Ubuntu/Bespin

From charlesreid1

All the setup involved for bespin, a Ubuntu 18.04 desktop server.

Inital Setup

Aptitude update

During installation, we allow setup to join the wifi network. On first boot, the network manager will be running and will be connected to the same wifi network. We will disable network manager eventually, but first get some software. 

sudo apt-get update
sudo apt-get -y install vim gnome-tweak-tool net-tools

Set caps lock as a control key.

Allow sudo for user

Create wheel group: 

sudo groupadd wheel

Add user to group: 

sudo usermod -a -G wheel <your-username-here>

Allow wheel group users passwordless sudo, first use visudo to edit the sudoers file: 

EDITOR=vi visudo

Now add this line to the end: 

%wheel ALL=(ALL) NOPASSWD: ALL

Install ssh

Install ssh and server: 

sudo apt-get install ssh

Start the server: 

sudo service ssh start

Install trusted ssh key

If you want, set up a machine to securely SSH into the Ubuntu server.

From the machine you want to SSH FROM: 

cat ~/.ssh/id_rsa.pub

Copy this text. Now in another terminal, ssh into the Ubuntu server. Paste the output of the above command into the file: 

~/.ssh/authorized_keys

Now verify that SSHing into the Ubuntu server will not ask you for a password.

Configure WPA Supplicant

We want to configure wifi manually, and disable the network manager. This requires some preparation to manually join a wifi network with wpa supplicant.

First set your wpa supplicant to join a wifi network.

/etc/wpa_supplicant/wpa_supplicant.conf 

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="yournetworkhere"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="yourpskhere"
}

Next add the 2 usb wifi devices to network interfaces file. The following etc network interfaces file assumes that wlan0 will be joining an existing wifi network, and wlan1 will be in manual mode so it can be used as an AP.

/etc/network/interfaces 

allow-hotplug wlan0
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface wlan0 inet dhcp

allow-hotplug wlan1
iface wlan1 inet static
    address 192.168.10.1
    netmask 255.255.255.0
    gateway 192.168.10.1

except actually the iface names were dependent on the mac addresses of the wifi cards.

WPA Supplicant Startup Service

Copy a wpa supplicant service template: 

sudo cp /lib/systemd/system/wpa_supplicant.service /etc/systemd/system/wpa_supplicant.service

Edit the file 

sudo vim /etc/systemd/system/wpa_supplicant.service

Change this line from this: 

ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant

to this: 

ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0

Also, remove the following line if it is present: 

Alias=dbus-fi.w1.wpa_supplicant1.service # DELETE ME!

Now enable this service to start on boot: 

sudo systemctl enable wpa_supplicant.service

Dhclient on Startup

Create an rc.local startup service:

/etc/systemd/system/rc-local.service 

[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Now add the dhclient command to rc.local:

/etc/rc.local 

#!/bin/bash
/sbin/dhclient
exit 0

Make it executable: 

chmod 744 /etc/rc.local

Now enable the rc-local service: 

sudo systemctl enable rc-local.service

Verify it works okay: 

sudo systemctl start rc-local.service
sudo systemctl status rc-local.service

Requesting Static IP

If you want to request a static IP from the router, add this to the dhclient config file:

/etc/dhcp/dhclient.conf 

interface "wlan0" {
     send dhcp-requested-address 192.168.0.122;
}

Disable Network Manager

Next step is to disable the network manager. 

sudo systemctl disable network-manager
sudo systemctl stop network-manager

Don't uninstall it, because that will uninstall a bunch of other important gnome packages and you'll be left with a stupid broken ubuntu.

Now reboot 

sudo reboot now

Test Wifi

Test that everything is working as expected by running the ifconfig and iwconfig commands. ifconfig should show an IP address for the wlan0 interface that has the wpa supplicant defined in the network interfaces file. iwconfig should show the name of the wifi network that the wifi card is connected to.

If you don't have an IPv4 address, troubleshoot with the following commands:

Check if you can reach the internet: 

ping google.com

Check logs from dhcp service started by rc.local (this gets an IP address from the router and is the most likely culprit): 

sudo service rc-local status

Check logs from wpa supplicant: 

sudo service wpa_supplicant status

Gnome Setup

Tweaking Gnome

Tweak the theme. You already have Tweak tool installed (see above apt-get install line).

Install Macbuntu Theme

Set it up to look like a mac by installing the macbuntu theme - see http://www.linuxandubuntu.com/home/macbuntu-transform-ubuntu-1604-to-mac-os-x

First activate the PPA from noobslab and pull in the new packages: 

sudo add-apt-repository ppa:noobslab/macbuntu
sudo apt-get update

Now install the macbuntu icons and themes: 

sudo apt-get -y install macbuntu-os-icons-v1804 macbuntu-os-ithemes-v1804

Pick Tweak Theme

Now you can open the Tweak tool and pick the Macbuntu theme.

Install Plank

Plank is a dock replacement. To install it: 

sudo apt-get -y install plank

Noobslab also provides a Macbuntu theme for Plank, to make it look more like the Mac dock. You will need the PPA from noobslab set up (see above add-apt-repository step). 

sudo apt-get -y install macbuntu-os-plank-theme-v1804

Start it at boot by creating a file in ~/.config/autostart.

First create the folder: 

mkdir -p ~/.config/autostart

Now create a Plank startup script:

~/.config/autostart/plank.desktop 

[Desktop Entry]
Type=Application
Exec=plank
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
Name=Plank

To open Plank preferences, right-click on the right or left side of the Plank dock and choose Preferences.

Disable Launcher

Run these commands to disable the ubuntu-provided launcher dock: 

cd /usr/share/gnome-shell/extensions/
sudo mv ubuntu-dock@ubuntu.com{,.bak}

It will take effect when you log out or restart. If you can't wait to see it go, type Alt + F2, then enter the letter "r" in the input box. This will refresh gnome.

Install Albert

Albert is a spotlight/quicksilver replacement.

Install it like so: 

sudo add-apt-repository ppa:noobslab/macbuntu
sudo apt-get update
sudo apt-get -y install albert


Start it at boot by creating the following file:

~/.config/autostart/albert.desktop 

[Desktop Entry]
Type=Application
Exec=albert
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
Name=Albert

Albert Shortcut

We want to assign the shortcut Alt + Space to Albert, but this is currently occupied by a default system keyboard shortcut to open the window menu.

Let's remap that to Super + Space, then map Alt + Space to Albert.

Open Settings, then click Keyboard, and find the Windows section. Look for the Open Window Menu which is assigned the keyboard shortcut Alt + Space. Reassign it to Super + Space. By default this is assigned to something else, which can be disabled.

Now run albert from the command line: albert

Open the albert preferences. Assign Alt + Space to the Albert shortcut.

Disable Super Key Shortcut

Once you have Albert and Plank, you don't want the super key to open the Launcher because you don't need the launcher.

Disable the Super-key-only shortcut that opens the launcher by running the following command: 

gsettings set org.gnome.mutter overlay-key 'Alt_R'

This works immediately and will survive reboot.

Source: https://askubuntu.com/a/1037679

Test with Restart

Restart and test that the startup services start okay: 

sudo reboot now

You should see:

  • The Plank dock on the bottom of the screen
  • No launcher on the left side
  • The super key should not open the launcher
  • (If you have set the Alt + Space shortcut for albert) Alt + Space should open albert

Disable Crash Reporting

Disable apport crash reporting:

/etc/default/apport

Change this: 

enabled=1

to this: 

enabled=0

Ansible Setup

Note that it is easiest and safest to perform these steps on a local network (e.g., a wifi router network) that has internet connectivity but that won't expose the Ubuntu server to the public internet.

Now use https://github.com/charlesreid1-com/charlesreid1-ansible to run the provision and base plays against the server. Note that this requires root access via ssh, so you have to edit your ssh config file to include this line:

/etc/ssh/sshd_config 

PermitRootLogin yes

Now restart the ssh service: 

sudo service ssh restart

and test that you can log in as root without a password: 

ssh root@<ip-for-bespin>

IT IS VERY IMPORTANT YOU ONLY ENABLE THIS WHILE YOU RUN ANSIBLE! DISABLE IT WHEN YOU ARE DONE!!!

Now run ansible from a different machine: 

# run this from a different machine!
git clone git@github.com:charlesreid1-com/charlesreid1-ansible.git ansible
cd ansible

# provision (python3 install)
ANSIBLE_CONFIG="local.cfg" ansible-playbook --vault-password-file=.vault_secret --extra-vars "machine_name=bespin" provision.yml

# set up with all the things
ANSIBLE_CONFIG="local.cfg" ansible-playbook --vault-password-file=.vault_secret --extra-vars "machine_name=bespin" base.yml

Last, edit your ssh config to disable root login:

/etc/ssh/sshd_config

Remove this line! 

PermitRootLogin yes # REMOVE ME

and replace with this one: 

PermitRootLogin no

Now restart the ssh service: 

sudo service ssh restart
Retrieved from "https://charlesreid1.com/w/index.php?title=Ubuntu/Bespin&oldid=27888"