{"id":21842415,"url":"https://github.com/erik1066/pop-os-setup","last_synced_at":"2025-04-04T13:10:56.722Z","repository":{"id":41479161,"uuid":"163777850","full_name":"erik1066/pop-os-setup","owner":"erik1066","description":"Instructions to make Pop!_OS setup fast and easy for developing software in Go, C# (.NET Core), Java Spring, Python, and NodeJS, and web front-ends in React. These instructions should also work for Ubuntu and most Ubuntu-based Linux distributions. Includes instructions for changing fonts and themes.","archived":false,"fork":false,"pushed_at":"2025-03-08T15:30:33.000Z","size":6696,"stargazers_count":205,"open_issues_count":1,"forks_count":30,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-28T12:08:40.080Z","etag":null,"topics":["linux","pop-os","ubuntu"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/erik1066.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-02T00:51:12.000Z","updated_at":"2025-03-18T19:52:26.000Z","dependencies_parsed_at":"2024-11-27T22:45:47.997Z","dependency_job_id":null,"html_url":"https://github.com/erik1066/pop-os-setup","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik1066%2Fpop-os-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik1066%2Fpop-os-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik1066%2Fpop-os-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik1066%2Fpop-os-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/erik1066","download_url":"https://codeload.github.com/erik1066/pop-os-setup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247182399,"owners_count":20897381,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","pop-os","ubuntu"],"created_at":"2024-11-27T22:11:55.740Z","updated_at":"2025-04-04T13:10:56.704Z","avatar_url":"https://github.com/erik1066.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pop!\\_OS 22.04 Setup Guide for Software Engineers\n\nThis repository contains instructions to set up [Pop!\\_OS](https://system76.com/pop) for developing software in Go, Rust, C# (.NET Core), Java, Python, and NodeJS, as well as web front-ends in React. The steps below should also work for Ubuntu and most Ubuntu-based Linux distributions.\n\n\u003e See [Fedora Workstation Setup Guide](https://github.com/erik1066/fedora-setup-guide) for a version of this guide specific to Fedora.\n\n![Pop!_OS desktop screenshot with Tilix, Visual Studio Code, and Gnome Tweak Tool, displayed and the Arc Dark theme](images/screenshot01.png \"Pop!_OS desktop screenshot with Tilix, Visual Studio Code, and Gnome Tweak Tool, displayed and the Arc Dark theme\")\n\n## Update the OS and install common tools\n\nThe first thing you should do is get the latest security updates:\n\n```bash\nsudo apt update \u0026\u0026 sudo apt dist-upgrade -y\n```\n\nNext, install common development tools:\n\n```bash\nsudo apt install \\\nbuild-essential \\\napt-transport-https \\\nca-certificates \\\ncurl \\\nsoftware-properties-common \\\napache2-utils \\\nmake \\\nchromium-browser \\\ngnome-tweaks \\\ngnome-shell-extensions \\\ndconf-editor\n```\n\nCleanup:\n\n```bash\nsudo apt autoremove -y\nsudo apt autoclean -y\n```\n\nCheck for firmware updates:\n\n```bash\nsudo fwupdmgr get-devices\nsudo fwupdmgr get-updates\nsudo fwupdmgr update\n```\n\nReboot before proceeding any further:\n\n```bash\nsudo reboot now\n```\n\n## Improve Font Rendering\n\nThe default font rendering in Pop!\\_OS may appear blurry on LCD monitors. Gnome's OS settings application lacks the ability to change font rendering. You must install the Gnome Tweak Tool to adjust these settings. Gnome Tweak Tool can be installed from the Pop!\\_Shop or from a terminal as shown below:\n\n1. Run `sudo apt install gnome-tweaks`\n1. Run `gnome-tweaks`\n1. **Fonts** \u003e **Hinting** \u003e Set to \"Full\"\n1. **Fonts** \u003e **Antialiasing** \u003e Set to \"Subpixel (for LCD screens)\"\n\n\u003e The Pop!_OS defaults are: \"Slight\" for Hinting and \"Standard\" for Antialiasing, in case you want to switch back.\n\n## Increase the inotify watch count\n\nWhen working with Dropbox, React, and NodeJS, you may run into the following error: \"User limit of inotify watches reached\". The default limit for file watchers is 8,192. Increase this limit to something more reasonable:\n\n1. Run `sudo gedit /etc/sysctl.conf`\n1. Add `fs.inotify.max_user_watches=10000000` to the bottom of the file\n1. Run `sudo sysctl -p` (or restart the OS)\n\n## Tilix\n\nTilix may be preferable to the default Gnome terminal:\n\n```bash\nsudo apt install tilix\n```\n\n## Z Shell (ZSH)\n\n**Instructions derived from https://github.com/ohmyzsh/ohmyzsh/wiki/Installing-ZSH on 2024-02-18**\n\n[ZSH](https://en.wikipedia.org/wiki/Z_shell) can be installed by running:\n\n```bash\nsudo apt install zsh\n```\n\nRun `zsh --version` and look for `zsh 5.8.1 (x86_64-ubuntu-linux-gnu)` (or newer) to verify success\n\nTo set `zsh` as the default shell, run:\n\n```bash\nchsh -s $(which zsh)\n```\n\nStart a new session. ZSH is now your default shell.\n\n### Optional: Install Oh-My-ZSH for ZSH configuration management\n[Oh-My-ZSH](https://github.com/ohmyzsh/ohmyzsh) is an excellent tool for managing your ZSH configuration. Install it using the following command:\n\n```bash\nsh -c \"$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n```\n\nAn \"Oh My Zsh!... is now installed!\" message should appear in the terminal output.\n\n\u003e You may be prompted to set ZSH as your default shell.\n\n### Optional: Enable ZSH syntax highlighting\nInstall syntax highlighting for ZSH by running:\n\n```bash\nsudo apt install zsh-syntax-highlighting\n```\n\nNow run:\n\n```bash\necho \"source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh\" \u003e\u003e ~/.zshrc\n```\n\nThe changes will be applied to new terminal windows.\n\n### Optional: Change ZSH theme using Oh-My-ZSH\n\nOh-My-ZSH is installed with [several themes](https://github.com/ohmyzsh/ohmyzsh/wiki/Themes). Let's change the default theme to `blinks` by first opening the `.zshrc` file:\n\n```bash\nsudo gedit ~/.zshrc\n```\n\nFind the line `ZSH_THEME=\"robbyrussell\"` and change it to `ZSH_THEME=\"blinks\"` and save. The new theme will be applied to new terminal windows.\n\n### Optional: Enable ZSH plugins\n\nPlugins add functionality to ZSH. Let's enable some [pre-installed plugins](https://github.com/ohmyzsh/ohmyzsh/wiki/Plugins) for a few programming languages. First, open the `.zshrc` file:\n\n```bash\nsudo gedit ~/.zshrc\n```\n\nFind the line `plugins=(git)` and change it to include your preferred plugins. An example:\n\n```\nplugins=(git dotnet rust golang mvn npm terraform aws gradle)\n```\n\nSave the file. The plugins will be applied to new terminal windows.\n\n## Install Eclipse for Java Developers\n\n1. From the desktop, select **Activities** (top-left corner of your monitor) \u003e **Pop!\\_Shop**\n1. Search for \"Eclipse\" and install \"Eclipse for Java Developers\"\n1. Launch Eclipse\n\nAlternatively, run the following command to install Eclipse from a terminal:\n\n```bash\nflatpak install flathub org.eclipse.Java\n```\n\n## Install JetBrains products (Rider, GoLand, IntelliJ IDEA Ultimate, etc)\n\n**The instructions for installing JetBrains products are derived from https://www.jetbrains.com/help/idea/installation-guide.html#toolbox and are current as of 2024-03-09**\n\n1. Visit https://www.jetbrains.com/toolbox/app/ and download the JetBrains Toolbox app.\n1. Run the following commands, replacing the file name in the example with the file name you downloaded:\n\n```bash\nsudo tar -xzf jetbrains-toolbox-2.4.2.32922.tar.gz -C /opt\ncd /opt/jetbrains-toolbox-2.4.2.32922\n./jetbrains-toolbox\n```\n\n3. Select the product that you want to install.\n\n## Install Postman\n\nPostman is a complete toolchain for API developers. It can be installed in one of three ways. The easiest is to open the **Pop!_Shop** and install Postman using the GUI.\n\n\u003e Installing Postman from **Pop!_Shop** installs from Flathub.\n\nYou may alternatively install Postman from Flathub using a terminal session.\n\n```bash\nflatpak install flathub com.getpostman.Postman\n```\n\n## Install Zed\n\n**The instructions for installing Zed are derived from https://zed.dev/docs/linux#zed-on-linux and are current as of 2024-07-13**\n\nZed is a highly-efficient, cross-platform code editor written in Rust.\n\nRun the following command to install Zed:\n\n```bash\ncurl https://zed.dev/install.sh | sh\n```\n\nTo run Zed after installation:\n\n```bash\n~/.local/bin/zed\n```\n\n## Install Visual Studio Code\n\n**The instructions for installing Visual Studio Code are derived from https://code.visualstudio.com/docs/setup/linux and are current as of 2024-02-19**\n\n1. Run the following commands:\n\n```bash\nsudo apt-get install wget gpg\nwget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor \u003e packages.microsoft.gpg\nsudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg\nsudo sh -c 'echo \"deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main\" \u003e /etc/apt/sources.list.d/vscode.list'\nrm -f packages.microsoft.gpg\nsudo apt install apt-transport-https\nsudo apt update\nsudo apt install code\n```\n\n2. Launch Visual Studio Code\n1. Navigate **File** \u003e **Preferences** \u003e **Settings** and then type \"telemetry\"\n1. Select \"off\" for the **Telemetry Level**\n1. Disable the \"Dotnet Acquisition Extension: Enable Telemetry\" option\n1. Optional: While still in **Settings**, change the following to \"False\":\n   1. **Enable Natural Language Search**\n   1. **Enable Experiments**\n1. Optional: While still in **Settings**, enable **Editor: Format on Save**. Turning this setting on is the same as running the **Format Document** command each time you save a file.\n1. Optional: While Visual Studio Code is open, select **Activities**, right-click the Visual Studio Code icon on the dock, and select **Add to favorites**.\n\n\u003e While you can install Visual Studio Code from flathub via the Pop!_Shop, doing so will result in problems finding development tools like the .NET SDK. The `.deb` package in Pop!_Shop is also many versions out-of-date. The process outlined above resolves both issues.\n\n\n\n\nThe following VS Code extensions are handy:\n\n1. [HashiCorp Terraform](https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform)\n1. [Go](https://marketplace.visualstudio.com/items?itemName=golang.Go)\n1. [C# Dev Kit](https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.csdevkit) - syntax highlighting, debugging, test runner support, and intellisense for C#\n1. [Rust-Analyzer](https://marketplace.visualstudio.com/items?itemName=rust-lang.rust-analyzer) - Rust language server\n1. [CodeLLDB](https://marketplace.visualstudio.com/items?itemName=vadimcn.vscode-lldb) - for debugging Rust code on Ubuntu\n1. [Extension Pack for Java](https://marketplace.visualstudio.com/items?itemName=vscjava.vscode-java-pack) - syntax highlighting, debugging, and intellisense for Java, plus unit testing support\n1. [Spring Boot Extension Pack](https://marketplace.visualstudio.com/items?itemName=Pivotal.vscode-boot-dev-pack) - specific enhancements for working with Spring Boot\n1. [VS Live Share](https://marketplace.visualstudio.com/items?itemName=MS-vsliveshare.vsliveshare) - allows simultaneous editing of code files by multiple authors, like Google Docs\n1. [Docker](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker)\n1. [Kubernetes](https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools)\n1. [JavaScript Debugger for Chrome](https://marketplace.visualstudio.com/items?itemName=msjsdiag.debugger-for-chrome)\n1. [Python](https://marketplace.visualstudio.com/items?itemName=ms-python.python)\n1. [ESLint](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint)\n1. [TSLint](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-typescript-tslint-plugin)\n1. [Prettier](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)\n\nThere are some excellent dark theme alternatives to the VS Code default theme:\n\n1. [Tokyo Night](https://marketplace.visualstudio.com/items?itemName=enkia.tokyo-night)\n1. [One Monokai](https://marketplace.visualstudio.com/items?itemName=azemoh.one-monokai)\n1. [Atom One Dark](https://marketplace.visualstudio.com/items?itemName=akamud.vscode-theme-onedark)\n1. [Material](https://marketplace.visualstudio.com/items?itemName=Equinusocio.vsc-material-theme)\n1. [Blueberry Dark](https://marketplace.visualstudio.com/items?itemName=peymanslh.blueberry-dark-theme)\n1. [Arc+](https://marketplace.visualstudio.com/items?itemName=ph-hawkins.arc-plus)\n1. [Arc Darker](https://marketplace.visualstudio.com/items?itemName=alvesvaren.arc-dark)\n1. [Neon City](https://marketplace.visualstudio.com/items?itemName=lakshits11.neon-city)\n\n### Working with VSCode extensions from the terminal\n\nTo see which VSCode extensions are installed:\n\n```bash\ncode --list-extensions\n```\n\nYou can install VSCode extensions from the terminal, too. Run the following commands to install HashiCorp's Terraform extension, Google's Go extension, and Microsoft's Docker extension:\n\n```bash\ncode --install-extension HashiCorp.terraform\ncode --install-extension golang.Go\ncode --install-extension ms-azuretools.vscode-docker\n```\n\n## Terraform\n\n**Instructions for installing Terraform taken from https://developer.hashicorp.com/terraform/install on 2024-06-29**\n\n```bash\nwget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\necho \"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\nsudo apt update \u0026\u0026 sudo apt install terraform\n```\n\nRun `terraform --version` to verify the installation was a success.\n\n## Java and Maven\n\n```bash\nsudo apt install openjdk-17-jdk-headless maven\n```\n\nRun `javac -version` and look for the following output to verify success:\n\n```\nopenjdk version \"11.0.10\" 2021-01-19\nOpenJDK Runtime Environment (build 11.0.10+9-Ubuntu-0ubuntu1.20.04)\nOpenJDK 64-Bit Server VM (build 11.0.10+9-Ubuntu-0ubuntu1.20.04, mixed mode, sharing)\n```\n\n## Go\n\n**Instructions for installing Go taken from https://go.dev/doc/install on 2024-08-15**\n\nWhile you _can_ install Go via `apt`, doing so installs an oudated version. Run the following commands instead, ensuring you replace the version number in the commands below with the version number you want to install. These are also the same commands you will use to update Go to a newer version.\n\n```bash\ncurl -OL https://golang.org/dl/go1.23.7.linux-amd64.tar.gz\nsha256sum go1.23.7.linux-amd64.tar.gz\nsudo rm -rf /usr/local/go\nsudo tar -C /usr/local -xzf go1.23.7.linux-amd64.tar.gz\n```\n\nRun the following command to verify success:\n\n```bash\ngo version\n```\n\nLook for `go version go1.23.7 linux/amd64` (or newer) to verify success.\n\nSet the following environment variables if this is the first time you're installing Go. _You do not need to repeat this step if you're upgrading Go._\n\n```bash\necho \"export PATH=$PATH:$(go env GOPATH)/bin:/usr/local/go/bin\" \u003e\u003e ~/.profile\nsource ~/.profile\n```\n\n[Delve](https://github.com/go-delve/delve) is a debugger for Go. You can install it by running the following command:\n\n```bash\ngo install github.com/go-delve/delve/cmd/dlv@v1.22.1\n```\n\nRun the following command to check that `dlv` is installed and you're on an up-to-date version:\n\n```bash\ndlv version\n```\n\nYou should see the following after running `dlv version`:\n\n```\nDelve Debugger\nVersion: 1.22.1\nBuild: $Id: 0c3470054da6feac5f6dcf3e3e5144a64f7a9a48\n```\n\n\n## Rust\n\n**Instructions for installing Rust taken from https://www.rust-lang.org/tools/install on 2024-02-18**\n\n```bash\ncurl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n```\n\nRestart your terminal session, or run `source \"$HOME/.cargo/env\"`, and then run `rustc --version`. Look for `rustc 1.80.1 (3f5fd8dd4 2024-08-06)` (or newer) to verify success.\n\nTo update Rust:\n\n```bash\nrustup update\n```\n\n\u003e You can easily uninstall Rust and Rustup by running `rustup self uninstall`.\n\n## Python\n\n```bash\nsudo apt install python3-minimal\n```\n\nRun `python3 --version` and look for `Python 3.8.5` (or newer) to verify success\n\nTo install Anaconda Python instead, see https://linuxhint.com/install_anaconda_python_ubuntu_1804/.\n\n## NodeJS\n\nThe quick way to install NodeJS 20 (LTS):\n\n```bash\ncurl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - \u0026\u0026\\\nsudo apt-get install -y nodejs\n```\n\nRun `node --version`  to verify success.\n\n## .NET\n\n```bash\nsudo apt install dotnet-sdk-8.0\n```\n\nRun `dotnet --list-sdks` and look for the following output to verify success:\n\n```\n8.0.108 [/usr/lib/dotnet/sdk]\n```\n\n### Optional: Disable .NET telemetry\n\n1. Run `gedit ~/.profile`\n1. Type `export DOTNET_CLI_TELEMETRY_OPTOUT=true` at the bottom of the file\n1. Save and exit\n1. Log out and log in again\n\n## Wireshark\n\nThere are several ways to install Wireshark from `apt`.\n\n### Option #1: Install from ppa\n\nThe latest, or at least close to latest, version of Wireshark can be installed via:\n\n```bash\nsudo add-apt-repository ppa:wireshark-dev/stable\nsudo apt update\nsudo apt install wireshark\n```\n\n### Option #2: Install from `apt`:\n\nAn older version of Wireshark can be installed by running:\n\n```bash\nsudo apt install wireshark\n```\n\nThis will likely install an older version versus using installtion option #1 above.\n\n\u003e At the time of writing this section, option #1 installs version 4.2.5 while option #2 installs Wireshark 3.6.\n\n\n### Configure Wireshark\n\n1. It is recommended to choose **Yes** when the installer asks: \"Should non-superusers be able to capture packets?\" If you fail to select **Yes** then you will need root privileges to run Wireshark.\n\n\u003e Requiring root privileges means running `wireshark` with `sudo`.\n\n\u003e If you want to change your answer from **No** to **Yes** in the future, run `sudo dpkg-reconfigure wireshark-common`.\n\n2. Next, add your user to the `wireshark` group. Run this command exactly as-is:\n\n```bash\nsudo usermod -a -G wireshark \"$USER\"\n```\n\n3. Ensure your username is part of the `wireshark` group. You should see your username when you run the below command:\n\n```bash\ngroups \"$USER\"\n```\n\n4. Log out and log in to Pop!_OS.\n5. Run Wireshark and capture some packets.\n\n## Set Wireshark to Dark Mode\n\n**The following instructions are derived from a [response to a GitHub issue](https://github.com/pop-os/shell/issues/1642#issuecomment-2136726171).**\n\nBy default, Wireshark `4.2.5` does not respect the Dark mode selector in Pop!_OS `22.04` or Dark mode themes like Nordic-darker-v40 or Arc Dark. We can fix this, albeit partially:\n\n1. Install the Adwaita-qt theme:\n\n```bash\nsudo apt install adwaita-qt\n```\n\n2. Run Wireshark using the following terminal command:\n\n```bash\nQT_STYLE_OVERRIDE=Adwaita-Dark wireshark\n```\n\n\n## Podman\n\n**The instructions for installing Podman are derived from https://podman-desktop.io/downloads and are current as of 2024-06-22**\n\nPodman is an open source alternative to Docker Desktop. To install Podman Desktop client:\n\n```\nflatpak install flathub io.podman_desktop.PodmanDesktop\n```\n\nTo install Podman itself:\n\n```\nsudo apt-get update\nsudo apt-get -y install podman\n```\n\nPodman commands are similar to Docker commands. Example: `podman compose up` instead of `docker-compose up` and `podman ps` instead of `docker ps`. Podman also installs `kubectl` if you select the Kubernetes extension on initial setup.\n\nRun `podman version` and look for the following:\n\n```\nVersion:      3.4.4\nAPI Version:  3.4.4\nGo Version:   go1.18.1\nBuilt:        Wed Dec 31 19:00:00 1969\nOS/Arch:      linux/amd64\n```\n\nA Podman tutorial is available at https://github.com/containers/podman/blob/main/docs/tutorials/podman_tutorial.md.\n\n### Podman alternative: Docker Desktop\n\n**The instructions for installing Docker Desktop are derived from https://docs.docker.com/desktop/install/linux-install/ and are current as of 2024-02-18**\n\nAs an alternative to Podman Desktop, Docker Desktop can now be installed on Linux. It provides the same functionality as Docker Desktop on macOS and Windows and includes a single-node Kubernetes cluster. It is recommended to either install Docker Desktop _or_ install Docker on Linux, but not both (though both can be present simultaneously).\n\nThis guide has been updated to focus on installing Docker Desktop.\n\n\u003e You may **not** want to install Docker Desktop if you are running Pop!_OS in a virtual machine, as Docker Desktop installs its own virtual machine; this would be virtualization-within-virtualization and may cause problems. You'd alternatively want to consider installing Docker on Linux directly without \"Docker Desktop\". This is the traditional way Docker has been installed on Linux. Older versions of this guide describe how this can be done. See [/older-versions](/older-versions).\n\nThere is no repository for installing Docker Desktop.\n\n1. Download the `.deb` package from https://docs.docker.com/desktop/install/ubuntu/.\n1. Run `sudo apt-get install ./docker-desktop-\u003cversion\u003e-\u003carch\u003e.deb`\n1. Either open the **Docker Desktop** app that was installed, or run `systemctl --user start docker-desktop`\n\nVerify success by running `docker --version`. You should see something like the following:\n\n```\nDocker version 25.0.3, build 4debf41\n```\n\n## Helm\n\n**The instructions for installing Helm are derived from https://helm.sh/docs/intro/install/ and are current as of 2024-06-24**\n\nInstall Helm by issuing the following commands:\n\n```bash\ncurl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3\nchmod 700 get_helm.sh\n./get_helm.sh\n```\n\nRun `helm version` to verify success.\n\n## Azure CLI tools\n\n**The instructions for installing Azure CLI tools are derived from https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt\u0026view=azure-cli-latest and are current as of 2024-06-24**\n\nThe simplest way to install the Azure CLI tools:\n\n```bash\ncurl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash\n```\n\nVerify success by running `az --version` and checking that `azure-cli 2.61.0` (or newer) appears somewhere in the output. Additionally, the output should indicate that `Your CLI is up-to-date`.\n\nYou can periodically run `az upgrade` to upgrade the Azure CLI tools.\n\n\u003e See [Install Azure CLI with apt](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest) for further information and alternative installation methods.\n\n## Azure Storage Explorer\n\nAzure's desktop app for interacting with Azure Storage is cross-platform. It is available in the **Pop!\\_Shop** via FlatHub. Installing it on an Ubuntu-based distribution can also be done in the terminal as follows:\n\n```bash\nflatpak install flathub com.microsoft.AzureStorageExplorer\n```\n\n## AWS CLI tools\n\n**The instructions for installing AWS CLI tools are derived from https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html and are current as of 2024-06-29**\n\nThe following script installs v2 of the AWS CLI tools:\n\n```bash\nsudo apt install -y unzip\ncurl \"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\" -o \"awscliv2.zip\"\nunzip awscliv2.zip\nsudo ./aws/install\n```\n\nRun `aws --version` and check for `aws-cli/2.17.5 Python/3.11.8 Linux/6.9.3-76060903-generic exe/x86_64.pop.22` to verify success.\n\nTo update AWS CLI, add your existing symlink and installer information to construct the install command. This is done using the `--bin-dir`, `--install-dir`, and `--update` parameters. The following command block uses an example symlink of `/usr/local/bin` and example installer location of `/usr/local/aws-cli`. These locations are the defaults that would have been used during installation unless you specified otherwise.\n\n```bash\ncurl \"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\" -o \"awscliv2.zip\"\nunzip awscliv2.zip\nsudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update\n```\n\nSee https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html for additional information.\n\n## Kubernetes CLI tools (`kubectl`)\n\n**Instructions derived from https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ on 2024-02-18**\n\nYou may not need to follow these commands to install `kubectl` if you installed Docker Desktop. Run `kubectl version` to see if it's already installed. If not, follow the commands below:\n\n```bash\nsudo apt update\nsudo apt install -y apt-transport-https ca-certificates curl\n# If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below.\n# sudo mkdir -p -m 755 /etc/apt/keyrings\ncurl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\necho 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list\nsudo apt update\nsudo apt install -y kubectl\n```\n\nRun `kubectl version` to verify success.\n\n\n## GitHub CLI tools\n\n**The instructions for installing GitHub CLI tools are derived from https://github.com/cli/cli/blob/trunk/docs/install_linux.md and are current as of 2024-02-18**\n\n```bash\ntype -p curl \u003e/dev/null || (sudo apt update \u0026\u0026 sudo apt install curl -y)\ncurl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \\\n\u0026\u0026 sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \\\n\u0026\u0026 echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\" | sudo tee /etc/apt/sources.list.d/github-cli.list \u003e /dev/null \\\n\u0026\u0026 sudo apt update \\\n\u0026\u0026 sudo apt install gh -y\n```\n\n## Git configuration\n\n```bash\ngit config --global user.name \"Your Name\"\ngit config --global user.email yourname@yourdomain.com\ngit config --global init.defaultBranch main\n```\n\nSee [Customizing Git Configuration](https://www.git-scm.com/book/en/v2/Customizing-Git-Git-Configuration) for more details. You can edit the global Git config file by running `gedit ~/.gitconfig` in a terminal window.\n\n\u003e Tip: Remember that you can include a longer commit message by using a second `-m` in your command. Example: `git commit -m \"The short message, best ~50 characters\" -m \"The extended description that can go on however long you want.\"`\n\n## SSH Keys for GitHub/GitLab\n\n**The instructions for generating SSH keys is derived from https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent. Instructions for adding an SSH key to GitHub is derived from https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account. Both are current as of 2024-02-18**\n\n1. Run `ssh-keygen -t ed25519 -C \"your_email@example.com\"`\n1. Enter a passphrase\n1. Run `ssh-add ~/.ssh/id_ed25519`\n1. Run `cat ~/.ssh/id_ed25519.pub`\n1. Copy the output from `cat` and paste it into GitLab and GitHub's SSH key sections for your profile\n1. Run `ssh -T git@github.com` to [verify the key is recognized and working with GitHub.com](https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints)\n1. Run `ssh -T git@gitlab.com` to verify the key is recognized and working with GitLab\n\n## GPG Keys for signing commits\n\nTaken from https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/index.html.\n\n1. Run `gpg --full-gen-key`\n1. Choose \"RSA and RSA (default)\"\n1. Choose 4096 bits\n1. Choose 2y (or a timeframe of your choosing)\n1. Provide the other required inputs\n1. Run `gpg --list-secret-keys --keyid-format LONG mr@robot.sh` (replace `mr@robot.sh` with the email you used previously)\n1. Copy the GPG key ID that starts with `sec`. E.g. in `sec rsa4096/30F2B65B9246B6CA 2017-08-18 [SC]`, the key ID is `30F2B65B9246B6CA`\n1. Run `gpg --armor --export 30F2B65B9246B6CA`\n1. Run `git config --global user.signingkey 30F2B65B9246B6CA`\n1. [Add the key to your GitHub account](https://help.github.com/articles/adding-a-new-gpg-key-to-your-github-account/)\n\nTo sign commits, the only difference is the addition of the `-S` flag:\n\n```bash\ngit commit -S -m \"My commit msg\"\n```\n\n## VLC for media playback\n\n```bash\nsudo apt install -y vlc\nsudo apt install -y libavcodec-extra libdvd-pkg\nsudo dpkg-reconfigure libdvd-pkg\n```\n\n## Other Items in Pop!\\_Shop to consider installing:\n\n1. Dropbox\n1. Slack\n1. Spotify\n1. VirtualBox\n1. Zoom\n1. Microsoft Teams\n1. VLC - for playing media files\n1. Peek - for recording your screen and producing animated GIFs\n1. GNU Image Manipulation Program\n1. Htop\n1. Bleachbit - for secure file erasure and general disk cleanup\n\n## Firefox\n\n1. Install the [React Developer Tools](https://addons.mozilla.org/en-US/firefox/addon/react-devtools/) addon\n1. **Preferences** \u003e **Search** \u003e Change the search engine to \"[DuckDuckGo](https://duckduckgo.com/)\" (or your preferred engine)\n1. **Preferences** \u003e **Privacy** \u003e Change tracking and protection settings as-needed\n\n### Optional: Enable DNS over HTTPS\n\n1. Navigate to **Edit** \u003e **Settings**\n1. In the **Privacy \u0026 Security** tab, scroll down to **Enable DNS over HTTPS** and select **Max Protection**\n1. Select \"Cloudflare\" as the provider\n\n### Optional: Force GPU rendering to smooth out page scrolling\n\nFirefox in Gnome can experience screen tearing and other performance-inhibiting behavior. This may be adjustable by forcing GPU rendering, though it may impact power usage and stability. This has only been tested using NVIDIA GPUs.\n\n1. Navigate to `about:config` in the Firefox URL bar\n1. Select **Accept the Risk and Continue**\n1. Copy and paste `layers.acceleration.force-enabled` into the search box and **Enable** it\n1. Copy and paste `layers.force-active` into the search box and **Enable** it\n1. Restart Firefox and observe smoother scrolling behavior\n\n### Optional: Enable enhanced privacy protections\n\nSee https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks for advanced privacy-related Firefox configuration options.\n\n## Chromium\n\n1. From the desktop, select **Activities** (top-left corner of your monitor) \u003e **Pop!\\_Shop**\n1. Search for \"Chromium Browser\" and install it\n1. Navigate to https://chrome.google.com/webstore/category/extensions and search for \"React Developer Tools\"\n1. Add the [React Developer Tools](https://chrome.google.com/webstore/detail/react-developer-tools/fmkadmapgofadopljbjfkapdkoienihi) to Chromium\n\n### Optional: Change Chromium's privacy settings\n\n1. In Chromium, press the \"...\" button at the top-right corner of the Chromium window to bring up the options menu\n1. **Settings** \u003e **Search Engine** \u003e Set to \"Duck Duck Go\" (or your preferred engine)\n1. **Settings** \u003e **Advanced** \u003e **Privacy \u0026 Security** \u003e\n   1. **Allow Chromium sign-in** \u003e Disable\n   1. **Use a prediction service to help complete searches and URLs typed in the address bar** \u003e Disable\n   1. **Use a web service to help resolve navigation errors** \u003e Disable\n   1. **Send a \"Do Not Track\" request with your browsing traffic** \u003e Enable\n   1. **Allow sites to check if you have payment methods saved** \u003e Disable\n   1. **Content Settings** \u003e\n      1. **Cookies** \u003e **Block third-party cookies** \u003e Enable\n      1. **Location** \u003e Block\n      1. **Microphone** \u003e Block\n      1. **Camera** \u003e Block\n      1. **Flash** \u003e Set to \"Block sites from running Flash\"\n      1. **Clipboard** \u003e Set to \"Do not allow sites to see text and images copied to the clipboard\"\n      1. **Payment Handlers** \u003e Set to \"Do not allow any site to install payment handlers\"\n\n### FYI: How to configure VS Code for **Chromium** JavaScript debugging\n\nVisual Studio Code can [launch Google Chrome in JavaScript debug mode](https://code.visualstudio.com/docs/nodejs/reactjs-tutorial#_configure-the-chrome-debugger) so developers can do useful things like set breakpoints and inspect JavaScript variables at runtime. However, [Microsoft's official guidance on how to configure the Chrome Debugger](https://code.visualstudio.com/docs/nodejs/reactjs-tutorial#_configure-the-chrome-debugger) only works with _Chrome_ and not _Chromium_.\n\nGoogle Chrome is a commercial, closed-source product. It's based on the open source Chromium project. If you'd like to use Chromium for JavaScript debugging instead of Chrome, you can still follow Microsoft's guide. You'll just need to add a `runtimeExecutable` property to the `launch.json` file in your web app's `.vscode` directory. Just make sure it points to where `chromium-browser` is installed. If you installed Chromium from the Pop!\\_Store then it should be located at `/usr/bin/chromium-browser`.\n\nThe `launch.json` file will automatically be created if you follow along with [Microsoft's how-to guide](https://code.visualstudio.com/docs/nodejs/reactjs-tutorial#_configure-the-chrome-debugger).\n\nThe `launch.json` file needed to debug using Chromium is shown below:\n\n```json\n{\n  \"version\": \"0.2.0\",\n  \"configurations\": [\n    {\n      \"type\": \"chrome\",\n      \"request\": \"launch\",\n      \"name\": \"Launch Chrome against localhost\",\n      \"url\": \"http://localhost:3000\",\n      \"webRoot\": \"${workspaceFolder}\",\n      \"runtimeExecutable\": \"/usr/bin/chromium-browser\"\n    }\n  ]\n}\n```\n\n## Installing and Enabling Themes\n\n**The instructions for enabling and installing themes are derived from https://ubuntuhandbook.org/index.php/2022/05/install-themes-ubuntu-22-04/ and are current as of 2024-06-22**\n\nWe need to first install shell extensions and an extension manager:\n\n```bash\n sudo apt install gnome-shell-extensions\n sudo apt install gnome-shell-extension-manager\n ```\n\nNext, open the **Extension Manager** app and navigate to **Browse**. Select **Install** next to the \"User Themes\" list item. Wait for this to finish and then close the Extension Manager app.\n\nSome themes are available in the central repos. For instance, to install the excellent Arc theme, simply run `sudo apt install arc-theme`. \"Arc-Dark\" is then available as a theme in **Gnome Tweak Tool**.\n\nMore themes are available for download on pling.com. For these, extra steps are required to install:\n\n1. Create folders for the themes and icons:\n\n```bash\nmkdir ~/.themes\nmkdir ~/.icons\n```\n\n2. Download a Gnome theme from Pling to your `Downloads` folder. (We'll use the [WhiteSur GTK theme](https://www.pling.com/p/1403328/))\n1. Extract the contents of the `.tar.xz` to the `.themes` folder\n1. Download a Gnome icon theme from Pling to your `Downloads` folder. (We'll use the [Tela Icon Theme](https://www.pling.com/p/1279924))\n1. Extract the contents of the `.tar.xz` to the `.icons` folder\n1. Open the **Tweaks Tool**\n1. Navigate to the **Apperance** tab\n1. Select \"White Sur-Dark\" under **Themes** \u003e **Applications**\n1. Select \"White Sur-Dark\" under **Themes** \u003e **Shell**\n1. Select \"Tela-dark\" under **Themes** \u003e **Icons**\n1. Close **Tweak Tool**\n\n\n## Installing Fonts\n\nInstall the **Font Manager** application:\n\n```bash\nsudo apt install font-manager\n```\n\nLet's install Red Hat's free Overpass font. It can be downloaded or cloned: https://github.com/RedHatOfficial/Overpass.\n\nOther good font replacements are:\n- [Source Sans Pro](https://github.com/adobe-fonts/source-sans)\n- [Source Code Pro](https://github.com/adobe-fonts/source-code-pro)\n- [Inconsolata](https://github.com/googlefonts/Inconsolata)\n- [Inter](https://fonts.google.com/specimen/Inter)\n\nOpen **Font Manager** and press the **+** button to add a new font. Navigate to the extracted ZIP file (or cloned git repo) and import either the OTF or TTF files, whichever you prefer.\n\nOpen **Tweak Tool** and open the **Fonts** tab. Select \"Overpass\" from the **Interface Text** drop-down list. The changes should be visible immediately.\n\n\u003e If you ever want to go back to the default interface font, it's \"Fira Sans Book\" at size 10.\n\n\u003e Some custom fonts, including \"Overpass\", may look better with **Hinting** set to \"None\".\n\n## VirtualBox\n\n1. From the desktop, select **Activities** (top-left corner of your monitor) \u003e **Pop!\\_Shop**\n1. Search for \"VirtualBox\" and install it\n\nTo allow USB pass-through to a guest OS in VirtualBox:\n\n1. Run `sudo adduser $USER vboxusers`\n1. Log out and in again\n\n\n## KVM + QEMU + VirtManager\n\n**Instructions derived from https://ubuntu.com/blog/kvm-hyphervisor?ref=itsfoss.com and https://www.youtube.com/watch?v=BgZHbCDFODk**\n\nAn alternative to VirtualBox is to use Linux's built-in Kernel Virtual Machine (KVM) plus QEMU and VirtManager for a GUI front-end.\n\n```bash\nsudo apt -y install bridge-utils cpu-checker libvirt-clients libvirt-daemon qemu qemu-kvm virt-manager\n```\n\nCheck that your processor supports virtualization:\n\n```bash\nkvm-ok\n```\n\nLook for:\n\n```\nINFO: /dev/kvm exists\nKVM acceleration can be used\n```\n\nAdd the current user to the kvm group, being sure to replace `yourusername` with your actual user name:\n\n```bash\nsudo usermod -aG libvirt yourusername\nsudo usermod -aG kvm yourusername\n```\n\nRestart your system and then run these commands:\n\n```bash\nsudo systemctl start libvirtd\nsudo systemctl enable libvirtd\n```\n\n### Create a new VM using `virt-manager`\n1. Download a [Pop!_OS ISO](https://pop.system76.com/) or the ISO of your choice\n1. Place the `.iso` file into the `/var/lib/libvirt/images` folder\n1. Open the **Virtual Machine Manager** (aka `virt-manager`)\n1. Add a new virtual machine. Note that if you get a connection error, you should reboot your machine.\n1. Select **Local install media** and then **Forward**. Step 2 of 5 appears.\n1. Select **Browse**. The ISO you copied into the `/var/lib/libvirt/images` folder should appear.\n1. Select the ISO and choose **Choose Volume**\n1. You  may need to select an operating system. if Virtual Machine Manager couldn't auto-detect one based on the ISO. In our case, if using Pop!_OS 22.04, select \"Ubuntu 22.04 LTS\"\n1. Select **Forward**\n1. Choose at least \"8192\" for memory and 2 CPUs and then select **Forward**\n1. Choose at least 25 GB of disk storage and select **Forward**\n1. Use a distinctive name for the VM, such as \"K3s-pop-os\" and select **Finish**\n1. The VM should start automatically. Go through the VM setup process.\n\nRun `sudo apt update \u0026\u0026 sudo apt upgrade -y` after OS configuration.\n\n### Taking VM snapshots in `virt-manager`\n\nSnapshots can be taken in `virt-manager` just like in Virtual Box. You must navigate into the VM window (not the Virtual Machine Manager window) and select the **Manage VM Snapshots** icon at the far right of the toolbar.\n\n## Set up and connect to MySQL Server running in Docker\n\n**Instructions derived from https://hub.docker.com/_/mysql using MySQL 8.3.0 and are current as of 2024-03-11**\n\nOne can run MySQL Server in a Docker container rather than installing MySQL locally. Start a MySQL Docker container by running the following two commands:\n\n```bash\ndocker network create -d bridge my-bridge-network\ndocker run --network my-bridge-network -p 3306:3306 --name go-test-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:latest\n```\n\n\u003e The `-p 3306:3306` is what allows you to connect to this MySQL container from the host system, such as what you might do when developing an app.\n\nNext, start a _second_ MySQL container that connects to the first:\n\n```bash\ndocker run -it --network my-bridge-network --rm mysql mysql -hgo-test-mysql -uroot -pmy-secret-pw\n```\n\nYou should now see a `mysql\u003e` prompt. Type `exit` to return to the terminal. Exiting destroys this second container, so to get another MySQL prompt you will need to re-run the above command. This is a nice way to query the MySQL database without needing to install MySQL command line tools.\n\nAn empty database server is probably not that handy. To load a `.sql` database into the first MySQL container, named `go-test-mysql` in the commands above, you can issue the command below. Replace the `/home/your-username/databases/data.sql` path with an actual path to a `.sql` file on your file system.\n\n```bash\ndocker exec -i go-test-mysql sh -c 'exec mysql -uroot -p\"my-secret-pw\"' \u003c /home/your-username/databases/data.sql\n```\n\nNow run the second Docker container again using the same command as before:\n\n```bash\ndocker run -it --network my-bridge-network --rm mysql mysql -hgo-test-mysql -uroot -pmy-secret-pw\n```\n\nYou should once again see a `mysql\u003e` prompt.\n\n1. Enter `SELECT DATABASE();` to see what database(s) are in your server.\n1. Enter `use yourdatabasename` to open a database from the list, replacing `yourdatabasename` with the name of one of the databases listed in the output of the previous step.\n1. Enter `SHOW TABLES();` to see what tables exist in this database.\n\nYou can now run `SELECT` and other queries against the database. Be sure to end all of your commands with a `;`.\n\nHere's an example of how you can connect to this database and test the connection in a simple GoLang app:\n\n```golang\npackage main\n\nimport (\n\t\"database/sql\"\n\t\"fmt\"\n\t\"log\"\n\n\t\"github.com/go-sql-driver/mysql\"\n)\n\nvar db *sql.DB\n\nfunc main() {\n\tdsn := mysql.Config{\n\t\tUser:   \"root\",\n\t\tPasswd: \"my-secret-pw\",\n\t\tNet:    \"tcp\",\n\t\tAddr:   \"127.0.0.1:3306\",\n\t\tDBName: \"yourdatabasename\",\n\t}\n\n\tvar err error\n\tdb, err = sql.Open(\"mysql\", dsn.FormatDSN())\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\tdefer db.Close()\n\n\tpingErr := db.Ping()\n\tif pingErr != nil {\n\t\tlog.Fatal(pingErr)\n\t} else {\n\t\tfmt.Println(\"Connected!\")\n\t}\n}\n```\n\n## Set up and connect to MariaDB Server running in Docker\n\n**Instructions derived from https://hub.docker.com/_/mariadb using MariaDB 11.4.1 and are current as of 2024-03-11**\n\nOne can run MariaDB in a Docker container rather than installing MariaDB locally. Start a Maria Docker container by running the following two commands:\n\n```bash\ndocker network inspect my-bridge-network \u003e/dev/null 2\u003e\u00261 || docker network create --driver bridge my-bridge-network\ndocker run --detach --name some-mariadb --network my-bridge-network -p 3306:3306 --env MARIADB_ROOT_PASSWORD=my-secret-pw  mariadb:latest\n```\n\n\u003e The `-p 3306:3306` is what allows you to connect to this MariaDB container from the host system, such as what you might do when developing an app.\n\nNext, start a _second_ MariaDB container that connects to the first:\n\n```bash\ndocker run -it --network my-bridge-network --rm mariadb mariadb -hsome-mariadb -uroot -pmy-secret-pw\n```\n\nYou should now see a `MariaDB [(none)]\u003e` prompt. Type `\\s` and press **Enter** to verify success. Type `exit` to return to the terminal.\n\n## Set up and connect to PostgreSQL Server running in Docker\n\nOne can run PostgreSQL in a Docker container rather than installing locally. Start a PostgreSQL Docker container by running the following two commands:\n\n```bash\ndocker network inspect my-bridge-network \u003e/dev/null 2\u003e\u00261 || docker network create --driver bridge my-bridge-network\ndocker run --detach --name postgres --network my-bridge-network -p 5432:5432 --env POSTGRES_PASSWORD=my-secret-pw postgres:latest\n```\n\n\u003e The `-p 5432:5432` is what allows you to connect to this PostgreSQL container from the host system, such as what you might do when developing an app.\n\nNext, start a _second_ PostgreSQL container that connects to the first:\n\n```bash\ndocker run -it --network my-bridge-network --rm --name second-postgres postgres psql -U postgres\n```\n\nYou should now see a `postgres=#` prompt. Type `SELECT table_name FROM information_schema.tables;` and press **Enter** to verify success. Type `q` to exit the table list view. \n\n\n## Resolve Bluetooth issues\n\nThis section is if you're having trouble pairing Bluetooth devices. Edit this file first:\n\n```sh\nsudo nano /etc/bluetooth/main.conf\n```\n\nFind the line `#ControllerMode = dual`. Uncomment and replace `dual` with `bredr`. This is a mode that has higher compatibility with more devices.\n\nSave the file and exit.\n\nApply the changes:\n\n```sh\nsudo service bluetooth restart\n```\n\nYou can scan for Bluetooth devices by running this command:\n\n```sh\nbluetoothctl scan on\n```\n\nAnd you can pair with a device by its address:\n\n```sh\nbluetoothctl pair [device address]\n```\n\n## Configure a hardware security key\n\n**Instructions derived from https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F on 2024-06-24**\n\nLet's install some needed packages:\n\n```bash\nsudo apt install libpam-u2f libu2f-udev libpam-yubico yubikey-manager\n```\n\nPlug in your USB key and run this command:\n\n```bash\nykman list --serials\n```\n\nIf a serial number was displayed then the key software is working correctly and has detected and identified your key.\n\nNow run the following command, replacing `12345` with the serial number from the last command's output.\n\n```bash\nykman --device 12345\n```\n\nYou should see output similar to the following:\n\n```\nDevice type: [Type of key you have]\nSerial number: 12345\nFirmware version: x.x.x\nForm factor: Keychain (USB-x)\nEnabled USB interfaces: ...\n...\n```\n\nWe can now proceed that we know everything is working.\n\nIt's a good idea to set a FIDO PIN for your hardware security keys. PINs are optional but recommended in the event the keys are stolen. Some websites will require the use of the PIN to use the key but others may not. Unlike a password, however, the PIN stays on your key and is not transmitted to the website or web service.\n\n\u003e Warning: With YubiKeys, 8 failed PIN attempts will erase the key, so be warned if you set a PIN. Have backups and memorize your PIN code.\n\n\u003e PINs can include letters and other characters, not just numbers. The max length of a PIN for YubiKeys is quite large, around 256 characters total.\n\n\u003e Warning: If you already have a PIN and you change it, it will erase all access credentials previously stored on the key. Do not change the PIN without considering this first!\n\nIssue this command to set a PIN for the first time:\n\n```bash\nykman fido access change-pin\n```\n\nOr this command to change a PIN:\n\n```bash\n$ ykman fido access change-pin --pin 123456 --new-pin 456789\n```\n\nNow let's move on to registering the key with the OS. First execute another command to create a special folder:\n\n```bash\nmkdir -p ~/.config/Yubico\n```\n\n\u003e The -p flag in `mkdir` signals to create the parent folder if it doesn't already exist.\n\nNow insert your hardware security key and run the following command:\n\n```bash\npamu2fcfg \u003e ~/.config/Yubico/u2f_keys\n```\n\nTouch the key (e.g. if you have a YubiKey with this feature) and the command should finish.\n\nFor your second, backup key, you will remove the first key and insert the backup. Now run this __different__ command (not the previous command).\n\n```bash\npamu2fcfg -n \u003e\u003e ~/.config/Yubico/u2f_keys\n```\n\nAgain, touch the key (e.g. if you have a YubiKey with this feature) and the command should finish. Both primary and secondary keys are now configured in Linux.\n\nWe can optionally move the file to a safer location, one that requires `sudo` to modify. This is more secuire than the home directory.\n\n```bash\nsudo mkdir /etc/Yubico\nsudo mv  ~/.config/Yubico/u2f_keys /etc/Yubico/u2f_keys\n```\n\nYour key is now setup such that you can require it's use for `sudo` access, LUKS, GDM, TTY, SSH access, and more.\n\n### Install YubiKey Manager (GUI)\n\n**Instructions derived from https://support.yubico.com/hc/en-us/articles/360016649039-Installing-Yubico-Software-on-Linux on 2024-06-26**\n\nIf using YubiKeys, you can install a GUI app to manage your keys.\n\n![YubiKey Manager running in Pop!_OS 22.04](images/screenshot02.png \"YubiKey Manager running in Pop!_OS 22.04\")\n\nMake sure `pcscd` is installed and running before starting the GUI app. To install `pcscd`:\n\n```bash\nsudo apt install pcscd\n```\n\nTo check if `pcscd` is already running:\n\n```bash\nsudo systemctl status pcscd\n```\n\nTo start `pcscd` if it's not already running, run this command:\n\n```bash\nsudo systemctl enable --now pcscd\n```\n\nWith `pcscd` installed and running we can now install the YubiKey Manager (GUI) app:\n\n1. Download the [YubiKey Manager (GUI) AppImage](https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-linux.AppImage).\n1. Run `chmod a+x yubikey-manager-qt-1.2.5-linux.AppImage` in a terminal.\n1. Run `./yubikey-manager-qt-1.2.5-linux.AppImage` in a terminal to start the app.\n\n\u003e Warning: If you already have a FIDO PIN and you change it, it will erase all access credentials previously stored on the key. Do not change the FIDO PIN without considering this first!\n\n## Install and Configure USBGuard\n\nUSBGuard enables you to block USB device access. This is useful for protecting against rogue USB devices (think \"BadUSB\") by implementing a USB blocklist and USB device policy.\n\n\u003e Warning: Installing USBGuard using the steps below will create a policy that allows only currently-connected USB devices to be usable on the next boot. You can and should review this policy right after installation to ensure you can continue to use your PC. For instance, if you use hardware security keys to login, and they were not inserted at the time of USBGuard's installation, you could be locked out of your system permanently. Be cautious.\n\nLet's install some packages:\n\n```bash\nsudo apt install usbguard usbutils udisks2 usbview\n```\n\nYou can graphically view USB devices by running one of the packages we just installed:\n\n```bash\nsudo usbview\n```\n\nOr through either of these terminal commands:\n\n```bash\nlsusb\nusb-devices | less\n```\n\nLet's next start and stop the service to generate the necessary configuration files:\n\n```bash\nsudo systemctl enable usbguard.service --now\nsudo systemctl start usbguard.service\nsudo systemctl stop usbguard.service\n```\n\nNow let's modify these configuration files. Open a root terminal and navigate to the `usbguard` directory:\n\n```bash\nsudo -i\ncd /etc/usbguard\nls -laF\n```\n\n```\ntotal 36\ndrwxr-xr-x   3 root root  4096 Jun 27 08:36 ./\ndrwxr-xr-x 149 root root 12288 Jun 27 08:36 ../\ndrwxr-xr-x   2 root root  4096 Jun 25 19:09 IPCAccessControl.d/\n-rw-------   1 root root  4535 Jun 27 08:36 rules.conf\n-rw-------   1 root root  6653 Apr 13  2022 usbguard-daemon.conf\n```\n\nLet's look at the policy:\n\n```bash\nsudo grep -vE '^#|^$' /etc/usbguard/usbguard-daemon.conf\n```\n\n```ini\nRuleFile=/etc/usbguard/rules.conf\nImplicitPolicyTarget=block\nPresentDevicePolicy=apply-policy\nPresentControllerPolicy=keep\nInsertedDevicePolicy=apply-policy\nAuthorizedDefault=none\nRestoreControllerDeviceState=false\nDeviceManagerBackend=uevent\nIPCAllowedUsers=root\nIPCAllowedGroups=root plugdev\nIPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/\nDeviceRulesWithPort=false\nAuditBackend=FileAudit\nAuditFilePath=/var/log/usbguard/usbguard-audit.log\nHidePII=false\n```\n\nSee `ImplicitPolicyTarget=block` on line 2. This line tells the daemon how to treat USB devices that fail to match a rule in the policy. Allowed values are `allow`, `block` or `reject`. A policy of `reject` logically removes the device node from the system.\n\nSee `PresentDevicePolicy` on line 3. This line tells the daemon how to treat USB devices that are already connected when the daemon starts. Allowed values are `allow`, `block`, `reject`, `keep` (this maintains the state the device is in) or `apply-policy`. The `apply-policy` default simply means to apply the rules to each USB device.\n\nLet's look at the default policy that was created when we started and then stopped the daemon:\n\n```bash\nsudo nano /etc/usbguard/rules.conf\n```\n\nYou should see that all currently connected devices are listed with `allow` as the permission.\n\nNow let's start the daemon and check to see if it's working:\n\n\n```bash\nsudo systemctl restart usbguard.service\nsudo systemctl status usbguard.service\nsudo usbguard list-rules\n```\n\nYou can list all USB devices recognized by the daemon:\n\n```bash\nsudo usbguard list-devices\n```\n\nYou can verify it's working by plugging in a USB device and running:\n\n```bash\nlsusb\n```\n\nLook for the USB device in the list. It should appear, but it shouldn't work - that is, if you plugged in a USB thumb drive, it shouldn't appear as new storage. Let's confirm by running this command:\n\n```bash\nsudo dmesg | grep -i 'authorized'\n```\n\nIf you see the following message or type of message then USBGuard successfully blocked the device:\n\n```\n[xxxxx.xxxxxx] usb x-x.x: Device is not authorized for usage\n```\n\nLet's authorize the device. We first need to find the device id and serial number. Run this command to list all the blocked devices:\n\n```bash\nsudo usbguard list-devices -b\n```\n\nNote the device ID and serial number. You will need these values. Then run the command below. Before doing so, replace the `1234:5678` and `ABCDEF` with the values outputted from the `sudo usbguard list-devices -b` command. Executing this command permanently updates the `rules.conf` with an `allow` rule for that device.\n\n\u003e The `-p` flag is for permanent; leaving it off the command would make this a temporary rule that would not persist across a reboot.\n\n```bash\nsudo usbguard allow-device '1234:5678 serial \"ABCDEF\"' -p\n```\n\n\n\nRestart the USBGuard service:\n\n```bash\nsudo systemctl restart usbguard.service\n```\n\nWith your device still plugged in, run:\n\n```bash\nsudo usbguard list-devices -b\n```\n\nIf your device does not appear in the list of blocked devices then you've successfully whitelisted it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferik1066%2Fpop-os-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferik1066%2Fpop-os-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferik1066%2Fpop-os-setup/lists"}