Comfy Ubuntu

Firewall

Why would I not use at least a perfunctory firewall?

ufw enable

DNS

See DNS servers.

TeX

Of course I need LaTeX. This comes baked into Ubuntu if I want it, but that version is not flexible or current and wastes disk space. I recommend TinyTex, Yihui Xie’s excellent mini distro for modern workflows.

Fonts

See also fonts.

There are many in the ubuntu repos these days

apt install fonts-ebgaramond \
  fonts-cmu fonts-firacode \
  fonts-lmodern fonts-stix fonts-powerline \
  fonts-texgyre

Citations

Zotero of course.

R

RStudio can be downloaded from its site. R is already in the repository. One might want a fresher version but nothing has made that worth the bother for me yet.

apt install r-base r-base-dev
apt install libatlas3-base libopenblas-base  # optional

Julia

My current favourite numerical software! I download julia as a plain installer package; It’s too rapidly evolving for anything else.

Python

I give in, and just run anaconda. It is easy of science stuff. Also, running homebrew python caused me problems.

Download e.g. x64 Miniconda, from the download page.

bash Miniconda3-latest-Linux-x86_64.sh
# login/logout here
conda config --set auto_activate_base false # don’t be so aggressive conda
conda init fish  # fish users

conda activate base

The minimal conda base setup for me is just a jupyter host with multikernel support and some basic utils

conda install ipykernel nbstripout

Bonus: then I get pytorch and and other such tricky-GPU-dependency packages without messing about.

conda install pytorch torchvision cudatoolkit=10.1 -c pytorch

GPU config

See budget GPU configuration.

rclone

One of these:

apt install rclone
brew install rclone

Syncthing

There is a medium-fresh (1.0) version of syncthing in the Ubuntu repository, so one can simply

sudo apt install syncthing

Or, a little fresher, as a snap:

snap install syncthing

If I want an even fresher version I can choose, for example linuxbrew.sh or bonus apt PPAs, or the packaged snap. All seem AFAICT equivalent.

# Add the release PGP keys:
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
# Add the "stable" channel to your APT sources:
echo "deb https://apt.syncthing.net/ syncthing stable" | \
    sudo tee /etc/apt/sources.list.d/syncthing.list
# Update and install syncthing:
sudo apt install syncthing

or

brew install syncthing

Now choose my autostart method. I probably want to do this as a user, not as a system service, because root access is from a different devops era. As such it makes sense to put (assming snap installed syncthing)

/snap/bin/syncthing

as a user startup application.

But wait! Does it report my disk is full when I try to use filesystem monitors? I need to allocate more resources to that.

$ cat /proc/sys/fs/inotify/max_user_watches
8192
$ sudo sh -c 'echo 204800 > /proc/sys/fs/inotify/max_user_watches'
$ echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.conf
$ cat /proc/sys/fs/inotify/max_user_watches
204800

Ubuntu 17.0 or later: GNOME

Oh wait Unity desktop is over now I need to convert all the classic tweaking to GNOME. See comfy GNOME shell.

Ubuntu before 17.10: Unity

Here are the keyboard shortcuts needed to have a civilised desktop experience.

The default OS switcher is configurable

apt install compizconfig-settings-manager compiz-plugins

I simply don’t like the default Unity alt-tab application switcher. It may work for a lot of people, but it just slows me down. For me it’s faster to have a single application switcher that cycles through all open windows, possibly within one desktop, but I’m not sure about that. I am really not compatible with the default unity switcher that groups windows, for example terminals, together so when hitting alt-tab you can’t (in an effective way) switch between terminals. Having a different key combo for that slows my brain down. […] Open compizconfig-settings-manager with alt-F2, type ccsm.

Scroll down to Ubuntu Unity Plugin. Choose the tab Switcher. Disable the alt-tab and shift-alt-tab key bindings. (Key to start the switcher and Key to switch to the previous window in the Switcher. Click the Back button.

Scroll down to the Window management section. Here you can select another switcher. I enable the Static Application Switcher, resolve any potential conflicts by setting the setting for Static Application Switcher. Now you can tweak the switcher by clicking on it. I have changed alt-tab and shift-alt-tab to Next window (All windows) and Prev window (All windows).

Unity tweak tool does unity-specific tweaks of this kind of nonsense.

# Only if you want the very fresh version
add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily
apt install unity-tweak-tool

See also the nifty run-or-raise hack.

Encrypted misc

One should always have the utilities Cryptomator and zulucrypt on hand.

Onw way of getting cryptomator:

add-apt-repository ppa:sebastian-stenzel/cryptomator
apt-get update
apt-get install cryptomator

zulucrypt is

apt install zulucrypt

Or one can download slightly fancier version from the package creator.

Encrypted home folders/disks

See linux fs hacks.

libvirt

Easyish! Fastish! Open! Badly documented!

apt install virt-manager qemu-kvm

Virtualbox

Semi-open! Confusing! Circuitous! Opaque! Hard to remove! Well-documented!

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | \
  sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | \
  sudo apt-key add -
sudo add-apt-repository 'https://download.virtualbox.org/virtualbox/debian contrib'
sudo apt install virtualbox virtualbox-ext-pack

GUI automount

I believe we need to set the gnome config variable org.gnome.desktop.media-handling set automount to True.

Apparently this is equivalent to:

gsettings set org.gnome.desktop.media-handling automount true

or

dconf write /org/gnome/desktop/media-handling/automount true

There is also a gui, which I think is the officially recommended option:

apt install dconf-editor
dconf-editor
# make changes by clicking on things

GUIless automount

e.g. for the server. Install usbmount. I didn’t try this.

Manually

Userspace mounting is not hard but the command is not at all obvious. The virtue of this method is that it works also without root privileges, in principle. However, it also requires logging out and in again to test and frequently fails for me and I don’t know where the error logs go.

udisksctl mount --block-device /dev/disk/by-uuid/[uuid]

Or perhaps it is the slightly easier

/usr/bin/udisks --mount /dev/[sdc1 or something]

except that this one mounts it in the wrong place because otherwise it would be too useful.

But what is the UUID? Find it using blkid

sudo blkid

or if you are not root

ls /dev/disk/by-uuid

and apply some deduction.

NB: this could be slightly easier for external disks which have a label. Then it’s something like

udisksctl mount --block-device /dev/disk/by-label/[label]

This works on some of my Ubuntu machines but not others; can’t work out why.

Playing music

Playing music: as not-quite-good as ever.

The built-in Rhythmbox is OK. For those who wish to do fancy metadata management, perhaps quod libet?

add-apt-repository ppa:lazka/dumpingplace
apt install quodlibet

Also available through flatpak.

transcoding

Perhaps Handbrake.

add-apt-repository ppa:stebbins/handbrake-releases
apt-get install handbrake-gtk  handbrake-cli

Signal desktop

The default safe chat client is Signal.

Note, be careful about installing this; The more instances of Signal you have, the bigger your attack surface, and Signal Desktop is not secure to be run on a non-encrypted FS.

Their recommended way is this:

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" \
 | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
sudo apt install signal-desktop

This works only intermittently. If I am preapred to additionally trust Ubuntu I can get this more reliably via

snap install signal-desktop

Keybase

as per instructions.

curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
sudo apt install ./keybase_amd64.deb
run_keybase

journald

Ubuntu journald can get very big because there is no limit per default /etc/systemd/journald.conf:

SystemMaxUse=100M

Manual cleanup right now:

sudo journalctl --rotate
sudo journalctl --vacuum-time=2d

Booting and kernels

grub customizer customizes the GRUB2 boot menus without typos, if ones trust this developer to manage the boot setup.

sudo add-apt-repository ppa:danielrichter2007/grub-customizer # Optional on 19.10
sudo apt install grub-customizer

There is a version manager specifically for linux kernels (HT Abishek Prakash.) It is called UKUU.

sudo add-apt-repository ppa:teejee2008/ppa
sudo apt install ukuu

Script on wake

https://askubuntu.com/questions/92218/how-to-execute-a-command-after-resume-from-suspend The arch guide to sleep/hibernate/standby etc explains the terminology. the TLP debugging guide and FAQ are also useful. Suspend is what I would normally call sleep where the computer just goes quiet and keeps the RAM powered up. Hibernate is when it suspends the whole state of the machine to RAM. It is unclear to me whether the default setup is safe for encryption. (i.e. can someone access your laboriously encrypted disk by making sure they steal your computer while it is in sleep mode?) It wasn’t, although various bugs have been closed now so maybe it is fine. Certainly encrypted hibernate is possible. Is it enabled per default on the modern config?

Let’s say we want to fix the trackpad every time the laptop wakes. (**which is not needed since 19.04 AFAICT)

Answers about /usr/lib/pm-utils/sleep.d I believe are no longer current, although possibly /lib/systemd/system-sleep/ works? I can supposedly create a system service or a resume hook in e.g./lib/systemd/system-sleep/fixthings.

Immediately before entering system suspend and/or hibernation systemd-suspend.service (and the other mentioned units, respectively) will run all executables in /usr/lib/systemd/system-sleep/ and pass two arguments to them. The first argument will be "pre", the second either "suspend", "hibernate", "hybrid-sleep", or "suspend-then-hibernate" depending on the chosen action. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now "post". All executables in this directory are executed in parallel, and execution of the action is not continued until all executables have finished.

Note that scripts or binaries dropped in /usr/lib/systemd/system-sleep/ are intended for local use only and should be considered hacks. If applications want to react to system suspend/hibernation and resume, they should rather use the Inhibitor interface.

The latter looks simpler.

Here is the /lib/systemd/system-sleep/fixthings hook script.

#!/bin/sh

case $1/$2 in
  pre/*)
    echo "Going to $2..."
    # Place your pre suspend commands here, or `exit 0`
    # if no pre suspend action required
    exit 0
    ;;
  post/*)
    echo "Waking up from $2..."
    # Place your post suspend (resume) commands here, or `exit 0`
    # if no post suspend action required
    /home/me/bin/scrollrite.sh
    ;;
esac

It must be rendered executable:

sudo chmod +x /lib/systemd/system-sleep/resume

Installing and migrating

If you have encrypted and LVM layers on your disk there are a lot of steps to migrate disks. The official magical incantation is quite long, and include some surprising orderings. To reinstall grub there are some standard steps, but for encrypted drives there are some extras to get the boot partition in place.

mount /dev/sdXY /mnt
mount --bind /dev /mnt/dev &&
mount --bind /dev/pts /mnt/dev/pts &&
mount --bind /proc /mnt/proc &&
mount --bind /sys /mnt/sys
mount /dev/sdX2 /mnt/boot
mount /dev/sdX1 /mnt/boot/efi
chroot /mnt
grub-install /dev/sdX
grub-install --recheck /dev/sdX
update-grub