1 goal

share configurations for digital emancipation

2 principles

  1. freedom (open licenses)
  2. privacy protection
  3. minimalism
  4. stability

compare software and service with https://alternativeto.net/

3 computer

3.1 os

3.1.1 graphic installation

  • for the hostname use: deb
  • don't put root password (allows using sudo)
  • use LVM encrypted (encrypt the os)
  • for now do not install the desktop environment but only: standard system utilities, print server

3.1.2 manual installation

  • login: enter user and password on tty2
  • connect an ethernet cable or a smartphone in USB tethering mode
  • run a sudo apt update and sudo apt upgrade
  • then launch: 
sudo apt install \
     gnome-session \
     gnome-terminal \
     gnome-shell-extension-prefs \
     gnome-tweaks \
     seahorse \
     gnome-disk-utility \
     nautilus \
     mpv \
     eog

3.1.3 settings

  • since it is encrypted, it is advisable to enable: Settings > User > Automatic Login
  • on gnome-terminal using nano (^ stands for ctrl) modify the following files:
  1. grub

    /etc/default/grub to have GRUB_TIMEOUT=1 and GRUB_TERMINAL=console, then run sudo update-grub

  2. sources

    /etc/apt/sources.list to have: 

    deb http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware

deb http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware

    then you can install firmware non-free, in my case (lenovo thinkpad x1 1ts gen) sudo apt install firmware-iwlwifi

  3. bluetooth

    /etc/bluetooth/main.conf to have: AutoEnable=false

  4. mpv

    create a ~/.config/mpv/mpv.conf and add fs=yes

3.2 browser

sudo apt install firefox-esr then write about:config in the address bar and set:

  • network.security.esni.enabled to true
  • extensions.screenshots.disabled to true

in settings set:

  • DuckDuckGo as Default Search Engine
  • in Enhanced Tracking Protection set Custom with blocking of cookies from unvisited sites
  • "Do Not Track" always
  • Delete cookies and site data when Firefox is closed with the exception of a few sites
  • history: custom, only when i close firefox
  • OCSP disabled
  • HTTPS-Only in all windows
  • DNS secure: MaxProtection - NextDNS

3.2.1 advanced privacy (compromises some services)

write about:config in the address bar and set:

  • media.peerconnection.enabled to false

3.2.2 add-ons

  • uBlock Origin
  • ClearURLs
  • Bitwarden
  • Simple Translate
  1. GNOME Shell integration
    • Auto Move Windows
    • Auto Activities
    • Unite
    • Hide Top Bar

3.3 more privacy

still using gnome-terminal and nano:

3.3.1 nextdns per so

run sudo apt install systemd-resolved and modify /etc/systemd/resolved.conf to have https://my.nextdns.io setups

3.3.2 privoxy-tor

run sudo apt install privoxy tor and modify /etc/privoxy/config to have forward-socks5t under: Settings > Network > Network Proxy > Manual; set: 

HTTP: 127.0.0.1 8118
HTTPS: 127.0.0.1 8118
Socks: 127.0.0.1 9050

test privacy with https://browserleaks.com/

3.4 sync files

sudo apt install syncthing

systemctl --user enable syncthing.service

3.5 vc

sudo apt install git

git config --global user.signinKey <key>
git config --global user.name <name>
git config --global user.email <email>
git config --global commit.gpgsign true

3.6 editor

sudo apt install \
     emacs \
     hunspell-en-us \
     hunspell-it \
     ripgrep \
     libtool-bin \
     libvterm-dev

git clone git@github.com:francesco-cadei/.emacs.d.git you can now sudo apt autoremove --purge gnome-terminal and use terminal inside emacs with C-x C-d.

3.6.1 languages

  1. tex
    sudo apt install \
     texlive \
     texlive-pictures \
     texlive-publisher \
     texlive-pictures \
     dvipng
  2. c
    sudo apt install \
     cmake \
     clang \
     libclang-dev
  3. java
    sudo apt install \
     openjdk-17-jdk \
     openjdk-17-source

3.7 power manager

install specific package for thinkpad's fan: 

sudo apt install \
     acpi-call-dkms \
     thinkfan \
     tp-smapi-dkms

3.7.1 tlp

sudo apt install tlp tlp-rdw

sudo tlp start
sudo tlp-stat

3.7.2 powertop

sudo apt install powertop

sudo systemctl enable powertop.service

3.8 other stuff

sudo apt install libreoffice libreoffice-gnome

4 mobile (or tablet)

  • do initial setup of an android device without google account (prefer a device with pure android)
  • i use Nokia because of the partnership with https://www.ifixit.com/
  • under: Settings > Network & internet > Private DNS; use https://nextdns.io/ config
  • with usb cable provide https://f-droid.org/ apk, install it
  • install OpenBoard from F-Droid and disable GBoard
  • uninstall or disable all unused app

4.1 F-Droid, installs:

  • Olauncher
  • Syncthing, Orgzily
  • RiMusic, Tuta, Silence, My Location
  • LibreTorrent, VLC
  • Librera FD
  • Aurora Store

4.2 Aurora Store, installs:

  • Bitwarden, PosteID, Wise
  • Firefox
  • Maps, Translate
  • Beats
  • WhatsApp, Instagram

4.2.1 Firefox extensions

  • uBlock Origin
  • ClearURLs
  • Video Background Play Fix

4.3 another mobile (backup), installs:

  • F-Droid
  • OpenBoard
  • Syncthing
  • Aegis