Fedora Workstation install with BTRFS and encryption

June 25, 2023

Overview

This post will cover how to install Fedora Workstation with BTRFS and encryption. It will walk through setting up separate root, home, and boot partitions as well as some initial system configuration. There will be a list of programs to be installed and where they are installed from. I typically use Flatpaks for, what I consider, non-system applications. I also look at how often the Flatpak is updated compared to a yum repository that may be available. A few customizations and appearance tweaks will also be listed.

Installer

Fedora Workstation has a very efficient graphical installer with a sane set of default applications installed. I like the default swap on zram option also. For my install, I choose to have separate boot and efi partitions as well as a BTRFS partition with separate root and home subvolumes. I will encrypt my main partition, but this setup would also allow the boot partition to be LUKS1 encrypted after install, if desired. The following image shows what my partition setup looks like.

After the setup completes, go ahead and reboot the machine. The first time it boots back up, you will be guided through some initial questions and creating the main user account. I typically do not opt in to location sharing and diagnostic data, but I do enable the extra repositories. After providing a user name and password, I go ahead and check for updates to the system. Once that’s done, I have a few more configuration items to complete.

Initial configuration

The computer name should probably be changed to something a little more identifiable, and that can be done from the about tab in system settings. Coming from Arch Linux, I’m accustom to seeing all of the mount options listed in /etc/fstab. I noticed some seemed to be missing on the Fedora install, but it turned out not to be the case. If you just run # mount, it will list all of the mounts along with all of the mount options actually in use. If you installed to an SSD, you want to make sure the fstrim timer is enabled. It should be enabled by default, but you can check by running # systemctl list-timers.

Sometimes I run virtual machines if I need Windows or want to experiment with some other Linux distributions. With BTRFS being a CoW filesystem, you may want to specifically disable CoW for the folder(s) storing your VM images. This can be done as follows:

Gnome Boxes

• Remove existing images folder at ~/.local/share/gnome-boxes/images
• Create subvolume # btrfs subvolume create ~/.local/share/gnome-boxes/images
• Change ownership # chown -R user:user ~/.local/share/gnome-boxes/images
• Disable CoW # chattr +C ~/.local/share/gnome-boxes/images

VirtualBox

• Create new subvolume # btrfs subvolume create ~/VMs
• Change ownership # chown -R user:user ~/VMs
• Disable CoW # chattr +C ~/VMs

You can confirm that CoW is disabled by using the lsattr command. Both of these options will “auto mount” the subvolume since it was created as a nested subvolume under the @home subvolume.

I typically create one additional nested subvolume called Workspace. I create it under my home directory and use it for storing any files that I may not want included in regularly scheduled snapshots of my root and home subvolumes.

Applications

This is just going to be a list of applications that I typically use along with the source I use for installing them. Some of these programs are installed as flatpaks from the flathub repository. The flathub website provides instructions for installing the repository. I occasionally use AppImage files. When I do, I store them in ~/Applications and just launch them manually when needed.

DNF

• cockpit
  • # systemctl enable --now cockpit.socket
  • apps: podman, selinux, machines
• ffmpeg-free (helps/fixes Firefox video playback issues)
• gimp
• gnome-tweaks
• gnome-extensions-app
• gparted
• snapper (setup specifics described in my NAS post)
• vim

Flathub

• arduino 2.0
• calibre
• chromium
• discord
• draw.io
• filezilla
• freecad
• github desktop
• kicad
• Prusa slicer
• thunderbird
  • plugins: TbSync, EDS calendar integration
  • be sure to follow instructions for specific mail providers as some have certain settings for saving sent copies, adding other identities, etc.
• todoist
• vlc

RPM file

• proton mail bridge (download from Proton)
• proton vpn (instructions on Proton’s site)

Specific repositories

• 1Password
  • RPM file does not include a repo
  • Add the repo manually
• Brave
  • Instructions
• OnlyOffice
  • Remove LibreOffice installation
  • Instructions for adding the OnlyOffice repo
• VirtualBox
  • Repository file can be found at the bottom of this page
  • Save the repository in the appropriate directory, then add it with # dnf config-manager --add-repo /etc/yum.repos.d/virtualbox.repo
  • The following programs will then need to be installed with DNF:
    • kernel-devel
    • kernel-devel-matched
    • virtualbox-x.x
    • virtualbox-guest-additions
  • Install extension pack
  • Add user to vboxusers group with # usermod -aG vboxusers user
• VSCode
  • Instructions for adding the yum repository
  • Setting Window -> Title Bar Style to “custom” mimics the Windows title bar and matches the current theme color

Node

• I typically use nvm to manage my local Node JS versions. Volta looks promising though.

Extensions

• Clipboard indicator
• Tiling Assistant
• AppIndicator and KStatusNotifierItem Support
• vitals
• Built-In
  • Applications Menu
  • Places Status Indicator

Zsh shell and Oh My Zsh

I prefer using the Zsh shell over the Bash shell. Fortunately, that is easy to switch. Simply install the Zsh shell with # dnf install zsh. Use $ chsh -l to list the available shells (Fedora may prompt you to install a package), then use chsh -s to set a new shell. In my case, that new shell is /usr/bin/zsh. You’ll need to log out and back in to finalize the shell change. When you first run the Zsh shell, it will prompt you for configuration. I typically just let it create a blank .zsh file since I’m going to install Oh My Zsh anyway. Oh My Zsh is an excellent framework that can be used with the Zsh shell. The install script can be found on the project’s website. There are many themes and plugins that can be used to extend Oh My Zsh. A plugin that I am particularly fond of is Zsh syntax highlighting. One of my favorite themes is Powerlevel10k.

Other misc items

• If you have plans to work with devices such as Arduino and ESPHome, be sure to add your user to the dialout group to allow direct access to the serial ports. This can be done with # usermod -a -G dialout username.
• If you want to run scripts that need to send emails, postfix can be setup to send to external email address as described in my NAS post.
• If you’re using Gnome Boxes to run a Windows guest, you’ll want to install virtio-win-guest inside the Windows guest.
• Be sure to backup the LUKS header as a safety precaution. The Arch Wiki has fairly good instructions for this.

Conclusion

As you can tell, this is a somewhat random collection of information. I know everyone’s system is setup differently, but maybe providing some details on my system will be helpful to someone or spark some ideas. If nothing else, it serves as an excellent reference for me.