-caf6-4526-a6ff-0075532beeea
│ └─luks-ed78d89a-caf6-4526-a6ff-0075532beeea xfs root c21bf21b-4f2d-4f71-8e59-fba7c2656a96 90,8G 9% /
└─fedora_fedora-home crypto_LUKS 2 4715b989-56d9-4e53-84b7-8615dd51ac9b
└─luks-4715b989-56d9-4e53-84b7-8615dd51ac9b xfs home 62e7d7e8-fc93-488c-91f5-062ff2e9d255 347,9G 7% /home- Add entry to
/etc/fstab:
/dev/mapper/luks-ed78d89a-caf6-4526-a6ff-0075532beeea / xfs defaults,x-systemd.device-timeout=0 0 0
+ /dev/mapper/luks-4715b989-56d9-4e53-84b7-8615dd51ac9b /home xfs defaults 0 0
UUID=ea62f33e-9e16-462d-9797-9a79c6ca166c /boot xfs defaults 0 0
UUID=63FA-5AF2 /boot/efi vfat umask=0077,shortname=winnt 0 2- Add entry to
/etc/crypttab:
luks-ed78d89a-caf6-4526-a6ff-0075532beeea UUID=ed78d89a-caf6-4526-a6ff-0075532beeea none discard
+ luks-4715b989-56d9-4e53-84b7-8615dd51ac9b UUID=4715b989-56d9-4e53-84b7-8615dd51ac9b none discard- Reboot and there should be a prompt for the passphrase after which the partition should be mounted to
/homeagain - Links:
- Install Raycast
- Change Arc icon: https://gist.github.com/gabe565/9654eea08a9f6c7c1f593049e5bed243
- Install Homebrew:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - Install JetBrains Mono: https://www.jetbrains.com/lp/mono/
- Install Ghostty
- Enable passwordless
sudo: https://apple.stackexchange.com/a/333055 - Install latest Bash:
brew install bash - Install Chezmoi
- Replace ZSH with Bash: https://stackoverflow.com/a/77052639
- Add GitHub SSH key from 1Password: https://developer.1password.com/docs/ssh/manage-keys/
- Use PKCS format for export
- Add SSH key to agent
- Run Chezmoi: https://www.chezmoi.io/quick-start/#set-up-a-new-machine-with-a-single-command
- Install TPM: https://github.com/tmux-plugins/tpm
- Install Wireguard:
brew install wireguard-tools - Configure Wireguard: https://www.reddit.com/r/WireGuard/comments/mxsg4h/comment/hcdbtcb/
- Make sure Moonlander is configured properly:
$ defaults read /Library/Preferences/com.apple.keyboardtype.plist
{
keyboardtype = {
"50475-1133-0" = 40;
"50504-1133-0" = 40;
"6505-12951-0" = 41;
};
}
$ sudo plutil -convert xml1 /Library/Preferences/com.apple.keyboardtype.plist
$ # Edit the 6505-12951-0 entry to have the value of 41 (ISO?)
$ sudo vim /Library/Preferences/com.apple.keyboardtype.plist
$ sudo reboot- Make sure font smoothing is disabled:
$ defaults -currentHost write -g AppleFontSmoothing -int 0
$ reboot- Set mouse speed:
$ defaults write -g com.apple.mouse.scaling 2.5
$ /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u