MicroOS Desktop on Lenovo X1 Gen 10
Report on MiroOS on a Lenovo X1 Carbon Gen 10. Overal excellent experience, everything feels fast and application graphics and very fast.
H/W compatibility problems
-
Webcam not supported out of box, din’t try to fix.
-
Built-in sound not supported out of box, didn’t yet try to fixBuild-in sound works with Kernel V6.4.6
The wwan module interferes with suspend, remove temporarily with:
sudo rmmod mtk_t7xx
or permanently with:
sudo sh - c 'echo "blacklist mtk_t7xx" >> /etc/modprobe.d/blacklist.conf '
Whole-disk encyption
Can enable whole-disk encryption during installation using following sequence:
- Boot install media as normal and go through setup steps up until “summary of changes”
- In summary click on the partitioning entry
- Do advanced partition
- Click “start with current”
- Simply click on the encryption checkbox for the main BTRFS partition
The password needs to be entered during the boot sequence, any automatic reboot will stop at that stage.
Flatpack notes
Install flatseal and use to tighten up the security of flatpacks.
Firefox flatpack profiles are in /home/bnikolic/.var/app/org.mozilla.firefox/.mozilla/firefox
For Zotero add .zotero
to persisent directories, I’ve added
~/Zotero
for the sqllite and ~/ZFiles
for ZotFile-managed
attachments.
For Davmail add persistent directory .davmail
, then start with
flatpak run org.davmail.DavMail .davmail/props
to ensure
properties are saved there. Generate certificates as described
https://davmail.sourceforge.net/sslsetup.html for clients which
require encrypted access. Office 365 works well, imap and smptp.
Distrobox
Use distrobox for creating application and development environments with easy connections to the window system, sound etc. To create isolated environment, generate a command with “distrobox create …. -d” then edit the output to remove the host home directory bindings.
Snapper
Use snapper to do snapshots of filesystems. It is enabled by default
for root, to enable for /home
do:
sudo snapper -c home create-config /home
See snapshots:
sudo snapper -c home list
See what has changed since a snapshot (0 is current version, 167 appens to be the last snapshot at time of writing)
sudo snapper -c home status 167..0 | less
Software issues
Came across big issue with “btrfs_cleaner” consuming CPU cycles and slowing down the system. Solved by disable quotas:
sudo btrfs quota disable /home
See https://www.suse.com/support/kb/doc/?id=000020696 for background for the problem.
Automatic reboots
OS will request automatic reboots after updates, control this as follows:
https://users.suse.com/~kukuk/SUSE-CaaSP-Docu/rebootmgrctl.1.html
See strategy:
sudo rebootmgrctl get-strategy
See the reboot/maintenance window:
sudo rebootmgrctl get-window
Is machine requested to reboot?
sudo rebootmgrctl status
To disable automatic system updates:
systemctl --now disable transactional-update.timer
SELinux
Version starting with Linux kernel 6.3 enable SELinux. This will force a re-labelling of all filesystems, which will take a significant amount of time during boot making it look like the system is not responding. The message is like: “A start job is running Relabel /home (x / unlimited) “
To debug issues like this:
- Remove “quiet” boot option to be able to see what is going on
- Remove selinux boot options in order to confirm SELinux is causing the issue
After the first relabel, boot continues fine and further reboots are quick as normal
VMs
Gnome Boxes flatpack works for basic VMs but ended up installing and using virt-manager and friends, as per:
https://en.opensuse.org/Portal:MicroOS/Virtualization
DNS
Setup dnsmasq so that containers continue to have DHCP after moving networks:
# echo "[main]
> dns=dnsmasq" > /etc/NetworkManager/conf.d/dns.conf
See: https://wiki.archlinux.org/title/NetworkManager, https://github.com/containers/podman/issues/14412