Single-user Xubuntu setup: repeatable and demonstrable software installs and configuration.
Target OS: Xubuntu latest LTS and rolling (see OS version in GitHub actions)
I provide no commitment to support your use of this repository and you use it at your own risk.
This repository is for my own use and shared to inform and accelerate others. I have placed it under the MIT licence for simplicity and permissiveness. You are welcome to raise issues and submit pull requests but I reserve the absolute right to refuse as I see fit.
Most convenient way to do this is to create a bootable USB for the xubuntu distro, and a separate non-bootable USB from this repo. Minimal Xubuntu distro expected.
- requires root permissions to write the USB device
- wipes any existing USB content
- run setup_bootable_linux_usb.sh
- requires root permissions to write the USB device
- wipes any existing USB content
- use vars_example.yml to create a file .vars.yml with appropriate settings
- [optional] - edit workstation.yml to one-off customise install
- run setup_bootstrap_ansible_usb.sh
- insert bootable USB
- interrupt boot process, set USB as temp boot device
- install distro
- can connect to network now or in bootstrap
- use LVM/encrypt HDD
- as this is a single-user device, can use same strong password for disk encryption as for login - one stronger better than two weaker
- allow reboot
- remove USB
- boot, decrypt and log in
- insert bootstrap USB
- mount, open terminal in directory
sudo su -
to start a root shell (you will lose ability tosudo
arbitrarily as part of install to meet Cyber Essentials regulations)passwd
to set a root passwordcd
back to the mount directory- ensure connected to network for updates and installs
./bootstrap.sh
- minimal install (minimise unneeded packages)
- encrypt HDD (optionally same password as user account)
- sudo remove sudo timeout - you need to put your password in each time
- sudo restrict sudo commands to only applying updates
- updates
- update all known supply chains, incl. OS, firmware, snap, pip
- apply system-level updates as root
- su to user to apply user updates
- firefox, chrome apply security settings by policy
- expressvpn install VPN
- clamav install clamav and freshclam, add custom context menu to scan in Thunar file manager, notes versions and signature update version/date in update script
GitHub actions runs playbook on a container of the same OS as target. Tasks requiring a graphical target or container management not easily exercised this way.