Not sure if it is applicable, but wouldn’t it be an option to use the Fedora Workstation Live CD, mount your swap partition into the live system and send it to sleep via SystemD?

This should give you feedback with a fairly recent kernel and Gnome has (at least for me) been the desktop option with the least amount of bugs I encountered.

Before asking for another distro, you should figure out, what is the root cause of the trouble you observe. Usually sleep/wake up under Linux are highly hardware relevant. Even the SteamDeck, which has payed first level hardware support by Valve, has sometimes trouble waking up properly after sleep, at least in desktop mode. Good luck!

Thanks, but could you clarify which extension to move for Gnome? native window placement is AFAIK just for the overview.

Which extensions do I need?

Ah, sorry to read - I like the idea of Bcachefs and would have been happy to have it ready for production eventually.

OTOH it seems the recent years I read more about the drama about Bcachefs commits to the kernel, than about any technical parts of Bcachefs.

Welcome to Linux.

Concerning your questions:

How to keep your system clean?

• Subscribe to the security mailing list/blog etc. of your Linux distribution and for software that you use
• Update your system whenever there are updates available and reboot your system after applying the updates
• Activate the firewall of your system and block all incoming traffic which was not initiated by your own system
• Only install software which is distributed with your operating system or which is well known and you download from the official distribution page (for the sake of an example: If you use Google Chrome download the package/binary for your Linux from Googles Chrome page)
• Use an adblocker for your browser like ublock origin

What not to do:

• Never install software found on the internet or a forum
• Never run arbitrary script from the internet in your shell

Doing the above and applying some common sense should be fairly secure. As a rule of thump: Less software is always better and well known software will usually be better scrutinized and more secure. (YMMV)

As a normal desktop user your chances of getting your system infected when applying above rules are very low and they are your best line of defense.

Securing a Linux system, especially in depth, fills books, and detecting an infection is another topic for specialists. One way to improve your chances of having a non infected system is using an immutable Linux distribution like Fedora Silverblue, which should in theory be more resistant to infections and which should in theory allow to detect infections easily.

Unless you have a reason to expect being personally targeted (in which case: good luck to you ;-)), the answer to infections and similar is having regular full backups of all your data, so in case of an infection you can wipe your computer and recover everything. You should have regular full backups anyway, in case your SSD fails, your computer gets stolen and similar threats to your data.

Sorry, but this post is really, really bad.

State clearly which distro and which versions of Gnome and dash-to-dock and perhaps what other extensions you are running, and there might be a chance someone is able to help you. (Also state clearly the source of your Gnome extensions).

Most of the hints/solutions in answer to this post are also not good. If dash-to-dock triggered the malfunction of the gnome-shell on your system, just login to a terminal and use dconf or gsettings to set org.gnome.shell enabled-extensions to an empty array or to an array w/o dash-to-dock.

I am happily running dash-dock@micxgx.gmail.com on multiple physical and virtual machines w/o any trouble, using the dash-to-dock provided by my package manager on different CPU architectures YMMV.

Thanks a lot!

Yeah, if I go down that road, I’ll probably just add a git commit hook on the repo for the Raspberry Pi, so that I’ll have a ‘push to deploy’ workflow!

You are asking exactly the right questions!

I have an Ansible playbook to provision the Pi (or any other Debian/Ubuntu machine) with everything need to run a web application, as long as the web application is a binary or uses one of the interpreters of the machine. (Well, I have also playbooks to compile Python/Ruby from source or get an Adoptium JDK repository etc.)

Right now I am flirting with the idea of using Elixir for my next web application, and it just seems unsustainable for me to now add Erlang/OTP and Elixir to my list of playbooks to compile from source.

The Debian repositories have quite old versions of Erlang/OTP/Elixir and I doubt there are enough users to keep security fixes/patches up to date.

Combined with the list of technologies I already use, it seems to reduce complexity if I use Docker containers as deployment units and should be future proof for at least the next decade.

Writing about it, another solution might simply be to have something like Distrobox on the PI and use something like the latest Alpine.

Thanks for the idea! I try to keep as little ‘moving’ parts as possible, so hosting gitlab is something I would want to avoid if possible. The Raspberry Pi is supposed to be sole hardware for the whole deployment of the project.

Wow, thanks a lot! Your answer is exactly what I hoped for when posting on Lemmy: I didn’t even know the docker-tarball thingy is a thing, it fits my problem space very nice in combination with cross building and it seems as easy as it can be. Excellent! :-)

Thanks, didn’t know about buildx, but it looks exactly like what I need to solve cross compilation.

AFAIK Podman only supports quadlets from version 4.4 and later, I am on version 4.3… so, technically you are right and it would work (for me end of the year or next year, when Raspbian gets an update to Trixie), I am mostly interested how people achieved this and automated this and if there are different/better approaches than the ones outlined by me above.

My development machine is an AMD64 and the Pi is an Aarch64… I have no clue how complicated cross-building images for a different architecture is?!? (I am thinking about using something like Erlang/Elixir, so I honestly don’t know at all.)

I am not totally opposed to use a registry (free or payed), but, correct me if I am wrong: If I just build the image on the Pi, it is already exactly at the one spot where I need it, so what problem is solved for me by using a registry?

Edit: Someone above mentioned docker buildx, so seems cross compilation is solved.

Thanks for the link!

Exactly, this is what I am doing right now (just for binaries, not execute Docker or Podman).

Would it be a problem, that my development machine is an AMD64 and the Pi is an Aarch64?