New computer tasks (for Leap 15.6):

• Set hostname
• Install pyenv, git, subversion, kernel-devel, minicom
• Install ssh-agent service
• Copy .bashrc, .inputrc, .vimrc to user+root
• Set up x0vncserver and open firewall port via YaST

# Update packages
zypper -vvv refresh -f 
zypper update

# Delete obselete repositories
zypper lr -d
zypper rr <REPO_NUM>

# Install git, then pyenv
zypper install git
# See https://github.com/pyenv/pyenv/wiki#suggested-build-environment
curl https://pyenv.run | bash
...  # since /etc/profile sources .bashrc, just put it in there

# Install Docker
zypper install docker docker-compose
usermod -aG docker ...

# Set up SSH keys and SSH agent systemctl



# Note the group user (100)
//192.168.101.165/lightstick /mnt/lightstick cifs credentials=/home/user/.smbcredentials,uid=1000,gid=100,rw,hard,intr,fsc,async,file_mode=0644,dir_mode=0755 0 0

Use AutoFS for mounting instead of the static /etc/fstab. This allows for graceful disconnection (instead of hanging if share is disconnected).

/etc/auto.master

/mnt /etc/autofs.fileserver --timeout 60 --browse

/etc/autofs.fileserver

bitstream  -user,rw,hard,intr bitstream.quantum.nus.edu.sg:/workspace-int
lightstick  -fstype=cifs,credentials=/home/user/.smbcredentials,uid=1000,gid=100,rw,hard,intr,fsc,async,file_mode=0644,dir_mode=0755 ://192.168.101.165/lightstick

Also relatively important to make the journal persistent¹⁾ (journal entries are only held in memory otherwise, since the journal directory does not exist):

# Run this if no storage option has already been specified
user:~$ echo "Storage=persistent" | sudo tee -a /etc/systemd/journald.conf

New user is created via YaST (using sudo yast). For a new setup:

• Add new user
• Add to dialout (for tty access) and wheel (for sudo access)
• Create public/private key pair
• Root access by default governed by root password only, with any user in users group being able to access. Change this to user-based authentication by running sudo visudo and modify /etc/sudoers file according to the code block below.
• Create root password with sudo passwd root

/etc/sudoers

...
## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

...
##
## User privilege specification
##
root ALL=(ALL:ALL) ALL
justin ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL

Firewall defaults are as per usual, unless SSH needs to be disabled. For mesh networking, consider using Tailscale. Command to run Tailscale (and additionally accept subnet routes):

sudo tailscale up --accept-routes

Python to be managed by pyenv as usual. The required build environment is reproduced in the zypper package installation step below:

> zypper install gcc automake bzip2 libbz2-devel xz xz-devel openssl-devel ncurses-devel \
readline-devel zlib-devel tk-devel libffi-devel sqlite3-devel make
> pyenv install 3.10.7
> pyenv versions
> pyenv global 3.10.7
> pip3 install matplotlib scipy numpy tqdm uncertainties pyserial requests pytest pandas jupyter

More updated...

pip3 install matplotlib scipy numpy tqdm uncertainties \
    pyserial requests requests-cache pandas arrow pre-commit

The instructions are located on the official OpenSUSE VNC page. Setup instructions that worked for me as of 2024-10-25, for linking to the main display :0. Note this cannot be done remotely, since it will likely link to the wrong display (and cause blank screens):

user:~$ sudo zypper install xorg-x11-Xvnc
user:~$ vncpasswd     # writes to '/home/<USER>/.vnc/passwd'
user:~$ sudo yast2  # open the firewall port for 5900

and then create the following autostart script, to start "x0vncserver" upon initial login:

~/.config/autostart/x0vncserver.desktop

[Desktop Entry]
Name=x0vncserver
Comment=Remote access for display :0
Exec=x0vncserver -passwordfile /home/<USER>/.vnc/passwd -display :0
Terminal=false
Type=Application
StartupNotify=true

Note that YaST also has a remote management option, which seems to host its own VNC server on display :1, but there's no need to use this feature. I also can't get it to work using the vncserver service with the "plasma" session manager. My general experience with VNC on OpenSUSE has been below average.

Old and possibly deprecated instructions

vncviewer -passwd ~/.vnc/passwd 127.0.0.1:5901

echo ":1=<USER>" >> /etc/tigervnc/vncserver.users
echo "geometry=1920x1080" >> ~/.vnc/config
sudo systemctl enable --now vncserver@:1

vim /etc/firewall.d/config  # Backend=iptables

Most proprietary codebases have binaries uploaded to FlatHub, whose packages can be managed using flatpak.

sudo zypper install flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

SynologyDrive can be installed from here as well, though the Linux varieties do not support online sync.

VLC might be available through here, since the official package distributed in one of OpenSUSE's repositories is outdated. Read the VLC article. New codes for video playback in VLC: zypper in vlc-codecs.

ffmpeg and zoom (using rpm package) could be installed as well. GIMP using flatpakref.

Some thoughts on OpenSUSE as of 2022-11-22, based on my limited experience in Ubuntu, Windows, and macOS. Important pros:

• Built-in apps just work right out the box (albeit with some slight bugs). tigervnc server for instance is straightforward to enable.
• Very sensible security defaults. For example, app downloads and adding repositories always verify GPG keys, something not entirely visible in Ubuntu.
• Smaller nice designs:
  • Built-in virtual displays, with widgets for comics and system statistics.

And for the blockers I've seen thus far:

• Installing software outside of YaST / official repositories can be a hit or miss. Either support is not provided (many smaller softwares tend to focus solely on Ubuntu support) or the build chain is buggy and resources to debug are difficult to find (e.g. build libraries going by different names).
  • Example software are: terminator, and others.
  • Security likely because software is relatively old (and stable)
• Connecting to remote network: Using :1 VNC display seems to be buggy w.r.t. accessing remote network files (cannot read via SFTP, constantly polls SSH server with invalid credentials), difficulties connecting to a SAMBA file server on an RTO-6 oscilloscope
• Smaller software-level issues:
  • Firefox cannot open on two separate VNC instances. Same applies to vscode.
  • Login manager cannot change wallpaper - this is surprisingly hardcoded.
  • Connecting to a network printer was a pain.
  • Dolphin cannot handle drag-and-drop contexts to web browsers, and browsers cannot save files to remote locations.

Just fyi for CQT printer:

Missing kernel signing keys

user:~$ cd /usr/src/linux-5.14.21-150500.55.59/certs
user:~$ vim x509.genkey 
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
 
[ req_distinguished_name ]
CN = Modules
 
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
 
user:~$ openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform PEM -out signing_key.cert.pem -keyout signing_key.key.pem
user:~$ cat signing_key.key.pem signing_key.cert.pem > ../.kernel_signing_key.pem

Because repository refreshing can be rather slow, would be good to disable/delete invalid or outdated repositories.

# List repositories with base URL
zypper repos -u

# Add repositories
# or alternatively, with -gf for GPG checks and autorefresh
# Note if URL does not use HTTPS, then zypper may indicate repo is outdated
zypper ar {{URL}} {{NAME}}
zypper ar -gf {{URL}} {{NAME}}

# Remove repositories
zypper rr {{NAME_OR_SERIAL}}