Tested with:
- Fedora 36
- Fedora 37
- Fedora 38
Unable to install due to hard requirement on kernel version 6.0.18-300, which isn't built for Fedora 38
- Download latest Fedora Server ISO
- https://alt.fedoraproject.org/
- Older versions can be downloaded from here
netinstis the one to choose
- Create live installation image
- https://docs.fedoraproject.org/en-US/quick-docs/creating-and-using-a-live-installation-image/
- Fedora Media Writer can be installed with
sudo dnf install liveusb-creator
- Boot to USB drive
- Spam
Esckey to enter Startup menu
- Spam
- Choose English as installation language
- Under Software Selection choose KDE Plasma Workspaces
- Additional software:
- KDE Applications
- Additional software:
- Add Estonian to keyboard layouts
- Under Installation Destination choose custom Storage Configuration
- When sparing existing
homepartition just wipe all other existing "Unknown" partitions when manually partitioning - Be sure not to tick the little box that asks to wipe all other file systems under "Unknown"
- When sparing existing
- Click + icon and set up partitions as follows:
- Mount point: /boot/efi
- Desired capacity: 500M
- Device type: Standard Partition
- File System: EFI System Partition
- Mount point: /boot
- Desired capacity: 1G
- Device type: Standard Partition
- File System: xfs
- Mount point: /
- Desired capacity: 100G
- Device type: LVM
- File System: xfs
- Encrypt: yes
- Volume Group: fedora
- LUKS version: luks2
- Label: root
- Update Settings
- /home
- Desired capacity: leave blank and that fill up everything else
- Device type: LVM
- File System: xfs
- Encrypt: yes
- Volume Group: fedora
- LUKS version: luks2
- Label: home
- Update Settings
- Enter disk encryption passphrase
- Use one from previous install or enter new one
- 5779225450
- Mount point: /boot/efi
- When creating users make non-root user an administrator
- Reboot into system
- Set up passwordless
sudo:- Last line in file
$ sudo visudo
...
#includedir /etc/sudoers.d
+ usrme ALL=(ALL) NOPASSWD:ALLsudo dnf install git firefox openssl -y- This is installed prior to make the rest of the bootstrap steps easier
- Download personal SSH keys from Nextcloud into
~/.ssh/ - Download work SSH keys from work Google Drive into
~/.ssh - Enable forwarding
- https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
/etc/ssh/ssh_configForwardAgent yes
- JetBrains Mono Nerd Font: https://www.nerdfonts.com/font-downloads
- Overpass: https://overpassfont.org/
- San Francisco: https://github.com/blaisck/sfwin
- Fira Sans: https://fonts.google.com/specimen/Fira+Sans
- Right click downloaded archive
- Extract
- Extract archive here, autodetect subfolder
- Extract
- Alt+F2 and Font Management
- Install from File
- Select all files from relevant directories
- Install system-wide
- Install from File
- https://github.com/usrme/machine-setup
- Reboot the system
- Download bookmark backup from Nextcloud and restore
- Extensions
- uBlock Origin
- Bypass Paywalls Clean
- SponsorBlock
- Dark Reader
- https://addons.mozilla.org/en-US/firefox/addon/darkreader/
- Open extension, Site List, Invert listed only
- Nord
- Enable compact mode: https://support.mozilla.org/en-US/kb/compact-mode-workaround-firefox
- Fonts:
- Proportional: Serif, Size: 15
- Serif: Overpass
- Sans-serif: Overpass
- Monospace: Overpass Mono, Size: 13, Minimum font size: 13
- Allow pages to choose their own fonts, instead of your selections above: yes
- Apply Nord theme:
#2E3440,#3B4252,#88C0D0,#2E3440,#3B4252,#D8DEE9,#A3BE8C,#81A1C1,#3B4252,#D8DEE9 - Apply Catppuccin theme:
#303446,#F8F8FA,#A6D189,#303446,#232634,#C6D0F5,#A6D189,#EA999C,#303446,#C6D0F5
- Flatpak documentation
- Add remote for Flatpak:
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - Install Signal:
flatpak install flathub org.signal.Signal -y - Modify Signal's
.desktopfile at/var/lib/flatpak/app/org.signal.Signal/current/active/export/share/applications/org.signal.Signal.desktop:- Gleaned from: flathub/org.signal.Signal#116
-Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=signal --file-forwarding org.signal.Signal @@u %U @@
+Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=signal --file-forwarding org.signal.Signal @@u %U @@ --use-tray-icon- Start Signal from that same file from a file manager
- Pin to Task Manager
- Initial guide modified as follows
- Follow every relevant portion, but to just set up YubiKey to easily bypass lockscreen, then do not modify anything else except
/etc/pam.d/kdeas follows:- Adding the
auth sufficient pam_u2f.soline below as the guide suggests will not work, which is why it is added above - While the initial portion works just fine, then you'll still need to input a password for KWallet, which kind of negates the comfort
- Another useful link
- Adding the
#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth sufficient pam_u2f.so
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
#-session optional pam_ck_connector.so
- Identify encrypted device:
$ sudo lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
zram0 [SWAP]
nvme0n1
├─nvme0n1p1 vfat FAT16 63FA-5AF2 493,6M 1% /boot/efi
├─nvme0n1p2 xfs ea62f33e-9e16-462d-9797-9a79c6ca166c 806,9M 20% /boot
└─nvme0n1p3 LVM2_member LVM2 001 gysTys-KwoA-84Qj-ypUA-dG0T-auCy-reXsYT
├─fedora_fedora-root crypto_LUKS 2 ed78d89a-caf6-4526-a6ff-0075532beeea
│ └─luks-ed78d89a-caf6-4526-a6ff-0075532beeea xfs root c21bf21b-4f2d-4f71-8e59-fba7c2656a96 90,8G 9% /
└─fedora_fedora-home crypto_LUKS 2 4715b989-56d9-4e53-84b7-8615dd51ac9b
└─luks-4715b989-56d9-4e53-84b7-8615dd51ac9b xfs home 62e7d7e8-fc93-488c-91f5-062ff2e9d255 347,9G 7% /home- Add entry to
/etc/fstab:
/dev/mapper/luks-ed78d89a-caf6-4526-a6ff-0075532beeea / xfs defaults,x-systemd.device-timeout=0 0 0
+ /dev/mapper/luks-4715b989-56d9-4e53-84b7-8615dd51ac9b /home xfs defaults 0 0
UUID=ea62f33e-9e16-462d-9797-9a79c6ca166c /boot xfs defaults 0 0
UUID=63FA-5AF2 /boot/efi vfat umask=0077,shortname=winnt 0 2- Add entry to
/etc/crypttab:
luks-ed78d89a-caf6-4526-a6ff-0075532beeea UUID=ed78d89a-caf6-4526-a6ff-0075532beeea none discard
+ luks-4715b989-56d9-4e53-84b7-8615dd51ac9b UUID=4715b989-56d9-4e53-84b7-8615dd51ac9b none discard- Reboot and there should be a prompt for the passphrase after which the partition should be mounted to
/homeagain - Links: