Thinkpad P53.md

@@ -166,7 +166,7 @@ Do `ls /dev/disk/by-id` to check the serial numbers and find the correct drive.
 sudo fdisk /dev/nvme0n1
 [Make 2 partitions. The first one with 1G and the second one with the remaining space.]
 sudo cryptsetup luksFormat /dev/nvme0n1p2
-sudo cryptsetup open --allow-discards --persistent /dev/nvme0n1p2 cryptroot
+sudo cryptsetup open /dev/nvme0n1p2 cryptroot
 sudo mkfs.btrfs --csum blake2b -L qubes_dom0 /dev/mapper/cryptroot
 ```
 
@@ -213,9 +213,9 @@ Reboot to apply the changes.
 
 ### Redundant VM storage
 
-Make encrypted partition `/dev/nvme1n1p1` and `/dev/nvme2n1p1`. If the same passphrase as `/dev/nvme0n1p1` is used for encryption, all 3 drives will be unlocked with just 1 prompt during boot.
+Make encrypted partition `/dev/nvme1n1p1` as `cryptdata1` and `/dev/nvme2n1p1` as `cryptdata2`. If the same passphrase as `/dev/nvme0n1p1` is used for encryption, all 3 drives will be unlocked with just 1 prompt during boot.
 
-To get the filesystem UUIDs of of the 2 CRYPTO_LUKS filesystems, run
+To get the filesystem UUID of `cryptdata1` and `cryptdata2`, run
 
 ```bash
 lsblk -o NAME,UUID
@@ -237,9 +237,7 @@ sudo dracut --regenerate-all --force
 Make the new RAID 1 BTRFS filesystem:
 
 ```bash
-sudo cryptsetup --allow-discards --persistent open /dev/nvme1n1p1 cryptdata1
-sudo cryptsetup --allow-discards --persistent open /dev/nvme2n1p1 cryptdata2
-sudo mkfs.btrfs --csum blake2b -m raid1 -d raid1 /dev/mapper/cryptdata1 /dev/mapper/cryptdata2
+sudo mkfs.btrfs --csum blake2b -m raid 1 -d /dev/mapper/cryptdata1 /dev/mapper/cryptdata2
 ```
 
 **Take note of the UUID**.

debian-gnome/debian-gnome.sh

@@ -72,7 +72,7 @@ sudo apt autoremove -y
 # Debloat
 
 # Remove unnecessary stuff from the Qubes template
-sudo apt purge -y gnome-software gnome-system-monitor thunderbird keepassxc
+sudo apt purge -y gnome-software thunderbird keepassxc
 
 # Remove Network + hardware tools packages
 sudo apt purge -y avahi* cups* '*nfs*' rygel '*smtp*' system-config-printer* '*telnet*'

dom0.sh

@@ -38,8 +38,8 @@ sudo chmod +x /etc/qubes-rpc/qubes.VMAuth
 # Set qvm-features
 # Run these after you have installed the fedora-40 and debian-12 templates
 
-# sudo qvm-features fedora-41 default-menu-items 'org.gnome.Nautilus.desktop org.gnome.Ptyxis.desktop'
-# sudo qvm-features fedora-41 netvm-menu-items 'org.gnome.Ptyxis.desktop'
+# sudo qvm-features fedora-40 default-menu-items 'org.gnome.Nautilus.desktop org.gnome.Ptyxis.desktop'
+# sudo qvm-features fedora-40 netvm-menu-items 'org.gnome.Ptyxis.desktop'
 
 # sudo qvm-features debian-12 default-menu-items 'org.gnome.Console.desktop org.gnome.Nautilus.desktop'
 # sudo qvm-features debian-12 netvm-menu-items 'org.gnome.Console.desktop'

fedora-gnome/fedora-gnome.sh

@@ -83,10 +83,9 @@ download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc
 # Setup networking
 # We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net
 
-sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
-download https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf /etc/systemd/system/NetworkManager.service.d/99-brace.conf
-sudo sed -i 's@ReadOnlyPaths=/etc/NetworkManager@#ReadOnlyPaths=/etc/NetworkManager@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf
-sudo sed -i 's@ReadWritePaths=-/etc/NetworkManager/system-connections@#ReadWritePaths=-/etc/NetworkManager/system-connections@' /etc/systemd/system/NetworkManager.service.d/99-brace.conf
+# This breaks saving network settings with the Fedora 40 template rn, so I am commenting it out.
+#sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
+#unpriv curl --proxy http://127.0.0.1:8082 https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
 
 # Disable GJS and WebkitGTK JIT
 download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/environment /etc/environment
@@ -95,16 +94,16 @@ download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main
 echo '
 XDG_CURRENT_DESKTOP=GNOME' | sudo tee -a /etc/environment
 
-# Moving DNF handling to the bottom as the Qubes template just breaks when repos are changed and needs a reboot to fix
+# Moving DNF handownloading to the bottom as the Qubes template just breaks when repos are changed and needs a reboot to fix
+
+# Mark packages as manualy installed to avoid removal
+sudo dnf mark install flatpak gnome-menus qubes-menus
 
 # Remove unwanted groups
 sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'
 
 # Remove unnecessary stuff from the Qubes template
-sudo dnf -y remove gnome-software gnome-system-monitor amd-ucode-firmware '*gpu*' httpd keepassxc thunderbird
-
-# Remove unnecessary stuff from the Fedora-41 template (will be split into whats in the qubes template and whats upstream later)
-sudo dnf -y remove c-ares hiredis
+sudo dnf -y remove gnome-software httpd keepassxc thunderbird
 
 # Remove firefox packages
 sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem
@@ -142,7 +141,7 @@ sudo dnf config-manager --set-disabled fedora-cisco-openh264
 
 # Install custom packages
 # gnome-shell is needed for theming to work
-sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses gnome-shell
+sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme ncurses gnome-shell ptyxis
 
 # Setup hardened_malloc
 sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y

fedora-gnome/hardened-chromium.sh

@@ -25,7 +25,7 @@ download() {
 }
 
 sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened-chromium -y
-sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 rpmfusion-free.enabled=1 rpmfusion-free-updates.enabled=1 rpmfusion-nonfree.enabled=1 rpmfusion-nonfree-updates.enabled=1
+sudo dnf config-manager --enable fedora-cisco-openh264 rpmfusion-free rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates
 sudo dnf install -y ffmpeg hardened-chromium
 sudo dnf update @multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin
 

fedora-gnome/ivpn.sh

@@ -24,7 +24,7 @@ download() {
   unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
 }
 
-sudo dnf config-manager addrepo --from-repofile=https://repo.ivpn.net/stable/fedora/generic/ivpn.repo
+sudo dnf config-manager --add-repo https://repo.ivpn.net/stable/fedora/generic/ivpn.repo
 sudo dnf install -y ivpn-ui
 
 umask 022

fedora-gnome/media.sh

@@ -24,6 +24,6 @@ download() {
   unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
 }
 
-sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 rpmfusion-free.enabled=1 rpmfusion-free-updates.enabled=1 rpmfusion-nonfree.enabled=1 rpmfusion-nonfree-updates.enabled=1
+sudo dnf config-manager --enable fedora-cisco-openh264 rpmfusion-free rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates
 sudo dnf upgrade -y
 sudo dnf install -y ffmpeg yt-dlp

fedora-gnome/mullvad-browser.sh

@@ -24,8 +24,8 @@ download() {
   unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
 }
 
-sudo dnf config-manager addrepo --from-repofile=https://repository.mullvad.net/rpm/stable/mullvad.repo
-sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 rpmfusion-free.enabled=1 rpmfusion-free-updates.enabled=1 rpmfusion-nonfree.enabled=1 rpmfusion-nonfree-updates.enabled=1
+sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mullvad.repo
+sudo dnf config-manager --enable fedora-cisco-openh264 rpmfusion-free rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates
 
 # Install the package
 sudo dnf install -y ffmpeg mullvad-browser

fedora-gnome/mullvad.sh

@@ -24,7 +24,7 @@ download() {
   unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
 }
 
-sudo dnf config-manager addrepo --from-repofile=https://repository.mullvad.net/rpm/stable/mullvad.repo
+sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mullvad.repo
 sudo dnf install -y mullvad-vpn
 
 umask 022