# Fedora System Setup Congratulations on your new install! Now, let's set the system up. _Note: This document details the system level setup only. For user level setup that is remembered in the user home directories, see [Fedora User Setup](fedora-user-setup.md). This is originally written for Fedora 39 and updated to Fedora 40._ Rename your system in `Settings` -> `About`. ## UEFI Limit the battery charge to 95%. ## System packages Your first `dnf` install would probably ask you to confirm the Fedora GPG key, which you may find the fingerprint of at . `dnf install vim-enhanced mosh keepassxc thunderbird-wayland mpv obs-studio wl-clipboard qrencode xournalpp gstreamer1-plugins-bad-free-extras gnome-extensions-app gnome-shell-extension-gsconnect nautilus-gsconnect kernel-tools mozilla-openh264 gstreamer1-plugin-openh264 trash-cli ripgrep gnome-tweaks goldendict-ng gcc-c++ gimp alacritty clang clang-tools-extra bat helix fish kdiskmark kiwix-desktop` ### As needed `dnf install gnome-usage install rlwrap mediainfo nmap xeyes progress duperemove memtest86+ lm_sensors efitools quearcode qpdf kdenlive stress` ## AMD ``` sudo dnf install rocminfo rocm-smi sudo usermod -a -G render,video $(whoami) ```` Then relog. ## Flathub apps If you are somewhat of a FOSS purist like me and didn't enable third party repositories at the time of install, you may enable Flathub in Software. Use Flatseal to lock down all of them: `dnf install flatseal` You may also use `flatpak permission-show` and `flatpak permission-remove` to clear out any left over dynamic permissions. `flatpak uninstall --delete-data` can clear the app data. - Mission Center - `flatpak install flathub io.missioncenter.MissionCenter` - Use Wayland and disable X11 and its fallback - Resources - `flatpak install flathub net.nokyan.Resources` - Use Wayland and disable X11 and its fallback - Remove `filesystem=host` (sus) - Video Trimmer - `flatpak install flathub org.gnome.gitlab.YaLTeR.VideoTrimmer` - Use Wayland and disable X11 and its fallback - Bottles - `flatpak install flathub com.usebottles.bottles` - Signal - `flatpak install flathub org.signal.Signal` - Use Wayland: `SIGNAL_USE_WAYLAND=1` and disable X11 and its fallback. - Disable `filesystem=host`. Not sure why it would ever be a good idea. [PR that enabled this by default ](https://github.com/flathub/org.signal.Signal/pull/766) mentioned that "Electron broke portals" and some default settings "will never satisfy everyone", but that does not convince me. - Disable `org.freedesktop.login1`. Not sure why it's needed. If you know why, please let me know! - Turn on notifications - Speech Note - `flatpak install net.mkiol.SpeechNote` - `flatpak install net.mkiol.SpeechNote.Addon.amd` - Disable X11 and fallback - Remove: - `xdg-documents` - `xdg-videos` - `xdg-music` - `xdg-desktop` - `xdg-download` - Cameractrls - `flatpak install flathub hu.irl.cameractrls` - Disable X11 and fallback - Denaro - `flatpak install flathub org.nickvision.money` - Disable X11 and fallback - Ungoogled Chromium - `flatpak install flathub io.github.ungoogled_software.ungoogled_chromium` - Disable smart cards, printing system, all user files - Enable GPU acceleration - Remove Other files: `/run/.heim_org.h5l.kcm-socket` - Minecraft (Prism Launcher) - `flatpak install flathub org.prismlauncher.PrismLauncher` - Remove `xdg-download:ro` - Remove `~/.ftba:ro` - Remove `xdg-run/app/com.discordapp.Discord:create` - Remove `/sys/kernel/mm/transparent_hugepage:ro` - Remove `/sys/kernel/mm/hugepages:ro` - Remove `xdg-config/kdeglobals:ro` - Steam - `flatpak install flathub com.valvesoftware.Steam` - Remove `xdg-run/app/com.discordapp.Discord:create` - Geekbench 6 - `flatpak install flathub com.geekbench.Geekbench6` - Remove X11 - `flatpak run com.geekbench.Geekbench6` - `flatpak run com.geekbench.Geekbench6 --compute vulkan` - Slack - `flatpak install flathub com.slack.Slack` - Disable X11, enable Wayland - There are some [suspicious permissions](https://github.com/flathub/com.slack.Slack/issues/217). I would lock them down with Flatseal and use Wayland. - Discord - `flatpak install flathub com.discordapp.Discord` - Remove `xdg-pictures:ro`, `xdg-videos:ro` - Allow background and notifications - Zoom - `flatpak install flathub us.zoom.Zoom` - WeChat - `flatpak install flathub com.tencent.WeChat` - Remove "Owns: `org.kde.*`" - Remove `xdg-download:ro`; why do you need to read it? Isn't write what you are after? ## SSH In `System` -> `Secure Shell`: turn on `Secure Shell` and edit `/etc/ssh/sshd_config` according to `system/sshd/sshd_config-rhel`, or if you are lazy: ``` sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak sudo cp ../system/sshd/sshd_config-rhel /etc/ssh/sshd_config ``` `sudoedit /etc/ssh/sshd_config.d/00-no-gss.conf` and write `GSSAPIAuthentication no` to override `/etc/ssh/sshd_config.d/50-redhat.conf`, which changes the default setting for some stupid reason. (Why does that file exist at all?? Please let me know if you have a clue.) ``` systemctl reload sshd sudo groupadd --system ssh-users sudo usermod -aG ssh-users $(whoami) ``` Finally, log out then log in again for the `usermod` to take effect. If you have just came from a non-SELinux distro (say the Debian family) and see a permission denied message from `sshd` in your logs, use `restorecon -RFv ~/.ssh` to please SELinux. (Don't forget to install Mosh!) ## Framework 16 Put the following into `/etc/udev/rules.d/50-framework-inputmodule.rules`: ``` # Framework Laptop 16 - LED Matrix SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0020", MODE="0660", TAG+="uaccess" ``` Then run `sudo udevadm control --reload && sudo udevadm trigger`