Contents

My Ubuntu 22.04 preferences

Warning
This page is just a personal note. Don’t expect this page to be a good reference.

new-pc, ssh-pc, and old-pc

Let’s name three PCs as:

  • new-pc: on which Ubuntu 22.04 will be installed
  • ssh-pc: operates new-pc via ssh and VNC
  • old-pc: which was previous main PC (Ubuntu 20.04); maybe ==new-pc or ==ssh-pc
1
2
3
4
                         setup via ssh/VNC
new-pc (Ubuntu 22.04) <--------------------- ssh-pc (Ubuntu, hacked)

  old-pc (Ubuntu 20.04)

During setting-up new-pc, I don’t operate new-pc with its keyboard and mouse directly because:

  • I can’t operate a pure (unhacked) Ubuntu efficiently (maybe 2x slower than hacked one).
  • Prevent applications from creating default configuration files. e.g. start fish will create ~/.local/share/fish/fish_history, which will conflict with dotfiles.

Get info of old-pc

1
2
3
4
# on ssh-pc:
mkdir ~/logs/
ssh OLD_PC_IP apt list --installed > ~/logs/ubuntu_apt-list.old.txt
ssh OLD_PC_IP snap list            > ~/logs/ubuntu_snap-list.old.txt

Install Ubuntu

(Old; procedures in 20.04, but not so outdated)

Boot with USB stick.

/ubuntu_setup/2020-08-10-13-28-17.png
Check: Install third-party software for graphics and Wi-Fi hardware and additional media formats
/ubuntu_setup/2020-08-10-15-28-57.png
TODO: if Secure Boot is enabled, I recommend turn off it; Secure Boot sometimes requires deep knowledge about low-layer things for trouble-shooting
/ubuntu_setup/2020-08-10-15-17-29.png
Installation type: Erase disk and install Ubuntu: Use LVM with the new Ubuntu installation, Encrypt the new Ubuntu installation for security
/ubuntu_setup/2020-08-10-15-19-10.png
Choose a security key (so-called LUKS key)
/ubuntu_setup/2020-08-10-15-22-26.png
User password can be same as LUKS-key; But I use different ones

TODO:

Proxy settings (if needed)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
export  http_proxy=http://192.0.2.1:8080
export https_proxy=http://192.0.2.1:8080
export   ftp_proxy=http://192.0.2.1:8080

man apt.conf
man apt-transport-http
sudo vi /etc/apt/apt.conf
: <<'CONTENTS'
Acquire::ftp::proxy "ftp://192.0.2.1:8080";
Acquire::http::proxy "http://192.0.2.1:8080";
CONTENTS

Install sshd

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# new-pc:

sudo apt install openssh-server

# on ssh-pc:

ssh-copy-id -i ~/.ssh/id_ed25519.pub NEW_PC_IP

# note to myself:
ssh -J<proxy> NEW_PC_IP true  # make ControlMaster
ssh -oProxyJump=<proxy> NEW_PC_IP

# if ssh-copy-id doesn't work:
mkdir ~/.ssh/
chmod 700 ~/.ssh/
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
vi ~/.ssh/authorized_keys  # add ssh-pc's public key (~/.ssh/id_ed25519.pub)

From here, all commands are executed on “new-pc via ssh”, unless otherwise noted.

Unlock LUKS via ssh

  • Connecting Wi-Fi in dropbear seems to be hard (I didn’t tried though); assuming an ethernet NIC exist.
  • Assuming using DHCP and the offered IP address is known.

References:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
sudo apt install dropbear-initramfs

# /usr/share/doc/dropbear-initramfs/README.initramfs:
# > Command line options are taken from the $DROPBEAR_OPTIONS variable.  For
# > instance add DROPBEAR_OPTIONS="-p 2222" to /etc/dropbear/initramfs/dropbear.conf
# > to change the listening port to 2222.
sudo vi /etc/dropbear/initramfs/dropbear.conf
# if you want to change port:
# DROPBEAR_OPTIONS="-p 2222"

# /usr/share/doc/dropbear-initramfs/README.initramfs:
# > Password logins are disabled.  Public key(s) used for authentication are taken
# > from /etc/dropbear/initramfs/authorized_keys, or from
# > /etc/dropbear/initramfs/id_{dsa,rsa,ecdsa,ed25519}.pub if the former
# > does not exist.  A warning is raised if no authorized keys could be
# > found.
sudo vi /etc/dropbear/initramfs/authorized_keys  # paste ssh-pc's public key (~/.ssh/id_ed25519.pub)

/usr/share/doc/dropbear-initramfs/README.initramfs:
# > Don't forget to run update-initramfs when you changed the config to make it
# > effective!
# >   # update-initramfs -u -k all
sudo update-initramfs -u -k all
#update-initramfs: Generating /boot/initrd.img-5.15.0-27-generic
#W: Possible missing firmware /lib/firmware/amdgpu/yellow_carp_gpu_info.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/vangogh_gpu_info.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_rlc.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_mec2.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_mec.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_me.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_pfp.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_ce.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_sdma1.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_sdma.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/sienna_cichlid_mes.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/navi10_mes.bin for module amdgpu
#I: The initramfs will attempt to resume from /dev/dm-2
#I: (/dev/mapper/vgubuntu-swap_1)
#I: Set the RESUME variable to override this.
#update-initramfs: Generating /boot/initrd.img-5.15.0-25-generic
#W: Possible missing firmware /lib/firmware/amdgpu/yellow_carp_gpu_info.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/vangogh_gpu_info.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_rlc.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_mec2.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_mec.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_me.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_pfp.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_ce.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_sdma1.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/cyan_skillfish_sdma.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/sienna_cichlid_mes.bin for module amdgpu
#W: Possible missing firmware /lib/firmware/amdgpu/navi10_mes.bin for module amdgpu
#I: The initramfs will attempt to resume from /dev/dm-2
#I: (/dev/mapper/vgubuntu-swap_1)
#I: Set the RESUME variable to override this.

sudo reboot

new-pc: stopiing at “Please unlock disk nvme0n1p3_crypt”

/usr/share/doc/dropbear-initramfs/README.initramfs:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
Since by default the initramfs' host keys differ from those of the main SSH
server, SSH clients such as OpenSSH's might issue a "REMOTE HOST IDENTIFICATION
HAS CHANGED!" warning.  In that case you might want to use another port for the
initramfs SSHd, and/or the "UserKnownHostsFile" option to specify an
alternative known_hosts file:

  $ ssh -F ~/.luks/ssh.conf remote.system.com
  $ cat ~/.luks/ssh.conf
  Host *
    User root
    UserKnownHostsFile ~/.luks/known_hosts
    PasswordAuthentication no
    IdentityFile ~/.ssh/id_rsa

ssh-pc:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
mkdir ~/.luks/

vi ~/.ssh/config
: <<'CONF'
Host new-pc-decrypt
    HostName NEW_PC_IP
    User root
    UserKnownHostsFile ~/.luks/known_hosts
    # if DROPBEAR_OPTIONS="-p 2222":
    # Port 2222
CONF

ssh new-pc-decrypt echo ok  # ok

#
# >  You can then unlock the disk remotely via SSH with
# >
# >     ssh -tF ~/.luks/ssh.conf root@remote.system.com cryptroot-unlock
# >
# >  Or, using a local gpg-encrypted key file:
# >
# >     gpg --decrypt ~/.luks/remote.key.gpg | ssh -TF ~/.luks/ssh.conf root@remote.system.com cryptroot-unlock
ssh -t new-pc-decrypt cryptroot-unlock
#Please unlock disk nvme0n1p3_crypt:
#cryptsetup: nvme0n1p3_crypt set up successfully

apt upgrade

1
2
3
sudo apt update
sudo apt upgrade
sudo reboot

Online accounts

/ubuntu_setup/2020-08-12-17-30-18.png
Skip, Next, Next, On, Next, Done

gsettings

1
2
3
4
5
# [screen-saver-2h]
gsettings set org.gnome.desktop.session idle-delay 7200

# win+right drag to resize
gsettings set org.gnome.desktop.wm.preferences resize-with-right-button true

fish

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# on ssh-pc:
ssh NEW_PC_IP 'mkdir -pv ~/.local/share/fish/'
scp ~/.local/share/fish/{fish_history,fish_read_history} NEW_PC_IP:~/.local/share/fish/
ssh NEW_PC_IP 'mkdir -pv ~/go/bin/'
scp ~/go/bin/powerline-go NEW_PC_IP:~/go/bin/
scp ~/go/bin/peco         NEW_PC_IP:~/go/bin/

# on new-pc:
sudo apt install fish
fish
mkdir -pv ~/opt/dummy/{bin/,sbin/,share/man/}

Prevent sleeping when closing new-pc laptop’s lid closing at login screen (gdm3)

https://askubuntu.com/a/1131749/764025

1
2
3
4
5
sudo vi /etc/systemd/logind.conf
# #HandleLidSwitch=suspend
# HandleLidSwitch=ignore

sudo reboot

VNC

Requires RealVNC license.

TODO: use free VNC instead of RealVNC

1
2
3
4
5
6
# https://www.realvnc.com/en/connect/download/viewer/linux/ DEB x64
mkdircd /tmp/vnc/
wget https://downloads.realvnc.com/download/file/viewer.files/VNC-Viewer-6.22.315-Linux-x64.deb
#get https://www.realvnc.com/download/file/viewer.files/VNC-Viewer-6.20.529-Linux-x64.deb
sudo dpkg -i VNC-Viewer-*-Linux-x64.deb
vncviewer -help
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
mkdircd /tmp/vnc/
wget https://www.realvnc.com/download/file/vnc.files/VNC-5.3.3-Linux-x64-DEB.tar.gz
tar xvf VNC-5.3.3-Linux-x64-DEB.tar.gz  # VNC-Server-5.3.3-Linux-x64.deb VNC-Viewer-5.3.3-Linux-x64.deb
sudo dpkg -i VNC-Server-5.3.3-Linux-x64.deb
#Selecting previously unselected package realvnc-vnc-server.
#(Reading database ... 399211 files and directories currently installed.)
#Preparing to unpack VNC-Server-5.3.3-Linux-x64.deb ...
#Unpacking realvnc-vnc-server (5.3.3.27908) ...
#Setting up realvnc-vnc-server (5.3.3.27908) ...
#Updating /etc/pam.d/vncserver
#Updating /etc/pam.conf... done
#
#NOTICE: common configuration in /etc/pam.d contains the following modules:
#   pam_sss.so
#The default vncserver PAM configuration only enables pam_unix. See 
#`man vncinitconfig' for details on any manual configuration required.
#
#Looking for font path... not found.
#Generating private key... done
#Installed systemd unit for VNC Server in Service Mode daemon
#Start or stop the service with:
#  systemctl (start|stop) vncserver-x11-serviced.service
#Mark or unmark the service to be started at boot time with:
#  systemctl (enable|disable) vncserver-x11-serviced.service
#
#Installed systemd unit for VNC Server in Virtual Mode daemon
#Start or stop the service with:
#  systemctl (start|stop) vncserver-virtuald.service
#Mark or unmark the service to be started at boot time with:
#  systemctl (enable|disable) vncserver-virtuald.service
#
#Processing triggers for shared-mime-info (2.1-2) ...
#Processing triggers for man-db (2.10.2-1) ...
#Processing triggers for hicolor-icon-theme (0.17-2) ...
#Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
#Processing triggers for gnome-menus (3.36.0-1ubuntu3) ...
#Processing triggers for desktop-file-utils (0.26-1ubuntu3) ...

sudo vnclicense -add <LICENSE>  # License key <Free> has been successfully applied.
sudo vncpasswd -service
#Setting "Password" VNC parameter for Service Mode server
#Password:
#Verify:
#Successfully set "Password" VNC parameter in /root/.vnc/config.d/vncserver-x11
#Please note users of third party VNC Viewer projects will be able to connect by
#entering the first 8 characters of this password only.
sudo systemctl status vncserver-x11-serviced.service  # disabled, inactive
sudo systemctl status vncserver-virtuald.service      # disabled, inactive

sudo systemctl start vncserver-x11-serviced.service
sudo lsof -nP -i:5900
#COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
#vncserver 9520 root   10u  IPv6 145879      0t0  TCP *:5900 (LISTEN)
#vncserver 9520 root   11u  IPv4 145880      0t0  TCP *:5900 (LISTEN)

restore backuped files

TODO

Sync dotfiles with GitHub

such like: https://github.com/wataash/dotfiles

Generate a token named “NEW-PC_dotfiles” on https://github.com/settings/tokens/new

1
2
3
4
5
6
7
sudo apt install git
cd ~/
git init
git remote add origin https://github.com/wataash/dotfiles-private-repo.git
git fetch  # type username and token
git checkout h  # conflicts: .config/mimeapps.list .ssh/config
echo 'source ~/sh/bashconf.bash' >> ~/.bashrc

apt, snap, flatpak

Setup Ubuntu 20.04 (apt, snap, flatpak)

Fonts

https://github.com/miiton/Cica (Japanese font for developers)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
mkdircd /tmp/cica/
wget https://github.com/miiton/Cica/releases/download/v5.0.3/Cica_v5.0.3.zip
unzip Cica_v5.0.3.zip
#Archive:  Cica_v5.0.3.zip
#  inflating: Cica-Bold.ttf           
#  inflating: Cica-BoldItalic.ttf     
#  inflating: Cica-Regular.ttf        
#  inflating: Cica-RegularItalic.ttf  
#  inflating: COPYRIGHT.txt           
#  inflating: LICENSE.txt             

mkdir ~/.local/share/fonts/
mv -v *.ttf ~/.local/share/fonts/
#renamed 'Cica-Bold.ttf' -> '/home/wsh/.local/share/fonts/Cica-Bold.ttf'
#renamed 'Cica-BoldItalic.ttf' -> '/home/wsh/.local/share/fonts/Cica-BoldItalic.ttf'
#renamed 'Cica-Regular.ttf' -> '/home/wsh/.local/share/fonts/Cica-Regular.ttf'
#renamed 'Cica-RegularItalic.ttf' -> '/home/wsh/.local/share/fonts/Cica-RegularItalic.ttf'

Rust tools

https://rustup.rs/

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
~/.cargo/bin/cargo install -v \
  bat \
  cargo-generate \
  dua-cli \
  exa \
  fd-find \
  git-delta \
  hyperfine \
  loc \
  rbspy \
  ringrep \
  ;

xkb

View changes

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# on new-pc:
sudo cp -v /usr/share/X11/xkb/symbols/inet /usr/share/X11/xkb/symbols/inet.orig
sudo cp -v /usr/share/X11/xkb/symbols/jp   /usr/share/X11/xkb/symbols/jp.orig

# on ssh-pc:

git mv ~/usr/share/X11/xkb/symbols/inet.ubu2004 ~/usr/share/X11/xkb/symbols/inet.ubu2204
git mv ~/usr/share/X11/xkb/symbols/jp.ubu2004   ~/usr/share/X11/xkb/symbols/jp.ubu2204
ssh NEW_PC_IP cat /usr/share/X11/xkb/symbols/inet > ~/usr/share/X11/xkb/symbols/inet.ubu2204
ssh NEW_PC_IP cat /usr/share/X11/xkb/symbols/jp   > ~/usr/share/X11/xkb/symbols/jp.ubu2204
git diff ~/usr/share/X11/xkb/symbols/

cat inet.patch | delta
cat jp.patch | delta
cp  ~/usr/share/X11/xkb/symbols/inet.ubu2204  ~/usr/share/X11/xkb/symbols/inet.patched
cp  ~/usr/share/X11/xkb/symbols/jp.ubu2204    ~/usr/share/X11/xkb/symbols/jp.patched
code ~/usr/share/X11/xkb/symbols/inet.patched ~/usr/share/X11/xkb/symbols/jp.patched  # manually apply patch

diff -u inet.ubu2204 inet.patched > inet.patch
diff -u jp.ubu2204   jp.patched   > jp.patch

ssh NEW_PC_IP 'mkdir -p ~/usr/share/X11/xkb/symbols/'
scp ~/usr/share/X11/xkb/symbols/inet.patched NEW_PC_IP:~/usr/share/X11/xkb/symbols/
scp ~/usr/share/X11/xkb/symbols/jp.patched   NEW_PC_IP:~/usr/share/X11/xkb/symbols/

# on new-pc:
sudo cp ~/usr/share/X11/xkb/symbols/inet.patched /usr/share/X11/xkb/symbols/inet
sudo cp ~/usr/share/X11/xkb/symbols/jp.patched   /usr/share/X11/xkb/symbols/jp
delta /usr/share/X11/xkb/symbols/inet.orig /usr/share/X11/xkb/symbols/inet
delta /usr/share/X11/xkb/symbols/jp.orig   /usr/share/X11/xkb/symbols/jp
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
--- /usr/share/X11/xkb/symbols/inet.orig	2020-08-12 17:13:23.281056773 +0900
+++ /usr/share/X11/xkb/symbols/inet	2020-08-12 17:24:44.121288077 +0900
@@ -104,9 +104,22 @@
 // Commented out because HZTG has same keycode as TLDE
 //    key <HZTG>   {      [ Zenkaku_Hankaku       ]       };
 
-    key <HKTG>   {      [ Hiragana_Katakana     ]       };
-    key <HENK>   {      [ Henkan                ]       };
-    key <MUHE>   {      [ Muhenkan              ]       };
+//    key <HKTG>   {      [ Hiragana_Katakana     ]       };
+//    key <HENK>   {      [ Henkan                ]       };
+//    key <MUHE>   {      [ Muhenkan              ]       };
+
+//    key <HKTG>   {      [ F16                   ]       };
+//    key <HENK>   {      [ F15                   ]       };
+//    key <MUHE>   {      [ F14                   ]       };
+//    modifier_map Mod2 { F14 };
+//    modifier_map Mod3 { F15 };
+//    modifier_map Mod5 { F16 };
+
+    key <HKTG> { [ ], actions[Group1] = [SetMods(modifiers=Mod5)] };
+    key <HENK> { [ ], actions[Group1] = [SetMods(modifiers=Mod3)] };
+//    key <MUHE> { [ ], actions[Group1] = [SetMods(modifiers=Mod2)] };
+    key <MUHE> { [ Control_L ], actions[Group1] = [SetMods(modifiers=Control)] };
+
     key <KATA>   {      [ Katakana              ]       };
     key <HIRA>   {      [ Hiragana              ]       };
     key <RO>     {      [ Romaji                ]       };
--- /usr/share/X11/xkb/symbols/jp.orig	2020-08-12 17:13:25.545043279 +0900
+++ /usr/share/X11/xkb/symbols/jp	2020-08-12 17:25:20.676948927 +0900
@@ -44,7 +44,12 @@
     key <AD11> { [ at, grave		] };
     key <AD12> { [ bracketleft,	braceleft ] };
 
-    key <CAPS> { [ Eisu_toggle, Caps_Lock ] };
+//     key <CAPS> { [ Eisu_toggle, Caps_Lock ] };
+//     key <CAPS> { [ Control_R ] };
+//     key <CAPS> { [ F13 ] };
+//     key <CAPS> { [ F13 ], actions[Group1] = [SetMods(modifiers=Lock)] };
+//     key <CAPS> { actions[Group1] = [SetMods(modifiers=Lock)] };
+     key <CAPS> { [ ], actions[Group1] = [SetMods(modifiers=Lock)] };
 
     key <AC01> { [ a, A			] };
     key <AC02> { [ s, S			] };
@@ -70,7 +75,10 @@
     key <AB09> { [ period, greater	] };
     key <AB10> { [ slash, question	] };
     key <AB11> { [ backslash, underscore] };
-    key <LCTL> { [ Control_L		] };
+
+// swap lctrl, muhe
+    key <LCTL> { [ Control_L        ] };
+//    key <LCTL> { [ Control_L ], actions[Group1] = [SetMods(modifiers=Mod2)] };
 
     key <NFER> { [ Muhenkan		] };
 
@@ -321,3 +329,4 @@
 	xkb_symbols "sun_type7" {
 	include "sun_vndr/jp(sun_type7)"
 };
+

needs reboot

Root certificates

TODO

Applications

00 Google Chrome

1
2
3
mkdircd /tmp/chrome/
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome-stable_current_amd64.deb

new-pc GUI: Start sync.

00 Visual Studio Code

https://code.visualstudio.com/Download

1
2
3
mkdircd /tmp/code/
wget https://az764295.vo.msecnd.net/stable/da15b6fd3ef856477bf6f4fb29ba1b7af717770d/code_1.67.1-1651841865_amd64.deb
sudo dpkg -i code_*_amd64.deb

10 gnome-control-center (Settings)

  • Wi-Fi
  • Network
  • Bluetooth
  • Background: select a dark wallpaper
  • Appearnce
    • Dark
    • Color: select a desired one
    • Desktop Icons: Size: Tiny
    • Dock
      • Auto-hide the Dock: YES
      • Panel mode: YES
      • Icon size: 24
      • Show on: All displays
      • Position on screen: Left
  • Multitasking
    • Active Screen Edges: no (TODO: what’s this?)
    • Workspaces: Fixed number of workspaces, 4
    • Multi-Monitor: Workspaces on all displays
    • Application Switching
      • Include applications from the current workspace only,
      • Include applications from all monitors
  • Privacy
    • File History & Trash
      • Automatically Delete Temporary Files: YES
    • Screen: Screen Lock
      • Blank Screen Delay: 2 hours (see [screen-saver-2h])
      • Automatic Screen Lock: YES
      • Automatic Screen Lock Delay: 1minute
      • Lock Screen on Suspend: YES
      • Show Notifications on Lock Screen: no
  • Online Accounts
  • Sharing
  • Sound
  • Power
  • Displays
  • Mouse & Touchpad
  • Keyboard: Keyboard Shortcuts: View and Customize Shortcuts: Navigation: Hide all normal Windows: Ctrl+Super+D: (it’s defalt; but without this (explicitly setting “Ctrl+SuperD”), Ctrl+Alt+D also does this function – seems BUG (TODO: reporting))
  • Printers
  • Removable Media
  • Color
  • Region & Language
  • Accesibility
  • Users
  • Default Applications
  • Date & Time
  • About: GNOME Version: 42.0

GNOME shell extensions

gnome-tweak-tool (Tweaks)

  • General: Suspend when laptop lid is closed: no
  • Appearnce
  • Fonts
  • Keyboard & Mouse
  • Startup Applications
  • Top Bar: Clock
    • Weekday: ON
    • Date: ON
    • Seconds: ON
  • Window Titlebars
  • Windows: Attach Modal Dialogs: off

10 wireshark / tshark / tcpdump

Enable running without sudo.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
zcat /usr/share/doc/wireshark-common/README.Debian.gz

tshark
#Capturing on 'eno1'
#tshark: Couldn't run /usr/bin/dumpcap in child process: Permission denied
#
#0 packets captured

# sudo dpkg-reconfigure wireshark-common
cat /etc/group  # wireshark❌148:
id      # uid=1000(wsh) gid=1000(wsh) groups=1000(wsh),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(lxd),135(sambashare),145(libvirt)
groups  # wsh adm cdrom sudo dip plugdev lpadmin lxd sambashare libvirt
sudo usermod -a -G wireshark $USER
# logout, login
id      # uid=1000(wsh) gid=1000(wsh) groups=1000(wsh),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(lxd),135(sambashare),145(libvirt),148(wireshark)
groups  # wsh adm cdrom sudo dip plugdev lpadmin lxd sambashare libvirt wireshark

tshark
#Capturing on 'eno1'
# ** (tshark:96839) 17:04:13.744884 [Main MESSAGE] -- Capture started.
# ** (tshark:96839) 17:04:13.744924 [Main MESSAGE] -- File: "/tmp/wireshark_eno1GK9QL1.pcapng"
#    1 0.000000000 172.16.50.121 → 172.16.50.1  SSH 286 Server: Encrypted packet (len=220)
#...

Although tcpdump is not related to wireshark/tshark/dumpcap (except that Guy Harris maintains the both project), Users who can run wireshark should be able to run tcpdump. So I use wireshark user for tcpdump.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
tcpdump
#tcpdump: eno1: You don't have permission to capture on that device
#(socket: Operation not permitted)

ls -l /usr/bin/tcpdump /usr/bin/dumpcap
#-rwxr-xr-- 1 root wireshark  129696  3月  5 01:13 /usr/bin/dumpcap
#-rwxr-xr-x 1 root root      1331320  3月 25 18:52 /usr/bin/tcpdump

sudo chgrp wireshark /usr/bin/tcpdump
ls -l /usr/bin/tcpdump
#-rwxr-xr-x 1 root wireshark 1331320  3月 25 18:52 /usr/bin/tcpdump
#-rwxr-xr-- 1 root wireshark  129696  3月  5 01:13 /usr/bin/dumpcap

getcap /usr/bin/tcpdump  # (nothing)
getcap /usr/bin/dumpcap  # /usr/bin/dumpcap cap_net_admin,cap_net_raw=eip

sudo setcap cap_net_admin,cap_net_raw+ep /usr/bin/tcpdump
getcap /usr/bin/tcpdump  # /usr/bin/tcpdump cap_net_admin,cap_net_raw=ep

tcpdump
#tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
#listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
#17:17:23.977197 IP wsh79.ssh > _gateway.61435: Flags [P.], seq 51393655:51393843, ack 2212120736, win 501, options [nop,nop,TS val 3755970434 ecr 1623], length 188
#...

Audio Recorder

1
2
sudo add-apt-repository ppa:audio-recorder/ppa
sudo apt install audio-recorder

docker

https://docs.docker.com/install/linux/docker-ce/ubuntu/ convenience script

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
mkdircd /tmp/docker/
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER  # re-login to apply

docker pull alpine
docker pull debian:buster
docker pull debian:buster-slim
docker pull gcc
docker pull python:slim
docker pull ubuntu
docker pull ubuntu:12.04
docker pull ubuntu:14.04
docker pull ubuntu:16.04
docker pull ubuntu:18.04
docker pull ubuntu:20.04
docker pull ubuntu:22.04

# @ref:docker-login
docker login  # wataash

Dropbox

old

https://www.dropbox.com/install-linux

1
2
3
cd /tmp/
wget -O dropbox.deb 'https://www.dropbox.com/download?dl=packages/ubuntu/dropbox_2020.03.04_amd64.deb'
sudo dpkg -i dropbox.deb

new-pc: GUI: start Dropbox

fasd

https://github.com/clvv/fasd

1
2
# on ssh-pc:
scp ~/.fasd NEW_PC_IP:~/

fish (again)

TODO

git

TODO

gpg

TODO

Homebrew

https://brew.sh/

1
2
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install hugo

Japanese

http://www.ubuntulinux.jp/japanese

Ubuntu 22.04 では不要かも? sudo apt update で最初から jp.archive.ubuntu.com がいた気がしたし、最初から LC_ALL=ja_JP.utf-8 man man で日本語manが見れる

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
cat /etc/lsb-release  # 22.04 focal
# (TODO: Ubuntu 22.04 LTSの場合 がまだ無い)
# Ubuntu 20.04 LTSの場合:
wget -q https://www.ubuntulinux.jp/ubuntu-ja-archive-keyring.gpg -O- | sudo apt-key add -
wget -q https://www.ubuntulinux.jp/ubuntu-jp-ppa-keyring.gpg -O- | sudo apt-key add -
sudo wget https://www.ubuntulinux.jp/sources.list.d/focal.list -O /etc/apt/sources.list.d/ubuntu-ja.list
sudo apt update
# 3. 以下のコマンドを実行し、パッケージをアップグレードします。
sudo apt-get update  # Hit:2 http://jp.archive.ubuntu.com/ubuntu focal InRelease
sudo apt-get install ubuntu-defaults-ja
---
The following additional packages will be installed:
  firefox-locale-ja fonts-noto-cjk-extra language-pack-gnome-ja language-pack-gnome-ja-base language-pack-ja
  language-pack-ja-base libzinnia0v5 mozc-utils-gui
Suggested packages:
  ibus-qt5
The following NEW packages will be installed:
  firefox-locale-ja fonts-noto-cjk-extra language-pack-gnome-ja language-pack-gnome-ja-base language-pack-ja
  language-pack-ja-base libzinnia0v5 mozc-utils-gui ubuntu-defaults-ja
0 upgraded, 9 newly installed, 0 to remove and 3 not upgraded.

/ubuntu_setup/2020-08-12-15-22-32.png
Windows key -> Language Support
/ubuntu_setup/2020-08-12-15-20-33.png
The language support is not installed completely -> Install, input password

JetBrains Toolbox

Needs JetBrains license.

https://www.jetbrains.com/toolbox-app/

1
2
3
4
5
6
mkdircd /tmp/jb/
wget https://download-cdn.jetbrains.com/toolbox/jetbrains-toolbox-1.24.11947.tar.gz
tar xvf jetbrains-toolbox-*.tar.gz
# GUI
/tmp/jb/jetbrains-toolbox-*/jetbrains-toolbox
# installed in ~/.local/share/JetBrains/Toolbox/, so /tmp/jetbrans... can be removed
  • Login
  • (optional) Proxy: Enabled, HTTP, 192.0.2.1, 8080
  • Generate shell scripts: ~/opt/jetbrains/bin/
    • ~/opt/jetbrains/bin/ is automatically created
  • Install IDEs
    • IntelliJ
    • CLion
    • RubyMine
    • PyCharm
    • GoLand
    • WebStorm
  • Relax the inotify limit
    1
    2
    3
    4
    5
    6
    
    sysctl fs.inotify.max_user_watches  # 65536
    sudo vim /etc/sysctl.conf           # append: fs.inotify.max_user_watches = 524288
    sudo sysctl -p --system
    #* Applying /etc/sysctl.conf ...
    #fs.inotify.max_user_watches = 524288
    sysctl fs.inotify.max_user_watches  # 524288
    

Open all IDEs and open settings with Ctrl-,:

  • Appearance & Behaviour: System Settings: Confirm before exiting the IDE
  • Keymap: (described below)
  • Editor
    • General: VirtualSpace: Show virtual space at the bottom of the file
      • Appearance
        • Show whitespaces
          • Leading
          • Inner
          • Trailing
      • Editor Tabs
        • Show tabs in one row
        • Mark modified (*)
        • Tab limit: 99
        • When the current tab is closed, activate: The tab on the right
    • Font: Cica 18
  • Languages & Frameworks: Markdown: Default layout: Editor only
  • Plugins: (described below)
  • Version Control
  • Build, Execution, Deployment
  • Languages & Frameworks
  • Tools
  • Advanced Settings

Plugins

  • Code blocks sorter
  • Perl
  • Rainbow Brackets
  • TabMover
  • (CLion) Rust, Pest

Keymap: GNOME

  • Editor Actions
  • Main menu
    • File: Settings: Ctrl+Comma
    • Edit
    • View
    • Navigate
    • Code: Completion: Basic: Shift+Space
    • Refator
    • Build
    • Run
    • Tools
    • Git: Git: Annotate: Alt+A
    • Window: Editor Tabs: Close: Ctrl+W
  • Plug-ins
    • TabMover
      • Move Tab to Next: Alt+PageDown
      • Move Tab to Previous: Alt+PageUp
  • Other
    • Rerun: Ctrl+R

lang: C

build:

  • NetBSD
  • gdb
  • llvm

lang: Go

TODO

lang: Haskell

TODO

lang: Node.js

TODO

lang: Python

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
pip install -U \
beautifulsoup4 \
click \
colorama \
compiledb \
cython \
gcovr \
graphviz \
httpie \
ipython \
jinja2 \
jupyter \
lark-parser \
logzero \
matplotlib \
orderedset \
pandas \
pydf \
pylint \
pyyaml \
requests \
requests-html \
scan-build \
scapy \
sklearn \
sortedcontainers \
terminal-colors \
youtube-dl \
;

lang: Ruby

1
2
brew install rbenv ruby-build
...TODO

lastpass

TODO

mozc

TODO

Nautilus

nautilus-typeahead TODO

SublimeText

TODO

tilix

TODO

tmux

TODO

Thunderbird

TODO

vim

TODO

VirtualBox

TODO

wine

TODO

LUKS backup

TODO luksHeaderBackup

useradd

crontab

TODO

Windows p2v

TODO