• openSUSE ¹⁾
• Tumbleweed ²⁾
• GNOME ³⁾
• KDE ⁴⁾

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist

• \EFI\opensuse\grubx64.efi ⁵⁾

• http://download.videolan.org/pub/vlc/SuSE/Tumbleweed/
• Repository Priority: 98

• Provides extended multimedia support

sudo rpm --import 'http://download.videolan.org/pub/vlc/SuSE/Tumbleweed/repodata/repomd.xml.key' && sudo zypper ar -f 'http://download.videolan.org/pub/vlc/SuSE/Tumbleweed/SuSE.repo' && sudo zypper mr -p 98 'VideoLAN repo (Tumbleweed)'

sudo zypper dup --from 'VideoLAN repo (Tumbleweed)'

• http://download.opensuse.org/repositories/home:/namtrac:/subpixel/openSUSE_Factory/x86_64/
• Repository Priority: 97

• Provides patented subpixel rendering for fonts

sudo rpm --import 'http://download.opensuse.org/repositories/home:/namtrac:/subpixel/openSUSE_Factory/repodata/repomd.xml.key' && sudo zypper ar -f 'http://download.opensuse.org/repositories/home:/namtrac:/subpixel/openSUSE_Factory/home:namtrac:subpixel.repo' && sudo zypper mr -p 97 'subpixel (openSUSE_Factory)'

sudo zypper dup --from 'subpixel (openSUSE_Factory)'

• http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed
• Repository Priority: 96

• Provides Wine Staging

sudo rpm --import 'http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/repodata/repomd.xml.key' && sudo zypper ar -f 'http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/Emulators:Wine.repo' && sudo zypper mr -p 96 'Wine (openSUSE_Tumbleweed)'

sudo zypper dup --from 'Wine (openSUSE_Tumbleweed)'

sudo zypper modifyrepo -d -m 'hd'

• If any extra repositories are being used, be sure to dup from the repo first

sudo zypper clean --all && sudo zypper refresh -f && sudo zypper dup && sync

• Installs nano
• Sets as system-wide default editor
• Sets nowrap and nonewlines for current user

sudo zypper --non-interactive install 'nano' && export 'EDITOR=nano' && echo 'Defaults editor = /usr/bin/nano' | sudo tee '/etc/sudoers.d/nano' > '/dev/null' && echo 'set nowrap' | tee --append ~/'.nanorc' > '/dev/null' && echo 'set nonewlines' | tee --append ~/'.nanorc' > '/dev/null'

sudo zypper install keepassxc android-tools android-tools-udev filezilla aria2 p7zip perl-Image-ExifTool htop unar gdouros-symbola-fonts Mesa-demo-x gstreamer-plugins-libav

rhythmbox gnome-session-wayland

transmission-qt

vlc vlc-codec-gstreamer

• Add these along with the above packages

phonon4qt5-backend-vlc phonon-backend-vlc vlc-qt

wine-staging

intel-vaapi-driver gstreamer-plugins-vaapi

• Also requires a driver depending on the GPU used

zypper search -s 'libvdpau_'

libgstvdpau libvdpau1

sudo rpm --import 'https://dl-ssl.google.com/linux/linux_signing_key.pub' && sudo zypper install 'https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm'

• gnome-shell --replace doesn't work on Wayland session

gnome-terminal

gnome-shell --replace

keepassxc

• konsole -e is an update command that can be assigned to the Break key ⁶⁾

konsole

keepassxc

konsole -e "bash -c 'sudo zypper clean --all && sudo zypper refresh -f && sudo zypper dup && sudo zypper ps -s && sync && read -n1'"

• 4 Tab width
• Insert Spaces for Tab mode

• See VPN.AC

84.200.69.80

84.200.70.40

84.200.69.80,84.200.70.40

2001:1608:10:25::1c04:b12f

2001:1608:10:25::9249:d69b

2001:1608:10:25::1c04:b12f,2001:1608:10:25::9249:d69b

• Sort folders before files
• 2GB File Previews

• See Internet Radio

• 10-notch Transparency

• See I/O Schedulers in order to select an I/O scheduler

scsi_mod.use_blk_mq='y'

acpi_osi='Linux'

i915.enable_guc_loading='2' i915.enable_guc_submission='2'

• Set to half of total cores if Intel HT is enabled

maxcpus='4'

• btusb,hci_uart control Bluetooth
• uvcvideo controls Webcams
• iTCO_wdt controls Intel's Hardware Watchdog
• nowatchdog disables both soft and hard generic watchdogs

modprobe.blacklist='btusb,hci_uart,uvcvideo,iTCO_wdt' nowatchdog

drm.debug='0xe'

usbhid.quirks=0x1B1C:0x1B3C:0x20000000

• Requires namtrac:subpixel repo for Subpixel Rendering to function

• Font Antialiasing
• Force Autohinting On
• Force Hint Style: hintslight
• Subpixel Rendering: rgb
• LCD Filter: lcddefault

• TODO: Change this to a sed command

sudo -e '/etc/gdm/custom.conf'

WaylandEnable=false

• If using external monitor primarily, monitor configuration must be complete before copying config to GDM
• If keyboard shortcuts were set in Xorg session, they may not work in the Wayland session; remove the shortcuts in the Xorg session and then re-set them in Wayland ⁷⁾

• Run this before running GUI applications requiring root
• This needs re-ran after session restart

xhost +LOCAL:

gsettings set 'org.gnome.desktop.peripherals.touchpad' 'send-events' 'disabled-on-external-mouse'

gsettings set 'org.gnome.desktop.peripherals.touchpad' 'natural-scroll' 'false'

gsettings set 'org.gnome.desktop.peripherals.mouse' 'accel-profile' 'flat'

gsettings set 'org.gnome.desktop.peripherals.touchpad' 'tap-to-click' 'false'

gsettings set 'org.gnome.desktop.peripherals.touchpad' 'tap-and-drag' 'false'

gsettings set 'org.gnome.desktop.peripherals.touchpad' 'disable-while-typing' 'false'

• https://extensions.gnome.org/extension/701/top-panel-workspace-scroll
• https://github.com/timbertson/gnome-shell-scroll-workspaces

• Requires gnome-shell-extension-tool provided by gnome-shell-devel

wget -O '/tmp/gnome-shell-scroll-workspaces-master.zip' 'https://github.com/timbertson/gnome-shell-scroll-workspaces/archive/master.zip' && unzip '/tmp/gnome-shell-scroll-workspaces-master.zip' -d '/tmp' && rm -Rf ~/'.local/share/gnome-shell/extensions/scroll-workspaces@gfxmonk.net' && mkdir -p ~/'.local/share/gnome-shell/extensions' && mv '/tmp/gnome-shell-scroll-workspaces-master/scroll-workspaces' ~/'.local/share/gnome-shell/extensions/scroll-workspaces@gfxmonk.net' && rm -R '/tmp/gnome-shell-scroll-workspaces-master.zip' '/tmp/gnome-shell-scroll-workspaces-master' && gnome-shell-extension-tool -e 'scroll-workspaces@gfxmonk.net' && sync

• Desktop Effects → Wobbly Windows
• Desktop Effects → Dim Inactive
• Desktop Effects → Dim Screen for Administrator Mode
• Desktop Effects → Slide Back
• Screen Edges → Switch desktop on edge: Only When Moving Windows
• Virtual Desktops → Number of rows: 1

• Allows KDE Connect through the firewall

sudo -e '/etc/sysconfig/SuSEfirewall2' && sudo systemctl restart 'SuSEfirewall2'

FW_CONFIGURATIONS_EXT="kdeconnect-kde"

sudo -e '/etc/X11/xorg.conf.d/99-libinput-custom.conf'

Section "InputClass"
    Identifier          "libinput pointer custom"
    Driver              "libinput"
    MatchIsPointer      "yes"
    Option              "AccelProfile"                  "flat"
EndSection

Section "InputClass"
    Identifier          "libinput touchpad custom"
    Driver              "libinput"
    MatchIsTouchpad     "yes"
    Option              "AccelProfile"                  "flat"
    Option              "DisableWhileTyping"            "0"
    Option              "MiddleEmulation"               "0"
    Option              "NaturalScrolling"              "0"
    Option              "ScrollMethod"                  "twofinger"
    Option              "SendEventsMode"                "disabled-on-external-mouse"
    Option              "Tapping"                       "0"
EndSection

Section "InputClass"
    Identifier          "libinput touchscreen custom"
    Driver              "libinput"
    MatchIsTouchscreen  "yes"
    Option              "AccelProfile"                  "flat"
EndSection

• Replace sda if necessary
• If using blk-mq, non-mq schedulers aren't present ⁸⁾

cat '/sys/block/sda/queue/scheduler'

• Good for average workloads and responsiveness
• Requires blk_mq and kernel 4.12+

echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/scheduler}="bfq"' | sudo tee '/etc/udev/rules.d/60-scheduler.rules' > '/dev/null' && sudo udevadm control --reload && sudo udevadm trigger

• Requires blk_mq

echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/scheduler}="mq-deadline"' | sudo tee '/etc/udev/rules.d/60-scheduler.rules' > '/dev/null' && sudo udevadm control --reload && sudo udevadm trigger

• If I/O load causes hitching/stuttering, this should not be used
• Requires blk_mq ⁹⁾

echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/scheduler}="none"' | sudo tee '/etc/udev/rules.d/60-scheduler.rules' > '/dev/null' && sudo udevadm control --reload && sudo udevadm trigger

sudo -e '/etc/sysctl.d/99-custom.conf'

kernel.dmesg_restrict = 1
kernel.kptr_restrict = 1
kernel.sysrq = 1

sudo mkdir -p '/etc/NetworkManager/conf.d' && sudo -e '/etc/NetworkManager/conf.d/99-custom.conf'

[device-mac-randomization]
wifi.scan-rand-mac-address=yes

[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random

[connection]
wifi.powersave=2

• http://localhost:631/

nano ~/'.config/pulse/daemon.conf'

resample-method = soxr-vhq
flat-volumes = no

• See Secure Shell

sudo mkdir -p '/etc/systemd/journald.conf.d' && sudo -e '/etc/systemd/journald.conf.d/logging.conf'

[Journal]
SystemMaxUse=50M
RuntimeMaxUse=50M

• Add discard after defaults for the swap mountpoint

sudo -e '/etc/fstab'

discard

sudo systemctl enable 'fstrim.timer' && sudo systemctl start 'fstrim.timer' 'fstrim' --now && sync && sudo systemctl status 'fstrim' -l

• This allows use of Wayland session on multi-graphics computers (like Optimus)

echo 'export MUTTER_ALLOW_HYBRID_GPUS=1' | sudo tee --append '/etc/environment' > '/dev/null'

echo 'export STAGING_SHARED_MEMORY=1' | sudo tee --append '/etc/profile.d/wine-staging.sh' > '/dev/null' && echo 'export STAGING_WRITECOPY=1' | sudo tee --append '/etc/profile.d/wine-staging.sh' > '/dev/null'

• https://blog.packagecloud.io/eng/2017/02/21/set-environment-variable-save-thousands-of-system-calls

echo 'export TZ=:/etc/localtime' | sudo tee '/etc/profile.d/tz.sh' > '/dev/null'

• This sets both allowVendorChange and dupAllowVendorChange to true

sudo sed -i 's/# solver.allowVendorChange = false/solver.allowVendorChange = true/g' '/etc/zypp/zypp.conf' && sudo sed -i 's/# solver.dupAllowVendorChange = false/solver.dupAllowVendorChange = true/g' '/etc/zypp/zypp.conf'

• https://bugzilla.kernel.org/show_bug.cgi?id=195049

sudo zypper --non-interactive install 'hda-verb' && sudo -e '/etc/systemd/system/acer-speakers.service' && sudo systemctl daemon-reload && sudo systemctl enable 'acer-speakers' --now && sudo systemctl status 'acer-speakers' -l

[Unit]
Description=Acer Predator G9-791 Internal Speaker Fix
After=sound.target
Wants=sound.target

[Service]
Type=oneshot
ExecStart='/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x300' '0x9000'
ExecStart='/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x300' '0xa000'
ExecStart='/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x707' '0x60'

[Install]
WantedBy=sound.target

sudo -e '/usr/lib/systemd/system-sleep/acer-speakers.sleep' && sudo chmod +x '/usr/lib/systemd/system-sleep/acer-speakers.sleep'

#!/bin/sh
'/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x300' '0x9000'
'/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x300' '0xa000'
'/usr/bin/hda-verb' '/dev/snd/hwC0D0' '0x1b' '0x707' '0x60'

• This supposedly gives better performance over modesetting
• TearFree was enabled; the man pages say it's disabled by-default though

sudo zypper --non-interactive install 'xf86-video-intel' 'xf86-video-nouveau' && sudo -e '/etc/X11/xorg.conf.d/99-graphics.conf'

Section "Device"
    Identifier      "Skylake GT2"
    Driver          "intel"
    BusID           "PCI:0:2:0"
    Option          "DRI"       "3"
    Option          "TearFree"  "0"
EndSection

Section "Device"
    Identifier      "NV124"
    Driver          "nouveau"
    BusID           "PCI:1:0:0"
    Option          "DRI"       "3"
EndSection

sudo -e '/etc/X11/xorg.conf.d/99-graphics.conf'

Section "Device"
    Identifier      "Optimus"
    Driver          "modesetting"
EndSection

• TODO: Fix

• Not necessary to be ran, only here for reference
• Requires msr-tools

• 0x770 needs to report 1

sudo rdmsr --all --decimal '0x770'

sudo wrmsr --all '0x770' '1'

• 0x1FC needs to be set to whatever it reports

sudo rdmsr --all --decimal '0x1FC'

sudo wrmsr --all '0x1FC' 'x'

sudo -e '/etc/systemd/system/hosts-up.service'

[Service]
Type=oneshot
WorkingDirectory=/tmp
ExecStartPre='/usr/bin/rm' -Rf '/tmp/master.zip' '/tmp/hosts-master'
ExecStartPre='/usr/bin/wget' 'https://github.com/StevenBlack/hosts/archive/master.zip' -O '/tmp/master.zip'
ExecStartPre='/usr/bin/unzip' '/tmp/master.zip' -d '/tmp'
ExecStart='/usr/bin/python3' '/tmp/hosts-master/updateHostsFile.py' --auto --replace --flush-dns-cache --extensions 'gambling' 'fakenews'
ExecStartPost='/usr/bin/rm' -Rf '/tmp/master.zip' '/tmp/hosts-master'
ExecStartPost='/usr/bin/sync'

sudo -e '/etc/systemd/system/hosts-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'hosts-up.timer' --now && sudo systemctl start 'hosts-up' && sudo systemctl status 'hosts-up' -l

[Unit]
Description=Steven Black's Unified Hosts File Sources Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

• Use Disconnect.me strict protection Block List

• https://www.startpage.com

cd ~/'.mozilla/firefox/'*'.default' && nano 'user.js' && cd ~

user_pref("layout.frame_rate.precise", true);
user_pref("mousewheel.min_line_scroll_amount", 40);
user_pref("browser.sessionstore.interval", 300000);
user_pref("extensions.pocket.enabled", false);
user_pref("loop.enabled", false);
user_pref("reader.parse-on-load.enabled", false);
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.cookie.cookieBehavior", 1);
user_pref("browser.sessionstore.privacy_level", 2);
user_pref("browser.cache.disk.enable", false);
user_pref("privacy.popups.disable_from_plugins", 3);
user_pref("dom.battery.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("toolkit.telemetry.enabled", false);
user_pref("privacy.donottrackheader.enabled", true);
user_pref("geo.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("webgl.disabled", true);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("browser.display.use_document_fonts", 0);
user_pref("network.http.referer.userControlPolicy", 2);
user_pref("dom.webaudio.enabled", false);
user_pref("dom.webnotifications.enabled", false);
user_pref("gfx.canvas.azure.accelerated", true);
user_pref("layers.acceleration.force-enabled", true);
user_pref("browser.tabs.remote.autostart", true);
user_pref("browser.tabs.remote.force-enable", true);
user_pref("media.mediasource.ignore_codecs", true);
user_pref("security.ssl.require_safe_negotiation", false);
user_pref("extensions.jid1-BoFifL9Vbdl2zQ@jetpack.showReleaseNotes", false);
user_pref("dom.storage.enabled", true);
user_pref("dom.event.clipboardevents.enabled", true);

• 8 extensions

gio open 'https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/versions' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions' && gio open 'https://www.eff.org/https-everywhere' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/versions' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/https-by-default/versions' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/versions' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions' && gio open 'https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/versions'

• Enable Active Mode
• Don't Log Total Number Of Cookies Deleted
• Don't Show Notification After Cookie CleanUp
• Clean Cookies from Open Tabs on StartUp

• Block Web-exposed subset of chrome URIs
• Update the policy

• Enable Advanced Mode

• Uncheck EasyPrivacy
• Uncheck EasyList
• Check MVPS HOSTS
• Check hpHost's Ad and tracking servers
• Check Dan Pollock's hosts file
• Add the following custom filters

https://secure.fanboy.co.nz/fanboy-problematic-sites.txt
https://secure.fanboy.co.nz/r/fanboy-ultimate.txt
https://secure.fanboy.co.nz/fanboy-antifacebook.txt
https://secure.fanboy.co.nz/fanboy-antifonts.txt
https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/fanboy-cookiemonster.txt
https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/popads-domains-list.txt
https://raw.githubusercontent.com/ryanbr/fanboy-adblock/master/fake-news.txt

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

sudo rpm -e gpg-pubkey-x

zypper lr -p

/usr/share/applications

~/.local/share/applications

/usr/share/icons/hicolor

~/.local/share/icons/hicolor

• Change x to schema or omit it to show all settings

gsettings list-recursively 'x'

pkcon -c '1' refresh && pkcon update

sudo fstrim -v --all

sudo zypper --non-interactive install 'inxi' 'xdpyinfo' && inxi -G

journalctl -e _COMM='gdm-x-session'

gio open '/var/log/Xorg.0.log'

LIBGL_DEBUG='verbose' glxinfo | grep 'libgl'

grep 'MHz' '/proc/cpuinfo'

watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'

df -hT

sudo cryptsetup -v status '/dev/dm-0'

• The suspend is needed to release frozen drive state ¹⁰⁾

systemctl suspend

lsblk

sudo hdparm -I '/dev/sda' | grep 'not'

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda'

sudo hdparm --user-master u --security-erase 'x' '/dev/sda'

sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda'

• Performs security-erase followed by security-erase-enhanced

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase 'x' '/dev/sdb' && sudo hdparm --user-master u --security-set-pass 'x' '/dev/sdb' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sdb' && sync

• This is only verified on Spinesnap, other computers beware as this can cause a brick apparently
• This is an easier way of clearing boot entries outside of efibootmgr and manually deleting each entry

sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v

• This wasn't necessary on openSUSE TW, but should efivars need to be rw, the following command does that

sudo mount -o 'remount' '/sys/firmware/efi/efivars' -o 'rw,nosuid,nodev,noexec,noatime'

sudo mdadm --detail-platform

• https://nouveau.freedesktop.org/wiki/Optimus
• DIS: Discrete GPU
• IGD: Integrated Graphics
• DIS-Audio: The audio device exported by your discrete GPU for HDMI sound playback
• +: This device is connected to graphics connectors
• OFF: The device is powered off
• ON: The device is powered on
• DynOff: The device is currently powered off but will be powered on when needed
• DynPwr: The device is currently powered on but will be powered off when not needed

sudo cat '/sys/kernel/debug/vgaswitcheroo/switch'

sudo cat '/sys/kernel/debug/dri/0/i915_guc_info'

sudo cat '/sys/kernel/debug/dri/0/i915_guc_load_status'

gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'

exiftool -all= *.* -overwrite_original