What are your ‘defaults’ for your desktop Linux installations, especially when they deviate from your distros defaults? What are your reasons for this deviations?

To give you an example what I am asking for, here is my list with reasons (funnily enough, using these settings on Debian, which are AFAIK the defaults for Fedora):

  • Btrfs: I use Btrfs for transparent compression which is a game changer for my use cases and using it w/o Raid I had never trouble with corrupt data on power failures, compared to ext4.

  • ZRAM: I wrote about it somewhere else, but ZRAM transformed even my totally under-powered HP Stream 11" with 4GB Ram into a usable machine. Nowadays I don’t have swap partitions anymore and use ZRAM everywhere and it just works ™.

  • ufw: I cannot fathom why firewalls with all ports but ssh closed by default are not the default. Especially on Debian, where unconfigured services are started by default after installation, it does not make sense to me.

My next project is to slim down my Gnome desktop installation, but I guess this is quite common in the Debian community.

Before you ask: Why not Fedora? - I love Fedora, but I need something stable for work, and Fedoras recent kernels brake virtual machines for me.

Edit: Forgot to mention ufw

  • GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    I don’t think I will ever go back to a filesystem without snapshot support. BTRFS with Snapper is just so damn cool. It’s an absolute lifesaver when working with Nvidia drivers because if you breathe on your system wrong it will fail to boot. Kernel updates and driver updates are a harrowing experience with Nvidia, but snapper is like an IRL cheat code.

    OpenSuse has this by default, but I’m back to good ol’ Debian now. This and PipeWire are the main reasons I installed Debian via Spiral Linux instead of the stock Debian installer. Every time I install a new package with apt, it automatically created pre and post snapshots. Absolutely thrilled with the results so far. Saved me a few hours already, after yet another failed Nvidia installation attempt.

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Nice use case for snapshots! :-) I’ll put it in my backlog, perhaps it is a nice insurance for my crash prone machines.

    • Guenther_Amanita@feddit.de
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Please tell me more about Spiral Linux. I’m not a huge Debian fan personally(at least for desktop), but I often install Linux on other people’s machines. And Mint/ Debian is great for them.

      How does it differ from stock?

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Details on the Spiral Linux web site: https://spirallinux.github.io/

        Key points are BTRFS with Snapper, PipeWire, newer kernels and some other niceties from backports, proprietary drivers/codecs by default, VirtualBox support (which I’ve personally had huge problems with in the past on multiple distros). They also mention font tweaks, but I haven’t done side-by-side comparisons, so I’m not sure exactly what that means.

        Edit: shoutout to Spiral Linux creator @sb56637@lemmy.ca , who posted a few illuminating comments on this older thread: https://lemmy.ca/post/6855079 (if there’s a way to link to posts in an instance-agnostic way on Lemmy, please let me know!)

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        How does it differ from stock?

        Well for one thing their driver support is apparently “harrowing”. 😊

        I will never understand why people choose distributions that will brick themselves when the wind blows, so they add snapshot support as a band-aid, and then they celebrate “woo hoo, it takes pre and post snapshots after every package install!”

        How about using a distro where you never have to restore a snapshot…

        • GenderNeutralBro@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          To clarify, this is my first time using Spiral Linux. My experience regarding Nvidia drivers is across several different distros (most recently Ubuntu LTS and OpenSuse Tumbleweed). I have never had a seamless experience. Often the initial driver installation works, but CUDA and related tools are finicky. Sometimes a kernel update breaks everything. Sometimes it doesn’t play nice with other kernel extensions.

          The Debian version of the drivers didn’t set up Secure Boot properly. Instead, I rolled back and used the generic Nvidia .run installer, which worked fine. Not seamless, obviously, but not really worse than my experience on other distros. In the future I will always just use the generic installers from Nvidia.

          Point is, with BTRFS you can just try anything without fear. I’m not going to worry about installing kernel updates from now on, or driver updates, or anything, because if anything goes wrong, it’s no big deal.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            And my point is that it’s not normal to fear updates. Any updates, but especially updates to essential packages like the kernel or graphics driver.

            If you’re using the experimental branch of a distro or experimental versions of packages on purpose then snapshots are a good tool. But if you’re using a normal distro and its normal packages you should not have to resort to such measures.

            • GenderNeutralBro@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Nvidia just sucks across every distro I’ve used. Have you had good experience running CUDA, cuDNN, and cuBLAS? If so, which distro?

              And have you run it alongside other things that require kernel modules, like ZFS and VirtualBox?

  • sntx@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    1 year ago
    • NixOS
      • disko + nixos-anywhere (automatic partitioning & remote installation of new systems)
      • stylix (system-wide theming)
      • agenix (secret management)
      • impermanence (managing persistent data)
      • nixos containers for sandboxing applications & services (using systemd-nspawn)
    • TMPFS as /
    • LUKS
      • BTRFS as /nix (might try bcachefs)
      • SWAP partition (= RAM size, to susbend to disk)
    • Greetd with TUIgreet (DM)
    • SwayFX (WM)
    • Kitty & foot (term)
    • Nushell (shell)
    • Helix (editor)
    • Firefox (browser)
    • slackhq/nebula (c.f. self-hosted tailscale, connecting my systems beyond double NATs)

    EDIT1: fix “DE” -> “DM”

    • Lupec@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Now that’s quite an interesting NixOS setup, I’m especially intrigued by the tmpfs root portion. The link you provided was a great read, and I’ll keep this and honestly most of what you’ve described in mind for when I mess with NixOS again.

  • lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    1 year ago

    I’ve never had a problem with ext4 after power failure.

    Zram is not a substitute for swap. Your system is less optimal by not having at least a small swap.

    Firewalls should never default to on. It’s an advanced tool and it should be left to advanced users.

    Not to mention how much grief it would cause distro maintainers. If they don’t auto configure the firewall they get blasted by people who don’t know why their stuff isn’t working. If they auto configure they get blasted by people upset that the auto configurator dared change their precious firewall rules. You just can’t win.

    • kylian0087@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Honnestly. Firewalls shut be enabled by default. Specially on laptops connecting to public places.

      A good default shut be choosen by the disteo maintainer. A default shut not overwrite your own config. Like any config really. So no upset folks that like to change the firewall. Also if you dont block much outgoing trafic you are not likely to run into problems. And for people that like to poke holes in the incoming trafic. Your a “advanced” user anyway.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        So what should happen when the user installs a service that needs an open port in order to work? Presumably the whole point of installing it being to, you know, use it.

        • kylian0087@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Their are not many programs that require open ports for incoming trafic. Things like ssh or a web server do. But then again those are services you would manualy want to open anyway.

    • Leny@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Why does not having swap make the system less optimal? Considering obviously it has more than enough ram available.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Swap holds memory pages which are not currently used. Putting them out of the way will optimize the main RAM for normal operations.

        It’s not a huge difference on a modern fast system with lots of actual RAM but it can be felt on older systems and/or less RAM.

    • Jezza@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I have a question about swap.

      My current rig has 64 gb, and I opted to not create a swap partition. My logic being I have more than enough.

      The question is does swap ever get used for non-overflow reasons? I would have expected 64 GB to be more than enough to keep most applications in memory. (including whatever the kernel wants to cache)

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I also have 64 GB and yes, it gets used. For very low quantities, mind you, we’re talking couple hundred KB at most, and only if you don’t reboot for extended periods of time (including suspend time).

        Creating a big swap is not needed, but if you add one that’s a couple hundred MB you will see it gets used eventually.

        You don’t have to create a swap partition, you can create a swap file (with dd, mkswap, swapon and /etc/fstab). You can also look into zswap.

        Swap is not meant as overflow “disk RAM”, it’s meant as a particular type of data cache. It can be used when you run out of RAM but the system will be extremely slow when that happens and most users would just reboot.

      • virtualbriefcase@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I believe so, though I went without swap for a while myself and never noticed any issues. When in doubt a 1gb swap partition can’t hurt.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Start with a small swap file (100 MB) and see how much gets used, no need to waste 1 GB.

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What is the difference between physical swap and having a swap partition on ZRAM, especially for the kernel? To the best of my knowledge, nearly no Linux distribution supports suspend to disk any more, any ZRAM swap looks for the kernel like … swap. Thanks to the virtual file system. Further, I have high trust in the Fedora community, which decided to use ZRAM.

      We can agree to disagree about the firewalls, especially for people who don’t now why their stuff isn’t working, it protects them and is much better than having unconfigured services with open ports on a laptop in a public network IMHO.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Yes Debian, then use Flatpack to get all the latest desktop software and enjoy.

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thanks for the list.

      The way I setup my minimal systems is to uncheck everything during tasksel, then switch to another virtual console, chroot to /target and install what I need. Saves one reboot and hassles, when installing via thump drive. (Did this for Xfce in the past.)

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      I totally love the idea of Fedora Silverblue and UBlue. Played around with Silverblue and perhaps it will replace my Debian installation on my multi media laptop. Still, no substitute for Debian since the kernel is too new/fast changing (problems with VM and I don’t want to pin an old kernel w/o security updates forever) and I have a very custom (but fully automated) setup via Ansible, which wouldn’t work like this on Silverblue. (I would have to use Ansible for the host and then create a lot of custom containers, to the best of my understanding.)

  • d3Xt3r@lemmy.nzM
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    1 year ago

    Nobara KDE user here. One of the reasons why I chose it is because it comes with many of the customisations that I’d normally do (such as using an optimized kernel). But in addition, I use:

    • Opal instead of LUKS
    • KDE configured with a more GNOME/macOS like layout (top panel+side dock)
    • GDM instead of SDDM, for fingerprint login
    • Fingerprint authentication for sudo
    • TLP instead of power-profiles-daemon for better power saving (AMD P-State EPP control, charging thresholds etc)
    • Yakuake terminal (and Kitty for ad-hoc stuff)
    • fish shell instead of bash
    • mosh instead of ssh
    • btop instead of top/htop
    • gdu instead of du/ncdu
    • bat instead of cat
    • eza instead of ls
    • fd instead of find
    • ripgrep instead of grep
    • broot instead of tree
    • skim instead of fzf
    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Impressive list! What is the benefit of using Opal compared to LUKS?

      • d3Xt3r@lemmy.nzM
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Opal drives are self-encrypting, so they’re done by the disk’s own controller transparently. The main advantage is that there’s almost no performance overhead because the encryption is fully hardware backed. The second advantage is that the encryption is transparent to the OS - so you could have a multi-boot OS setup (Windows and FreeBSD etc) all on the same encrypted drive, so there’s no need to bother with Bitlocker, Veracrypt etc to secure your other OSes. This also means you no longer have a the bootloader limitation of not being able to boot from an encrypted boot partition, like in the case of certain filesystems. And because your entire disk is encrypted (including the ESP), it’s more secure.

        • wolf@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Thank you very much for your explanation.

          I still feel skeptical about using a chips controller for encryption. AFAIK there have been multiple problems in the past:

          • Errors in the implementation which weaken the encryption considerably
          • I think I even read about ways to extract the key from the hardware (TPM based encryption)

          Do you provide a password and there are ‘hooks’ which the boot process uses for you to enter the password on boot?

          I think it is nice to have full disk encryption, but usually we are speaking about evil-maid attacks (?), and IMHO it is mostly game over when an attacker has physical access to your device.

  • anothermember@beehaw.org
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Well, almost the opposite of you, I currently use Fedora Silverblue (including BTRFS which I very much appreciate for versioned backups), except that I override GNOME Software (never got it to work properly for me) and Fedora’s Firefox (I use the Firefox from Flathub but not Fedora).

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I feel envious - I would love to run Silverblue like you do! :-)

  • qyron@sopuli.xyz
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Once, some years back, I posted a topic on how could I slim down my Gnome DE.

    It sparked a rather long and complex discussion and the bottom line was that Gnome integration was already at a point where so many parts depended on so many it was not an easy task.

    I opted to move to a GTK compatible DE. Currently I use XFCE but spent years with Mate.

    • wolf@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Xfce / Mate are great (and lightweight) options!

      I used Mate for years, but at some point it became unstable for me. I need Wayland, though, so I have to hold my breath until Xfce supports it in the future.

  • visnudeva@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Xfs filesystem and a kernel with BORE scheduler, which are the default on CachyOs for a faster and snappier system.

  • vettnerk@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Nothing radical, but I’ve used mplayer as default video player since FreeBSD 4.0, and that’s not changing any time soon. VLC is good and all, I just prefer mplayer.

    Oh, and for general purpose storage partitions I use XFS, as it plays nice with beegfs.

  • meow@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago
    • btrfs unless I know I’m not gonna use it that much (might check out bcachefs soon)
    • Kitty as the terminal, life is better without fancy multiplexers
    • Firefox
    • fastfetch > neofetch
    • zsh without oh-my-zsh
    • tbsm as DM (if available)
    • Hyprland as the WM
    • Plasma if I have to use a DE
    • Swapfile instead of partition so I don’t risk losing my data if I don’t have enough memory (haven’t checked out ZRAM yet) Welp that changed quickly, ZRAM looks insane
    • GRUB as bootloader, also a separate install for every distro, kinda just out of fear that I’ll break it somehow
  • Pasta Dental@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Gnome with Wayland: I am just too used to the touchpad gestures and sleek looking apps to go back. Even windows looks and behaves janky in comparison

    Firefox: plain better than the alternatives, the scrolling is so much better under Wayland too

    The auto dark mode GNOME extention: it between dark and light mode depending on the time of day

    Rounded window corners GNOME extension: forces all 4 corners of applications to have rounded corners

    Separate /home partition, very useful for distro hopping or in case just going the nuclear option and reinstalling everything is the easiest way to deal with a breakage