I am very sorry for creating yet another topic around headless and remote desktop, I have spent the morning reading through 4 topics in this forum and multiple topics in other fora plus Reddit. But all those topics are either outdated because by now a lot can easily be configured by Gnome Settings (thank you !) , or they do not explain the very first step.
As far as I know, the only way to install Silverblue is by having a monitor connected, and seeing the GUI. So after install, you are behind your local monitor, in Gnome shell.
Step 1 towards headless (which none of the topics seem to include):
Question: How to configure Gnome to not start the shell, and have no display output, with Autologin enabled?
Reasoning:
Gnome Settings allows me to enable Autologin. Perfect, because after a power autage my server will reboot and no action from me is necessary (like logging in) to get all services running again.
At some point you will disconnect the monitor and only use terminal over SSH or Gnome Shell over RDP. This means the server does not need to waste resources by running Gnome Shell 24/7/365.
More questions:
2. Without a GUI starting at boot, will autologin-enabled-in-Gnome-Settings still work?
3. Will Remote Desktop via RDP still work? Or would I need to run a command over SSH first?
4. If I do use autologin, how do I make sure “keyring” is also unlocked? Otherwise some things won’t work.
It won’t run Gnome Shell on boot, since it will wait at the GDM login screen. This requires little resources and likely isn’t worth disabling.
Services like SSHD will start automatically independent of the user login, since it’s purpose is to provide logins itself. So for this you won’t need to enable a form of autologin.
Thanks for your quick reply, and good to know GDM login screen = not Gnome Shell yet. BUT if I enable autologin, it will be passed that login screen so Gnome shell will be running…
Regarding your second point, that means if I reboot my server remotely, I will always have to use Terminal over SSH to login to a user session, to ensure my Docker-based services start. Which is fine for me, but how do I do that?
I guess my 2 main questions are: How to make Gnome Shell NOT start, when autologin is enabled (and in that case, how to solve the keyring issue?).
Alternatively, IF the best practice (open question) is to keep autologin disabled, what command do I run via SSH to start the user session so that my docker services start ?
Note I shortened my opening post to make it more clear.
EDIT: ideally I have autologin + auto unlock keyring enabled, so that after a power outage (while I am not home), my server boots up and all my services start, without me having to do anything.
I think you may want to dive into setting up systemd services, since you can use those to start any application without requiring an actively logged in user. It would be the best way to approach this on a headless system.
Thank you but I rather not go for workarounds, especially since I want to keep this as simple and “clean” as possible. It is much, much simpler to simply have the user on the system autologin, which is easily enabled via Gnome Settings.
Also this is deviating from actual questions I am asking. I can reformulate, but its the same questions since first post:
Already have autologin working, but how do I prevent a Gnome Shell from starting, since I want to have a headless server?
How to solve the Keyring issue?
I have again updated my opening post in case new readers are confused by my questions.
It’s not a workaround, it’s the recommended (official) way to start services when there is no local user logged in. The autologin situation you’re looking to achieve would be the workaround.
Just curious - is there any specific reason you need “heavy weighted” GUI on the server ? If that is just for server management itself, then Fedora Server with Cockpit via web browser can do a lot in a GUI comfort…
The GDM login screen actually is itself an instance of gnome-shell.
I don’t know the answers to most of your questions, but maybe I can help you get a bit closer.
I think autologin is not what you want. All this does is automatically log you into gnome-shell after the computer is booted. But you are saying you don’t want gnome-shell running at all, so autologin sounds like the opposite of what you want to do, right?
Of course it should work (though I’m not familiar with how to configure it).
You need to set a LUKS encryption password that is identical to your user account password, or you can remove the login keyring’s encryption password (I don’t remember how to do this offhand). But of course, if the system is intended to be accessed remotely, you probably don’t want to enable LUKS encryption. (But again, you really probably don’t want to use autologin.)
Now this user’s systemd user services will be started automatically on boot. You can also configure them to restart automatically if they fail. And it’s all headless, so doesn’t depend on running GNOME.
(GNOME autologin is only appropriate if you want your computer to automatically launch GNOME once after the computer is booted, which again seems like the opposite of what you are looking for?)
I’ll rephrase by calling it a special session of Gnome Shell that only provides the necessary components for the login window (greeter). So it lacks a lot of the things that make a full login resource heavy.
Good question and I purposely decided to go this route because sometimes I do like to “misuse” my server as a desktop (preferably remotely) to edit vacation videos (mostly shorten them) and do some other typical non-server tasks directly on my personal data.
In those cases, I like to see a desktop I recognize (I run Gnome on my laptop as well).
I just learned this, after disabling gdm from starting automatically sudo systemctl set-default multi-user, autologin does not happen, no SSH/RDP access. Even though enabled within Gnome. So indeed, I do not want the Gnome Settings option of autologin. Disabled.
Oh I believe this is the solution, I read about lingering user before but didn’t bookmark it. I will try this right now. The question is ofcourse if RDP, SSH services will automatically start or if they depend on Gnome starting. I will try this now!
@catanzaro thanks so much, I simply did (for the existing user) loginctl enable-linger asterix. Asterix is my (only) user on the system. Now my server after reboot shows the login screen.
I can login via RDP, via Remote Access.
Added benefits of this solution:
Desktop Sharing remotely changes the password at every boot because keyring is not unlocked, I would have to create a separate keyring-without-password for Desktop Sharing (storing its password in plain text) to solve that. But with lingering user, you don’t use Desktop Sharing (3390).
Hopefully, this means the server does not run Gnome Shell continuously (it only shows the login screen locally.
The only thing I haven’t figured out yet: Remote Access even keeps the session running when you stop the connection, great to pick up where you left next time. But if you want to stop the Gnome session (without stopping any of the services like Podman), can I safely logout of the session?
I noticed I can logout remotely, it just shows the Gnome login screen again with username Asterix…
I am just worried by performing that action, Podman may stop (I haven’t set up my podman-compose yet so can’t test). Or is this not the case because asterix is a lingering user even after logging out?
The systemd services should not be running “inside” your GNOME desktop session, so I would expect you should be able to safely log out of the desktop without affecting your Asterix server.
I do notice 1 minor problem left… could be a risk when I am gone from home for a while:
even with lingering user, desktop sharing and remote access (and ssh enabled). After a power outage or a reboot in general, there is no way to login into Gnome remotely.
You do need to login once locally, for all services to start. After that you can logout and all still works, even RDP. But after a reboot you are totally screwed if you are not near your PC…
but you do need to login once for that to work after a reboot…