assuming the server stuff is done already
Know in advance if you want BIOS/CSM or EFI/SecureBoot
Also avoid ZFS if you plan to run a XEN host
See the FIREWALL section in better network for ubuntu and disable SSHD
systemctl stop ssh
systemctl disable ssh
Tune your SSH client
Create a desktop user
useradd -m -g users -G adm,cdrom,sudo,plugdev,lpadmin USERNAME passwd USERNAME
and eventually make things faster (sudo without password) on a workstation, as long as you are the only sysadmin in the box
grep :11: /etc/group grep wheel /etc/group groupadd -g 11 wheel usermod -a -G wheel root usermod -a -G wheel ADMIN cat >> /etc/sudoers <<-EOF %wheel ALL = (ALL:ALL) NOPASSWD: ALL EOF #ALL = NOPASSWD: ALL
Enable ctrl-alt-backspace to kill X like in the old days
unset DEBIAN_FRONTEND
dpkg-reconfigure keyboard-configuration
altgr-intl English (intl., with AltGr dead keys)
allow ctrl+alt+del
Take a pick
And eventually setup Conky
Eventually make sure you’ve got a default desktop system in place –or– possibly switching from the Server version
apt install ubuntu-desktop
Additional packages for the command line
Then a few desktop-oriented ones
apt install \
adwaita-icon-theme-full \
chromium-browser \
deluge \
discount \
firefox \
gnome-tweaks \
imagemagick \
ipcalc \
libheif-examples \
mpv \
pandoc \
pm-utils \
rxvt-unicode \
scrot \
speedcrunch \
secure-delete \
terminator \
thunderbird xul-ext-lightning \
wireshark \
xautolock xtrlock \
xterm
# enigmail \
# sylpheed sylpheed-plugins \
# claws-mail \
# filezilla \
# vlc \
in case you want to reach file-shares
# samba nautilus-share \
define your favorite tools
update-alternatives --config x-terminal-emulator dpkg-reconfigure wireshark-common usermod -aG wireshark USER #gnome-tweak-tool gnome-shell-extensions gnome-tweaks # --> Appearance... rm -rf .config/gtk-3.0/ rm -rf .config/gtk-4.0/
Chromium w/o keyring
--password-store=basic %U
Don’t forget to install Ad Blockers on FF on Chrome such as
Ad Block Plus uBlock Origine
Eventually enable mail checks
vi /etc/bash.bashrc export MAIL=/var/mail/$USER export MAILCHECK=1 /usr/bin/biff y
see apps
systemctl stop blueman-mechanism.service systemctl stop bluetooth.service systemctl stop bluetooth.target systemctl disable blueman-mechanism.service systemctl disable bluetooth.service systemctl disable bluetooth.target
this one remains up for pulseaudio or something (real time kit)
systemctl restart rtkit-daemon.service systemctl enable rtkit-daemon.service
snap list snap remove ... apt purge snapd systemctl stop var-snap.mount systemctl disable var-snap.mount umount /var/snap/ rmdir /var/snap/
as user
systemctl --user start zsys-user-savestate.timer systemctl --user enable zsys-user-savestate.timer
as root
mv /etc/apt/apt.conf.d/90_zsys_system_autosnapshot.disabled /etc/apt/apt.conf.d/90_zsys_system_autosnapshot
see video
now even on a workstation, you might want to enable outgoing email and daily scan your own servers
crontab -e # full path required for sendmail on ubuntu 00 2 * * * /root/DAILYSTATION 2>&1
and grab the sample script from there
cfdisk ... mkfs.ext4 -T largefile -m 0 /dev/... e4label /dev/... NEWNAME lsblk --fs --ascii
check your network settings handled by Network Manager
nmcli device show ens2
gsettings set org.gnome.desktop.media-handling automount false gsettings set org.gnome.desktop.media-handling automount-open false gsettings set org.mate.desktop.media-handling automount false gsettings set org.mate.desktop.media-handling automount-open false
check
dconf-editor
Setup your default workgroup when mounting windows file shares
sudo apt install smbclient cifs-utils
#smbfs samba
vi /etc/samba/smb.conf
amdgpu.exp_hw_support=1
experienced on IBM/Lenovo T60 / R60e
If you get this error in the logs while loosing iwl3945 wireless network connectivity
BSM uCode verification failed at addr 0x00003800+0 (of 900), is 0xa5a5a5a2, s/b 0xf802020 Unable to set up bootstrap uCode: -5
and this error when trying to UP the wireless network interface,
SIOCSIFFLAGS: Input/output error
==> disable wlan power saving using NetworkManager
vi /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf wifi.powersave = 2 service NetworkManager restart iwconfig wls3
(optional) you might also want to remove that one in case it is installed and not needed (it was spamming my logs)
sudo apt remove ureadahead
#sudo apt purge ureadahead
Choose the OEM auto-install if you need to delivery the computer to someone-else: finish-up the process as oem user, then click on the Prepare for shipping and the user will have a little setup wizard next boot.
Finish-up as OEM user, choose preferred mirror for packages
Control Center -> Software Sources
and apply updates using the little shield button in the systray.
install additional languages depending on target users
Control Center -> Languages
make sure Firefox is also available language-specific.
You’re now ready to click “Prepare for shipping” on the Desktop and reboot.
Note. few things are missing with this method e.g. Adblock for Firefox.
How to Add and Delete Users on Ubuntu 18.04 https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-ubuntu-18-04
Ext4 https://wiki.archlinux.org/index.php/ext4
4.3. Creating an ext4 File System https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-filesystem-ext4-create
Creating ext4 partition from console https://superuser.com/questions/643765/creating-ext4-partition-from-console
Set primary monitor on 16.04 https://askubuntu.com/questions/760942/set-primary-monitor-on-16-04/811343
‘xrandr’ command (solved) https://forums.linuxmint.com/viewtopic.php?t=275268
4 Ways to Fix the Laptop Brightness Problem In Ubuntu https://www.debugpoint.com/2016/10/2-ways-fix-laptop-brightness-problem-ubuntu-linux/
Cannot change brightness (Ubuntu 16.04 LTS, Unity) https://askubuntu.com/questions/762764/cannot-change-brightness-ubuntu-16-04-lts-unity
Disable automatic ZSys snapshots - ZFS on root https://askubuntu.com/questions/1233049/disable-automatic-zsys-snapshots-zfs-on-root
How can I suspend/hibernate from command line? https://askubuntu.com/questions/1792/how-can-i-suspend-hibernate-from-command-line
https://lokarithm.com/2021/02/27/linux-how-to-convert-heic-files-to-jpg-or-png/