For work, we can install some flavor of linux, I think the only hard requirement is that it runs the corporate spy agent made by jumpcloud. Previously, I ran Ubuntu 22.04 but that installation slowly decayed over time. So what better thing to do than to start fresh?
After a bit of head scratching and experimentation, I went ahead an installed Fedora Workstation 38. The jumpcloud agent we were required to install technically only supported 37, but I couldn't find a suitable download link easily. The default setup of Fedora Workstation comes with GNOME, but I sort of knew I wanted Sway. I attempted to install using their Sway spin but couldn't get the installer to actually do anything.
The installer is pretty straightforward. Select language, timezone, disk, disk encryption, and just wait a bit.
On first boot, you create a user from the ui. Once in, connect to the internet! Finally, update the system and reboot.
1$ sudo dnf update
2$ sudo dnf upgrade
Now for setting up my preferred dev environment.
Set the machine name and enable a few repos, plus the most basic of tools.
1# choose a name for the computer
2$ hostnamectl hostname luna
3
4# add/enable some third party repos
5$ sudo dnf config-manager --set-enabled google-chrome
6$ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
7$ sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
8$ sudo dnf config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/rhel/9/Teleport/%{_arch}/stable/v13/teleport.repo")"
9$ sudo dnf install \
10 google-chrome-stable \
11 kitty \
12 neovim \
13 zsh
14$ usermod --shell /usr/bin/zsh user
Grab a copy of my dotfiles
1$ mkdir .ssh && cd .ssh
2$ ssh-keygen -t ed25519
3$ git clone git@github.com:seankhliao/config.git
4$ mv config/* config/.git config/.gitignore -t .config
5$ rmdir config
and relog / reboot
Now to switch over to sway.
1# switch out the desktop environment
2$ sudo dnf install \
3 akmod-nvidia \
4 grim \
5 mako \
6 slurp \
7 sway \
8 sway \
9 swaybg \
10 swayidle \
11 swaylock \
12 sway-systemd \
13 wf-recorder \
14 wireplumber \
15 wofi \
16 xdg-desktop-portal-wlr
17# edit to set --unsupported-gpu for nvidia
18$ nvim /usr/share/wayland-sessions/sway.desktop
19$ systemctl enable --user --now mako
Power management
1$ sudo dnf install \
2 powertop \
3 tlp \
4 tlp-rdw
5$ sudo systemctl enable tlp tlp-sleep powertop
yubikey setup for sudo / unlock
1# for the first key
2$ pamu2fcfg -o pam://luna -i pam://luna > u2f_keys
3# for subsequent keys
4$ pamu2fcfg -o pam://luna -i pam://luna -n >> u2f_keys
5$ sudo cp u2f_keys /etc/u2f_keys
6
7# add it to the auth flows
8# auth sufficient pam_u2f.so origin=pam://luna appid=pam://luna authfile=/etc/u2f_keys cue [cue_prompt=touche]
9$ nvim /etc/pam.d/system-auth
Some tools are in the fedora repos
1# dev tools that are in the repo.
2$ sudo dnf install \
3 bat \
4 containerd.io \
5 docker-buildx-plugin \
6 docker-ce \
7 docker-ce-cli \
8 docker-compose \
9 docker-compose-plugin \
10 docker-distribution \
11 exa \
12 fzf \
13 git-delta \
14 go \
15 helm \
16 htop \
17 i3status \
18 pre-commit \
19 ripgrep \
20 shellcheck \
21 teleport-ent \
22 terraform
Others can be built from source with Go
1$ go env -w GOPROXY=https://proxy.golang.org,direct
2$ go env -w GOPRIVATE=github.com/snyk
3$ go install github.com/ankitpokhrel/jira-cli/cmd/jira@latest
4$ go install github.com/derailed/k9s@latest
5$ go install github.com/gokcehan/lf@latest
6$ go install github.com/GoogleCloudPlatform/docker-credential-gcr@latest
7$ go install github.com/google/go-containerregistry/cmd/gcrane@latest
8$ go install github.com/google/ko@latest
9$ go install github.com/hashicorp/terraform-ls@latest
10$ go install github.com/mikefarah/yq/v4@latest
11$ go install github.com/sigstore/cosign/v2/cmd/cosign@latest
12$ go install github.com/wagoodman/dive@latest
13$ go install golang.org/x/tools/gopls@latest
14$ go install golang.org/x/vuln/cmd/govulncheck@latest
15$ go install go.seankhliao.com/repos@latest
16$ go install go.seankhliao.com/t@latest
17$ go install honnef.co/go/tools/cmd/staticcheck@latest
18$ go install mvdan.cc/gofumpt@latest
19$ go install mvdan.cc/sh/v3/cmd/shfmt@latest
Some just are binary releases installed into /usr/local/bin:
And then we have the little ecosystem of extra plugin managers
And some dev tools from npm
1$ sudo npm i -g bash-language-server
2$ sudo npm i -g dockerfile-language-server-nodejs
3$ sudo npm i -g prettier
4$ sudo npm i -g typescript-language-server
5$ sudo npm i -g vscode-langservers-extracted
6$ sudo npm i -g yaml-language-server
For the non repo tools, some have zsh completions that can be generated:
1$ tool completion zsh > ~/.config/zsh/_tool
copy over my tree of login configs and the functions for switching
1function ctx() {
2 local config="${1}"
3 if [[ -z "${config}" ]]; then
4 config=$(cd ~/.config/argocd/ && rg --files | rg -v .prex-ctx | sort | fzf)
5 fi
6 if [[ -n "${config}" ]]; then
7 export ARGOCD_OPTS="--config ${XDG_CONFIG_HOME}/argocd/${config}"
8 export KUBECONFIG="${XDG_CONFIG_HOME}/kube/${config}"
9 echo "ctx ${config}"
10 fi
11}
12
13function actx() {
14 local aws_profile="${1}"
15 if [[ -z "${aws_profile}" ]]; then
16 aws_profile=$(rg '^\[profile (.*)\]$' -r '$1' -N ~/.aws/config | sort | fzf)
17 fi
18 if [[ -n "${aws_profile}" ]]; then
19 export AWS_PROFILE="${aws_profile}"
20 echo "actx ${aws_profile}"
21 fi
22}
copy over my chrome-newtab fork
copy over zsh history
Change .config/git/local.conf
[commit]
gpgSign = true
[gpg]
format = ssh
[gpg "ssh"]
allowedSignersFile = ~/.ssh/git/allowed_signers
[tag]
gpgSign = true
[user]
email = me@example.com
name = me
signingKey = ~/.ssh/id_ed25519