Nxl67002 - Ubuntu

Introduction

This is the configuration page for the Ubuntu Lucid Lynx 10.04 LTS (amd64) partition on NXL67002.

Configuration Files

All configuration files can be found here.

Repositories

• Added Opera (automatically added when installing Opera)
• Added Midnight Commander official repository
• Added Ubuntu Tweak
• Added Medibuntu
• Added gitg
• Added Natty (main, restricted, universe, see pinning below)
• Added Libre Office PPA
• Enabled Lucid backports (+pinning)

Content of /etc/apt/preferences:

Package: *
Pin: release a=natty-updates
Pin-Priority: 250

Package: *
Pin: release a=natty
Pin-Priority: 200

Package: etckeeper git git-core git-doc git-gui git-man git-svn gitk gitweb dpkg dpkg-dev build-essential
Pin: release a=natty-updates
Pin-Priority: 990

Package: etckeeper git git-core git-doc git-gui git-man git-svn gitk gitweb dpkg dpkg-dev build-essential
Pin: release a=natty
Pin-Priority: 900

Package: *
Pin: release a=lucid-backports
Pin-Priority: 400

We have a lot of repositories. So we must add to /etc/apt/apt.conf:

// We added Natty repos, so APT need a bigger memory cache to work...
APT::Cache-Limit 37748736;

Installed Applications

sudo aa-complain cupsd

ln -s /usr/share/doc/stl-manual/html /var/www/sgi

sudo aptitude autoremove "flashplugin-*"
sudo aptitude install flashplugin-installer

sudo apt-get install zlib1g-dev libcurl4-openssl-dev expat asciidoc     # More packages might be needed
git clone git://github.com/gitster/git.git          # Use proxygit if behind a proxy
cd git
make configure                                      # See also INSTALL
./configure --prefix=/usr/local                     # In // of existing package installation. /usr/local has precedence
make all doc
sudo make install install-doc install-html

nautilus-script-manager enable Subversion

[Added Associations]
application/pdf=acroread.desktop;evince.desktop;gimp.desktop

application/pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-bzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.bz2
application/x-gzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.gz

sudo ln -s /usr/bin/ack-grep /usr/local/bin/ack

mdns-scan

host-name=nxl67002ux

git clone https://github.com/rg3/youtube-dl.git
cd youtube-dl
./youtube-dl <link>

Un-installed applications:

Simple Settings

• GRUB — Added to file /etc/grub.d/40_custom: (Not needed anymore since VirtualBox boots Windows directly, so no risk of booting host again)

  set default="Microsoft Windows XP Professional (on /dev/sda2)"
  

• CRON - cron script for automatic backup of wikis on Noekeon's (see config files).
• SUDO - keep environment variable http_proxy
• PROXY - script for automatic setup of network environment (proxy, ssh...) (see config files).
• Security — Disabled control-alt-del in console as recommended in Ubuntu Server Guide. Comment out the following line in the file /etc/init/control-alt-delete.conf:

#exec shutdown -r now "Control-Alt-Delete pressed"

• SUDO - keep environment variable GREP_OPTIONS
• Add user www for synchronization of /data/www folder (localhost page):

sudo useradd -g www-data -G users -u 999 -s /bin/bash -m www
sudo passwd www
su - www
ssh-keygen                                         # Or copy .ssh/ copy from other www users
scp .ssh/id_rsa.pub .ssh/authorized_keys

Detailed System Settings

1st install

• 1st install on [2010-05-03]
• Distribution: Ubuntu 10.04 LTS amd64
• Installation method: Net boot install from Internet using GRUB
• Language: English
• Location: Europe, Belgium Time
• Computer name: NXL67002UX
• Keyboard layout: USA, USA
• Name: beq06659
• Login name: beq06659
• Update: Install security updates automatically
• Software to install: Ubuntu Desktop
• Partition: see main page

Kernel

• [2010-02-02] — Install the Maverick backport kernel 2.6.35 (see Ubuntu page).
• [2010-02-03] — Reverted to Lucid default kernel 2.6.32 (2.6.35 not any better).

File System

• For details, see /etc/fstab.
• NTFS partition:
  • C: → do not mount automatically. Risk of corruption if mounted while VirtualBox is running!
  • D: → mount as /win/d.
• NTFS partition must be mounted without umask=007,gid=46, or will get operation not permitted when modifying timestamps:

/dev/sda2               /win/c          ntfs        ro,users,nls=utf8,exec   0       2
/dev/sda7               /win/d          ntfs        users,nls=utf8,exec      0       2

• File system structure:

/:                                        
  drwxr-xr-x root      root      boot/       # /dev/sda3
  drwxr-xr-x root      root      data/       # /dev/sda8
  drwxr-xr-x root      root      net/
  lrwxrwxrwx root      root      sage -> /data/sage-4.2.1/
  drwxr-xr-x root      root      smb/
  drwxr-xr-x root      root      win/
/data:
  drwxr-xr-x root      root      home/
  drwxr-xr-x beq06659  beq06659  sage-4.2.1/
  drwxr-xr-x www-data  root      www/
/home/beq06659:
  lrwxrwxrwx beq06659  beq06659  Documents -> /windows/d/Profiles/beq06659/My Documents/
/net:
  # NFS autofs
/smb:
  drwxr-xr-x root      root      mnemosyne/   # SMB autofs
/var:
  lrwxrwxrwx root      root      www -> /data/www/
/win:
  drwxr-xr-x root      root      c/           # /dev/sda2
  lrwxrwxrwx root      root      d/           # /dev/sda7

• Configure acl on /data/d:

# VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'root', all files gets root/root ownership.
# We use acl so that files gets group access beqO6659/rwx by default
cd /data
sudo chgrp -R beq06659 d
sudo chmod -R g+w d
find d -type d -print0|sudo xargs -0 chmod g+s
find d -type d -print0|sudo xargs -0 setfacl -m d:group:beq06659:rwx

• Configure acl on /data/www:

# Set default access condition to rwxr-xr-x / www / www-data
cd /data
sudo chgrp -R www-data www
find www -type d -print0|sudo xargs -0 chmod g+s
find www -type d -print0|sudo xargs -0 setfacl -m d:group:www-data:r-x
find www -type d -print0|sudo xargs -0 setfacl -m d:user:www:r-x           # TODO: this one does not work with root...

Network

• Edited /etc/hosts (added names for intranet)
• Added to /etc/apt/apt.conf:

Acquire::http::proxy "http://localhost:8118/";
Acquire::ftp::proxy "ftp://localhost:8118/";
Acquire::https::proxy "https://localhost:8118/";

• Added to /etc/environment:

http_proxy="http://localhost:8118/"
ftp_proxy="ftp://localhost:8118/"
https_proxy="https://localhost:8118/"

• .pac files:
  • privoxy: file:///home/beq06659/etc/proxylocal-privoxy.pac (or http://localhost/proxy.pac to circumvent Opera bug)
  • nxp: http://nww.nics.nxp.com:8080/proxy.pac
• /etc/sudoers — keep variables http_proxy and https_proxy
• Proxy configurations

• SAMBA/NFS CLIENT - Mount mnemosyne shares as NFS autofs (see [3]) and as SMB autofs
• Enabled/created the following automounters in /etc/auto.master:

/net           /etc/auto.net
/smb/mnemosyne /etc/auto.smb.mnemosyne

• Created configuration file /etc/auto.smb.mnemosyne (mount options: noperm,iocharset=utf8,credentials=/etc/auto.smb.mnemosyne.*)
• Created SMB credential files /etc/auto.smb.mnemosyne.* (see man mount.cifs)
• Created path for mount points:

sudo mkdir /net
sudo mkdir -p /smb/mnemosyne
#ls /net/mnemosyne
#sudo mkdir -p /mnt/mnemosyne
#for i in /net/mnemosyne/volume1/*; do sudo ln -s $i /mnt/mnemosyne/$(basename $i); done

• NXP Wired (see Linux Admin#Network Manager - Search Path)
• Added local domain name be-leu01.nxp.com to /etc/resolv.conf
• NXP Wireless (see Linux Admin#Wireless Network)
• Network name (SSID): WLAN-WBI
• Wireless security: Dynamic WEP (802.1x)
• Authentication: TLS
• Identity: michael.peeters@nxp.com
• User certificate / CA certificate / Private key: imported from Windows (NXP Enterprise CA 1 for Client Authentication, Secure Email, serial 2F DF 1F D4 00 00 00 00 5E 1C)
• Privoxy settings:
  • Added to /etc/privoxy/user.action:

  { -filter }
  tennislibre.com
  

Firewall

• Moved user rules to /etc/ufw so that they can be tracked by etckeeper

cd /lib/ufw
sudo mv user* /etc/ufw
sudo ln -s /etc/ufw/user.rules
sudo ln -s /etc/ufw/user6.rules

• Enabled ufw

sudo ufw enable

• Policy:

sudo ufw allow from 192.168.11.2                   # Enable full access from local virtualbox
sudo ufw allow from 172.19.0.0/16 to any port 22   # Enable - from home local network - SSH

Preferences

• Theme
The mighty Macbuntu 10.04 theme! Reverted changes:
• Fonts — see below.
• Terminal — Colors select Use colors from system theme (was set to Gray on black built-in schemes). Keep transparent background 95%.
• Panel — add back System Monitor. We don't add back the bottom task panel.
• In Configuration Editor, /apps/metacity/general/button_layout: menu:minimize,maximize,close
• Appearance
• (before Macbuntu) Fonts — Application → Tahoma 9; Document→ Sans 8; Desktop → Sans 8; Title → Sans Bold 9; Fixed width → Monospace 8
• (after Macbuntu) Fonts — Application → Lucida Grande 9; Document→ Lucida Grande 9; Desktop → Lucida Grande 9; Title → Lucida Grande 10; Fixed width → Lucida Console 9 (originally Lucida Console 10)
• Fonts — rename ~/.fonts.conf to ~/.fonts.conf.macbuntu to disable macbuntu hinting settings override.
• Appearance
• Isabelle Hires Noir&Blanc crop-despeckle 936x1200.png, in ~/etc.
• Keyboard Layout (System-Wide)
• Layout: Belgium (default) + USA, no separate layout
  Custlayout Belgium (file /usr/share/X11/xkb/symbols/be) to allow AltGr-; → '<' and AltGr-: → '>', and support Greek letters with AltGr-Shift.
• Options: Capslock affects all keys, Alt+CapsLock or Right Ctrl+Right Shift switch layout, right alt chooses 3rd level.
  (because Alt+Shift,Left Ctrl+Left Shift prevents ctrl-alt-shift shortcuts to work, Right Ctrl conflicts with VirtualBox)
• Keyboard Shortcuts

Shortcut	Action	Remark
Super-E	Home Folder	Hack Super is mapped to Win keys not needed anymore it seems

• Window List Panel (see here)
• Window List Content → Show windows from all workspaces
• Restoring Minimized Windows → Restore to native workspace
• Fonts
• System fonts (/usr/local/share/fonts):

Added BitStream Vera 1.10

Added jsMath fonts (Linux variant, darkness 20 file, see here)

Added all jsMath extra fonts (dark version from this page)

• User fonts (~/.fonts):

Added Tahoma

• Compiz
• General Option - Move Window: SuButton2
  because AButton3 is used in OpenOffice to move columns / rows
• Static Application Switcher: Use AAlt for Next Window (current workspace)
• Scale: Multi-Output Mode → On all output devices, darken background, Emblem for overlay icon
• Ring Switcher: Enabled + Use SuTab for Next Windows (All Workspaces) + Allow Mouse Selection
• Enhanced Zoom Desktop: Disabled
• Negative: Disabled
• Desktop Wall: enabled Edge Flip Move.
• Put : disabled Put Pointer, enabled Put To Next Output (Superz) selected Avoid Offscreen.

Frequently used Compiz shortcuts (bold are custom ones)

Shortcut	Action	Remark
SASpace SuButton3	General Options - Window Menu
CALeft CARight	Desktop Wall - Move
SCALeft SCARight	Desktop Wall - Move with window
SSue	Expo Key
AF7	Move Window
Suz	Windows Put To Next Output
AF8 SuButton2	Resize Window
SuTab SSuTab	Ring Switcher	(All Workspaces)
Suw Sua / TopLeft / TopRight	Scale windows	Current viewport All windows
ATab SATab	Static application switcher	Current viewport

Detailed Application Settings

Amarok

• Select PulseAudio as preferred device (instead of sound output HDA Intel (STAC92xx Analog)
• Set proxy settings in ~/.kde/share/config/kioslaverc.

Courier IMAP

• Install (reference here):
  • Create directories for web-based administration
  • SSL Certificate: /etc/courier/pop3d.pem, /etc/courier/imapd.pem
  • Postfix configuration: local only
  • System mail name: nxl67002ux.wbi.nxp.com
  • Created /etc/courier/userdb, and kept entries for root, localuser and beq06659
  • Use password from /etc/courier/userdb (method authuserdb).

Firefox

• Theme: macfox3 1.1.7
• Extensions (some disabled because Firefox hangs on launch/exit):
  • AutoPager 0.7.0.0 — disabled
  • Belgium eID 1.0.11 — disabled
  • CHM Reader 0.2.3
  • Cycle Input Focus 1.0.0 — disabled
  • Delicious Bookmarks 2.3.1
  • Fast Dial 3.4
  • FireGestures 1.5.7 — disabled
  • FoxyProxy Standard 3.3
  • Live HTTP headers 0.17
  • Ubuntu Firefox Modifications 0.9rc2
  • User Agent Switcher 0.7.3 — disabled

Gnome DO

• Autostart, Quiet mode, notification icon, Glass theme
• Launch key: <alt>+space (! disable first Gnome global shortcut for Activate the window menu)

LAMP

Install the servers:

sudo apt-get install apache2 php5 mysql-server mysql-client php5-mysql
# --> Defined password for MySQL root user
sudo vi /etc/apache2/apache2.conf
# --> Added lines at line 32:
#     #MIP CUSTOM
#     ServerName "nxl67002ux"
# Restart apache server to activate php module...
sudo /etc/init.d/apache restart

# Move www root dir to /data disk
sudo mv /var/www /data
sudo ln -s /f /data/www /var/www

Apache:

• configuration file is at /etc/apache2/apache2.conf
• Apache root http directory is /var/www
• Enable mod-rewrite module.
  In /etc/apache2/sites-available/default, change as: AllowOverride NoneFileInfo (twice).

Create databases that will store local copies of cryptokiwi and mikiwiki wiki, and of mikido:

MYSQL_HISTFILE=/dev/null mysql --user=root -p mysql

mysql> CREATE DATABASE cryptokiwi;
mysql> GRANT ALL PRIVILEGES ON cryptokiwi.* TO kiwi@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikiwiki;
mysql> GRANT ALL PRIVILEGES ON mikiwiki.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikido;
mysql> GRANT ALL PRIVILEGES ON mikido.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE nxpwiki;
mysql> GRANT ALL PRIVILEGES ON nxpwiki.* TO nxp@localhost IDENTIFIED BY '********';
mysql> quit

• Enabled HTTPS (requires valid-user)
• Firewall blocks port 80 but allow port 443 (so that localhost can connect w/o password but other guest needs password)

Nautilus

• Default view: List View
• Display, date format: YYYY-MM-DD hh:mm:ss
• List View: zoom 33%
• Icon View, Compact View: zoorm 66%
• Preview: all set to Never, and only for files smaller than 500kB (to prevent thumbnailing PDFs...)

Psi

(recovered from previous settings on Gryphon at ~/.psi)

• Gnome: Added Psi as startup program (Psi, /usr/bin/psi, Communicate over the jabber network).
• Options → Events → Enable popup notifications (all notifications)
• Modify Account... → Changed resource to work-ux
• Modify Account... → Automatically reconnect if disconnected
• Modify Account... → Proxy → localhost:8118

Samba

• See Samba server page on this wiki.
• File /etc/samba/smb.conf:

   security = user
   username map = /etc/samba/smbusers

# [...]

[homes]
   comment = Home Directories
   browseable = no
 
# [...]
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

• Added user beq06659
• Opened firewall ports (137/udp, 138/udp, 139/tcp, 445/tcp)

SSH

• Installed SSH-Tunnel
• Files recovered from other installation (ssh-tunnel v2.26 + patch):

/usr/local/bin
-rwxr-xr-x 1 root root ssh-agent-refresh_andlinux.sh
-rwxr-xr-x 1 root root ssh-agent-refresh.sh
-rwxr-xr-x 1 root root ssh.pl
-rwxr-xr-x 1 root root ssh-tunnel.pl

• User beq06659 - configuration file in directory ~/.ssh:
  • id_rsa || id_rsa.pub || authorized_keys || config* || proxy.conf* || clbanner.txt
• Disabled SSH Key Agent from Gnome Startup Applications
• Added startup application:
  • Name: startup.sh
  • Command: /home/beq06659/bin/startup.sh
  • Comment: Custom startup script
• Do not accept locale env var. LC_* from the client (see SSH#Missing Locale in Perl)

Terminal

• My custom configuration

Vim

• Added ~/.bash_completion from [4] (modified to also take alias v=gvim)

VirtualBox

See virtual machine configuration log.

• Installed with apt (original version 3.2.0)
• VirtualBox is launched as user root (because it seems that only the current user and root can access PulseAudio in a same X session — see [5])
• Allow user beq06659 to launch VirtualBox through user root. Add to /etc/sudoers:

beq06659	ALL=NOPASSWD: /usr/bin/VirtualBox

• Helper script to add to e.g. ~/bin :

#First allow user vbox to connect to X11
#xhost +SI:localuser:vbox
#sudo su vbox -c /usr/bin/VirtualBox&

#New config - run VirtualBox as root to allow sound
sudo /usr/bin/VirtualBox&

• Create a launcher in ~/.local/share/applications/virtualbox-root.desktop

#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=VBox
Name[en_US]=Oracle VM VirtualBox (root)
Exec=/home/beq06659/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=Oracle VM VirtualBox (root)
Comment=Run several virtual systems on a single host computer
Icon=VBox

Wine

See Configuration NXP Dell Latitude E6500 - Wine.

To Do

Issues

See Common Issues.

Other To Do's

• ToDo — Try avahi for ZeroConf name resolution and get rid of /etc/hosts.
• ToDo — look at Compact Human Theme (see Delicious)
• ToDo — look at Legacy font hinting engine (see Delicious)
• ToDo — Try to make Nautilus more space efficient. Look at Idea #23573. Try Thunar or PCManFM, or Xfe (the latter does not use gtk theme)
• Similar requests on forum: Nautilus is Too Big and Dull (→ change DPI to 84,...), How to best utilize screen real estate in Gnome, Icon Size.
  • Try vifm (based on vim, see [6]), or emelFM2 (based on GTK2), or Gnome Commander
• ToDo — Also for Eclipse:
• See Making Eclipse look good on Linux (install Liberation fonts, set resolution 99dpi, tweak gtkrc file, install compact themes like compact clearlooks or human...)
• See Clearlooks Compact Gnome Theme
• See How to Make a Compact Gnome Theme. This is a must-read! Also in the comments there is a script that can compact all themes automatically. See also Human Compact Theme for Ubuntu 8.10.
• See Solved - Eclipse looks good in Ubuntu now
• See Gnome / Gtk+ themes tutorial.
• ToDo — Adapt the search path in /etc/resolv.conf depending on the current network (for now, we statically append be-leu01.nxp.com, when actually this should be done only when on NXP network).
• ToDo — Pieces of software to try:
• BleachBit, a cleanup software
• puddletag, a audio file tagger
• gimp, from ppa repository
• ToDo — Have a look at Brain Fuck Scheduler, a new kernel scheduler with much better latency for desktops (see [7])
• ToDo — Install openvpn (+CA Cert authentication?), instead of relying on ssh-tunnel
• ToDo — Install remote secure storage using encfs over sshf (so that only encrypted data is seen from the server).
• ToDo— Try Dovecot instead of Courier IMAP? (Dovecot is apparently faster thanks to its index caching feature)
• ToDo— Setup correct UFW rules for NFS (see [8])
• ToDo— Look at [[9]] utility for ways to optimize PC power consumption. See also [on LessWatts.org].