Install Ubuntu 24.04
Instructions for a quick start getting all my usual software and setup on a fresh Ubuntu Linux install.
Copy our SSH keys from a trusted place
scp -r ivan@<<SECRETS>>:/home/ivan/.ssh/* ~/.ssh
Get everything up to date
sudo apt update && sudo apt upgrade
TLDR: Get all the packages now
In a hurry to get started and know what you’re doing. Just cut and paste the packages you want from this list into an ‘apt install’ command and get them all downloading.
Get Git installed and configured
sudo apt install -y git git-lfs
git config --global user.email "ivan.hawkes@gmail.com"
git config --global user.name "Ivan Hawkes"
git config --global init.defaultBranch main
Move in our dot files
The complete instructions are in the original post on this subject.
cd ~
sudo apt install -y stow
git clone git@github.com:ivanhawkes/dotfiles.git
rm ~/.bashrc ~/.profile
cd ~/dotfiles
stow --adopt .
cd ~
Now is a good time to CTRL-D out of the shell and log back in again. This will apply group permissions and your .bashrc script to the new shell. You now have colour in your shell and access to aliases for “ls -al” and friends.
Groups and users
In a home lab setup it’s best to stick with basic authentication and user account synchronisation. In it’s simplest form you use the same GID and UID for each user, copying those to every machine on the network. This can be as simple as cutting and pasteing a list of entries in the /etc/group and /etc/passwd files.
I like to control the GID and UID for service accounts as well as general users. This makes it very easy to copy the users and groups between machines and for networking with SAMBA and NFS.
First we need to create the groups. Add new group with a fixed GID for each user and service account.
Use the lines below to quickly create your user groups. Just replace the ‘xxxx’ with the group name.
sudo groupadd -g 1001 xxxx
sudo groupadd -g 1002 xxxx
sudo groupadd -g 1003 xxxx
sudo groupadd -g 1004 xxxx
sudo groupadd -g 1005 xxxx
sudo groupadd -g 1006 xxxx
sudo groupadd -g 1007 xxxx
sudo groupadd -g 1008 xxxx
sudo groupadd -g 1009 xxxx
I keep the group service accounts in a specific range so it’s easy to know their purpose. I add myself as a group memeber to make managing the files possible without needing to use sudo.
Use the lines below to quickly create your service account groups. Just replace the ‘xxxx’ with the group name.
sudo groupadd -g 2000 xxxx -U ivan
sudo groupadd -g 2001 xxxx -U ivan
sudo groupadd -g 2002 xxxx -U ivan
sudo groupadd -g 2003 xxxx -U ivan
sudo groupadd -g 2004 xxxx -U ivan
sudo groupadd -g 2005 xxxx -U ivan
sudo groupadd -g 2006 xxxx -U ivan
sudo groupadd -g 2007 xxxx -U ivan
sudo groupadd -g 2008 xxxx -U ivan
sudo groupadd -g 2009 xxxx -U ivan
Use the lines below to quickly create your service account groups. Just replace the ‘xxxx’ with the group name which should also match the user name.
sudo useradd -u 1001 -m -g xxxx xxxx
sudo useradd -u 1002 -m -g xxxx xxxx
sudo useradd -u 1003 -m -g xxxx xxxx
sudo useradd -u 1004 -m -g xxxx xxxx
sudo useradd -u 1005 -m -g xxxx xxxx
sudo useradd -u 1006 -m -g xxxx xxxx
sudo useradd -u 1007 -m -g xxxx xxxx
sudo useradd -u 1008 -m -g xxxx xxxx
sudo useradd -u 1009 -m -g xxxx xxxx
Service accounts need to be locked down to reduce damage if hackers break into them.
sudo useradd -u 2000 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2001 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2002 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2003 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2004 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2005 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2006 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2007 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2008 -M -N -g xxxx -s /sbin/nologin xxxx
sudo useradd -u 2009 -M -N -g xxxx -s /sbin/nologin xxxx
SAMBA Networking for Windows
In a mixed environment SAMBA provides a (relatively) easy way to share files between machines. It’s also the software that gives me the most problems as a service. I frequently run into issues with permissions that have opaque error messages. Remember to check the logs in /var/log/samba if your having issues.
sudo apt install -y samba
# Give ourselves a password.
sudo smbpasswd -a $USER
By default, the firewall rules are pretty permissive, but just in case you may wish to check them.
# Nmap - insecurity scanner.
sudo apt install -y nmap
nmap -p1-9999 <MACHINE>
Your distribution may use UFW or iptables for the firewall. Open up the ports for SAMBA if needed. Adjust the IP address range to suit your own network.
# Iptable rules.
sudo iptables -A INPUT -p udp --dport 137 -s 10.0.0.0/16 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p udp --dport 138 -s 10.0.0.0/16 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 139 -s 10.0.0.0/16 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 445 -s 10.0.0.0/16 -m state --state NEW -j ACCEPT
# UFW rules.
sudo ufw allow samba
Edit the SAMBA configuration
Once installed you will need to edit the configuration file and restart the service.
Typically, I will leave the bulk of the config file untouched and just add my entries to the bottom of the file. Over the years that one file has been copied from one server to another until it has become out of date. I suggest you work with the file supplied and then compare it back with existing ones if needed.
sudo nano /etc/samba/smb.conf
sudo sysctl smbd restart
On a constrained system like the Raspberry Pi 2b or ODROID-HC2 memory usage becomes critical. SAMBA has a nasty habit of breaking large files transfer because it uses too much memory. To combat that we are going to tune it’s use down a bit. You may need to play with these settings to get it just right.
sudo nano /etc/samba/smb.conf
Makes some additions to the global section.
# ILH: Added these to lower the memory usage and prevent issues when
# transferring large files on a low memory system e.g. ODROID-HC2
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=32768 SO_SNDBUF=32768
max connections = 8
read raw = no
write raw = no
max xmit = 32768
Restart the service and test it.
sudo service smbd restart
sudo apt install slurm
slurm -i <NET-INTERFACE>
add some entries e.g.
[data]
comment = Bulk data storage.
path = /data
guest ok = yes
guest only = no
read only = no
browseable = yes
inherit acls = no
inherit permissions = no
ea support = no
store dos attributes = no
vfs objects =
printable = no
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
hide special files = yes
follow symlinks = yes
hide dot files = yes
read list =
write list = "xxxx",@"xxxx"
Make your network share available to your workstation
It’s likely you will now want to mount one or more drives. The simplest method is to make an entry into the file system table and have them mounted on boot. It’s important to note however, that they may not always actually start up on boot due to various reason, so check your work after a reboot.
sudo apt install blkid
sudo blkid
sudo nano /etc/fstab
Add a line like the following to your fstab to mount the drive. You will need to supply the .smbcredentials if you use this exact invocation. Strictly speaking the uid and gid parts of the line are not required if you supply the .smbcredentials file.
//10.0.x.x/data /media/xxxx cifs vers=3.0,uid=1000,gid=1000,credentials=/home/ivan/.smbcredentials 0 0
Make sure there is an underlaying file system to share.
sudo mkdir /data
sudo systemctl daemon-reload
sudo mount /data
Now install the bulk load of software used in a general purpose system. Pick and choose which you need from the broad categories I’ve grouped them into.
# Ubuntu snaps are needed for some software.
sudo snap install code sublime-text discord --classic
# Extra repositories needed.
sudo add-apt-repository ppa:graphics-drivers/ppa && sudo apt upgrade
sudo add-apt-repository ppa:aslatter/ppa -y
# Apt repositories.
sudo apt install -y alacritty
sudo apt install -y git git-lfs
sudo apt install -y stow
sudo apt install -y samba nmap
sudo apt install -y cmake cmake-gui cmake-curses-gui gcc g++ build-essential automake autoconf ninja-build clang fonts-hack-ttf
sudo apt install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib gdb-multiarch
sudo apt install -y python3-full python3-pip npm nodejs
sudo apt install -y vulkan-tools spirv-cross renderdoc
sudo apt install -y nvidia-driver-535 nvidia-settings vulkan vulkan-utils
sudo apt install -y handbrake vlc
Docker and Portainer
Get the Docker environment up and running and manage it with Portainer.
First, the recommended method of installing Docker for Ubuntu / Debian / Raspberry Pi OS. Set it up for users to run it without root priveleges.
WARNING: Double check the distribution you are installing. Debian, Ubuntu and Raspbian are often identical for installations but not for this one. They have different installation sources and commands to run.
mkdir -p ~/docker/portainer
cd ~/docker/portainer
curl -L https://downloads.portainer.io/ce-lts/portainer-compose.yaml -o compose.yaml
# I usually edit out one of the optional settings.
nano compose.yaml
docker compose up -d
Serial communications
sudo apt install -y minicom
sudo usermod -a -G dialout $USER
Outboard equipment
This is pretty specifig to me. I have a piece of outboard audio gear that needs some firmware installed.
sudo apt install -y midisport-firmware
QTile
Consider using a tile manager for the desktop. There’s still issues with a good setup using Ubuntu 24.04, so this is optional and not even recommended yet.
pip install qtile
Allow Grub Menu to List Other OS’s
Ubuntu 22.04 disables the other OS probing mechanism for security reasons. We really want it back again.
# Edit grub config file.
sudo nano /etc/default/grub
Edit this line to switch the video mode to something more sensible…
GRUB_GFXMODE=800x600x32,auto
Add these lines…
# Need this to have it auto-detect other OS.
GRUB_DISABLE_OS_PROBER=false
# Switching the colours to something nicer.
GRUB_COLOR_NORMAL="light-white/blue"
GRUB_COLOR_HIGHLIGHT="yellow/blue"
Save the file and run…
sudo update-grub
NOTE: The colour changes don’’t currently work in Ubuntu. Instead, edit one of the config make files directly for now.
sudo nano /etc/grub.d/05_debian_theme
# Set a monochromatic theme for Tanglu/Ubuntu.
echo "${1}set menu_color_normal=light-gray/blue"
echo "${1}set menu_color_highlight=yellow/blue"
Save the file and run…
sudo update-grub
Raspberry Pi Pico Development
Install OpenOCD
Make sure it’s not already installed. Remove it if necesssary.
sudo apt -y autoremove --purge openocd
# Clone the Pico libraries.
~/.local/bin/clone-pico-libraries.sh
Install from source. Ubunutu 22.04 didn’t install all the targets correctly and left it in a non-running state.
sudo apt install -y texinfo libtool libftdi-dev libusb-1.0-0-dev
cd ~
mkdir projects
cd projects
git clone --recursive git@github.com:raspberrypi/openocd.git
cd openocd
./bootstrap
./configure --enable-cmsis-dap-v2 --enable-cmsis-dap
make -j 24
sudo make install
NOTE: The ./configure should take those flags but it seemed to produce different output and wouldn’t run make afterwards. YMMV.
Final step is to ensure there is a UDEV rule for the PicoProbe. OpenOCD can’t open the probe if you don’t provide the rule.
sudo cp ~/projects/openocd/contrib/60-openocd.rules /etc/udev/rules.d/