MicroOS Desktop on Lenovo X1 Gen 10
Report on MiroOS on a Lenovo X1 Carbon Gen 10. Overal excellent experience, everything feels fast and application graphics and very fast.
H/W compatibility problems
-
Webcam not supported out of box, din’t try to fix.
-
Built-in sound not supported out of box, didn’t yet try to fixBuild-in sound works with Kernel V6.4.6
The wwan module interferes with suspend, remove temporarily with:
sudo rmmod mtk_t7xx
or permanently with:
sudo sh -c 'echo "blacklist mtk_t7xx" >> /etc/modprobe.d/blacklist.conf '
Linux 6.8
Suspend problem on linux 6.8 only. Keep on longterm kernel:
sudo transactional-update pkg install kernel-longterm
SSD
After about 1 year of service replaced the internal NVME with Samsung 980 Pro 2TB. Easy to replace, appears to work very well.
Whole-disk encyption
Can enable whole-disk encryption during installation using following sequence:
- Boot install media as normal and go through setup steps up until “summary of changes”
- In summary click on the partitioning entry
- Do advanced partition
- Click “start with current”
- Simply click on the encryption checkbox for the main BTRFS partition
The password needs to be entered during the boot sequence, any automatic reboot will stop at that stage.
Flatpack notes
Install flatseal and use to tighten up the security of flatpacks.
Firefox flatpack profiles are in /home/bnikolic/.var/app/org.mozilla.firefox/.mozilla/firefox
For Zotero add .zotero
to persisent directories, I’ve added
~/Zotero
for the sqllite and ~/ZFiles
for ZotFile-managed
attachments.
For Davmail add persistent directory .davmail
, then start with
flatpak run org.davmail.DavMail .davmail/props
to ensure
properties are saved there. Generate certificates as described
https://davmail.sourceforge.net/sslsetup.html for clients which
require encrypted access. Office 365 works well, imap and smptp.
- Use O365Modern, check logs for the URL for authenticate the devmail app. O365Interactive did not work, perhaps due to flatpak sandbox
Flatpak document portal
Technology for flatpak to give access on a file-by-file basis to applications.
See all files with permissions in this wasy
flatpak documents --columns=origin,application
To see info about individual file:
flatpak document-info <filename>
Distrobox
Use distrobox for creating application and development environments with easy connections to the window system, sound etc. To create isolated environment, generate a command with “distrobox create …. -d” then edit the output to remove the host home directory bindings.
Snapper
Use snapper to do snapshots of filesystems. It is enabled by default
for root, to enable for /home
do:
sudo snapper -c home create-config /home
See snapshots:
sudo snapper -c home list
See what has changed since a snapshot (0 is current version, 167 appens to be the last snapshot at time of writing)
sudo snapper -c home status 167..0 | less
Workloads with a lot of churn of generated data do not do well with snapper, e.g.:
- Big compiled software builds
- Container images, PIP packages
- Data processing intermediate products
Keep these on separate btrfs volumes so they can be not snapshotted/are done to a different schedule:
sudo btrfs subvolume create /path/of/subvol
sudo chown -R bnikolic /path/of/subvol
sudo chgrp -R bnikolic /path/of/subvol
Eventually managed to corrupt the BTRFS volume… perhaps due to fatigue in the NVME drive or due to unclean shutdowns. The following command is very useful for recovery of data. Do this first, before any write operations!
mount -t btrfs -o ro,rescue=all /dev/dvc /mnt/target
Snapper can not create snapshot
If a “Creating snapshot failed.” error is seen, for example :
sudo transactional-update
[sudo] password for :
Checking for newer version.
transactional-update 4.6.6 started
Options:
Separate /var detected.
2024-05-01 15:07:36 tukit 4.6.6 started
2024-05-01 15:07:36 Options: -c20 open
Creating snapshot failed.
ERROR: `snapper create --from 20 --read-write --cleanup-algorithm number --print-number --description 'Snapshot Update of #20' --userdata 'transactional-update-in-progress=yes'` returned with error code 1.
transactional-update finished
the issue is possibly to do with quotas again. Fix by replacing the
# btrfs qgroup for space aware cleanup algorithms
QGROUP="1/0"
with something empty
QGROUP=""
in snapper conf file (e.g. /etc/snapper/configs/root
)
See https://github.com/openSUSE/snapper/issues/894#issuecomment-2054220427 and https://forum.armbian.com/topic/37473-snapper-fails-to-create-a-btrfs-snapshot-if-cleanup-algorithm-is-used/
Software issues
Came across big issue with “btrfs_cleaner” consuming CPU cycles and slowing down the system. Solved by disable quotas:
sudo btrfs quota disable /home
See https://www.suse.com/support/kb/doc/?id=000020696 for background for the problem.
Automatic reboots
OS will request automatic reboots after updates, control this as follows:
https://users.suse.com/~kukuk/SUSE-CaaSP-Docu/rebootmgrctl.1.html
See strategy:
sudo rebootmgrctl get-strategy
See the reboot/maintenance window:
sudo rebootmgrctl get-window
Is machine requested to reboot?
sudo rebootmgrctl status
To disable automatic system updates:
systemctl --now disable transactional-update.timer
SELinux
Version starting with Linux kernel 6.3 enable SELinux. This will force a re-labelling of all filesystems, which will take a significant amount of time during boot making it look like the system is not responding. The message is like: “A start job is running Relabel /home (x / unlimited) “
To debug issues like this:
- Remove “quiet” boot option to be able to see what is going on
- Remove selinux boot options in order to confirm SELinux is causing the issue
After the first relabel, boot continues fine and further reboots are quick as normal
VMs
Gnome Boxes flatpack works for basic VMs but ended up installing and using virt-manager and friends, as per:
https://en.opensuse.org/Portal:MicroOS/Virtualization
Install emu-hw-display-qxl for qxl, qemu-spice, qemu-hw-usb-host for host device usb etc.
Ensure virtio disk driver (install, boot in safe mode so kernel picks this up) for good io performance. Ensure QXL for good graphics. Fix poor text by using cleartype.
DNS
Setup dnsmasq so that containers continue to have DHCP after moving networks:
# echo -e "[main] \ndns=dnsmasq" > /etc/NetworkManager/conf.d/dns.conf
NB: -e
flag so that the newline combination \n
is interpreted
See: https://wiki.archlinux.org/title/NetworkManager, https://github.com/containers/podman/issues/14412
Thermal management
Possible to overheat the laptop CPU to lockup… Hence install thermald:
sudo transactional-update pkg install thermald
Smartctl
Install
sudo transactional-update pkg install smartmontools
to monitor drive health.
Strongswan
For VPN. Install packages NetworkManager-applet-strongswan
,
NetworkManager-strongswan
.
By default the nm
component looks for certificates in wrong place:
https://bugzilla.opensuse.org/show_bug.cgi?id=1216564.
Temp fix:
sudo n/microos-tools/devel-tools/microos-rw
sudo ln -s /var/lib/ca-certificates/pem /usr/share/ca-certificates
sudo n/microos-tools/devel-tools/microos-ro