Pop!_OS: Things to do after installation (Apps, Settings, and Tweaks)
Please feel free to raise any comments or issues on the website’s Github repository. Pull requests are very much appreciated.
In the following I will go through my post installation steps, i.e. which settings I choose and which apps I install and use.
By default my machine is called
pop-os; hence, I rename it for better accessability on the network:
hostnamectl set-hostname precision
Change the mirror for getting updates, set locales, get rid of unnecessary languages
I am living in Germany, so I adapt my locales:
sudo sed -i 's|http://us.|http://de.|' /etc/apt/sources.list.d/system.sources sudo locale-gen de_DE.UTF.8 sudo locale-gen en_US.UTF.8 sudo update-locale LANG=en_US.UTF-8
In Region Settings open “Manage Installed Languages”, do not update these, but first remove the unnecessary ones. Then reopen “languages” and update these.
Install updates and reboot
sudo apt update sudo apt upgrade sudo apt dist-upgrade sudo apt autoremove sudo apt autoclean sudo fwupdmgr get-devices sudo fwupdmgr get-updates sudo fwupdmgr update flatpak update sudo reboot now
Set Hybrid Graphics
Switching Graphics in Pop!_OS is easy: either use the provided extension and restart or run
sudo system76-power graphics hybrid sudo reboot now
Get Thunderbolt Dock to work and adjust monitors
I use a Thunderbolt Dock (DELL TB16 or Anker PowerExpand Elite 13-in-1 or builtin into my LG 38 curved monitor), which is great but also a bit tricky to set up (see Dell TB16 Archwiki). I noticed that sometimes I just need to plug the USB-C cable in and out a couple of times to make it work (there seems to be a loose contact). Anyways, for me the most important step is to check in “Settings-Privacy-Thunderbolt”, whether the Thunderbolt dock works, so I can rearrange my monitors in “monitor settings”.
Restore from Backup
I mount my luks encrypted backup storage drive using nautilus and use rsync to copy over my files and important configuration scripts:
export BACKUP=/media/$USER/UUIDOFBACKUPDRIVE/@home/$USER/ sudo rsync -avuP $BACKUP/Pictures ~/ sudo rsync -avuP $BACKUP/Documents ~/ sudo rsync -avuP $BACKUP/Downloads ~/ sudo rsync -avuP $BACKUP/dynare ~/ sudo rsync -avuP $BACKUP/Images ~/ sudo rsync -avuP $BACKUP/Music ~/ sudo rsync -avuP $BACKUP/Desktop ~/ sudo rsync -avuP $BACKUP/SofortUpload ~/ sudo rsync -avuP $BACKUP/Videos ~/ sudo rsync -avuP $BACKUP/Templates ~/ sudo rsync -avuP $BACKUP/Work ~/ sudo rsync -avuP $BACKUP/.config/Nextcloud ~/.config/ sudo rsync -avuP $BACKUP/.gitkraken ~/ sudo rsync -avuP $BACKUP/.gnupg ~/ sudo rsync -avuP $BACKUP/.local/share/applications ~/.local/share/ sudo rsync -avuP $BACKUP/.matlab ~/ sudo rsync -avuP $BACKUP/.ssh ~/ sudo rsync -avuP $BACKUP/.dynare ~/ sudo rsync -avuP $BACKUP/.gitconfig ~/ sudo chown -R $USER:$USER /home/$USER
Sync Firefox to access password manager
I use Firefox and like to keep my bookmarks and extensions in sync. Particularly, I use Bitwarden for all my passwords.
If I want to create a new SSH key, I run e.g.:
ssh-keygen -t ed25519 -C "popos-on-precision"
Usually, however, I restore my
.ssh folder from my backup (see above). Either way, afterwards, one needs to add the file containing your key, usually
id_ed25519, to the ssh-agent:
eval "$(ssh-agent -s)" #works in bash eval (ssh-agent -c) #works in fish ssh-add ~/.ssh/id_ed25519
Don’t forget to add your public key to GitHub, Gitlab, Servers, etc.
Security steps with Yubikey
I have two Yubikeys and use them
- as second-factor for all admin/sudo tasks
- to unlock my luks encrypted partitions
- for my private GPG key
For this I need to install several packages:
sudo apt install -y yubikey-manager yubikey-personalization # some common packages # Insert the yubikey ykman info # your key should be recognized # Device type: YubiKey 5 NFC # Serial number: # Firmware version: 5.1.2 # Form factor: Keychain (USB-A) # Enabled USB interfaces: OTP+FIDO+CCID # NFC interface is enabled. # # Applications USB NFC # OTP Enabled Enabled # FIDO U2F Enabled Enabled # OpenPGP Enabled Enabled # PIV Enabled Disabled # OATH Enabled Enabled # FIDO2 Enabled Enabled sudo apt install -y libpam-u2f # second-factor for sudo commands sudo apt install -y yubikey-luks # second-factor for luks sudo apt install -y gpg scdaemon gnupg-agent pcscd gnupg2 # stuff for GPG
Make sure that OpenPGP and PIV are enabled on both Yubikeys as shown above.
Yubikey: two-factor authentication for admin/sudo password
Let’s set up the Yubikeys as second-factor for everything related to sudo using the common-auth pam.d module:
pamu2fcfg > ~/u2f_keys # When your device begins flashing, touch the metal contact to confirm the association. You might need to insert a user pin as well pamu2fcfg -n >> ~/u2f_keys # Do the same with your backup device sudo mv ~/u2f_keys /etc/u2f_keys # Make this required for common-auth echo "auth required pam_u2f.so nouserok authfile=/etc/u2f_keys cue" | sudo tee -a /etc/pam.d/common-auth
Before you close the terminal, open a new one and check whether you can do
sudo echo test
Yubikey: two-factor authentication for luks partitions
Let’s set up the Yubikeys as second-factor to unlock the luks partitions. If you have brand new keys, then create a new key on them:
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible #BE CAREFUL TO NOT OVERWRITE IF YOU HAVE ALREADY DONE THIS
Now we can enroll both yubikeys to the luks partition:
export LUKSDRIVE=/dev/nvme0n1p4 #insert first yubikey sudo yubikey-luks-enroll -d $LUKSDRIVE -s 7 # first yubikey #insert second yubikey sudo yubikey-luks-enroll -d $LUKSDRIVE -s 8 # second yubikey export CRYPTKEY="luks,keyscript=/usr/share/yubikey-luks/ykluks-keyscript" sudo sed -i "s|luks|$CRYPTKEY|" /etc/crypttab cat /etc/crypttab #check whether this looks okay sudo update-initramfs -u
Yubikey: private GPG key
sudo systemctl enable pcscd sudo systemctl start pcscd # Insert yubikey gpg --card-status # If this did not find your Yubikey, then try to first reboot. # If it still does not work, then put # echo 'reader-port Yubico YubiKey' >> ~/.gnupg/scdaemon.conf # reboot and try again. Make sure to enable pcscd. cd ~/.gnupg gpg --import public.asc #this is my public key, my private one is on my yubikey export KEYID=91E724BF17A73F6D gpg --edit-key $KEYID trust 5 y quit echo "This is an encrypted message" | gpg --encrypt --armor --recipient $KEYID -o encrypted.txt gpg --decrypt --armor encrypted.txt # If this did not trigger to enter the Personal Key on your Yubikey, then try to put # echo 'reader-port Yubico YubiKey' >> ~/.gnupg/scdaemon.conf # reboot and try again. Make sure to enable pcscd.
Fish - A Friendly Interactive Shell
I am trying out the Fish shell, due to its user-friendly features, so I install it and make it my default shell:
sudo apt install -y fish util-linux-user chsh -s /usr/bin/fish
You will need to log out and back in for this change to take effect. Lastly, I want to add the ~/.local/bin to my $PATH persistently in Fish:
mkdir -p /home/$USER/.local/bin set -Ua fish_user_paths /home/$USER/.local/bin
Also I make sure that it is in my $PATH also on bash:
bash -c 'echo $PATH' #/home/$USER/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
If it isn’t then I make the necessary changes in my
Enable snap support
sudo apt install snapd
A little helper in case my laptop needs to stay up all night
sudo apt install -y caffeine
Run caffeine indicator.
Flatseal is a great tool to check or change the permissions of your flatpaks:
flatpak install flatseal
In case I need to adjust the partition layout:
sudo apt install -y gparted
Open GParted, check whether it works.
Using gnome tweaks
sudo apt install gnome-tweak-tool
In Gnome Tweaks I make the following changes:
- Disable “Suspend when laptop lid is closed” in General
- Disable “Activities Overview Hot Corner” in Top Bar
- Enable “Weekday” and “Date” in “Top Bar”
- Enable Battery Percentage (also possible in Gnome Settings - Power)
- Check Autostart programs
- Put the window controls to the left and disable the minimize button
Right-click context menu in nautilus for admin
sudo apt install -y nautilus-admin
Virtual machines: Quickemu and other stuff
I used to set up KVM, Qemu, virt-manager and gnome-boxes as this is much faster as VirtualBox. However, I have found a much easier tool for most tasks: Quickqemu which uses the snap package Qemu-virgil:
git clone https://github.com/wmutschl/quickemu ~/quickemu sudo apt install snapd bsdgames wget sudo snap install qemu-virgil sudo snap connect qemu-virgil:kvm sudo snap connect qemu-virgil:raw-usb sudo snap connect qemu-virgil:removable-media sudo snap connect qemu-virgil:audio-record sudo ln -s ~/quickemu/quickemu /home/$USER/.local/bin/quickemu # Note that I keep my virtual machines on an external SSD
In case I need the old stuff:
sudo apt install -y qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager libvirt-daemon ovmf gnome-boxes sudo adduser $USER libvirt sudo adduser $USER libvirt-qemu # run gnome-boxes # run libvirt add user session # As I use btrfs I need to change compression of images to no: sudo chattr +C ~/.local/share/gnome-boxes sudo chattr +C ~/.local/share/libvirt
I sometimes access my linux machine via ssh from other machines, for this I install the OpenSSH server:
sudo apt install openssh-server
Then I make some changes to
sudo nano /etc/ssh/sshd_config
to disable password login and to allow for X11forwarding.
I have all my files synced to my own Nextcloud server, so I need the sync client:
sudo apt install -y nextcloud-desktop
Open Nextcloud and set it up. Recheck options.
OpenConnect and OpenVPN
sudo apt install -y openconnect network-manager-openconnect network-manager-openconnect-gnome sudo apt install -y openvpn network-manager-openvpn network-manager-openvpn-gnome
Go to Settings-Network-VPN and add openconnect for my university VPN and openvpn for ProtonVPN, check connections.
Dynare related packages
I am a developer of Dynare and need these packages to compile it from source and run it optimally ob Ubuntu-based systems:
sudo apt install -y build-essential gfortran liboctave-dev libboost-graph-dev libgsl-dev libmatio-dev libslicot-dev libslicot-pic libsuitesparse-dev flex bison autoconf automake texlive texlive-publishers texlive-latex-extra texlive-fonts-extra texlive-latex-recommended texlive-science texlive-plain-generic lmodern python3-sphinx latexmk libjs-mathjax doxygen x13as
git related packages:
git is most important, as a GUI for it, I use GitKraken. Also to use lfs on some repositories one needs to initialize it once:
sudo apt install -y git git-lfs git-lfs install flatpak install -y gitkraken
The flatpak version of GitKraken works perfectly. Open GitKraken and set up Accounts and Settings. Note that in case of flatpak, one needs to add the following Custom Terminal Command:
flatpak-spawn --host gnome-terminal %d.
I have a license for MATLAB, unzipping the installation files in the the home folder and running:
sudo mkdir -p /usr/local/MATLAB/R2021a sudo chown -R $USER:$USER /usr/local/MATLAB /home/$USER/matlab_R2021a_glnxa64/install
On Ubuntu based systems it is always recommended to install
matlab-support which renames/excludes the GCC libraries that ship with MATLAB such that we can use the ones from our distro:
sudo apt install -y matlab-support
Run matlab and activate it. Note that there is still a shared resources-for-x11-graphics bug, which can be solved by
#this solves the shared resources for x11 graphics bug echo "-Djogl.disable.openglarbcontext=1" > /usr/local/MATLAB/R2021a/bin/glnxa64/java.opts
Run matlab and I change some settings to use Windows type shortcuts on the Keyboard, add
inc files as supported extensions, and do not use MATLAB’s source control capabilities.
Visual Studio Code
I am in the process of transitioning all my coding to Visual Studio code:
sudo apt install -y code
I keep my profiles and extensions synced.
Latex related packages
I write all my papers and presentations with Latex using Visual Studio Code as editor:
sudo apt install -y texlive texlive-font-utils texlive-pstricks-doc texlive-base texlive-formats-extra texlive-lang-german texlive-metapost texlive-publishers texlive-bibtex-extra texlive-latex-base texlive-metapost-doc texlive-publishers-doc texlive-binaries texlive-latex-base-doc texlive-science texlive-extra-utils texlive-latex-extra texlive-science-doc texlive-fonts-extra texlive-latex-extra-doc texlive-pictures texlive-xetex texlive-fonts-extra-doc texlive-latex-recommended texlive-pictures-doc texlive-fonts-recommended texlive-humanities texlive-lang-english texlive-latex-recommended-doc texlive-fonts-recommended-doc texlive-humanities-doc texlive-luatex texlive-pstricks perl-tk
Open texstudio and set it up.
I have purchased a license for Master PDF in case I need advanced PDF editing tools:
flatpak install -y masterpdf
Open masterpdf and enter license. Also I use flatseal to give the app full access to my home folder.
Our Dynare team communication is happening via Mattermost:
flatpak install -y mattermost-desktop
Open mattermost and connect to server. I find that the snap works best for me in terms of displaying the icon in the tray.
Skype can be installed either via snap or flatpak. I find the flatpak version works better with the system tray icons:
flatpak install -y skype
Open skype, log in and set up audio and video.
Zoom can be installed either via snap or flatpak. I find the flatpak version works better with the system tray icons:
flatpak install -y zoom
Open zoom, log in and set up audio and video.
The best video player:
sudo apt install -y vlc
Open it and check whether it works.
Install and compile multimedia codecs:
sudo apt install -y libavcodec-extra libdvd-pkg; sudo dpkg-reconfigure libdvd-pkg
sudo apt install -y obs-studio
Open OBS and set it up, import your scenes, etc.
Misc tweaks and settings
Reorder Favorites on Dock
I like to reorder the favorites on the dock and add additional ones.
Go through all programs
Hit META+A and go through all programs, decide whether you need them or uninstall these.
Bookmarks for netdrives
Using CTRL+L in nautilus, I can add some netdrives:
- university cluster
- personal homepage
sftp://mutschler.euand add bookmarks to these drives for easy access with nautilus.
History search in terminal using page up and page down
When I use bash I like this feature:
sudo nano /etc/inputrc # Uncomment "\e[5~": history-search-backward # Uncomment "\e[6~": history-search-forward
Go through Settings
- Turn off bluetooth
- Change wallpaper
- Select Light Theme
- Deactivate Extend dock to the edges of the screen
- Dock visibility: intelligently hide
- Show Dock on Display: All Displays
- Automatically delete recent files and trash
- Turn of screen after 15 min
- Turn on night mode
- Add online account for Nextcloud
- Deactivate system sounds, mute mic
- Turn of suspend, turn on shutdown for power button
- Turn on natural scroll for mouse touchpad
- Go through keyboard shortcuts and adapt, I also add a custom one for xkill on CTRL+ALT+X
- Check region and language, remove unnecessary languages, then update
- Change clock to 24h format