Setting up Ubuntu Desktop

Desktop networking

It’s good to keep some wrapper against dynamic name resolution but… Still, we need to search against our domain.

vi /etc/systemd/resolved.conf

Domains=DOMAIN.TLD

We use same old-school Debian network setup as on Ubuntu Server but eventually switch to DHCP

vi /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

and disable SSH in case you needed it at post-install time (this will not cut your connection eventhough you might be doing this remotely)

systemctl status ssh
systemctl stop ssh
systemctl disable ssh

Tune your SSH client.

Create a desktop user

useradd -m -g users -G adm,cdrom,sudo,plugdev,lpadmin USERNAME
passwd USERNAME

and eventually make things faster (sudo without password) on a workstation, as long as you are the only sysadmin in the box

grep :11: /etc/group
grep wheel /etc/group
groupadd -g 11 wheel
usermod -a -G wheel root
usermod -a -G wheel ADMIN

cat >> /etc/sudoers <<-EOF
%wheel  ALL = (ALL:ALL) NOPASSWD: ALL
EOF
#ALL = NOPASSWD: ALL

Some additional packages

apt install scrot imagemagick

Make sure you’ve got a basis for Ubuntu Desktop (possibly switching from the Server version)

apt install ubuntu-desktop

Enable ctrl-alt-backspace to kill X like in the old days,

unset DEBIAN_FRONTEND
dpkg-reconfigure keyboard-configuration

Firewalling

    dpkg -l | grep iptables
    apt purge iptables
    apt install nftables
    mv /etc/nftables.conf /etc/nftables.conf.dpkg-dist
    vi /etc/nftables.conf

see NFTABLES SETUP and enable

    systemctl start nftables
    systemctl enable nftables
    systemctl status nftables

Desktop Environment

Take a pick

Install a few packages from the post-installation guide. You may then add those ones for workstation usage,

apt install \
biff \
chromium-browser \
deluge \
discount \
firefox \
mpv \
pandoc \
rxvt-unicode \
terminator \
texlive \
xterm

# thunderbird xul-ext-lightning enigmail \
# sylpheed sylpheed-plugins \
# filezilla \
# irssi \
# vlc \

# nautilus-share \ # with samba

update-alternatives --config x-terminal-emulator

Chromium w/o keyring,

--password-store=basic %U

Don’t forget to install Ad Blockers on FF on Chrome such as

Ad Block Plus
uBlock Origine

Eventually enable mail checks

vi /etc/bash.bashrc

export MAIL=/var/mail/$USER
export MAILCHECK=1
/usr/bin/biff y

Terminator

do you need Putty-like happy copy/pasting?

cp -pi /usr/share/terminator/terminatorlib/terminal.py /usr/share/terminator/terminatorlib/terminal.py.dist
vi /usr/share/terminator/terminatorlib/terminal.py
/def on_buttonpress
(change 3 to 2 and 2 to 3)

A terminal which provides select-to-copy and right-click-to-paste http://askubuntu.com/questions/211292/a-terminal-which-provides-select-to-copy-and-right-click-to-paste

Telegram

Telegram Desktop https://desktop.telegram.org/

Java

Deal with Java and even more

Eclipse

eventually fetch Eclipse, extract and install the IDE flavor of your choosing (you can do it from the gui).

Signal Desktop

check for latest repo available

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
sudo apt update && sudo apt install signal-desktop

Slack.com for Linux

Fetch the latest version and,

ls -lhF slack-desktop-3.*-amd64.deb 
dpkg -i slack-desktop-3.*-amd64.deb 
apt -f install

Skype for Linux

Fetch the latest skype for linux as DEB and install,

    wget https://go.skype.com/skypeforlinux-64.deb
    dpkg -i skypeforlinux-64.deb
    apt -f install

DESTROY and re-initialize gnome keyring,

rm -rf ~/.local/share/keyrings
sudo apt install seahorse
seahorse &

Additional notes

Eventually install & setup Conky.

Eventually setup Netfilter to allow only outbound connections.

Workstation Networking

check your network settings handled by Network Manager,

nmcli device show ens2

Disable Automount

gsettings set org.gnome.desktop.media-handling automount false
gsettings set org.gnome.desktop.media-handling automount-open false
gsettings set org.mate.desktop.media-handling automount false
gsettings set org.mate.desktop.media-handling automount-open false

check,

dconf-editor

Domain Search

Three solutions:

  1. Control Center -> Network
  2. dhclient.conf
  3. resolv.conf.d/

use the GUI

Control Center -> Network --> (general tab) Domain name: ...
Control Center -> Network --> (DNs tab) Search domains: ...

OR add some domain searches for DHCP sessions, e.g.

cd /etc/dhcp/
cp -pi dhclient.conf dhclient.conf.dist
vi dhclient.conf

prepend domain-search "example.com", "example.local";

OR change the resolvconf config directly

    cd /etc/resolvconf/resolv.conf.d
    cp -pi base base.dist
    vi base

    search example.com

also make sure that the local system hostnames resolves itselfs as FQDN accordingly (it can point to 127.0.0.1 on a desktop)

CIFS ready

Setup your default workgroup when mounting windows file shares

    sudo apt install smbclient cifs-utils
    #smbfs samba
    vi /etc/samba/smb.conf

Troubleshooting

iwl3945 power saving issue

experienced on IBM/Lenovo T60 / R60e

If you get this error in the logs while loosing iwl3945 wireless network connectivity,

BSM uCode verification failed at addr 0x00003800+0 (of 900), is 0xa5a5a5a2, s/b 0xf802020
Unable to set up bootstrap uCode: -5

and this error when trying to UP the wireless network interface,

    SIOCSIFFLAGS: Input/output error

==> disable wlan power saving using NetworkManager,

vi /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf

wifi.powersave = 2

service NetworkManager restart
iwconfig wls3

Kodi / ureadahead

(optional) you might also want to remove that one in case it is installed and not needed (it was spamming my logs),

    sudo apt remove ureadahead
    #sudo apt purge ureadahead

OEM Installation

Choose the OEM auto-install if you need to delivery the computer to someone-else: finish-up the process as oem user, then click on the Prepare for shipping and the user will have a little setup wizard next boot.

Finish-up as OEM user, choose preferred mirror for packages,

Control Center -> Software Sources

and apply updates using the little shield button in the systray.

install additional languages depending on target users,

Control Center -> Languages

make sure Firefox is also available language-specific.

You’re now ready to click “Prepare for shipping” on the Desktop and reboot.

Note. few things are missing with this method e.g. Adblock for Firefox.

VirtualBox

DO NOT fetch the latest VirtualBox for Linux. Use the repos instead (well, the thing is already available now within Ubuntu):

deb https://download.virtualbox.org/virtualbox/debian <mydist> contrib

apt update

Access the guests through SSH using the default NAT setup,

VBoxManage modifyvm myserver --natpf1 "ssh,tcp,,3022,,22"
VBoxManage showvminfo myserver | grep 'Rule'
ssh root@localhost -p 3022

How to SSH to a VirtualBox guest externally through a host? [closed] https://stackoverflow.com/questions/5906441/how-to-ssh-to-a-virtualbox-guest-externally-through-a-host

Legacy Adobe Reader

See reader.

Bypassing national restrictions

Install friGate3 add-on on your web browser (tested with Firefox), add the target domain into List of sites e.g.,

rutracker.org

and edit the Proxy Servers e.g. to access https://thepiratebay.org/ from France,

https://ru-92-53-1.friproxy0.biz:443 [RU]
https://ru-85-60-1.friproxy0.eu:443 [RU]
https://ru-82-204-3.friproxy.eu:443 [RU]
https://ru-93-78-1.fri-gate.biz:443 [RU]
https://ru-93-78-3.fri-gate0.eu:443 [RU]
https://ru-92-53-5.friproxy.biz:443 [RU]
https://ru-85-60-5.fri-gate.biz:443 [RU]
https://ru-85-60-3.fri-gate0.biz:443 [RU]
https://ru-92-53-3.fri-gate.biz:443 [RU]
https://ru-93-78-5.fri-gate0.org:443 [RU]
https://ru-82-204-1.fri-gate0.eu:443 [RU]
https://ru-82-204-5.fri-gate0.org:443 [RU]

or access http://rutracker.org from Russia,

https://fr-220-163-3.fri-gate0.eu:443 [FR]
https://uk-170-185-1.fri-gate0.org:443 [UK]
https://fl-170-185-1.fri-gate.biz:443 [FL]
https://fr-221-177-1.friproxy0.eu:443 [FR]

Setting up an external drive

cfdisk ...
mkfs.ext4 -T largefile -m 0 /dev/...
e4label /dev/... NEWNAME
lsblk --fs --ascii

MOAR

see post-install

disable ZFS snapshots

as user

systemctl --user start zsys-user-savestate.timer
systemctl --user enable zsys-user-savestate.timer

as root

mv /etc/apt/apt.conf.d/90_zsys_system_autosnapshot.disabled /etc/apt/apt.conf.d/90_zsys_system_autosnapshot

https://askubuntu.com/questions/1233049/disable-automatic-zsys-snapshots-zfs-on-root

graphics & displays

lshw -c video
xrandr
xrandr --output HDMI-A-1-0 --auto --right-of eDP

now even on a workstation, you might want to enable outgoing email and daily scan your own servers

vi /etc/cron.daily/DAILY

#!/bin/bash

echo
echo WHAT IS MY IP
echo

curl -s ifconfig.me
echo
echo

echo
echo SCANNING ...
echo

nmap -sTUV ...

chmod +x /etc/cron.daily/DAILY

Resources

How to Add and Delete Users on Ubuntu 18.04 https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-ubuntu-18-04

Ext4 https://wiki.archlinux.org/index.php/ext4

4.3. Creating an ext4 File System https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-filesystem-ext4-create

Creating ext4 partition from console https://superuser.com/questions/643765/creating-ext4-partition-from-console