fedora workstation install

new distro


fedora workstation install

new distro

fedora workstation

For work, we can install some flavor of linux, I think the only hard requirement is that it runs the corporate spy agent made by jumpcloud. Previously, I ran Ubuntu 22.04 but that installation slowly decayed over time. So what better thing to do than to start fresh?


After a bit of head scratching and experimentation, I went ahead an installed Fedora Workstation 38. The jumpcloud agent we were required to install technically only supported 37, but I couldn't find a suitable download link easily. The default setup of Fedora Workstation comes with GNOME, but I sort of knew I wanted Sway. I attempted to install using their Sway spin but couldn't get the installer to actually do anything.

The installer is pretty straightforward. Select language, timezone, disk, disk encryption, and just wait a bit.

first boot

On first boot, you create a user from the ui. Once in, connect to the internet! Finally, update the system and reboot.

$ sudo dnf update
$ sudo dnf upgrade

installing tools

Now for setting up my preferred dev environment.

system setup

Set the machine name and enable a few repos, plus the most basic of tools.

# choose a name for the computer
$ hostnamectl hostname luna

# add/enable some third party repos
$ sudo dnf config-manager --set-enabled google-chrome
$ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
$ sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
$ sudo dnf config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/rhel/9/Teleport/%{_arch}/stable/v13/teleport.repo")"
$ sudo dnf install \
  google-chrome-stable \
  kitty \
  neovim \
$ usermod --shell /usr/bin/zsh user

Grab a copy of my dotfiles

$ mkdir .ssh && cd .ssh
$ ssh-keygen -t ed25519
$ git clone git@github.com:seankhliao/config.git
$ mv config/* config/.git config/.gitignore -t .config
$ rmdir config

and relog / reboot

desktop switch

Now to switch over to sway.

# switch out the desktop environment
$ sudo dnf install \
  akmod-nvidia \
  grim \
  mako \
  slurp \
  sway \
  sway \
  swaybg \
  swayidle \
  swaylock \
  sway-systemd \
  wf-recorder \
  wireplumber \
  wofi \
# edit to set --unsupported-gpu for nvidia
$ nvim /usr/share/wayland-sessions/sway.desktop
$ systemctl enable --user --now mako
quality of life

Power management

$ sudo dnf install \
  powertop \
  tlp \
$ sudo systemctl enable tlp tlp-sleep powertop

yubikey setup for sudo / unlock

# for the first key
$ pamu2fcfg -o pam://luna -i pam://luna > u2f_keys
# for subsequent keys
$ pamu2fcfg -o pam://luna -i pam://luna -n >> u2f_keys
$ sudo cp u2f_keys /etc/u2f_keys

# add it to the auth flows
#   auth 	    sufficient  				 pam_u2f.so origin=pam://luna appid=pam://luna authfile=/etc/u2f_keys cue [cue_prompt=touche]
$ nvim /etc/pam.d/system-auth
dev tools

Some tools are in the fedora repos

# dev tools that are in the repo.
$ sudo dnf install \
  bat \
  containerd.io \
  docker-buildx-plugin \
  docker-ce \
  docker-ce-cli \
  docker-compose \
  docker-compose-plugin \
  docker-distribution \
  exa \
  fzf \
  git-delta \
  go \
  helm \
  htop \
  i3status \
  pre-commit \
  ripgrep \
  shellcheck \
  teleport-ent \

Others can be built from source with Go

$ go env -w GOPROXY=https://proxy.golang.org,direct
$ go env -w GOPRIVATE=github.com/snyk
$ go install github.com/ankitpokhrel/jira-cli/cmd/jira@latest
$ go install github.com/derailed/k9s@latest
$ go install github.com/gokcehan/lf@latest
$ go install github.com/GoogleCloudPlatform/docker-credential-gcr@latest
$ go install github.com/google/go-containerregistry/cmd/gcrane@latest
$ go install github.com/google/ko@latest
$ go install github.com/hashicorp/terraform-ls@latest
$ go install github.com/mikefarah/yq/v4@latest
$ go install github.com/sigstore/cosign/v2/cmd/cosign@latest
$ go install github.com/wagoodman/dive@latest
$ go install golang.org/x/tools/gopls@latest
$ go install golang.org/x/vuln/cmd/govulncheck@latest
$ go install go.seankhliao.com/repos@latest
$ go install go.seankhliao.com/t@latest
$ go install honnef.co/go/tools/cmd/staticcheck@latest
$ go install mvdan.cc/gofumpt@latest
$ go install mvdan.cc/sh/v3/cmd/shfmt@latest

Some just are binary releases installed into /usr/local/bin:

And then we have the little ecosystem of extra plugin managers

And some dev tools from npm

$ sudo npm i -g bash-language-server
$ sudo npm i -g dockerfile-language-server-nodejs
$ sudo npm i -g prettier
$ sudo npm i -g typescript-language-server
$ sudo npm i -g vscode-langservers-extracted
$ sudo npm i -g yaml-language-server
config tweaks

For the non repo tools, some have zsh completions that can be generated:

$ tool completion zsh > ~/.config/zsh/_tool
zsh functions

copy over my tree of login configs and the functions for switching

function ctx() {
    local config="${1}"
    if [[ -z "${config}" ]]; then
        config=$(cd ~/.config/argocd/  && rg --files | rg -v .prex-ctx | sort | fzf)
    if [[ -n "${config}" ]]; then
        export ARGOCD_OPTS="--config ${XDG_CONFIG_HOME}/argocd/${config}"
        export KUBECONFIG="${XDG_CONFIG_HOME}/kube/${config}"
        echo "ctx ${config}"

function actx() {
    local aws_profile="${1}"
    if [[ -z "${aws_profile}" ]]; then
        aws_profile=$(rg '^\[profile (.*)\]$' -r '$1' -N ~/.aws/config | sort | fzf)
    if [[ -n "${aws_profile}" ]]; then
        export AWS_PROFILE="${aws_profile}"
        echo "actx ${aws_profile}"

copy over my chrome-newtab fork


copy over zsh history


Change .config/git/local.conf

    gpgSign = true

    format = ssh

[gpg "ssh"]
    allowedSignersFile = ~/.ssh/git/allowed_signers

    gpgSign = true

    email = me@example.com
    name  = me
    signingKey = ~/.ssh/id_ed25519