Bluefin Domain Account

Logging into Domain Account

#

Select Not Listed? in the login screen and enter the full domain username (username@lower_case_domain.com).

Troubleshooting

#

• Follow these directions
• Run systemctl –-failed to see if any services have failed. Usually this will be sssd
• If the login works with offline cache but not when connected to the internet, add ad_gpo_ignore_unreadable = True to /etc/sssd/sssd.conf and restart the computer
• Create an issue on the related modules on github or create a post on the bluefin github discussions for further assistance

Permissions

#

Groups

#

Even though sudo permissions were granted in the previous steps, fedora based systems prefer members be part of the wheel groups.

sudo usermod -aG wheel docker $USER

Check if the user was successfully added by running:

groups $USER

Subids

#

Toolbx, distrobox, and podman do not operate under constant root access for security concerns. Instead they operate through dedicated namespaces designated by subgids and subuids. These ids are automatically assigned for local accounts, but not enterprise accounts. Add the domain username to the required namespaces.

sudo usermod --add-subuids 10000-75535 $USER
sudo usermod --add-subgids 10000-75535 $USER

To confirm their addition you can view them at /etc/subuid and /etc/subgid.

Brew

#

Set your user as owner of the brew installation directory:

sudo chown -R $(whoami) /home/linuxbrew/.linuxbrew/

Restart your machine.

Install Programs and Packages

#

Here is a list of all the programs we required at startup. You’ll notice the list is fairly light, especially in the CLI department. Bluefin does a great job of including many of the major tools out of the box, such as Docker and Podman. Kubectl and Helm are bundled with a ujust command, but we’ll cover that later.

Flatpak

#

Practically all the GUI applications that you would want are available as Flatpaks, and can be downloaded from the Bazaar Software Center.

Brew

#

Bluefin bundles Homebrew as its package manager, but only formulae are supported, casks are not supported. Use brew search <package name> for queries and brew install <package name> to install them.

Distrobox

#

Some applications aren’t available as a Flatpak or with Brew. In this case they will need to be installed with Distrobox. Bluefin comes with Box Buddy for easy GUI usage.

Layering

#

If none of the above is applicable then you will have to layer the package with rpm-ostree. This should be a last resort and only if no other options are applicable. To do so you will first need to enable local layering.

Set the following in /etc/rpm-ostreed.conf:

LockLayering=false

VPN

#

If possible add your VPN with the Network Manager GUI or import your Wireguard config. Otherwise you will have to layer it:

wget <vpn_rpm_package_link>
rpm-ostree install <rpm package link/name>

If you’re not using a well supported VPN on linux it is possible that the GUI will not work. In which case you will probably need to use the terminal commands. You can combine these into a script and place it in ~/.local/bin to be called whenever necessary.

Restart the machine. Check if the VPN was succesfully layered with rpm-ostree status. It will show up in LocalPackages:

ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx:stable
Digest: sha256:5f771d9a6bd4174ed93274d56fa0a14805d145d0f8d5296c19226b274f5b6f74
Version: 41.20250209.1 (2025-02-09T06:06:08Z)
LocalPackages: <package name and version>

Configure Wifi

#

Use localsend to securely send over the wifi password to your machine.

Git

#

• Generate an public SSH key and add it to your Gitlab account (Or Github/Codeberg etc.)
• Start the ssh agent with eval $(ssh-agent)
• Add your ssh private key with ssh-add ~/.ssh/<Key Name>
• Create an ssh config file
• Afterwards run the following commands:

git config --global init.defaultBranch main #You can ignore this if you use master
git config --global user.name "<full name>"
git config --global user.email "<email>"
# Nice Aliases to have
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status

Kubernetes

#

Create a new SSH key (different from the one you made for your GitLab account) if needed for your kubernetes config. If you have one put it in ~/.local/kubernetes/config. I might make a generic example of one later.

Bashrc

#

Sometimes its nice to have a synchronized configs with your fellow devs for the sake of consistency and workflow. If any one in your team has a repo clone it to the .bashrc.d folder. Bluefin is already setup to automatically make use of any assets placed in there.

Kind

#

We will be using (kind)[https://kind.sigs.k8s.io/] to run local kubernetes clusters. It comes preinstalled in bluefin but some adjustments need to be made.

Run the following commands to view the local cluster:

kind export kubeconfig
kubectl get nodes
kubectl get pods -A

Test by running kind get nodes, the output should be similar to:

NAME STATUS ROLES AGE VERSION
kind-control-plane Ready control-plane 10m v1.30.0

Ingress

#

Download the values needed to pass to ingress:

curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/manifest-templates/provider/kind/values.yaml > ingress-values.yaml

• Install the ingress-nginx helm chart and pass in the ingress-values.yaml file:

helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace --values ingress-values.yaml

• Test the installation by running kubectl -n ingress-nginx get pods
• Test the ingress controller with curl localhost
• Type in localhost in your browser and you should see:

<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<center>
<h1>404 Not Found</h1>
</center>
<hr>
<center>nginx</center>
</body>
</html>

Automounting Network Shares

#

First create the mountpoints:

sudo mkdir -p /mnt/NAME1
sudo mkdir -p /mnt/NAME2

Open /etc/fstab and add the following lines to the end of the file. Set CRUID to the output of id -u.

//storage.example.com/NAME1 /mnt/NAME1 cifs credentials=/var/home/localuser/.smbcredentials,iocharset=utf8,multiuser,vers=3.0,cruid=CRUID,sec=krb5i,noauto,x-systemd.automount 0 0
//storage.example.com/NAME2 /mnt/NAME2 cifs credentials=/var/home/localuser/.smbcredentials,iocharset=utf8,multiuser,vers=3.0,cruid=CRUID,sec=krb5i,noauto,x-systemd.automount 0 0

Save and restart the computer. If there are mounting issues, check the internet connection and VPN. sudo mount -a called at any time will reactivate fstab. Make sure that id -u is ran when logged into the correct domain account. Each domain user will have unique credentials and CRUIDs.

Automated Backups

#

Setup Backup

#

• Launch Pika Backup and select Setup Backup
• Backups can be stored either remotely or locally
• You can choose to encrypt your backups, you should save it in a password database

Files to Backup

#

• The default is set to your home folder
• Excluse Caches, Flatpaks, and VMs/Containers

Schedule

#

• Turn on the option Regularly Create Backups
• Set the Frequency to Weekly
• Set your preferred day There are additional options that may be tweaked to your personal needs but these are the essential ones.

Add Printers

#

Printers can be added with the GUI now but you can script CUPS to do it as well, I’ll make an example file for that soon.

Set up Windows VM

#

A local windows environment will be required to run programs in the environment that they are intended to. These windows environments are helpful for testing tool before production and reproducing issues the planners face. For any tool that non-developers are expected to use, it is best to make sure that they function as intended in a windows environment first.

1. Download the 64 Bit Windows 11 ISO
2. Open Virt Manager and click the computer icon to create a new VM
3. Keep the default selection (//Local install media)// and continue
4. Select the location of the ISO and continue
5. Set Memory and CPU, these can be increased later but I set it at minimum of 8 GB RAM and 8 cores
6. Allocate space for the install (At least 128 GB)
7. Select Customize configuration before install and click Finish
8. In the new window that opens navigate to the bottom left item listed as “TPM” (If there isn’t an option click add hardware to add it)
9. Select Type: Emulated, Model: TIS, Version: 2.0
10. Select Begin installation in the top left
11. Input product key when prompted, if you don’t have one then click I do not have a product key
12. When prompted for windows version selection Windows 11 Home
13. Go through with Windows 11 installation as normal until it prompts you for your country
14. Press Shift + F10 and enter OOBE\BYPASSNRO in the console
15. Once the installer finishes reloading open the console again and input ipconfig /release.
16. Go through the installation as normal and create a local account
17. Finish windows installation
18. Connect the VM to your domain if required

Extensions

#

Super+Spacebar and search for Extension Manager. Go through the options and customize to your liking there’s basically an extension for every use case. Bluefin docs offer some additional recommendations as well.

Ujust

#

Bluefin ships with a series of bundled convenience commands for tweaks and configuration. These are the ones I use but use ujust --choose to browse the full selection.

• ujust bluefin-cli installs a lot of really neat productivity tools
• ujust toggle-user-motd disables the terminal banner
• ujust devmode toggles devmode on
• ujust install-k8s-dev-tools provides necessary tools for clound-native development

Finished

#

And that’s it! From here on out the system basically manages itself, just make sure to power off your machine every once in a while to get updates. All of these configurations can be automated, here are the scripts that I used: