HackingGate · November 16, 2025 07:10 · HackingGate · Nov 16, 2025
diff --git a/fedora-setup.sh b/fedora-setup.sh
 #!/bin/bash
 set -e
 set -o pipefail

 # Disable GDM auto suspend
 sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
 sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
 # revert it
 #sudo -u gdm dbus-run-session gsettings reset org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
 #sudo -u gdm dbus-run-session gsettings reset org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout
 sudo systemctl restart gdm

 # Set system timezone to Tokyo, Japan
 sudo timedatectl set-timezone Asia/Tokyo

 # Configure hardware clock to use UTC (recommended for Linux)
 sudo timedatectl set-local-rtc 0

 # Display current time and date settings
 timedatectl

 # Reference to guide for making Windows 11 use UTC for hardware clock (for dual-boot systems)
 # https://gist.github.com/HackingGate/180aafbc6342ad4b1cb31309fa83c91a

 # Install essential development tools and utilities
 sudo dnf check-update -y
 sudo dnf upgrade --refresh
 sudo dnf install emacs-nox vim neovim curl wget gh git zsh efibootmgr jq fastfetch htop -y
 sudo dnf group install development-tools -y
 sudo dnf install seahorse -y

 # Install complete multimedia codecs (including non-free)
 # Enable RPM Fusion Free and Non-Free Repos
 sudo dnf install \
  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -y

 # Enable Cisco OpenH264 Repo
 sudo dnf config-manager --set-enabled fedora-cisco-openh264

 # Install RPM Fusion Appstream data (for DNF5 compatibility)
 sudo dnf install 'rpmfusion-*-appstream-data' -y

 # Swap to full ffmpeg with all codec support
 sudo dnf swap ffmpeg-free ffmpeg --allowerasing -y

 # Install GStreamer plugins and codec groups
 sudo dnf group update multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin --allowerasing -y
 sudo dnf group update sound-and-video -y

 # Install hardware acceleration codecs for AMD/Intel GPUs
 sudo dnf swap mesa-va-drivers mesa-va-drivers-freeworld -y
 sudo dnf swap mesa-vdpau-drivers mesa-vdpau-drivers-freeworld -y

 # Install Intel media driver for newer Intel GPUs
 sudo dnf install intel-media-driver -y

 # For NVIDIA (if you use the proprietary driver):
 # sudo dnf install libva-nvidia-driver -y

 # Install Oh My Zsh for better terminal experience
 sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

 # Install Homebrew package manager for Linux
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 echo >> ~/.zshrc
 echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.zshrc
 eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
 brew install gcc

 # Install Brave browser from official repository
 sudo dnf install dnf-plugins-core -y
 sudo dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo
 sudo dnf install brave-browser -y

 # Debloat Brave browser by disabling certain features
 sudo mkdir -p /etc/brave/policies/managed/ && sudo chmod 755 /etc/brave/policies/managed/
 sudo tee /etc/brave/policies/managed/00_debloat.json > /dev/null << 'EOF'
 {
  "TorDisabled": true,
  "BraveRewardsDisabled": true,
  "BraveWalletDisabled": true,
  "BraveVPNDisabled": true,
  "BraveAIChatEnabled": false
 }
 EOF

 # Update Flatpak packages
 sudo flatpak update -y

 # Install GNOME Extensions utility
 sudo flatpak install flathub org.gnome.Extensions -y

 # Install Thunderbird email client
 sudo flatpak install flathub org.mozilla.Thunderbird -y

 # Set Firefox as the default web browser
 xdg-settings set default-web-browser org.mozilla.firefox.desktop

 # Configure Emacs as the default text editor
 echo '
 # Set default editor to Emacs
 export EDITOR="/usr/bin/emacs"
 export VISUAL="/usr/bin/emacs"
 ' >> ~/.zshrc

 # Install 1Password password manager and CLI
 sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc
 sudo tee /etc/yum.repos.d/1password.repo << 'EOF'
 [1password]
 name=1Password Stable Channel
 baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
 enabled=1
 gpgcheck=1
 repo_gpgcheck=1
 gpgkey=https://downloads.1password.com/linux/keys/1password.asc
 EOF
 sudo dnf check-update -y
 sudo dnf install 1password-cli 1password -y
 op --version

 # Setup SSH key from 1Password
 mkdir -p ~/.ssh
 # Sign in to 1Password CLI
 eval $(op signin)
 # Retrieve and install SSH key with specific fingerprint
 echo "Retrieving SSH key with fingerprint SHA256:dsPhhaQhifJccmUhI2ZZIoSnEOUIWYRbSe1TWZs2JuA"
 ITEM_ID="mijcwmynssrwh33ad3mknt77fy"
 op item get "$ITEM_ID" --format json | jq -r '.fields[] | select(.label == "private key") | .value' > ~/.ssh/id_ed25519
 op item get "$ITEM_ID" --format json | jq -r '.fields[] | select(.label == "private key") | .ssh_formats.openssh.value' > ~/.ssh/id_ed25519
 chmod 600 ~/.ssh/id_ed25519.pub
 # Set proper security permissions
 chmod 600 ~/.ssh/id_ed25519
 echo "SSH private and public keys saved to ~/.ssh/"
 eval "$(ssh-agent -s)"
 ssh-add ~/.ssh/id_ed25519

 # Setup git global configuration
 git config --global user.name "HackingGate"
 git config --global user.email "[email protected]"
 git config --global core.editor "emacs"
 git config --global init.defaultBranch main
 git config --global gpg.format ssh
 git config --global commit.gpgSign true
 git config --global user.signingkey ~/.ssh/id_ed25519.pub
 git config --global submodule.recurse true

 # Auto start 1Password for GNOME Shell
 mkdir -p ~/.config/autostart
 cat > ~/.config/autostart/1password.desktop << 'EOF'
 [Desktop Entry]
 Name=1Password
 Exec=/usr/bin/1password --silent %U
 Terminal=false
 Type=Application
 Icon=1password
 StartupWMClass=1Password
 Comment=Password manager and secure wallet
 MimeType=x-scheme-handler/onepassword;
 Categories=Office;
 EOF
 chmod +x ~/.config/autostart/1password.desktop
 echo "1Password autostart configured"

 # Install Tailscale for secure networking
 curl -fsSL https://tailscale.com/install.sh | sh
 sudo tailscale up

 # Install and configure Starship prompt
 brew install starship
 echo 'eval "$(starship init zsh)"' >> ~/.zshrc

 # Install Fira Code monospace font
 sudo dnf install fira-code-fonts -y
 # Install essential fonts including CJK support
 sudo dnf install google-noto-fonts-all google-noto-color-emoji-fonts google-noto-sans-cjk-fonts --allowerasing -y
 # Install regine-specific glyph variants for CJK fonts
 sudo dnf install \
  adobe-source-han-sans-cn-fonts \
  adobe-source-han-sans-tw-fonts \
  adobe-source-han-serif-cn-fonts \
  adobe-source-han-serif-tw-fonts -y
 sudo dnf install wqy-zenhei-fonts wqy-microhei-fonts -y
 fc-cache -fv

 # Update system with latest kernel packages
 sudo dnf upgrade -y

 # Update firmware using fwupd
 sudo fwupdmgr refresh
 sudo fwupdmgr update
 echo "Driver updates completed for kernel $(uname -r)"

 # # Install rEFInd boot manager with secure boot support
 # sudo dnf install rEFInd -y
 # sudo dnf install shim-signed sbsign -y
 # sudo refind-install --shim /boot/efi/EFI/fedora/shimx64.efi --localkeys

 # # Configure rEFInd boot timeout
 # echo "Configuring rEFInd timeout to 5 seconds..."
 # if sudo [ -f /boot/efi/EFI/refind/refind.conf ]; then
 #   CURRENT_TIMEOUT=$(sudo grep -oP 'timeout \K[0-9]+' /boot/efi/EFI/refind/refind.conf)
 #   sudo sed -i 's/timeout [0-9]\+/timeout 5/' /boot/efi/EFI/refind/refind.conf
 #   if [ -n "$CURRENT_TIMEOUT" ]; then
 #     echo "rEFInd timeout changed from $CURRENT_TIMEOUT to 5 seconds"
 #   else
 #     echo "rEFInd timeout set to 5 seconds"
 #   fi
 # else
 #   echo "Warning: rEFInd config not found at /boot/efi/EFI/refind/refind.conf"
 # fi

 # Configure GRUB boot timeout
 # Desired timeout value
 GRUB_TIMEOUT=5
 GRUB_DEFAULT_FILE=/etc/default/grub
 GRUB_CFG_OUT=/boot/grub2/grub.cfg
 echo "Configuring GRUB timeout to $GRUB_TIMEOUT seconds..."
 if [[ -f $GRUB_DEFAULT_FILE ]]; then
  # Try to read the existing value
  current=$(grep -E '^GRUB_TIMEOUT=' "$GRUB_DEFAULT_FILE" | cut -d= -f2-)
  if [[ -n $current ]]; then
    echo "Current GRUB_TIMEOUT is $current"
    # Replace existing line
    sudo sed -i \
      "s|^GRUB_TIMEOUT=.*|GRUB_TIMEOUT=$GRUB_TIMEOUT|" \
      "$GRUB_DEFAULT_FILE"
  else
    echo "GRUB_TIMEOUT not set; adding it"
    # Append setting if missing
    echo "GRUB_TIMEOUT=$GRUB_TIMEOUT" | sudo tee -a "$GRUB_DEFAULT_FILE" >/dev/null
  fi
  # Regenerate grub config
  sudo grub2-mkconfig -o "$GRUB_CFG_OUT"
  echo "GRUB timeout set to $GRUB_TIMEOUT seconds"
 else
  echo "Warning: $GRUB_DEFAULT_FILE not found"
  exit 1
 fi

 # Enable Emacs keybindings across GTK applications
 gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

 # Enable the minimize, maximize, and close buttons on GNOME windows
 gsettings set org.gnome.desktop.wm.preferences button-layout ':minimize,maximize,close'

 # Enable Emacs daemon for better performance for current user (no sudo required)
 systemctl --user enable --now emacs

 # Install Spacemacs for Emacs
 #git clone https://github.com/syl20bnr/spacemacs ~/.emacs.d

 # Configure Caps Lock as Ctrl key
 echo "Setting Caps Lock to function as Ctrl..."
 current_options=$(gsettings get org.gnome.desktop.input-sources xkb-options)
 if [[ $current_options == "@as []" ]]; then
  # No existing options
  gsettings set org.gnome.desktop.input-sources xkb-options "['ctrl:nocaps']"
 else
  # Append to existing options, removing surrounding brackets first
  current_options=${current_options:5:-1}
  gsettings set org.gnome.desktop.input-sources xkb-options "[$current_options, 'ctrl:nocaps']"
 fi

 # Install Refine for GNOME customization
 sudo flatpak install page.tesk.Refine -y

 # Install GNOME Tweaks for additional system settings
 sudo dnf install gnome-tweaks -y

 # Install pipx for isolated Python application installation
 sudo dnf install pipx -y
 pipx ensurepath
 source ~/.zshrc

 # Install GNOME Extensions CLI tool
 pipx install gnome-extensions-cli --system-site-packages

 # Install useful GNOME Shell extensions
 gext install [email protected]
 gext install [email protected]
 gext install [email protected]
 gext install customreboot@nova1545

 # Disable GNOME Shell hot corners feature
 gsettings set org.gnome.desktop.interface enable-hot-corners false

 # Disable tap-to-click for touchpad
 gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click false

 # Install Qt-to-GNOME style bridge
 sudo dnf install adwaita-qt5 qgnomeplatform-qt5 adwaita-qt6 qgnomeplatform-qt6 -y

 # Install fcitx5 input method framework for better CJK input support
 # fcitx5-table-extra provides 倉頡、鄭碼、行列、輕鬆、嘸蝦米輸入法、速成、五筆、筆順五碼、粵語拼音、廣東拼音、港式廣東話、吳語注音
 # Reference: https://chakra-zh.blogspot.com/2015/10/fcitx-chinese-input-on-chakra-linux.html
 sudo dnf install fcitx5 fcitx5-chewing fcitx5-mozc fcitx5-table-extra fcitx5-chinese-addons -y

 # Configure fcitx5 to start automatically
 sudo dnf install fcitx5-autostart -y

 # Install KDE Input Method Panel extension
 gext install [email protected]

 # Install GJS On-Screen Keyboard
 gext install [email protected]

 # # Configure automatic LUKS disk decryption using TPM2
 # sudo systemd-cryptenroll /dev/nvme0n1p3 \
 #   --wipe-slot=tpm2 \
 #   --tpm2-device=auto \
 #   --tpm2-pcrs=7

 # # Update crypttab for TPM2 auto-decryption at boot
 # echo "Updating /etc/crypttab for TPM2 automatic decryption..."
 # if [ -f /etc/crypttab ]; then
 #   # Create a backup of the original file
 #   sudo cp /etc/crypttab /etc/crypttab.backup
  
 #   # Use sed to replace existing options with TPM2 settings for LUKS entries
 #   sudo sed -i -E '/^luks-/s/none[[:space:]]+[^[:space:]]*$/none luks,tpm2-device=auto,tpm2-pcrs=7,tries=1,timeout=0s/' /etc/crypttab
  
 #   echo "Updated /etc/crypttab successfully. Original backed up to /etc/crypttab.backup"
 #   echo "Current crypttab configuration:"
 #   sudo cat /etc/crypttab
  
 #   # Regenerate initramfs to apply changes
 #   echo "Regenerating initramfs to apply crypttab settings..."
 #   sudo dracut -fv --regenerate-all
 # else
 #   echo "Warning: /etc/crypttab not found. LUKS configuration may not be present on this system."
 # fi

 # Update GRUB configuration to reflect changes
 sudo grub2-mkconfig -o /boot/grub2/grub.cfg

 # Shrink /dev/nvme0n1p3 partition to 70% with LUKS and btrfs filesystem using live environment
 # Ensure the btrfs filesystem usses smaller size than the size you want to shrink to
 sudo btrfs filesystem resize 100G /run/media/liveuser/fedora
 sudo parted /dev/nvme0n1 --script resizepart 3 70%
 sudo cryptsetup luksOpen /dev/nvme0n1p3 luksroot
 sudo cryptsetup resize luksroot
 # Resize the btrfs filesystem to take up the new partition size
 sudo btrfs filesystem resize max /run/media/liveuser/fedora

 # Install Visual Studio Code
 sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
 sudo tee /etc/yum.repos.d/vscode.repo > /dev/null << 'EOF'
 [code]
 name=Visual Studio Code
 baseurl=https://packages.microsoft.com/yumrepos/vscode
 enabled=1
 autorefresh=1
 type=rpm-md
 gpgcheck=1
 gpgkey=https://packages.microsoft.com/keys/microsoft.asc
 EOF
 sudo dnf check-update
 sudo dnf install code # or code-insiders
 # Set Visual Studio Code as the default editor for text files
 xdg-mime default code.desktop text/plain

 # Install JetBrains Toolbox
 sudo dnf install -y jq fuse fuse-libs

 # Store download URL in a variable
 TOOLBOX_URL=$(curl -s 'https://data.services.jetbrains.com/products/releases?code=TBA&latest=true&type=release' | jq -r '.TBA[0].downloads.linux.link')
 # Create target directory
 mkdir -p "${HOME}/.local"
 # Download and extract to ~/.local
 echo "Downloading JetBrains Toolbox..."
 curl -L# "$TOOLBOX_URL" | tar -xzf - -C "${HOME}/.local/"
 # Find the extracted directory name
 TOOLBOX_DIR=$(find "${HOME}/.local" -maxdepth 1 -type d -name "jetbrains-toolbox-*" | head -n 1)
 # Rename the directory to a consistent name
 if [ -n "$TOOLBOX_DIR" ]; then
  mv "$TOOLBOX_DIR" "${HOME}/.local/jetbrains-toolbox"
  TOOLBOX_DIR="${HOME}/.local/jetbrains-toolbox"
  echo "Renamed to ${TOOLBOX_DIR}"
 fi
 # Make the binary executable
 chmod +x "${TOOLBOX_DIR}/bin/jetbrains-toolbox"
 echo "JetBrains Toolbox installed to ${TOOLBOX_DIR}"
 # Ensure JetBrains Toolbox bin directory is in PATH
 if [[ ":$PATH:" != *":${TOOLBOX_DIR}/bin:"* ]]; then
  echo "export PATH=\"${TOOLBOX_DIR}/bin:\$PATH\"" >> ~/.zshrc
  export PATH="${TOOLBOX_DIR}/bin:$PATH"
  echo "Added ${TOOLBOX_DIR}/bin to PATH"
 fi

 # Install Waydroid to run Android apps on Wayland
 sudo dnf install waydroid -y
 sudo systemctl enable --now waydroid-container
 # Initialize Waydroid
 sudo waydroid init

 # Install Xournal++ for note-taking
 sudo flatpak install com.github.xournalpp.xournalpp
 # Install Wacom drivers for drawing tablets
 sudo dnf install xorg-x11-drv-wacom -y

 # Install Docker Engine
 sudo dnf -y install dnf-plugins-core
 sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo
 sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
 # Start and enable Docker service
 sudo systemctl enable --now docker
 # Add current user to docker group
 sudo usermod -aG docker "$USER"

 # Configure Wake on LAN
 echo "Configuring Wake on LAN (WoL)..."

 # Get all network interfaces
 echo "Available network interfaces:"
 interfaces=($(ip -o link show | grep -v "lo:" | awk -F': ' '{print $2}'))

 # Display interfaces with numbers
 for i in "${!interfaces[@]}"; do
  mac=$(ip link show "${interfaces[$i]}" | grep -o 'link/ether [^ ]*' | cut -d' ' -f2)
  echo "[$i] ${interfaces[$i]} (MAC: $mac)"
 done

 # Ask user to select an interface
 read -p "Select interface number for Wake on LAN configuration: " interface_num

 if [[ ! "$interface_num" =~ ^[0-9]+$ ]] || [ "$interface_num" -ge "${#interfaces[@]}" ]; then
  echo "Invalid selection. Exiting WoL configuration."
 else
  selected_interface="${interfaces[$interface_num]}"
  mac_address=$(ip link show "$selected_interface" | grep -o 'link/ether [^ ]*' | cut -d' ' -f2)
  
  echo "Configuring Wake on LAN for $selected_interface (MAC: $mac_address)"
  
  # Check if system uses netplan (Ubuntu) or traditional networking (Fedora)
  if [ -d "/etc/netplan" ]; then
    # Ubuntu-style netplan configuration
    netplan_file="/etc/netplan/01-network-manager-all.yaml"
    
    # Check if the file exists, create it if not
    if [ ! -f "$netplan_file" ]; then
      sudo tee "$netplan_file" > /dev/null << EOF
 network:
  version: 2
  renderer: NetworkManager
 EOF
    fi
    
    # Check if the file already has ethernets section
    if grep -q "ethernets:" "$netplan_file"; then
      # Ethernets section exists, add the interface configuration
      sudo sed -i "/ethernets:/a\\    $selected_interface:\\n      match:\\n        macaddress: $mac_address\\n      wakeonlan: true\\n      dhcp4: true" "$netplan_file"
    else
      # Add ethernets section with the interface configuration
      sudo sed -i "/renderer: NetworkManager/a\\  ethernets:\\n    $selected_interface:\\n      match:\\n        macaddress: $mac_address\\n      wakeonlan: true\\n      dhcp4: true" "$netplan_file"
    fi
    
    echo "Applied netplan configuration. Generating and applying..."
    sudo netplan generate && sudo netplan apply
    echo "Netplan configuration applied successfully."
  else
    # Fedora-style traditional networking
    echo "Enabling Wake on LAN for $selected_interface..."
    sudo ethtool -s "$selected_interface" wol g
    
    # Make the setting persistent
    wol_service="/etc/systemd/system/[email protected]"
    sudo tee "$wol_service" > /dev/null << EOF
 [Unit]
 Description=Wake-on-LAN for %i
 Requires=network.target
 After=network.target

 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/ethtool -s %i wol g
 RemainAfterExit=yes

 [Install]
 WantedBy=multi-user.target
 EOF

    sudo chmod 644 "$wol_service"
    sudo systemctl enable "wol@$selected_interface"
    sudo systemctl start "wol@$selected_interface"
    
    echo "Wake on LAN enabled and configured to start automatically on boot."
  fi
  
  echo "Checking current WoL status:"
  sudo ethtool "$selected_interface" | grep "Wake-on"
 fi
	#!/bin/bash
	set -e
	set -o pipefail

	# Disable GDM auto suspend
	sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
	sudo -u gdm dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
	# revert it
	#sudo -u gdm dbus-run-session gsettings reset org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
	#sudo -u gdm dbus-run-session gsettings reset org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout
	sudo systemctl restart gdm

	# Set system timezone to Tokyo, Japan
	sudo timedatectl set-timezone Asia/Tokyo

	# Configure hardware clock to use UTC (recommended for Linux)
	sudo timedatectl set-local-rtc 0

	# Display current time and date settings
	timedatectl

	# Reference to guide for making Windows 11 use UTC for hardware clock (for dual-boot systems)
	# https://gist.github.com/HackingGate/180aafbc6342ad4b1cb31309fa83c91a

	# Install essential development tools and utilities
	sudo dnf check-update -y
	sudo dnf upgrade --refresh
	sudo dnf install emacs-nox vim neovim curl wget gh git zsh efibootmgr jq fastfetch htop -y
	sudo dnf group install development-tools -y
	sudo dnf install seahorse -y

	# Install complete multimedia codecs (including non-free)
	# Enable RPM Fusion Free and Non-Free Repos
	sudo dnf install \
	https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
	https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -y

	# Enable Cisco OpenH264 Repo
	sudo dnf config-manager --set-enabled fedora-cisco-openh264

	# Install RPM Fusion Appstream data (for DNF5 compatibility)
	sudo dnf install 'rpmfusion-*-appstream-data' -y

	# Swap to full ffmpeg with all codec support
	sudo dnf swap ffmpeg-free ffmpeg --allowerasing -y

	# Install GStreamer plugins and codec groups
	sudo dnf group update multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin --allowerasing -y
	sudo dnf group update sound-and-video -y

	# Install hardware acceleration codecs for AMD/Intel GPUs
	sudo dnf swap mesa-va-drivers mesa-va-drivers-freeworld -y
	sudo dnf swap mesa-vdpau-drivers mesa-vdpau-drivers-freeworld -y

	# Install Intel media driver for newer Intel GPUs
	sudo dnf install intel-media-driver -y

	# For NVIDIA (if you use the proprietary driver):
	# sudo dnf install libva-nvidia-driver -y

	# Install Oh My Zsh for better terminal experience
	sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

	# Install Homebrew package manager for Linux
	/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
	echo >> ~/.zshrc
	echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.zshrc
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	brew install gcc

	# Install Brave browser from official repository
	sudo dnf install dnf-plugins-core -y
	sudo dnf config-manager addrepo --from-repofile=https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo
	sudo dnf install brave-browser -y

	# Debloat Brave browser by disabling certain features
	sudo mkdir -p /etc/brave/policies/managed/ && sudo chmod 755 /etc/brave/policies/managed/
	sudo tee /etc/brave/policies/managed/00_debloat.json > /dev/null << 'EOF'
	{
	"TorDisabled": true,
	"BraveRewardsDisabled": true,
	"BraveWalletDisabled": true,
	"BraveVPNDisabled": true,
	"BraveAIChatEnabled": false
	}
	EOF

	# Update Flatpak packages
	sudo flatpak update -y

	# Install GNOME Extensions utility
	sudo flatpak install flathub org.gnome.Extensions -y

	# Install Thunderbird email client
	sudo flatpak install flathub org.mozilla.Thunderbird -y

	# Set Firefox as the default web browser
	xdg-settings set default-web-browser org.mozilla.firefox.desktop

	# Configure Emacs as the default text editor
	echo '
	# Set default editor to Emacs
	export EDITOR="/usr/bin/emacs"
	export VISUAL="/usr/bin/emacs"
	' >> ~/.zshrc

	# Install 1Password password manager and CLI
	sudo rpm --import https://downloads.1password.com/linux/keys/1password.asc
	sudo tee /etc/yum.repos.d/1password.repo << 'EOF'
	[1password]
	name=1Password Stable Channel
	baseurl=https://downloads.1password.com/linux/rpm/stable/$basearch
	enabled=1
	gpgcheck=1
	repo_gpgcheck=1
	gpgkey=https://downloads.1password.com/linux/keys/1password.asc
	EOF
	sudo dnf check-update -y
	sudo dnf install 1password-cli 1password -y
	op --version

	# Setup SSH key from 1Password
	mkdir -p ~/.ssh
	# Sign in to 1Password CLI
	eval $(op signin)
	# Retrieve and install SSH key with specific fingerprint
	echo "Retrieving SSH key with fingerprint SHA256:dsPhhaQhifJccmUhI2ZZIoSnEOUIWYRbSe1TWZs2JuA"
	ITEM_ID="mijcwmynssrwh33ad3mknt77fy"
	op item get "$ITEM_ID" --format json \| jq -r '.fields[] \| select(.label == "private key") \| .value' > ~/.ssh/id_ed25519
	op item get "$ITEM_ID" --format json \| jq -r '.fields[] \| select(.label == "private key") \| .ssh_formats.openssh.value' > ~/.ssh/id_ed25519
	chmod 600 ~/.ssh/id_ed25519.pub
	# Set proper security permissions
	chmod 600 ~/.ssh/id_ed25519
	echo "SSH private and public keys saved to ~/.ssh/"
	eval "$(ssh-agent -s)"
	ssh-add ~/.ssh/id_ed25519

	# Setup git global configuration
	git config --global user.name "HackingGate"
	git config --global user.email "[email protected]"
	git config --global core.editor "emacs"
	git config --global init.defaultBranch main
	git config --global gpg.format ssh
	git config --global commit.gpgSign true
	git config --global user.signingkey ~/.ssh/id_ed25519.pub
	git config --global submodule.recurse true

	# Auto start 1Password for GNOME Shell
	mkdir -p ~/.config/autostart
	cat > ~/.config/autostart/1password.desktop << 'EOF'
	[Desktop Entry]
	Name=1Password
	Exec=/usr/bin/1password --silent %U
	Terminal=false
	Type=Application
	Icon=1password
	StartupWMClass=1Password
	Comment=Password manager and secure wallet
	MimeType=x-scheme-handler/onepassword;
	Categories=Office;
	EOF
	chmod +x ~/.config/autostart/1password.desktop
	echo "1Password autostart configured"

	# Install Tailscale for secure networking
	curl -fsSL https://tailscale.com/install.sh \| sh
	sudo tailscale up

	# Install and configure Starship prompt
	brew install starship
	echo 'eval "$(starship init zsh)"' >> ~/.zshrc

	# Install Fira Code monospace font
	sudo dnf install fira-code-fonts -y
	# Install essential fonts including CJK support
	sudo dnf install google-noto-fonts-all google-noto-color-emoji-fonts google-noto-sans-cjk-fonts --allowerasing -y
	# Install regine-specific glyph variants for CJK fonts
	sudo dnf install \
	adobe-source-han-sans-cn-fonts \
	adobe-source-han-sans-tw-fonts \
	adobe-source-han-serif-cn-fonts \
	adobe-source-han-serif-tw-fonts -y
	sudo dnf install wqy-zenhei-fonts wqy-microhei-fonts -y
	fc-cache -fv

	# Update system with latest kernel packages
	sudo dnf upgrade -y

	# Update firmware using fwupd
	sudo fwupdmgr refresh
	sudo fwupdmgr update
	echo "Driver updates completed for kernel $(uname -r)"

	# # Install rEFInd boot manager with secure boot support
	# sudo dnf install rEFInd -y
	# sudo dnf install shim-signed sbsign -y
	# sudo refind-install --shim /boot/efi/EFI/fedora/shimx64.efi --localkeys

	# # Configure rEFInd boot timeout
	# echo "Configuring rEFInd timeout to 5 seconds..."
	# if sudo [ -f /boot/efi/EFI/refind/refind.conf ]; then
	# CURRENT_TIMEOUT=$(sudo grep -oP 'timeout \K[0-9]+' /boot/efi/EFI/refind/refind.conf)
	# sudo sed -i 's/timeout [0-9]\+/timeout 5/' /boot/efi/EFI/refind/refind.conf
	# if [ -n "$CURRENT_TIMEOUT" ]; then
	# echo "rEFInd timeout changed from $CURRENT_TIMEOUT to 5 seconds"
	# else
	# echo "rEFInd timeout set to 5 seconds"
	# fi
	# else
	# echo "Warning: rEFInd config not found at /boot/efi/EFI/refind/refind.conf"
	# fi

	# Configure GRUB boot timeout
	# Desired timeout value
	GRUB_TIMEOUT=5
	GRUB_DEFAULT_FILE=/etc/default/grub
	GRUB_CFG_OUT=/boot/grub2/grub.cfg
	echo "Configuring GRUB timeout to $GRUB_TIMEOUT seconds..."
	if [[ -f $GRUB_DEFAULT_FILE ]]; then
	# Try to read the existing value
	current=$(grep -E '^GRUB_TIMEOUT=' "$GRUB_DEFAULT_FILE" \| cut -d= -f2-)
	if [[ -n $current ]]; then
	echo "Current GRUB_TIMEOUT is $current"
	# Replace existing line
	sudo sed -i \
	"s\|^GRUB_TIMEOUT=.*\|GRUB_TIMEOUT=$GRUB_TIMEOUT\|" \
	"$GRUB_DEFAULT_FILE"
	else
	echo "GRUB_TIMEOUT not set; adding it"
	# Append setting if missing
	echo "GRUB_TIMEOUT=$GRUB_TIMEOUT" \| sudo tee -a "$GRUB_DEFAULT_FILE" >/dev/null
	fi
	# Regenerate grub config
	sudo grub2-mkconfig -o "$GRUB_CFG_OUT"
	echo "GRUB timeout set to $GRUB_TIMEOUT seconds"
	else
	echo "Warning: $GRUB_DEFAULT_FILE not found"
	exit 1
	fi

	# Enable Emacs keybindings across GTK applications
	gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

	# Enable the minimize, maximize, and close buttons on GNOME windows
	gsettings set org.gnome.desktop.wm.preferences button-layout ':minimize,maximize,close'

	# Enable Emacs daemon for better performance for current user (no sudo required)
	systemctl --user enable --now emacs

	# Install Spacemacs for Emacs
	#git clone https://github.com/syl20bnr/spacemacs ~/.emacs.d

	# Configure Caps Lock as Ctrl key
	echo "Setting Caps Lock to function as Ctrl..."
	current_options=$(gsettings get org.gnome.desktop.input-sources xkb-options)
	if [[ $current_options == "@as []" ]]; then
	# No existing options
	gsettings set org.gnome.desktop.input-sources xkb-options "['ctrl:nocaps']"
	else
	# Append to existing options, removing surrounding brackets first
	current_options=${current_options:5:-1}
	gsettings set org.gnome.desktop.input-sources xkb-options "[$current_options, 'ctrl:nocaps']"
	fi

	# Install Refine for GNOME customization
	sudo flatpak install page.tesk.Refine -y

	# Install GNOME Tweaks for additional system settings
	sudo dnf install gnome-tweaks -y

	# Install pipx for isolated Python application installation
	sudo dnf install pipx -y
	pipx ensurepath
	source ~/.zshrc

	# Install GNOME Extensions CLI tool
	pipx install gnome-extensions-cli --system-site-packages

	# Install useful GNOME Shell extensions
	gext install [email protected]
	gext install [email protected]
	gext install [email protected]
	gext install customreboot@nova1545

	# Disable GNOME Shell hot corners feature
	gsettings set org.gnome.desktop.interface enable-hot-corners false

	# Disable tap-to-click for touchpad
	gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click false

	# Install Qt-to-GNOME style bridge
	sudo dnf install adwaita-qt5 qgnomeplatform-qt5 adwaita-qt6 qgnomeplatform-qt6 -y

	# Install fcitx5 input method framework for better CJK input support
	# fcitx5-table-extra provides 倉頡、鄭碼、行列、輕鬆、嘸蝦米輸入法、速成、五筆、筆順五碼、粵語拼音、廣東拼音、港式廣東話、吳語注音
	# Reference: https://chakra-zh.blogspot.com/2015/10/fcitx-chinese-input-on-chakra-linux.html
	sudo dnf install fcitx5 fcitx5-chewing fcitx5-mozc fcitx5-table-extra fcitx5-chinese-addons -y

	# Configure fcitx5 to start automatically
	sudo dnf install fcitx5-autostart -y

	# Install KDE Input Method Panel extension
	gext install [email protected]

	# Install GJS On-Screen Keyboard
	gext install [email protected]

	# # Configure automatic LUKS disk decryption using TPM2
	# sudo systemd-cryptenroll /dev/nvme0n1p3 \
	# --wipe-slot=tpm2 \
	# --tpm2-device=auto \
	# --tpm2-pcrs=7

	# # Update crypttab for TPM2 auto-decryption at boot
	# echo "Updating /etc/crypttab for TPM2 automatic decryption..."
	# if [ -f /etc/crypttab ]; then
	# # Create a backup of the original file
	# sudo cp /etc/crypttab /etc/crypttab.backup

	# # Use sed to replace existing options with TPM2 settings for LUKS entries
	# sudo sed -i -E '/^luks-/s/none[[:space:]]+[^[:space:]]*$/none luks,tpm2-device=auto,tpm2-pcrs=7,tries=1,timeout=0s/' /etc/crypttab

	# echo "Updated /etc/crypttab successfully. Original backed up to /etc/crypttab.backup"
	# echo "Current crypttab configuration:"
	# sudo cat /etc/crypttab

	# # Regenerate initramfs to apply changes
	# echo "Regenerating initramfs to apply crypttab settings..."
	# sudo dracut -fv --regenerate-all
	# else
	# echo "Warning: /etc/crypttab not found. LUKS configuration may not be present on this system."
	# fi

	# Update GRUB configuration to reflect changes
	sudo grub2-mkconfig -o /boot/grub2/grub.cfg

	# Shrink /dev/nvme0n1p3 partition to 70% with LUKS and btrfs filesystem using live environment
	# Ensure the btrfs filesystem usses smaller size than the size you want to shrink to
	sudo btrfs filesystem resize 100G /run/media/liveuser/fedora
	sudo parted /dev/nvme0n1 --script resizepart 3 70%
	sudo cryptsetup luksOpen /dev/nvme0n1p3 luksroot
	sudo cryptsetup resize luksroot
	# Resize the btrfs filesystem to take up the new partition size
	sudo btrfs filesystem resize max /run/media/liveuser/fedora

	# Install Visual Studio Code
	sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
	sudo tee /etc/yum.repos.d/vscode.repo > /dev/null << 'EOF'
	[code]
	name=Visual Studio Code
	baseurl=https://packages.microsoft.com/yumrepos/vscode
	enabled=1
	autorefresh=1
	type=rpm-md
	gpgcheck=1
	gpgkey=https://packages.microsoft.com/keys/microsoft.asc
	EOF
	sudo dnf check-update
	sudo dnf install code # or code-insiders
	# Set Visual Studio Code as the default editor for text files
	xdg-mime default code.desktop text/plain

	# Install JetBrains Toolbox
	sudo dnf install -y jq fuse fuse-libs

	# Store download URL in a variable
	TOOLBOX_URL=$(curl -s 'https://data.services.jetbrains.com/products/releases?code=TBA&latest=true&type=release' \| jq -r '.TBA[0].downloads.linux.link')
	# Create target directory
	mkdir -p "${HOME}/.local"
	# Download and extract to ~/.local
	echo "Downloading JetBrains Toolbox..."
	curl -L# "$TOOLBOX_URL" \| tar -xzf - -C "${HOME}/.local/"
	# Find the extracted directory name
	TOOLBOX_DIR=$(find "${HOME}/.local" -maxdepth 1 -type d -name "jetbrains-toolbox-*" \| head -n 1)
	# Rename the directory to a consistent name
	if [ -n "$TOOLBOX_DIR" ]; then
	mv "$TOOLBOX_DIR" "${HOME}/.local/jetbrains-toolbox"
	TOOLBOX_DIR="${HOME}/.local/jetbrains-toolbox"
	echo "Renamed to ${TOOLBOX_DIR}"
	fi
	# Make the binary executable
	chmod +x "${TOOLBOX_DIR}/bin/jetbrains-toolbox"
	echo "JetBrains Toolbox installed to ${TOOLBOX_DIR}"
	# Ensure JetBrains Toolbox bin directory is in PATH
	if [[ ":$PATH:" != ":${TOOLBOX_DIR}/bin:" ]]; then
	echo "export PATH=\"${TOOLBOX_DIR}/bin:\$PATH\"" >> ~/.zshrc
	export PATH="${TOOLBOX_DIR}/bin:$PATH"
	echo "Added ${TOOLBOX_DIR}/bin to PATH"
	fi

	# Install Waydroid to run Android apps on Wayland
	sudo dnf install waydroid -y
	sudo systemctl enable --now waydroid-container
	# Initialize Waydroid
	sudo waydroid init

	# Install Xournal++ for note-taking
	sudo flatpak install com.github.xournalpp.xournalpp
	# Install Wacom drivers for drawing tablets
	sudo dnf install xorg-x11-drv-wacom -y

	# Install Docker Engine
	sudo dnf -y install dnf-plugins-core
	sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo
	sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
	# Start and enable Docker service
	sudo systemctl enable --now docker
	# Add current user to docker group
	sudo usermod -aG docker "$USER"

	# Configure Wake on LAN
	echo "Configuring Wake on LAN (WoL)..."

	# Get all network interfaces
	echo "Available network interfaces:"
	interfaces=($(ip -o link show \| grep -v "lo:" \| awk -F': ' '{print $2}'))

	# Display interfaces with numbers
	for i in "${!interfaces[@]}"; do
	mac=$(ip link show "${interfaces[$i]}" \| grep -o 'link/ether [^ ]*' \| cut -d' ' -f2)
	echo "[$i] ${interfaces[$i]} (MAC: $mac)"
	done

	# Ask user to select an interface
	read -p "Select interface number for Wake on LAN configuration: " interface_num

	if [[ ! "$interface_num" =~ ^[0-9]+$ ]] \|\| [ "$interface_num" -ge "${#interfaces[@]}" ]; then
	echo "Invalid selection. Exiting WoL configuration."
	else
	selected_interface="${interfaces[$interface_num]}"
	mac_address=$(ip link show "$selected_interface" \| grep -o 'link/ether [^ ]*' \| cut -d' ' -f2)

	echo "Configuring Wake on LAN for $selected_interface (MAC: $mac_address)"

	# Check if system uses netplan (Ubuntu) or traditional networking (Fedora)
	if [ -d "/etc/netplan" ]; then
	# Ubuntu-style netplan configuration
	netplan_file="/etc/netplan/01-network-manager-all.yaml"

	# Check if the file exists, create it if not
	if [ ! -f "$netplan_file" ]; then
	sudo tee "$netplan_file" > /dev/null << EOF
	network:
	version: 2
	renderer: NetworkManager
	EOF
	fi

	# Check if the file already has ethernets section
	if grep -q "ethernets:" "$netplan_file"; then
	# Ethernets section exists, add the interface configuration
	sudo sed -i "/ethernets:/a\\ $selected_interface:\\n match:\\n macaddress: $mac_address\\n wakeonlan: true\\n dhcp4: true" "$netplan_file"
	else
	# Add ethernets section with the interface configuration
	sudo sed -i "/renderer: NetworkManager/a\\ ethernets:\\n $selected_interface:\\n match:\\n macaddress: $mac_address\\n wakeonlan: true\\n dhcp4: true" "$netplan_file"
	fi

	echo "Applied netplan configuration. Generating and applying..."
	sudo netplan generate && sudo netplan apply
	echo "Netplan configuration applied successfully."
	else
	# Fedora-style traditional networking
	echo "Enabling Wake on LAN for $selected_interface..."
	sudo ethtool -s "$selected_interface" wol g

	# Make the setting persistent
	wol_service="/etc/systemd/system/[email protected]"
	sudo tee "$wol_service" > /dev/null << EOF
	[Unit]
	Description=Wake-on-LAN for %i
	Requires=network.target
	After=network.target

	[Service]
	Type=oneshot
	ExecStart=/usr/sbin/ethtool -s %i wol g
	RemainAfterExit=yes

	[Install]
	WantedBy=multi-user.target
	EOF

	sudo chmod 644 "$wol_service"
	sudo systemctl enable "wol@$selected_interface"
	sudo systemctl start "wol@$selected_interface"

	echo "Wake on LAN enabled and configured to start automatically on boot."
	fi

	echo "Checking current WoL status:"
	sudo ethtool "$selected_interface" \| grep "Wake-on"
	fi
No results found