Skip to content

Instantly share code, notes, and snippets.

@s0racat

s0racat/52unattended-upgrades-mint

Last active March 30, 2026 02:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save s0racat/6fbf8e8a808cf2c4b800d8811b38b582 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save s0racat/6fbf8e8a808cf2c4b800d8811b38b582 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu setup
Raw
52unattended-upgrades-mint
Unattended-Upgrade::Allowed-Origins {
*:*;
};
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Dpkg::Options {
"--force-confdef";
"--force-confold";
};
Raw
flatpak-qt.md 
# flatpak info org.keepassxc.KeePassXC --show-runtime
# org.kde.Platform/x86_64/5.15-25.08
# OR flatpak list --runtime --columns=application,branch | grep org.kde.Platform | cut -f2
# flatpak install --user org.kde.KStyle.Adwaita
# select runtime/org.kde.KStyle.Adwaita/x86_64/5.15-25.08
for b in $(flatpak list --runtime --columns=application,branch | awk -F'\t' '$1=="org.kde.Platform"{print $2}'); do
  flatpak install --user -y flathub org.kde.KStyle.Adwaita//$b
done
flatpak run --env=QT_STYLE_OVERRIDE=Adwaita-dark org.keepassxc.KeePassXC
Raw
ubuntu-setup.md

install required packages

https://askubuntu.com/questions/1533758/how-to-lower-priority-or-block-installation-of-all-snap-packages-through-apt

echo 'Package: //
Pin: version /snap/
Pin-Priority: -10
' | sudo tee /etc/apt/preferences.d/nosnap
sudo apt install zsh alacritty kdeconnect sway swaylock \
    ssh fcitx5 fcitx5-mozc xrdp \
    qemu-kvm libvirt-daemon-system libvirt-clients virt-manager \
    vim xdg-desktop-portal-wlr \
    systemd-zram-generator vlc flatpak vainfo \
    mesa-va-drivers libnotify-bin qt5ct qt6ct \
    picom gnome-keyring xwayland powertop mpv tlp tlp-rdw swayosd lm-sensors
sudo apt install --no-install-recommends lxqt-policykit plasma-discover-backend-flatpak gdm3
# https://qiita.com/selphie/items/ec635165cd03450792fa
mkdir ~/.config/autostart
cp /usr/share/applications/org.fcitx.Fcitx5.desktop ~/.config/autostart

firefox

https://support.mozilla.org/ja/kb/install-firefox-linux

sudo apt install firefox-l10n-ja

vivaldi

https://vivaldi.com/ja/download/

vscode

https://code.visualstudio.com/download

sysctl

curl -s https://raw.githubusercontent.com/pop-os/default-settings/refs/heads/master_noble/etc/sysctl.d/10-pop-default-settings.conf | sudo tee /etc/sysctl.d/10-pop-default-settings.conf

systemd-logind

sudo sed -i 's/#HandlePowerKey=.*/HandlePowerKey=suspend/' /etc/systemd/logind.conf

clevis

sudo apt install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools
read -s LUKSKEY
sudo clevis luks bind -d ${disk} tpm2 '{"pcr_bank":"sha256","pcr_ids":"7"}' <<< "$LUKSKEY"

systemd-cryptenroll

sudo apt install tpm2-tools # NOT dracut !!!
echo "add_dracutmodules+=\" tpm2-tss \"" | sudo tee /etc/dracut.conf.d/tpm2.conf
sudo vim /etc/crypttab
# add option 'tpm2-device=auto'
echo 'install_items+=" /etc/crypttab "' | sudo tee /etc/dracut.conf.d/crypttab.conf
sudo dracut -f
sudo systemd-cryptenroll --tpm2-device=auto /dev/nvme0n1p3

rescue

# remove 'quiet splash' from kernel cmdline
systemd-cryptsetup attach a /dev/nvme0n1p3
lvm vgchange -ay
mount /dev/vgmint/root /sysroot
exit

set gnome language

gnome-language-selector

enable screen keyboard in gdm

sudo -u gdm dbus-launch gsettings set org.gnome.desktop.a11y.applications screen-keyboard-enabled true

make /tmp tmpfs

sudo systemctl enable /usr/share/systemd/tmp.mount

sway

sudo tee /usr/local/bin/sway-run >/dev/null <<'EOF'
#!/usr/bin/env bash

if [ -e "/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh" ]; then
  . "/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"
fi

export QT_QPA_PLATFORMTHEME=qt5ct
exec sway "$@"
EOF
sudo chmod 755 /usr/local/bin/sway-run
sudo mkdir /usr/local/share/wayland-sessions
sed -e 's|^Exec=.*|Exec=/usr/local/bin/sway-run|' -e 's|^Name=.*|Name=MySway|' /usr/share/wayland-sessions/sway.desktop | sudo tee /usr/local/share/wayland-sessions/mysway.desktop

ufw

sudo ufw allow 22000/tcp # kdeconnect
sudo ufw allow 22000/udp # kdeconnect
sudo ufw allow 21027/udp # syncthing
sudo ufw allow 1714:1764/udp # kdeconnect
sudo ufw allow 1714:1764/tcp # kdeconnect
sudo ufw allow ssh
sudo ufw allow 3389 # rdp
sudo ufw route allow in on podman0 # allow FORWARD in podman0
sudo ufw allow mdns
sudo ufw reload
sudo ufw enable

firewalld

sudo apt install firewalld
sudo ufw disable
sudo firewall-cmd --remove-service=ssh --zone=public --permanent
nmcli connection modify {SSID} connection.zone home
sudo firewall-cmd --zone=home --add-service=rdp --permanent
sudo firewall-cmd --zone=home --add-service=syncthing --permanent
sudo firewall-cmd --zone=home --add-service=kdeconnect --permanent

gpg-agent-ssh

systemctl --user mask gpg-agent-ssh.socket ssh-agent.socket
sudo apt install unattended-upgrades
curl https://gist.githubusercontent.com/s0racat/6fbf8e8a808cf2c4b800d8811b38b582/raw/52unattended-upgrades-mint |\
  sudo tee /etc/apt/apt.conf.d/52unattended-upgrades-local

quickemu

sudo apt install quickemu virt-viewer

windows 11

mkdir quickemu 
cd !$
quickget windows 11 Japanese
quickemu --vm windows-11.conf --display spice-app

quickemu-project/quickemu#1475 (comment)

flatpak

export

flatpak list --app --columns=application > list.txt
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak remote-add -u --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
xargs -a list.txt flatpak install -u 
flatpak override --env=GTK_THEME=Adwaita:dark --user # set dark theme
flatpak override --user --filesystem=/nix/store:ro com.brave.Browser
flatpak update

mintupdate

sudo -E mintupdate

virt-manager

sudo gpasswd -a $USER kvm

distrobox

sudo apt install podman
mkdir ~/distrobox
distrobox assemble create --file ~/.config/distrobox/arch.ini

tailscale

https://tailscale.com/download/linux

zram

/etc/systemd/zram-generator.conf

...
[zram0]
zram-size = ram / 2

sddm switch to gdm

NixOS/nix#7068 (comment)

echo '[Users]
HideShells=/usr/bin/nologin,/sbin/nologin,/bin/false,/usr/bin/git-shell' | sudo tee /etc/sddm.conf.d/nix.conf

https://github.com/stepanzubkov/where-is-my-sddm-theme

sudo cp where_is_my_sddm_theme /usr/share/sddm/themes -r
cd /usr/share/sddm/themes/where_is_my_sddm_theme/example_configs/
cp nord.conf ../theme.conf
cd ..
sed -i 's/showSessionsByDefault=.*/showSessionsByDefault=true/' theme.conf
echo '[Theme]
Current=where_is_my_sddm_theme' | sudo tee /etc/sddm.conf.d/theme.conf

NetworkManager

echo '[connection]
wifi.powersave = 2' | sudo tee /etc/NetworkManager/conf.d/99-override-wifi-powersave.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment