Skip to content

Linux setup

A setup guide for programmers, etc., on Linux and the Windows Linux Subsystem. Contains specific instructions for Ubuntu and Fedora, which may work for other Debian-like and RedHat-like distros.

Also see

Start installation

Follow the instructions that show up to install. In Ubuntu, select “Default installation” and check “Install third-party software for graphics and Wi-Fi hardware” and “Download and install support for additional media formats”.

If you need encryption, TPM-backed FDE is a potential option. Support in Ubuntu and Fedora is experimental (as of October 2023). I have not tested it.

UEFI troubleshooting

If you get an error installing GRUB, try these steps:

  • Disable Fast Boot.
  • Disable Secure Boot. Also, check to see if CSM/Legacy options is disabled.
  • Manually install the bootloader (not recommended).
  • Read about Linux and UEFI for more troubleshooting.

Choose a partition scheme

Use Btrfs.

Btrfs is a copy-on-write option and is now much more robust than ext4. See the btrfs documentation.

Btrfs subvolumes

If preferred, you can use Btrfs subvolumes instead of regular partitions.

Use a swap partition the same size as your RAM.

There’s an adage that it’s important for emergency memory – in case your main memory runs out. Meanwhile, mavericks insist on skipping it altogether, pointing out that using it for emergency memory would render a system excessively slow. Linux uses swap space as a complement to memory by swapping out infrequently used pages. You should definitely use it, but it probably doesn’t need to fit more than your memory.

Skip the /boot partition.

It’s not needed on a modern UEFI system.

For single-user systems, skip /home in favor of (e.g.) /files.

/home will probably fill with miscellaneous configuration and even temp data that doesn’t need to be backed up. It’s probably even best to discard such files when upgrading or installing a new distro. So, leave /home in the root partition and use another mount point like /data or /files instead.

For workstations, consider separate /tmp and /var/tmp.

Things like an inefficient SQL query can quickly take hundreds of gigabytes in /tmp. If /tmp is in your root partition, this can brick your system, and you might have to boot to a flash drive to clean up the system. If /tmp is a separate partition, filling it up won’t leave your system unbootable. Of course, consider the tradeoff. The same goes for /var/tmp (more or less). If mounted as separate partitions, mount with noexec.

Example 1: single 4 TB NVMe SSD
drive(s) mount point size (GB) format purpose
nvme0 (efi) 2 FAT32
nvme0 (swap) 54 swap
nvme0 / 256 btrfs
nvme0 /tmp 128 btrfs
nvme0 /var/tmp 256 btrfs
nvme0 /data 3 400 btrfs Data and documents
Example 2: two 4 TB NVMe SSDs
drive(s) mount point size (GB) format purpose
nvme0 (efi) 2 FAT32
nvme0 (swap) 54 swap
nvme0 / 256 btrfs
nvme0 /tmp 128 btrfs
nvme0 /var/tmp 256 btrfs
nvme0 /scratch 3 400 btrfs Working data
nvme1 /data 4 096 btrfs Data and document
sda1 /bak/root 256 btrfs Image of root
sda2 /bak/data 5 888 btrfs Backups of /data
Example 3: three 2 TB NVMe and two 4 TB SATA SSDs
drive(s) mount point size (GB) format purpose
nvme0 (efi) 1 FAT32
nvme0 (swap) 128 swap
nvme0 / 1 408 btrfs
nvme0 /tmp 256 btrfs
nvme0 /var/tmp 256 btrfs
nvme1 /scratch 2 048 btrfs Ultra-fast scratch
nvme2 /home 2 048 btrfs Fast user data
sda /lake 4 096 btrfs Frozen data (raid 0)
sdb /lake 4 096 btrfs Frozen data (raid 0)
sdc1 /bak/root 1 408 btrfs Image of root
sdc2 /bak/lake 2 048 btrfs Backups of /home
sdc3 /bak/home 2 048 btrfs Backups of /lake

Enable kernel modules

First, update and reboot:

sudo apt update -y && reboot

sudo dnf update && reboot

Then, run

sudo modprobe sha256

Set mount options

  • Add noatime everywhere. Access timestamps (atime) are written using the default option, relatime. This makes a lot of otherwise-unnecessary writes, degrading performance.
  • Add noacl everywhere. There’s probably no performance gain to disable ACL, but you almost definitely don’t need it.
  • Add noexec, nodev, and nosuid to /tmp and /var/tmp (if they exist).

Consider compression.

btrfs can compress data at rest and in transit. Whether to use lzo, zstd, or no compression depends primarily on the (uncompressed) throughput: Use heavier compression to compensate for slow IO, and use lighter compression for fast IO. Use no compression if the CPU is already the bottleneck. See benchmarks for btrfs compression. Here are my recommendations:

  • compression=off for NVMe SSDs
  • compression=lzo for SATA-connected SSDs
  • compression=zstd:3 for SATA-connected HDDs and USB-connected SSDs or HHDs

Bug: compression failures

Sometimes filesystems cannot be mounted with compress. There are probably many likely reasons.

Warning

Make sure to follow the steps below to verify that your fstab is valid and usable.

Edit fstab

Following these rules, the fstab for “Example scheme 1 – single-user workstation” might look like this:

# filesystem     mount      type   options                            d p
.../by-uuid/...  none       swap   sw                                 0 1
.../by-uuid/...  /boot/efi  vfat   defaults                           0 1
.../by-uuid/...  /tmp       btrfs  noatime,noacl,noexec,nodev,nosuid  0 1
.../by-uuid/...  /var/tmp   btrfs  noatime,noacl,noexec,nodev,nosuid  0 1
.../by-uuid/...  /          btrfs  noatime,noacl                      0 1
.../by-uuid/...  /data      btrfs  noatime,noacl,compress=lzo         0 1
.../by-uuid/...  /bak       btrfs  noatime,noacl,compress=zstd:3      0 1

Before rebooting, verify that your changes are probably ok by running

mount --fake --all --verbose

and

sudo systemctl daemon-reload
sudo findmnt --fstab --verify --verbose

Then reboot and see the results by running

cat /etc/mtab

Post-installation

Install packages

First, install some important packages:

sudo add-apt-repository universe -y
sudo apt-get install -y git curl wget iotop zsh vim
sudo apt-get install -y xz-utils brotli lzma zstd
sudo apt-get install -y build-essential # (1)!
sudo apt-get install -y libncurses-dev cmake
sudo apt-get install -y asdf flatpak # (2)!
sudo apt-get install -y eza  # (3)!
sudo apt-get install -y apt-file # (4)!
apt-file update # (5)!
  1. build-essential includes gcc, g++, make, and other C/C++ tools.
  2. asdf is a version manager for tools. Flatpak is a distro-independent package manager for Linux.
  3. eza replaces the deprecated exa.
  4. apt-file can be used to search installed packages.
  5. apt-file update builds its index.
sudo dnf upgrade -y
sudo dnf install -y git curl wget iotop zsh vim
sudo dnf install -y xz-utils brotli lzma zstd
sudo dnf install -y ncurses-devel make automake gcc gcc-c++ kernel-devel cmake
sudo dnf install -y asdf flatpak # (1)!
sudo dnf install -y eza # (2)!
  1. asdf is a version manager for tools. Flatpak is a distro-independent package manager for Linux.
  2. eza replaces the deprecated exa.

Install the GitHub CLI per the official GH Linux install instructions. After following the instructions, run

gh config set pager cat                    # Recommended -- stops pagination (use `| less` if wanted)
gh config set editor "$(which vim)"        # Recommended -- if using vim
gh config set prefer_editor_prompt enabled # Optional
gh auth login

Configure firewall

sudo ufw enable

Fedora should come with firewalld installed and enabled by default.

Enable SSH logins

Install ssh to allow for remote logins.

sudo apt -y update
sudo apt -y install openssh-server
sudo ufw allow 22

Sudoers

Also see

If you don’t have sudo access, add your username to the needed user group:

sudo usermod --append --groups sudo

sudo usermod --append --groups wheel

For a personal machine, requiring a password is probably unnecessary. If you use sudo visudo to edit /etc/sudoers, the file is checked for syntax before save. You can also check syntax with visudo -c my-sudoers.txt. Find the line covering the relevant group (sudo, wheel, or admin), and prepend NOPASSWD: to ALL. The line will probably look like this:

%sudo ALL=(ALL) NOPASSWD:ALL

%wheel ALL=(ALL) NOPASSWD:ALL

Important: how sudo reads

Sudo will only use the last line of /etc/sudoers that matches for a user. If a line matching by username precedes a line matching by group, the group settings simply override the user settings. Bear in mind that /etc/sudoers.d/ files are processed after /etc/sudoers.

Configure your shell

Follow: Shell setup .

Configure Git, SSH, and GPG

Follow: Shell setup .

Generate a certificate (if needed)

If you need a certificate, set a static IP address and generate a certificate with certbot. Choose “None of the above” for Software. Then follow the instructions exactly, including the “Automating renewal” section. This may not work through some company and university firewalls.

Programming languages and frameworks

Java, Rust, and Python

See the toolkits guide.

Cosmetics and UI

Tweak your desktop environment.

Eza icons and Nerd fonts

Download one or more Nerd fonts. Then run

gh release download --dir nerd/ --repo ryanoasis/nerd-fonts -p '*.zip'
for f in 'nerd/*.zip'; do
  sudo unzip '$f' -d /usr/local/share/fonts
done
fc-cache

Set your terminal font to your preferred Nerd font. (I recommend Source Code Pro, Noto, JetBrains Mono, Ubuntu Mono, or IBM Plex Mono.) Now you can run

eza --icons