1 goal
share configurations for digital emancipation
2 principles
- freedom (open licenses)
- privacy protection
- minimalism
- stability
compare software and service with https://alternativeto.net/
3 computer
3.1 os
- download https://www.debian.org/ and mount iso on USB
- boot from USB
3.1.1 graphic installation
- for the hostname use: deb
- don't put root password (allows using sudo)
- use LVM encrypted (encrypt the os)
- for now do not install the desktop environment but only: standard system utilities, print server
3.1.2 manual installation
- login: enter user and password on tty2
- connect an ethernet cable or a smartphone in USB tethering mode
- run a
sudo apt update
andsudo apt upgrade
- then launch:
sudo apt install \ gnome-session \ gnome-terminal \ gnome-shell-extension-prefs \ gnome-tweaks \ seahorse \ gnome-disk-utility \ nautilus \ mpv \ eog
3.1.3 settings
- since it is encrypted, it is advisable to enable: Settings > User > Automatic Login
- on
gnome-terminal
usingnano
(^
stands forctrl
) modify the following files:
- grub
/etc/default/grub
to haveGRUB_TIMEOUT=1
andGRUB_TERMINAL=console
, then runsudo update-grub
- sources
/etc/apt/sources.list
to have:deb http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware deb http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware
then you can install firmware non-free, in my case (lenovo thinkpad x1 1ts gen)
sudo apt install firmware-iwlwifi
- bluetooth
/etc/bluetooth/main.conf
to have:AutoEnable=false
- mpv
create a
~/.config/mpv/mpv.conf
and addfs=yes
3.2 browser
sudo apt install firefox-esr
then write about:config
in the address bar and set:
network.security.esni.enabled
to trueextensions.screenshots.disabled
to true
in settings set:
- DuckDuckGo as Default Search Engine
- in Enhanced Tracking Protection set Custom with blocking of cookies from unvisited sites
- "Do Not Track" always
- Delete cookies and site data when Firefox is closed with the exception of a few sites
- history: custom, only when i close firefox
- OCSP disabled
- HTTPS-Only in all windows
- DNS secure: MaxProtection - NextDNS
3.2.1 advanced privacy (compromises some services)
write about:config
in the address bar and set:
media.peerconnection.enabled
to false
3.3 more privacy
still using gnome-terminal
and nano
:
3.3.1 nextdns per so
run sudo apt install systemd-resolved
and modify /etc/systemd/resolved.conf
to have https://my.nextdns.io setups
3.3.2 privoxy-tor
run sudo apt install privoxy tor
and modify /etc/privoxy/config
to have forward-socks5t
under: Settings > Network > Network Proxy > Manual; set:
HTTP: 127.0.0.1 8118 HTTPS: 127.0.0.1 8118 Socks: 127.0.0.1 9050
test privacy with https://browserleaks.com/
3.4 sync files
sudo apt install syncthing systemctl --user enable syncthing.service
3.5 vc
sudo apt install git git config --global user.signinKey <key> git config --global user.name <name> git config --global user.email <email> git config --global commit.gpgsign true
3.6 editor
sudo apt install \ emacs \ hunspell-en-us \ hunspell-it \ ripgrep \ libtool-bin \ libvterm-dev
git clone git@github.com:francesco-cadei/.emacs.d.git
you can now sudo apt autoremove --purge gnome-terminal
and use terminal inside emacs with C-x C-d
.
3.7 power manager
install specific package for thinkpad's fan:
sudo apt install \ acpi-call-dkms \ thinkfan \ tp-smapi-dkms
3.7.1 tlp
sudo apt install tlp tlp-rdw sudo tlp start sudo tlp-stat
3.7.2 powertop
sudo apt install powertop sudo systemctl enable powertop.service
3.8 other stuff
sudo apt install libreoffice libreoffice-gnome
4 mobile (or tablet)
- do initial setup of an android device without google account (prefer a device with pure android)
- i use Nokia because of the partnership with https://www.ifixit.com/
- under: Settings > Network & internet > Private DNS; use https://nextdns.io/ config
- with usb cable provide https://f-droid.org/ apk, install it
- install OpenBoard from F-Droid and disable GBoard
- uninstall or disable all unused app
4.1 F-Droid, installs:
- Olauncher
- Syncthing, Orgzily
- RiMusic, Tuta, Silence, My Location
- LibreTorrent, VLC
- Librera FD
- Aurora Store
4.2 Aurora Store, installs:
- Bitwarden, PosteID, Wise
- Firefox
- Maps, Translate
- Beats
- WhatsApp, Instagram
4.2.1 Firefox extensions
- uBlock Origin
- ClearURLs
- Video Background Play Fix
4.3 another mobile (backup), installs:
- F-Droid
- OpenBoard
- Syncthing
- Aegis