Skip to main content

Installation Runbook

In order to set yourself up to success it's useful to plan out your Bluefin installation into phases so that you can avoid common pitfalls and poorly supported configurations. On Linux-friendly hardware usually just booting into the installation process and clicking through the recommended installer defaults is enough. But you can never be too sure, here's the nitty gritty in case you need it.

💙 Please do not send your loved ones to this page 💙

This runbook is for experienced users who are installing Bluefin for someone else. It is intended to be technical.

Here is a short runbook for the Bluefin installation process. Read the entirety of this documentation in order to ensure survival. (In case of a raptor attack).

Requirements​

Review the Fedora Silverblue installation instructions. Some differences to consider:

  • Use the Fedora Media Writer to create installation media. Other creation methods may not work properly
  • Older BIOS based systems are unsupported, only UEFI systems are supported
  • Dual booting off of the same disk is unsupported, use a dedicated drive for another operating system and use your BIOS to choose another OS to boot off of
  • We strongly recommend using automated partitioning during installation, there are known issues with manual partition on Atomic systems and is unnecessary to set up unless you are on a multi-disk system
  • A stock Bluefin installation is 11GB. Bluefin with developer mode enabled (bluefin-dx) is 19GB

Day 0: Planning​

Most pain points can be addressed directly by planning ahead of time. Note that the term "Day" is an abstract, please do not install Bluefin over the course of three days. Typically an installation should take about twenty minutes.

All Users​

  • Is your hardware Linux friendly?
    • Do you understand the limitations of having an Nvidia GPU? (If applicable?)
      • Nvidia Optimus laptops tend to be particularly troublesome
    • Does the hardware require an out of tree kernel module? This may lead to long term maintenance issues
    • Does the software you use require an out of tree kernel module?
      • VirtualBox and VMWare are not supported
      • Nvidia, Xbox One Controller Support, wl drivers, and v4l2loopback are supported. (These are "best effort", in certain cases we cannot control third party software that breaks with newer versions of the Linux kernel)
      • openzfs is included out of the box. It is used by maintainers regularly and has not yet fallen behind the kernels Bluefin ships. However, we still cannot guarantee this as it is an out of tree kernel module
    • Is your wireless card supported by Linux?
      • Poorly supported cards include Broadcom
      • Check USB-Wifi if you are not sure
    • Is your printer/scanner well supported in Linux?
  • Is the BIOS/UEFI up to date on the device?
    • We recommend having all hardware firmware updates completed and up to date before installation
  • Are the applications you depend on well supported on Flathub?
  • Does your VPN provider provide a wireguard configuration to import into Network Manager?
  • Dedicated disk ready to go?
    • Bluefin does not support dual booting from the same disk
    • Bluefin does not support rebasing from a pre-existing installation of Fedora
  • Remember that this is a custom Fedora based image, it does move at a brisk pace compared to something like Ubuntu LTS
  • Read this documentation in its entirety, here's some associated upstream documentation:

Developers​

Day 1: Deployment and Configuration​

Deployment​

Download Bluefin

Download the right ISO from the website

  • Install the operating system
    • Use the entire disk with automatic partitioning
    • (Optional): Set up Secure Boot
    • (Optional): ujust rebase-helper to move to :stable or :latest
  • Set up, test, and verify backups - While the system image is reproducible data, your user data in your home folder still needs to be backed up. Bluefin ships with two backup utilities depending on your preference. They are installed as Flatpaks so you can remove the one you don't use. rclone and restic are also preinstalled if you prefer command line tools

Configuration​

The rest of these steps are user specific configuration and something that we tend to leave up to you. Automating this step is a good place to use tools like chezmoi for dotfile configuration and syncing: brew install chezmoi

Since the user space is all in your home directory, just about any tool you use to automate this step should work as you expect. Ideally, configuration that you might have done at the system level in the past is configured at your user level now, leading to a clean seperation between user configuration and the system image.

  • Software Installation
    • Use GNOME Software to install Flatpaks
      • (Optional): Use Flatseal to manage Flatpak permissions if appropriate
    • (Optional): Install Command line applications via brew
  • Post-installation Configuration
  • (Optional) Developer Configuration
    • ujust devmode and follow the directions
    • Start VSCode and configure your settings and extensions

Day 2: Operations and Maintenance​

Bluefin strives to make maintenance as easy as possible, however many of the automated tasks can be run manually.

  • Run a System Upgrade via the menu option or ujust update to observe an update and reboot
    • ujust changelogs will show incoming changes and updates coming from Fedora
    • ujust bios will reboot the machine and enter the BIOS/UEFI menu. This is useful for booting into a Windows drive
  • Subscribe to the announcements tag on the Universal Blue forums
  • Subscribe to the release notes
  • Understand rebase and rollback procedures
  • Use the Warehouse application to manage Flatpak lifecycle:
    • Pin to an old version or rollback
    • Easily remove applications at once
  • ujust clean-system to clean up old containers and unused flatpak runtimes

And one more piece of advice: The more you invest into day 0, the smoother your day 1 will be, which results in an even smoother day 2. After that, it's all bragging rights. The fastfetch command will be there to remind you of your milestone:

image

Secure Boot​

Secure Boot is supported by default providing an additional layer of security.

Universal Blue supports secure boot with our custom key

After the first installation, you will be prompted to enroll the secure boot key in the mokutil UEFI menu UI (QWERTY keyboard input and navigation).

Then, select "Enroll MOK", and input "universalblue" as the password

If this step is not completed during the initial setup, you can manually enroll the key by running the following command in the terminal:

ujust enroll-secure-boot-key

If you'd like to enroll this key prior to installation or rebase, download the key and run the following:

sudo mokutil --timeout -1
sudo mokutil --import path/to/public_key.der

You can use mokutil --list-enrolled to confirm that the "ublue kernel" key is listed:

image

note

If you see ublue akmods\ listed, it is a former key that is soon to be removed. ublue kernel is the current key.