This helps me to setup my Ubuntu workstations and maybe it’s useful for you as well! I am currently using Kubuntu 20.04, but most of the stuff should also work with older/newer releases.

I used to use a config management system to do all of this, but I got tired of all the work and am now just writing the important things down into this article. Works for me.

Packages

Requirements

Some packages need to be installed first to make sure all the other commands work.

  • apt-transport-https
  • software-properties-common
sudo apt-get install apt-transport-https software-properties-common 

Package Manager Setup

I configure Ruby and Node package managers to install “global” packages into my home directory so I don’t have to use “sudo” to install them. For Python packages I use pipx which installs Python applications into isolated environments.

Rubygems

Create $HOME/.gemrc with the following content to ensure installation in the user directory and to avoid generating the documentation.

install: --user-install --no-document
update: --user-install --no-document

NPM

Create $HOME/.npmrc with the following content to make sure npm modules will be installed in the user directory.

prefix=/home/<username>/.local/node_modules
progress=false

pipx

  • Requires Python >= 3.6
  • Install packages:
    • python3-pip
    • python3-venv (for ensurepath library)
    • python3-dev (for applications that install native extensions)
  • Add ~/.local/bin to PATH
python3 -m pip install --user pipx

Repositories

PPA

I am using some PPA repositories for packages which are not included in Ubuntu or where newer versions are available. Install before installing the Core packages!

sudo add-apt-repository ppa:git-core/ppa
sudo add-apt-repository ppa:peek-developers/stable
sudo add-apt-repository ppa:phoerious/keepassxc

Custom

Some repositories need manual steps to set them up.

  • adoptopenjdk - Prebuilt OpenJDK Binaries for Free
  • docker - Official Docker packages
  • heroku - Heroku provides a CLI application
  • insomnia - Insomnia HTTP client
  • nodesource - the latest Node.js stable versions - make sure to check the version!
  • packagecloud - My personal package repo
  • signal
  • spotify
  • virtualbox
  • zerotier
# adoptopenjdk
curl -fsLS "https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public" | sudo apt-key add -
sudo sh -c 'echo "deb https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ focal main" > /etc/apt/sources.list.d/adoptopenjdk.list'

# docker
curl -fsLS "https://download.docker.com/linux/ubuntu/gpg" | sudo apt-key add -
sudo sh -c 'echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" > /etc/apt/sources.list.d/docker.list'

# heroku
curl -fsLS "https://cli-assets.heroku.com/apt/release.key" | sudo apt-key add -
sudo sh -c 'echo "deb https://cli-assets.heroku.com/branches/stable/apt ./" > /etc/apt/sources.list.d/heroku.list'

# insomnia
curl -fsLS "https://insomnia.rest/keys/debian-public.key.asc" | sudo apt-key add -
sudo sh -c 'echo "deb https://dl.bintray.com/getinsomnia/Insomnia /" > /etc/apt/sources.list.d/insomnia.list'

# nodesource
curl -fsLS "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" | sudo apt-key add -
sudo sh -c 'echo "deb https://deb.nodesource.com/node_12.x focal main" > /etc/apt/sources.list.d/nodesource.list'

# packagecloud
curl -fsLS "https://packagecloud.io/bernd/tools/gpgkey" | sudo apt-key add -
sudo sh -c 'echo "deb https://packagecloud.io/bernd/tools/ubuntu/ focal main" > /etc/apt/sources.list.d/packagecloud.list'

# signal
curl -fsLS "https://updates.signal.org/desktop/apt/keys.asc" | sudo apt-key add -
sudo sh -c 'echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" > /etc/apt/sources.list.d/signal.list'

# spotify
curl -fsLS "https://download.spotify.com/debian/pubkey.gpg" | sudo apt-key add -
sudo sh -c 'echo "deb http://repository.spotify.com stable non-free" > /etc/apt/sources.list.d/spotify.list'

# virtualbox
curl -fsLS "https://www.virtualbox.org/download/oracle_vbox_2016.asc" | sudo apt-key add -
sudo sh -c 'echo "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian focal contrib" > /etc/apt/sources.list.d/virtualbox.list'

# zerotier
curl -fsLS "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg" | sudo apt-key add -
sudo sh -c 'echo "deb https://download.zerotier.com/debian/bionic bionic main" > /etc/apt/sources.list.d/zerotier.list'

sudo apt-get update

Core

  • apt-file
  • build-essential
  • curl
  • dolphin-nextcloud
  • dstat
  • fonts-dejavu-core
  • git-crypt
  • gnome-disk-utility
  • htop
  • iotop
  • ipcalc
  • jq
  • libavcodec-extra
  • lftp
  • msmtp-mta
  • multitail
  • mutt
  • ngrep
  • nmap
  • offlineimap
  • passwdqc
  • qiv
  • rpm
  • ruby
  • ruby-dev
  • sqlite3
  • tilix
  • tmux
  • tree
  • ttf-mscorefonts-installer
  • vim
  • virtualbox
  • w3m
sudo apt-get install apt-file build-essential curl dolphin-nextcloud dstat fonts-dejavu-core git-crypt gnome-disk-utility htop iotop ipcalc jq libavcodec-extra lftp msmtp-mta multitail mutt ngrep nmap offlineimap passwdqc qiv rpm ruby ruby-dev sqlite3 tilix tmux tree ttf-mscorefonts-installer vim virtualbox w3m 

PPA

These are provided by the PPA repositories mentioned above.

  • git
  • keepassxc
  • peek
sudo apt-get install git keepassxc peek 

Custom

These are provided by the custom repositories mentioned above.

sudo apt-get install adoptopenjdk-8-hotspot adoptopenjdk-11-hotspot adoptopenjdk-12-hotspot dep desk devd docker-ce git-radar glow godeb gron heroku hub hugo insomnia jid jl mkcert nodejs portecle restic s5cmd signal-desktop spotify-client udict yj zerotier-one 

Rubygems

These are installed via rubygems.

  • gist
gem install --no-document gist 

Python Pipx

These are installed via pipx.
  • httpie
  • pygments
pipx install httpie pygments 

Uninstall

sudo apt-get purge nano linux-generic linux-image-generic
dpkg -l 'linux-*-4.4.0*' | grep '^ii' | awk '{print $2}' | xargs sudo apt-get -y purge

Manual

Some packages are not available in package repositories.

Chrome

Vagrant

The Vagrant debian package can be downloaded from the downloads page. Take the latest version.

JetBrains Toolbox App

The Toolbox app helps with installing JetBrains products.

It also offers a Chrome extension that makes it possible to open GitHub projects in IntelliJ without having to clone it manually.

spotifybackup

Clone https://github.com/aaron7/spotifybackup and build binary via go build.

Todoist

A electron based desktop application for Todoist: https://github.com/KryDos/todoist-linux

youtube-dl

There are frequent releases and the binary can update itself, just download the latest version from the homepage.

mkdir -p ~/local/bin
curl -fsSL -o ~/local/bin/youtube-dl https://yt-dl.org/downloads/latest/youtube-dl
chmod +x ~/local/bin/youtube-dl

Settings

Applications

Firefox

Extensions

git-radar

Create a ~/.gitradarrc with the following content:

cat __EOF > ~/.gitradarrc
GIT_RADAR_FORMAT=" git:(\\x01\\033[0m\\x02%{remote: }%{branch}%{ :local})\\x01\\033[0m\\x02%{ :stash}%{ :changes} $ "
__EOF

Google Chrome

Settings

  • You and Google
    • Allow Chrome sign-in: disable
    • Autocomplete searches and URLs: disable
    • Show suggestions for similar pages: disable
  • Autofill
    • Passwords
      • Offer to save passwords: disable
      • Auto Sign-in: disable
    • Payment methods
      • Save and fill payment methods: disable
    • Addresses and more
      • Save and fill addresses: disable
  • Privacy and security
    • More
      • Safe Browsing: disable
      • Send a “Do Not Track” request with your browsing traffic: enable
      • Allow sites to check if you have payment methods saved: disable
      • Preload pages for faster browsing and searching: disable
  • Appearance
    • Show home button: enable
    • Show bookmarks bar: enable
  • On startup
    • Continue where you left off: enable
  • Advanced
    • Languages
      • Add “German” language
      • Offer to translate pages that aren’t in a language you read: disable
      • Spell check
        • Basic spell check: enable
      • Use spell check Forward
        • English: enable
        • German: enable
    • Printing
      • Google Cloud Print
        • Show notifications when new printers are detected on the network: disable

about://flags

  • chrome://flags/#tab-hover-cards To disable the annoying tab hover cards

Extensions

  • 1Password X
  • Awesome Screenshot Minus
  • Octotree
  • Plasma Integration
  • React Developer Tools
  • Todoist for Chrome
  • uBlock Origin
    • Enable “prebake” 3rd party list
  • f*ck overlays
Chrome Apps
  • Google Docs Offline: remove
  • Docs: remove
  • Sheets: remove
  • Slides: remove

Kate

  • Settings > Configure Kate > Editor Component > Appearance > General
    • Whitespace Highlighting
      • Whitespaces: Trailing
  • Settings > Configure Kate > Editor Component > Editing > General
    • Input Mode: Vi
  • Settings > Configure Kate > Editor Component > Editing > Vi Input Mode
    • Let Vi commands override Kate shortcuts: enable
  • Settings > Configure Kate > Editor Component > Open/Save > General
    • Automatic Cleanups on Save
      • Remove trailing spaces: In Entire Document

Nextcloud Desktop

  • Make sure to enable all folders (big ones will be disabled by default)

Tilix

  • Global
    • Behavior
      • Focus a terminal when the mouse moves over it: enable
      • Autohide the mouse pointer when typing: enable
    • Clipboard
      • Warn when attempting unsafe paste: disable
  • Appearance
    • Window style: Disable CSD, hide toolbar
    • Terminal title style: none
  • Quake
    • Size
      • Height percent: 40
      • Width percent: 80
      • Alignment: Center
    • Options
      • Show terminal on all workspaces: enable
  • Shortcuts
    • Session
      • Add terminal down: Shift+Ctrl+o
      • Add terminal right: Shift+Ctrl+e
    • Window
      • Switch to next session: disabled
      • Switch to previous session: disabled
  • Profiles
    • Default
      • General
        • Custom font: Monospace Regular 12
        • Terminal bell: None
      • Command
        • Run command as login shell: enable
      • Color
        • Color scheme: Orchis
        • Color palette:
        • Transparency: a little
      • Scrolling
        • Show scrollbar: disable
        • Limit scrollback to: 32768
    • Default Quake (clone of Default)
      • General
        • Custom font: Monospace regular 11

KDE System

Panel

  • Move panel to the top of the screen
  • Add widgets
    • Weather report (left of the clock/date widget)
    • System Load Viewer (right of the desktop pager)

Digital Clock

  • Appearance
    • Show date: enable
    • Date format: ISO date
  • Calendar
    • Show week numbers: enable
    • Astronomical events: enable
  • Time Zones
    • Add time zones: (will show on hovering the time with the mouse)
      • Berlin
      • Chicago (central time)
      • Denver (mountain time)
      • Los Angeles (pacific time)
  • Astronomical Events
    • Lunar phases: enable
    • Astronomical seasons: enable

System Settings

  • Appearance > Global Theme

  • Appearance > Plasma Style

    • Breeze Dark
  • Appearance > Application Style

    • Application Style
      • Breeze
    • Window Decorations > Theme
      • Get New Window Decorations
        • Install: “McMojave Aurorae”
      • Select: McMojave
      • Configure:
        • Button size: normal
      • Use theme’s default border size: “No Borders”
    • Window Decorations > Titlebar Buttons
      • Move “Close” button to the very left
      • Move “Minimize” button right of the “Close” button
      • Move “Maximize” button right of the “Maximize” button
      • Move “Menu” to the very right
      • Add “Application menu” right of the “Maximize” button
      • Remove “Context help” button
      • Remove “On all desktops” button
  • Workspace > Workspace Behavior > General Behavior

    • Click behavior: Double-click to open files and folders
  • Workspace > Workspace Behavior > Screen Edges

    • Upper left: No Action
    • Bottom left: Present Windows - All Desktops
  • Workspace > Workspace Behavior > Screen Locking

    • Activation
      • Lock screen
        • Automatically after: 30 minutes
        • After waking up from sleep
      • Allow unlocking without password for: 5 seconds
  • Workspace > Workspace Behavior > Virtual Desktops

    • Create 4 desktop
    • Options
      • Navigation wraps around: enable
      • Show animation when switching: disable
  • Workspace > Window Management > Window Behavior

    • Focus
      • Focus stealing prevention: None
        • This fixes focus issues with GTK+ applications, e.g. tilix not having focus after launch
  • Workspace > Window Management > Task Switcher

    • Main
      • Visualization: Thumbnail Grid
      • Shortcuts
        • Current application
          • Forward: Ctrl+Tab
  • Workspace > Shortcuts > Global Shortcuts

    • KWin
      • Maximize Window: Meta+Ctrl+m
      • Switch to Desktop 1: Alt+1
      • Switch to Desktop 2: Alt+2
      • Switch to Desktop 3: Alt+3
      • Switch to Desktop 4: Alt+4
  • Workspace > Shortcuts > Standard Shortcuts

    • Beginning of Line (Alternate): Ctrl+a
    • End of Line (Alternate): Ctrl+e
  • Workspace > Shortcuts > Custom Shortcuts

    • Edit: Add new global command/url shortcut
      • Name: Start Terminal
      • Trigger: Ctrl+Alt+Enter
      • Action: tilix
    • Edit: Add new global command/url shortcut
      • Name: Start Quake Terminal
      • Trigger: F3
      • Action: tilix --quake --profile="Default Quake"
    • Edit: Add new global command/url shortcut
      • Name: Capture Rectangular Region into Clipboard
      • Trigger: Ctrl+Shift+Print
      • Action: spectacle -bcr
  • Workspace > Search > File Search

    • Do not search in these locations:
      • ~/Mail
      • /media/<username>
  • Personalization > Account Details

    • KDE Wallet
      • Wallet Preferences
        • Close when unused for: 10 min
        • Close when screensaver starts: enable
        • Show Manager in System Tray: enable
      • Access Control
        • Prompt when an application accesses a wallet: enable
  • Personalization > Other Notifications

    • Show notifications for:
      • Incomplete language support: disable
  • Personalization > Applications > Default Applications

    • Terminal Emulator: tilix
  • Personalization > Applications > Diagnostics

    • Send error reports to Canonical: disable
  • Hardware > Input Devices > Keyboard

    • Hardware
      • Keyboard Repeat
        • Turn on: enable
        • Delay: 250ms
        • Rate: 25,00 repeats/s
        • Troubleshooting:
          • This doesn’t seem to work on 20.04, use xset instead: xset r rate 250 25
  • Hardware > Display and Monitor > Night Color

    • Activate Night Color: enable
    • Night Color Temperature: 3500 K
    • Activation time: Sunset to sunrise at current location
  • Hardware > Power Management > Energy Saving

    • On AC Power
      • Button events handling
        • When laptop lid closed: Do nothing

System

Change Default Terminal Application

sudo update-alternatives --config x-terminal-emulator

Firewall

Enable ufw firewall and disable logging to avoid spamming the dmesg buffer.

sudo ufw enable
sudo ufw logging off

Inotify Watches Limit

This is needed for IntelliJ to keep track of all files efficiently.

cat <<__EOF > /etc/sysctl.d/intellij.conf
# Raise limit to make sure IntelliJ can monitor files efficiently
fs.inotify.max_user_watches = 524288
__EOF

sudo sysctl -p --system

JDK Settings

Put the following into /etc/profile.d/jdk.sh to configure the default JDK.

# Choose the default JDK:
JDK_DIR=/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64
#JDK_DIR=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64
#JDK_DIR=/usr/lib/jvm/adoptopenjdk-12-hotspot-amd64

export J2SDKDIR=$JDK_DIR
export J2REDIR=$JDK_DIR/jre
export PATH=$PATH:$JDK_DIR/bin:$JDK_DIR/db/bin:$JDK_DIR/jre/bin
export JAVA_HOME=$JDK_DIR
export DERBY_HOME=$JDK_DIR/db

Locales

Replace all de_DE.UTF-8 in /etc/locale/default with en_US.UTF-8 and run update-locale.

Sudo

Install the following file to /etc/sudoers.d/<username>:

<username> ALL=(ALL:ALL) NOPASSWD: ALL

Swap

cat <<__EOF > /etc/sysctl.d/99-swappiness.conf
# Only use swap when really needed
vm.swappiness = 1
__EOF

sudo sysctl -p --system

User

Autostart Scripts

Keyboard Repeat Rate & Delay

Setting the values in the system settings doesn’t seem to work on 20.04. Use the following script to automatically set the rate at login.

cat <<__EOF > .config/autostart-scripts/keyboard-repeat.sh
#!/bin/sh

delay=250
repeats_s=25

xset r rate $delay $repeats_s
__EOF

Unlock SSH Key on Login

See: https://wiki.archlinux.org/index.php/KDE_Wallet

mkdir -p .config/plasma-workspace/env .config/autostart-scripts

cat <<__EOF > .config/plasma-workspace/env/askpass.sh
#!/bin/sh

# Set askpass programs to use
export SSH_ASKPASS="/usr/bin/ksshaskpass"
export GIT_ASKPASS="/usr/bin/ksshaskpass"
__EOF

cat <<__EOF > .config/autostart-scripts/ssh-add.sh
#!/bin/sh

# Automatically unlock default ssh keys on login
ssh-add -q < /dev/null

# Unlock custom keys
#ssh-add -q ~/.ssh/id_rsa ~/.ssh/another_key < /dev/null
__EOF

chmod +x .config/plasma-workspace/env/askpass.sh .config/autostart-scripts/ssh-add.sh

Emacs key bindings

gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

File Indexing

File indexing could be slow with big files. The following commands might help:

balooctl indexSize
balooctl disable
balooctl suspend

Ignore settings are in ~/.config/baloofilerc

Also see: https://community.kde.org/Baloo/Configuration#Exclude_Folders

GTK Emacs Key Bindings

gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

Shell Profile

cat <<__EOF >> $HOME/.profile
umask 022

user_bin="\$HOME/.local/bin"
user_bin+=" \$HOME/.gem/ruby/2.7.0/bin"
user_bin+=" \$HOME/.local/node_modules/bin"
user_bin+=" \$HOME/Nextcloud/bin"
user_bin+=" \$HOME/Local/bin"
user_bin+=" \$HOME/bin"

for path in $user_bin; do
	if [ -d "\$path" ] ; then
	    PATH="\$path:$PATH"
	fi
done

# Include custom bash completion config
if [ -d \$HOME/.bash_completion.d ]; then
	for file in \$HOME/.bash_completion.d/*; do
		. $file
	done
fi

# Make sure to use natural sort for ls(1).
alias ls="ls --color=auto -v"

alias be="bundle2.7 exec"
alias bundle="bundle2.7"
alias glow="glow -p -w \\$COLUMNS"
alias xxclip="xclip -selection clipboard"
__EOF

Zoom Click Handler

After editing the Zoom.desktop file it needs to be re-registered with the system.

xdg-mime default Zoom.desktop x-scheme-handler/zoommtg

See: https://www.linuxquestions.org/questions/linux-desktop-74/xdg-open-doesn%27t-recognize-custom-protocol-4175433062/

Troubleshooting

AER severity=Corrected Errors

Temporary fix for AER’s excessive severity=Corrected logging for Intel Wireless (Avell G1513 Fire V3):

https://gist.github.com/flisboac/5a0711201311b63d23b292110bb383cd

Jabra Evolve Headset Breaks Mouse Buttons

Create /etc/X11/xorg.conf.d/fix-jabra.conf with the following content:

Section "InputClass"
  Identifier "Jabra Link 370"
  MatchUSBID "0b0e:245d"
  Option "Ignore" "true"
EndSection

Make SSH Key Work

gnome-keyring requires the id_rsa file to have theProc-Type and DEK-Info in it. Otherwise the ssh agent does not work. A key missing this information can be converted by executing ssh-keygen -t to change the passphrase.

If the gnome-keyring stuff should be disabled:

http://dtek.net/blog/how-stop-gnome-keyring-clobbering-opensshs-ssh-agent-ubuntu-1204

NetworkManager VPN DNS Issue

When connecting to a VPN, NetworkManager does not take the pushed DNS settings into account and continues to use the local dnsmasq server. This leads to non-working DNS.

Comment the dns=dnsmasq line in /etc/NetworkManager/NetworkManager.conf file to fix it.

UEFI Restore Menu Item

If the “ubuntu” menu item is gone from the UEFI boot manager, it can be restored with the following command.

sudo grub-install --bootloader-id ubuntu /dev/sda

This might happen after enabling/disabling the Secure Boot option.

See also: https://www.thomas-krenn.com/de/wiki/Ubuntu_UEFI_Booteintr%C3%A4ge_nach_BIOS/Grub_Update_wiederherstellen

rEFInd Boot Manager

Useful to find EFI boot partition if the “ubuntu” entry is gone from the UEFI boot manager.

Guides

Thinkpad BIOS Update

Manually

Download the bootable ISO image from the Lenovo site.

Extract the BIOS image from the ISO file and put it onto a USB thumb drive. (sdb in this case)

sudo apt-get install genisoimage
geteltorito -o gjuj23us.img gjuj23us.iso
sudo dd if=gjuj23us.img of=/dev/sdb bs=512K

After that, the USB drive can be booted.

Using Firmware Update Daemon

The fwupd tool can automatically update the BIOS on supported machines.

See: https://fwupd.org/