Charles Workstation Build Guide

The dotfiles of a 20+ year IT professional turned (reachable) CEO of an emerging conglomerate . The mind of a madman! # New build guide for charles workstation

• Charles Workstation Build Guide
  • Introduction
  • Workstation details - RPI4 8Gb
    • Out of box tweaks and basic setup
    • Virtual Workspace Details
    • Repositories to add
    • Packages to install
      • (almost!) All the packages
      • General packages for the modern knowledge worker who is tech/security savvy
      • R&d/creative workstation packages
      • Full text search packages
      • Document production packages
    • chrome
    • passwords/bitwarden
    • web apps
    • zsh
    • konsole setup
    • xfce tweaks
    • bluetooth issues
    • More advanced customization and configuration required
      • VsCode
      • Activity Tracking/Self Instrumentation
      • Email
      • Security
      • Other programs
    • CIO/CISO Stuff
      • CA
      • Security Review
    • CTO Stuff
      • docker based dev environment/pipeline
      • Vendor/Supply chain/depdency development
      • SDLC
      • Tooling development
      • Misc
  • Workstation details - x86-64 vm
    • VM Specifications

Introduction

In 01/2021 , I purchased a Raspberry Pi as my daily driver. This document is my workstation manual. Prior to that, I was using an iPad Mini with external HDMI monitor as a daily driver (with rdp to an x86 vm). I did that for about 1.5 years. Then I wanted dual monitors again and the rpi ecosystem had matured enough to use as a daily driver.

I am the founder and CEO of TSYS Group. In my role, I"ve done everything from business ops, to system administration to software/hardware engineering tasks.

The software mentioned here is a long list, reflecting the myriad of tasks/projects I may engage with on a daily basis.

You'll only need a subset of these tools, don't despair!

I hope this document is useful to everyone at TSYS who wants to maximize their productivity. We support Linux/OSX/Windows 10 for workstation use and these programs should work on all three platforms (for the most part). I hope it's also useful to other founders and hackers who have many passions/interests and want to do it all. Now you can!

I have written this document over several weeks, and I keep it open at all times. This allows for very low latency / overhead recording of moves/adds/changes as I go about my day.

Workstation details - RPI4 8Gb

Quick note, 85% or more of my daily driver/workstation use (email/coding/research/browsing/document creation/discord/media editing/etc) is on a raspi4. The rest is done via an RDP session to an x86 vm for the few things that have x86 dependencies or need 64bit os (64bit on pi isn't yet fully ready in my opinion).

I detail the vm setup later in the document in the section: Workstation details - x86 vm.

• Operating System: Fenix Linux
• Hardware:
  • Raspberry Pi 4 with 8gb RAM
  • Case : Argone case/fan/PCB
  • Monitors: Dual Dell 24" monitors (IPS)
  • Chair: Ikea MARKUS Office Chair: https://www.ikea.com/us/en/p/markus-office-chair-vissle-dark-gray-90289172/
  • Accessories :
    • Belkin Powered USB Hub (for plugging in thumb drives, data acquisition devices / other random usb bits)
    • IOGear card reader
    • Security Dongle: Yubikey 4 OTP+U2F+CCID
    • Keyboard: Matias Backlight Keyboard https://www.matias.ca/aluminum/backlit/
    • Tablet: iPad Mini 5th Gen (document on iPad setup for engineering coming soon)
    • Headphones: JBL Over Ear
    • Mouse: Apple Magic Mouse 2

Out of box tweaks and basic setup

0. connect usb keyboard and mouse , switch to the windows 10 desktop
1. Setup bluetooth keyboard
2. connect to wifi
3. fix date/time via ntpdate (ntpdate 10.251.37.5)
4. apt-get update ; apt-get -y full-upgrade
5. add vi mode to /etc/profile (heathens by default!)
6. setup password less sudo
7. clone dotfiles repo
8. enable i2c access via raspi-config
9. setup fan daemon https://gitlab.com/DarkElvenAngel/argononed.git
10. Setup pin+yubi long string for password on the no10 user
11. (later) run buildWorkstation.sh

Virtual Workspace Details

• Desktop 1: Browsing/Editing/Shell (chrome / VsCode / Konsole / Remmina )
• Desktop 2: Comms (discourse/discord/irc etc/thunderbird/mutt)
• Desktop 3: Long Running: (calibre/recol/etc)

Repositories to add

in /etc/apt/sources.list.d

cat docker.list 
deb [arch=armhf] https://download.docker.com/linux/raspbian buster stable

cat backports.list 
deb [trusted=yes] http://ftp.debian.org/debian buster-backports main

curl -sL https://deb.nodesource.com/setup_15.x | sudo -E bash -

cat yarn.list 
deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main

cat recoll-rbuster.list 
deb [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main
deb-src [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main

Packages to install

First run apt-get update to ensure you are using packages from the above repos and not the stock packages. Do any needed gpg key imports.

(almost!) All the packages

For pulling in secrets (which allows me to share my dotfiles safely):

apt-get -y install \
kicad librecad gimp blender shellcheck \
ruby-full offlineimap zsh vim thunderbird enigmail \
kleopatra zsh-autosuggestions zsh-syntax-highlighting screen \
mtr rpi-imager cifs-utils grass cubicsdr arduino jupyter-notebook \
dia basket vym code wings3d flatpak wireguard gnuplot \
pandoc python3-blockdiag  texlive-fonts-extra \
spice-client-gtk spice-html5 virt-viewer \
ripgrep recoll poppler-utils  abiword wv antiword  unrtf  \
libimage-exiftool-perl xsltproc freecad davmail kphotoalbum opensc \
yubikey-manager yubikey-personalization yubikey-personalization-gui \
openshot kdenlive pitivi inkscape scribus scdaemon seafile-gui qgis \
octave nodejs gpx2shp libreoffice calligra netbeans sigrok \
nodejs audacity wireshark nmap tcpdump zenmap etherape ghostscript \
geda ngspice graphicsmagick codeblocks scilab calibre paraview \
gnuradio build-essential libimobiledevice-utils libimobiledevice-dev \
libgpod-dev python3-numpy python3-pandas python3-matplotlib \

See below sections for things that aren't deployed via apt-get,

General packages for the modern knowledge worker who is tech/security savvy

apt-get -y install \
ruby-full offlineimap zsh vim thunderbird kleopatra zsh-autosuggestions \
zsh-syntax-highlighting screen mtr rpi-imager cifs-utils dia basket \
vym davmail kphotoalbum libreoffice calligra\
enigmail opensc scdaemon nodejs calibre wireguardi \
libimobiledevice-utils libimobiledevice-dev libgpod-dev \
yubikey-manager yubikey-personalization yubikey-personalization-gui 

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
cargo install mdbook

npm install -g @bitwarden/cli

• RedNotebook (install from source, it just runs in place)
  • https://rednotebook.sourceforge.io/downloads.html
  • https://www.linuxlinks.com/raspberry-pi-4-chronicling-desktop-experience-dear-diary/

R&d/creative workstation packages

apt-get -y install \
kicad librecad freecad qgis audacity gpsbabel arduino \
sigrok netbeans scilab blender gimp grass \
openshot kdenlive pitivi inkscape scribus build-essential \
geda ngspice gnuradio cubicsdr flatpak\
shellcheck code codeblocks scilab paraview wings3d \
python3-numpy python3-pandas python3-matplotlib \
jupyter-notebook

flatpak install flathub org.kde.krita

For using the bitscope oscilloscope

wget http://bitscope.com/download/files/bitscope-dso_2.8.FE22H_armhf.deb
wget http://bitscope.com/download/files/bitscope-logic_1.2.FC20C_armhf.deb
wget http://bitscope.com/download/files/bitscope-meter_2.0.FK22G_armhf.deb
wget http://bitscope.com/download/files/bitscope-chart_2.0.FK22M_armhf.deb
wget http://bitscope.com/download/files/bitscope-proto_0.9.FG13B_armhf.deb
wget http://bitscope.com/download/files/bitscope-console_1.0.FK29A_armhf.deb
wget http://bitscope.com/download/files/bitscope-display_1.0.EC17A_armhf.deb
wget http://bitscope.com/download/files/bitscope-server_1.0.FK26A_armhf.deb

dpkg -i *.deb
apt-get -f install
dpkg -i *.deb

Full text search packages

apt-get -y install \
ripgrep recoll poppler-utils  abiword wv antiword  \
unrtf libimage-exiftool-perl xsltproc  

Document production packages

apt-get -y install \
pandoc python3-blockdiag  texlive-fonts-extra 

chrome

1. launch chrome
2. change language to english
3. enable dark mode (https://www.pocket-lint.com/apps/news/google/149866-how-to-enable-dark-mode-for-google-chrome)
4. login to pwvault.turnsys.com and obtain google account creds
5. login to google account and enable sync
6. (optional at this time) setup any extension configuration needed that results from logging in to google account/turning on sync
7. ensure the following extensions are installed:
   1. vimium
   2. bitwarden
   3. pushover

passwords/bitwarden

1. disable chrome password saving/autofill (actually this is done via settings sync by google login) (so only need to set it if not already set in your settings)
2. set bitwarden extension to use pwvault.turnsys.com
3. login to bitwarden via extension
4. set vault to not lock ever (balance security/convenience (with locked workstation and using pin+yubi to unlock workstation)
5. set match selection to host
6. set auto fill on page load

web apps

1. login to discord.com
2. login to office.com

zsh

• Use oh-my-zsh
• Use powerlevel10k
• see the rcfiles directory for my setup. code is docs here...

konsole setup

settings -> edit current profile ->

apperance (set to breeze)

font (set to menlo for powerline)

mouse

copy/paste copy on select paste from clipboard (default is paste from selection) un-set copy text as html

settings - configure shortcuts next tab ctrl+tab previous shifttab ctrl+tab

xfce tweaks

• Set focus follows mouse (settings/window manager/focus)
• (dark mode)? (only works for gtk apps)
• need to set other apps individually to dark mode

bluetooth issues

run rpi-update or the keyboard will repeat (key stuck) frequently

More advanced customization and configuration required

VsCode

fenix appears to include it in the default image, but it doesn't launch from the menu and shell says code not found. Search for code and it will pull up an entry with VsCode logo labeled as Text Editor. Use that.

See the VsCode guide for tsys at:

https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/TSYS-DevEnv-VsCode.md

to see how I set it up VsCode for a myriad of tasks.

Activity Tracking/Self Instrumentation

• activitywatch

Email

• davmail
• offlineimap
• switch mail from (just) thunderbird to thunderbird/(neo)mutt/notmuch/task warrior

Security

• kleopatra
• jyubikey ssh key
• yubikey gpg key

Other programs

• VIM
• Seafile sync
• git optimization/hacks/cool stuff
• Make magic mouse 2 work on pi

CIO/CISO Stuff

CA

• xca (build from source)

Security Review

• scap
• stig
• report review

CTO Stuff

docker based dev environment/pipeline

• helm
  • https://helm.sh/docs/intro/install/
• kubectl
  • https://v1-18.docs.kubernetes.io/docs/tasks/tools/install-kubectl/
• docker
  • https://docs.docker.com/engine/install/debian/
• docker-compose

sudo apt-get install libffi-dev libssl-dev
sudo apt install python3-dev
sudo apt-get install -y python3 python3-pip

• k3s
  • https://blog.alexellis.io/test-drive-k3s-on-raspberry-pi/

Vendor/Supply chain/depdency development

• openwrt
• openmct
• raspi
• arduino
• freedombox
• serval
• genode

SDLC

• metasploit

Tooling development

• jupyter

Misc

• TurboVNC (3d accelerated) on rpi as client
• Select an Investigative notebook
  • https://github.com/kpcyrd/sn0int
  • https://www.spiderfoot.net/
  • https://github.com/smicallef/spiderfoot?ref=d
  • modelio https://www.modelio.org/
  • https://gephi.org/
• Research source material organization
  • zotero
  • docear https://opensource.com/life/16/8/organize-your-scholarly-research-docear
  • currently exploring darktable and kphotoablbum
• Get photo processing workflow setup
  • Browser based Sharing / browsing via Photoprism (or perhaps piwgio ultimately, with photoprism as part of a processing work flow)?
  • need something to sync to "cloud" with auto capture from phone
  • reference material:
    • https://photoprism.app/
    • https://kn100.me/declouding-replacing-google-photos-part-1/
    • https://willem.com/blog/2020-08-31_free-from-the-icloud-escaping-apple-photos/

Workstation details - x86-64 vm

Used for things that don't run on raspi:

VM Specifications

• Operating System: Ubuntu Server 20.04 with xfce/xrdp
• Hardware: KVM 4gb ram