ultix-sandbox
Ultix-sandbox
- Ultix-sandbox
- Introduction
- System Information - Hardware
- System Information - Configuration/Tweaks/Settings
- System Information - Software
This is an evolving "draft" post. This line will be removed when the post has been finalized. You are getting the raw drops as I create them....
Introduction
ultix-sandbox is my (@ReachableCEO) local physical system, the so called "daily driver". It is with me at all times wherever I am working from (along with my iphone/ipad).
I have one other physical system with me at all times. That is one of the Known Element Enterprises "football" systems used for accessing our privilged access workstation systems. I use it very rarely.
Intended use of the system:
- TO EXPLORE :)
- To serve as a sandbox (hence the name)
It is where all of my work starts (with the exception of enterprise IT work which is done via football). However the pre production version of that work is done on sandbox :)
I have a TON of docker images/stacks and repositories and app images and one off debs installed. This is a box to hack/play/learn/explore.
It also serves as a bit of a convenient cross over between my production work systems (ultix-tsys and ultix-offstgage).
It also serves as a kind of "enhanced" "smart cache" "thin client" to nextcloud/freshrss etc. In a pinch, if tsys or offstage are unavaliable , I can work from sandbox. In fact, I turned off tsys and offstage when I got sandbox to force me to build out a "minimum comfortable product" of a KNEL Cloud (Cloudron) thin client. Its also loaded up with way more software than even the tsys vm has.
So efforts to "document" sandbox (as opposed to tsys/offstage which are critical path and where any production work products originate) are best effort.
sandbox will also not have things like SIEM endpoints, internet proxies, anti virus, group policy, domain join etc. It will never touch ITAR or CMMC or other such systems.
It is not a "business" system. ITs my personal system.
As a freelancer and entrepenuer, thats a bit of a blurry line of course, because I'm "all business all the time" (shoutout to my 717 club members!)
One other thing is that the system is local. So, in theory, it should be lower latency? While I haven't really experienced any issues working over RDP to a remote (Windows or Linux) workstation for years, maybe I
"got used to it"? "Priced it in" Not sure? I've used the same bluetooth keyboard with the surface laptop go over RDP to a variety of systems (all in the KNEL Datacenter) and found it quite usable
(unless I had WAN circuit issues at the coffee shop etc). Also used ipad with RDP to same systems and browser (on both) to Cloudron and it all went swimmingly.
Its the one system I expect to have access to at all times and use in the shop/lab/office.
System Information - Hardware
- Lenovo IdeaPad 500 (i7 four cores)
- 16gb ram
- 1tb hard disk
- Keyboard: Logitech Wave Keys Bluetooth Keyboard
- Mouse: Microsoft Modern Mobile Mouse
- BT Headset: Sony WH-CH720N
- Monitors: Dell 24" IPS
- Dock: Lenovo Dock
- USB Accessories
- YubiKey 4 (4.3.4) [OTP+FIDO+CCID]
- Security Key NFC (5.4.3) [FIDO]
- StreamDeck
- Logitech Web Cam
- USB Accessories
System Information - Configuration/Tweaks/Settings
Apt repositories
❯ pwd
/etc/apt/sources.list.d
❯ ls -1
antigravity.list
asbru-cm-release.list
azure-cli.sources
charm.list
docker.sources
element-io.list
google-cloud-sdk.list
helm-stable-debian.list
nodesource.list
qownnotes.list
spotify.list
synaptics.list
tailscale.list
vscode.sources
zotero.list
Fonts
For now I'm using MesloLGS "Nerd font". I'm sure this will change over time.
❯ pwd
/home/charles/Downloads/fonts
❯ ls -1
'MesloLGS NF Bold Italic.ttf'
'MesloLGS NF Bold.ttf'
'MesloLGS NF Italic.ttf'
'MesloLGS NF Regular.ttf'
~/Downloads/fonts ✔ at 10:21:07 PM
Dotfiles
Source controlled via text files and address shell based things.
- chezmoi
- git repo
xfce
Not source controlled (trying to figure out how to do so...)
Set via gui "click ops" sigh..
- Changed lock , thunar and next/prev workspace shortcuts
- Added a shortcut for screenshots (super s)
- Added a shortcut for terminal (super t)
- (terminal) - Setup automatic copy on select
Shell
I use Zsh. I have for years
- Installed :
ii zsh 5.9-8+b14 amd64 shell with lots of features
ii zsh-autosuggestions 0.7.1-1 all Fish-like fast/unobtrusive autosuggestions for zsh
ii zsh-common 5.9-8 all architecture independent files for Zsh
ii zsh-syntax-highlighting 0.8.0-2 all Fish shell like syntax highlighting for zsh
Also grabbed oh-my-zsh and powerlevel10k
fzf/ripgrep and various other utilties support day to day operations.
I use the shell in VsCode more and more vs in xfce4-terminal (but hitting that super+t button is just so convenient). And I'm exploring a drop down shell as well...
VsCode
This really needs its own blog post. I'm only covering terminal related tweaks here.
- Terminal COPY ON SELECT!
Drivers
- Multiple Monitors (Displaylink Debian)
https://github.com/AdnanHodzic/displaylink-debian?tab=readme-ov-file
System Information - Software
Communications
- Sengi
- Thunderbird
- Chat Alt (google chat)
- Discord
- Element
Sometimes I open up all the apps, sometimes I run everything from Firefox (except e-mail, that's always in Thunderbird)(I have about a dozen mailboxes I need to monitor). Webmail for that doesn't work.
I do enjoy using Roundcube rule manager though.
Engineering / scientific
- openvsp
- scliab
- onelab
Statistics
- jamovi
Data/information management
- Qownnotes (done via apt repo)
- Docear
- Freemind
- Zotero
(related to Zotero...) https://juris-m.github.io/
ventoy
Ventoy on Linux is a bit different than ventoy on Windows. A web interface....?
❯ pwd
/home/charles/bin/ventoy-1.1.10
❯ ls
boot ExtendPersistentImg.sh README ventoy VentoyGUI.aarch64 VentoyGUI.mips64el VentoyPlugson.sh VentoyWeb.sh
CreatePersistentImg.sh plugin tool Ventoy2Disk.sh VentoyGUI.i386 VentoyGUI.x86_64 VentoyVlnk.sh WebUI
~/bin/ventoy-1.1.10 ✔ at 09:00:06 PM
I have yet to confirm functionality , but I would hope something made to make the use of Linux live isos easier would, you know, have first party Linux support.... :)
raspberrypi imager
An easy dpkg -i after grabbing the deb from https://github.com/raspberrypi/rpi-imager/releases/tag/v2.0.3
YubiKey tools
A simple:
apt-get install yubikey-manager yubikeymanager-qt
Got me the cli/GUI.
screenshot management
Well I'm happy to see flameshot is available on linux as well:
apt install flameshot
and away we go!
Backup of iphone/ipad
I never actually did this under Windows. Last time I did (local) backups of iphone/iPad was on a raspberry pi 4 (or so) when I ran that as a daily driver in 2019.
Currently I have:
apt-get install libimobiledevice-1.0-6 libimobiledevice-utils
and written a couple one liners:
idevicebackup2 backup --full /home/charles/Nextcloud/CNWAppleDeviceBackups/Ipad
idevicebackup2 backup --full /home/charles/Nextcloud/CNWAppleDeviceBackups/Phone
Alas, even though I was prompted to trust the computer, no backup finished (waited multiple hours).
Its a low priority as they are thin clients to Cloudron/KNEL datacenter systems. Still, would be a massive pain to recreate the configuration/tweaks etc from scratch.
Also I need to know how to push provisoning profiles so that we have a fully FLO path (combined with nanomdm) for MDM of BYOD down the line.
Yes... I realize that iPhone is NOT FLO. At this time, it's the best option to support folks who want to be part of the TSYS mission while mobile. I have a Joplin note that I'll publish as a blog post soon which goes into detail about the software load out on my iPhone/iPad. So many FLO packages. A few non FLO (but using open data formats).