KNEL-bizopprodplan/Systems/Admin-RandD/EngWorkstationBuildGuide.md

TSYS Group - IT Documentation - R&D - Workstation Build Guide

• TSYS Group - IT Documentation - R&D - Workstation Build Guide
  • Introduction
  • Workstation details - RPI4 8Gb
    • Out of box tweaks and basic setup
    • Software Packages To Install
      • magic mouse 2 driver
      • Nodejs
      • Rust
      • go
      • mdbook
      • Recoll (local search)
      • Bitwarden CLI
      • Krita
      • Backslide
      • Docker
      • RedNotebook (install from source, it just runs in place)
      • OpenWebRx
      • csv2md
      • helm
      • kubectl / k3s
      • docker
      • docker-compose
      • metasploit
      • scap workbench
      • Bitscope
      • docker based dev environment/pipeline
      • Mainline repo packages
    • Configuration Tweaks
      • chrome setup
      • passwords/bitwarden
      • web apps
      • zsh
      • konsole setup
      • xfce tweaks
      • VsCode
    • CTO Stuff
      • Upstream vendor software to checkout
        • Projects
        • Special considerations for upstream
  • Workstation details - x86-64 vm
  • Workstation details - iPAD
    • Remaining projects
      • SSH / GPT private key HSM
      • TurboVNC (3d accelerated) on rpi as client
      • Select an Investigative notebook
      • Research source material organization
      • activitywatch
      • Get photo processing workflow setup
      • switch mail from (just) thunderbird to thunderbird/(neo)mutt/notmuch/task warrior

Introduction

In 01/2021 , Charles purchased a Raspberry Pi 4 as his daily driver with the intent of evaluating it for use as the standard issue equipment for TSYS personnel. This document is the results of his experiments with it from 01/2021 to (as of time of writing) August 1st 2021.

Charles is the founder, CEO and acting CTO of TSYS Group. In his role, he does everything from business ops, to system administration to software/hardware engineering tasks. As such he was best positioned to evaluate the rPI for all workloads.

The RPi4 has been approved as one of the standard/supported workstation for TSYS personnel across all teams/products.

The software mentioned in this document is a long list, reflecting the myriad of tasks/projects Charles may engage with on a daily basis. Most likely, you'll only need a subset of these tools, don't despair! Feel free to install all of them or a subset as you wish based on your mission objectives.

We hope this document is useful to everyone at TSYS who wants to maximize their productivity. TSYS fully supports Debian/Ubuntu GNU Linux for workstation use, both on rPI4 and x86 virtual/physical systems.

We do occasionally test Mac OSX and Windows 10, but they aren't officially supported.

Our experiments and daily use show that 85% or more of TSYS daily driver/workstation use (email/coding/research/browsing/document creation/discord/media editing/etc) can be done on an rPI4.

The few gaps can be done via an RDP session to an x86 system for the few things that have x86 dependencies or need 64bit os (64bit on pi isn't yet fully ready in our opinion as of August 2021).

Charles Workstation details - RPI4 8Gb

• Operating System: RaspberryPi Os
• Hardware:
  • Raspberry Pi 4 with 8gb RAM
  • Accessories :
    • Case : Argone One case https://www.argon40.com/argon-one-m-2-case-for-raspberry-pi-4.html
    • Monitors: Dual Dell 24" monitors (IPS) https://www.dell.com/support/home/en-us/product-support/product/dell-st2421l/overview0
    • Chair: Ikea MARKUS Office Chair: https://www.ikea.com/us/en/p/markus-office-chair-vissle-dark-gray-90289172/
    • Keyboard: Matias Backlight Keyboard https://www.matias.ca/aluminum/backlit/
    • Mouse: Apple Magic Mouse 2 Black
    • Tablet: iPad Mini 5th Gen (see iPAD section for more)
    • Headphones: JBL Over Ear (https://www.jbl.com.au/TUNE750BTNC.html)
    • Tp-link 7 port USB 3.0 Powered Hub (for plugging in thumb drives, data acquisition devices / other random usb bits) https://www.tp-link.com/us/home-networking/usb-hub/uh700/
    • IOGear card reader https://www.iogear.com/product/GFR281/
    • Security Dongle: Yubikey 4 OTP+U2F+CCID

Out of box tweaks and basic setup

1. Put Rasberry Pi 4 into Argone One Case (running it without case will cause it to overheat quickly)
2. Flash latest stable Raspbian 32bit to SD card and boot pi
3. connect usb keyboard and mouse
4. Run through first boot setup wizard
5. Setup pin+yubi long string for password for the pi user
6. Connect to wifi
7. Pair and trust Matias Backlight Keyboard
8. Pair and trust Apple Magic Mouse
9. fix date/time via ntpdate (ntpdate 10.251.37.5)
10. apt-get update ; apt-get -y full-upgrade
11. add vi mode to /etc/profile (heathens by default!)
12. clone dotfiles repo
13. enable i2c access via raspi-config
14. setup fan daemon https://gitlab.com/DarkElvenAngel/argononed.git
15. setup virtual desktops

• Desktop 1: Browsing/Editing/Shell (chrome / VsCode / Konsole / Remmina )
• Desktop 2: Comms (discourse/discord/irc etc/thunderbird/mutt)
• Desktop 3: Long Running: (calibre/recol/etc)

14. (coming soon) run curl htp://dl.turnsys.net/buildFullWorkstation.sh

Software Packages To Install

magic mouse 2 driver

https://github.com/rohitpid/Linux-Magic-Trackpad-2-Driver

Nodejs

curl -sL https://deb.nodesource.com/setup_15.x | sudo -E bash -
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sud apt-get -y install nodejs
sudo apt-get update && sudo apt-get install yarn

Rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

go

https://pimylifeup.com/raspberry-pi-golang/

mdbook

cargo install mdbook

Recoll (local search)

cat recoll-rbuster.list 
deb [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main
deb-src [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main

Bitwarden CLI

sudo npm install -g @bitwarden/cli

Krita

sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
sudo flatpak -y install flathub org.kde.krita

Backslide

sudo npm install -g backslide
sudo npm i -g decktape
sudo add chrome-aws-lambda

RedNotebook (install from source, it just runs in place)

https://rednotebook.sourceforge.io/downloads.html https://www.linuxlinks.com/raspberry-pi-4-chronicling-desktop-experience-dear-diary/

OpenWebRx

on pi:

wget -O - https://repo.openwebrx.de/debian/key.gpg.txt | apt-key add echo "deb https://repo.openwebrx.de/debian/ buster main" > /etc/apt/sources.list.d/openwebrx.list apt-get update apt-get install openwebrx

or (on x86)

wget -O - https://repo.openwebrx.de/debian/key.gpg.txt | apt-key add echo "deb https://repo.openwebrx.de/ubuntu/ hirsute main" > /etc/apt/sources.list.d/openwebrx.list apt-get update apt-get install openwebrx

csv2md

npm install -g csv2md

metasploit

git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
sudo gem install wirble sqlite3 bundler nokogiri bundle
bundle install

scap workbench

Follow the readme

Bitscope

on pi

wget http://bitscope.com/download/files/bitscope-dso_2.8.FE22H_armhf.deb
wget http://bitscope.com/download/files/bitscope-logic_1.2.FC20C_armhf.deb
wget http://bitscope.com/download/files/bitscope-meter_2.0.FK22G_armhf.deb
wget http://bitscope.com/download/files/bitscope-chart_2.0.FK22M_armhf.deb
wget http://bitscope.com/download/files/bitscope-proto_0.9.FG13B_armhf.deb
wget http://bitscope.com/download/files/bitscope-console_1.0.FK29A_armhf.deb
wget http://bitscope.com/download/files/bitscope-display_1.0.EC17A_armhf.deb
wget http://bitscope.com/download/files/bitscope-server_1.0.FK26A_armhf.deb

sudo dpkg -i *.deb
sudo apt-get -y -f install

on x86

TBD

docker based dev environment/pipeline

docker

curl -sSL https://get.docker.com | sh

helm

sudo snap install helm --classic

kubectl / k3s

    curl -sfL https://get.k3s.io | sh -

docker-compose

Todo

• local k0s (for gitops testing)
• (container) local docker reg
• (container) local jenkins
• (container) local all the apps for developing

Mainline repo packages

apt-get -y install \
kicad librecad freecad gimp blender shellcheck jq net-tools\
ruby-full offlineimap zsh vim thunderbird enigmail highlight\
kleopatra zsh-autosuggestions zsh-syntax-highlighting screen \
mtr cifs-utils grass cubicsdr arduino jupyter-notebook \
dia basket vym code wings3d flatpak wireguard gnuplot \
pandoc python3-blockdiag  texlive-fonts-extra clang \
spice-client-gtk spice-html5 virt-viewer gnome-system-monitor \
glances htop dstat apt-file kleopatra konsole telnet clang \
ripgrep recoll poppler-utils  abiword wv antiword  unrtf  \
libimage-exiftool-perl xsltproc davmail kphotoalbum opensc \
yubikey-manager yubikey-personalization yubikey-personalization-gui \
openshot kdenlive pitivi inkscape scribus scdaemon seafile-gui qgis \
octave nodejs libreoffice calligra netbeans sigrok \
nodejs audacity wireshark nmap tcpdump ndiff etherape ghostscript \
lepton-eda ngspice graphicsmagick codeblocks scilab calibre paraview \
gnuradio build-essential libimobiledevice-utils libimobiledevice-dev \
libgpod-dev python3-numpy python3-pandas python3-matplotlib \
curl git make binutils bison gcc build-essential openjdk-11-jre-headless \
debootstrap cutecom minicom ser2net conman xsane gocr  tesseract-ocr \
fonts-powerline build-essential zlib1g zlib1g-dev libxml2 libxml2-dev \
libxslt-dev locate libreadline6-dev libcurl4-openssl-dev git-core libssl-dev \
libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget postgresql \
postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev ruby-dev \
openvas git-core postgresql curl nmap gem libsqlite3-dev cmake ninja-build libopenscap-dev \
qt5-default libqt5widgets5 libqt5widgets5 libqwt-headers libqt5xmlpatterns5-dev asciidoc \
lmms virt-manager gqrx-sdr multimon-ng rtl-sdr fldigi grads cdo xygrib xygrib-maps evince \
openwebrx xscreensaver blueman bluetooth pulseaudio-module-bluetooth blueman texlive-fonts-extra \
texlive-fonts-recommended 

Configuration Tweaks

zsh

• Use oh-my-zsh
• Use powerlevel10k

konsole setup

• settings -> edit current profile ->

  • apperance (set to dark pastels)
  • font (set to noto mono)
  • mouse
    • copy/paste
      • copy on select
      • paste from clipboard (default is paste from selection)
      • un-set copy text as html

• settings - configure shortcuts

  • next tab ctrl+tab
  • previous ctrl+shift+tab

xfce tweaks

• Set focus follows mouse (settings/window manager/focus)
• (dark mode)? (only works for gtk apps)
• need to set other apps individually to dark mode

VsCode

fenix appears to include it in the default image, but it doesn't launch from the menu and shell says code not found. Search for code and it will pull up an entry with VsCode logo labeled as Text Editor. Use that.

to see how I set it up VsCode for a myriad of tasks, see the VsCode guide for tsys at:

https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/src/Systems/Admin-RandD/TSYS-DevEnv-VsCode.md

CTO Stuff

mbed studio

eclipse

android studio

dbeaver

postman

sweethome3d

ghidra

Upstream vendor software to checkout

This is a massive work in progress , is mostly for Charles own notes only, really only applicable for large upstream packages that TSYS needs to support long term/sync regularly with upstream, or part of a broader protfolio initiative etc.

Unless you have been specfically directed todo so in your roject readme, you don't need todo the below. In almost all cases , the work below is abstracted for/from you into our artifact repository and build process.

Projects

• openwrt
• openmct
• raspi kernel
• FreeRTOS
• freedombox
• serval
• genode
• balena

Special considerations for upstream

Workstation details - iPAD

• Operating System: iPAD OS
• Hardware: iPAD Mini 5th Generation
• Accessories:
  • Lightining to USB3
  • Lightining to HDMI
  • I use same KB/Mouse that I do with the rPI
• Key Applications
  • Working Copy
  • Buffer Text Editor
  • Blink.sh
  • Jump remote Desktop
  • GitJournal
  • Microsoft Todo
  • Neat
  • Discourse
  • FreeScout
  • ErpNext

Remaining projects

These items remain todo and document. They are listed in decreasing order of importance.

SSH / GPT private key HSM

• kleopatra

  • yubikey ssh key
  • yubikey gpg key

  (not strictly related but in same family)

  • xca (build from source)

TurboVNC (3d accelerated) on rpi as client

Select an Investigative notebook

• https://github.com/kpcyrd/sn0int
• https://www.spiderfoot.net/
• https://github.com/smicallef/spiderfoot?ref=d
• modelio https://www.modelio.org/
• https://gephi.org/

Research source material organization

• zotero
• docear https://opensource.com/life/16/8/organize-your-scholarly-research-docear

activitywatch

Effortless self instrumentation. Performed initial attempts/exploration. It builds (I think)

Get photo processing workflow setup

• currently exploring kphotoablbum
• Browser based Sharing / browsing via Photoprism (or perhaps piwgio ultimately, with photoprism as part of a processing work flow)?
• need something to sync to "cloud" with auto capture from phone
• reference material:
  • https://photoprism.app/
  • https://kn100.me/declouding-replacing-google-photos-part-1/
  • https://willem.com/blog/2020-08-31_free-from-the-icloud-escaping-apple-photos/

switch mail from (just) thunderbird to thunderbird/(neo)mutt/notmuch/task warrior

This has been an ongoing on-again/off-again adventure....