tanuki: My Intel NUC setup script

Hi! I'm Cariad, and I'm a freelance Python developer by trade.

I run Visual Studio Code on a MacBook Pro (aka macaroni) and use the Remote SSH extension to develop, test and run my code on an Intel NUC (aka tanuki).

This project holds my scripts for building tanuki up from an empty box to a remote Python development machine.

With thanks to @dmrz for inspiring me to finish this!

What does it do?

Installs:

aws
docker
pipenv
pyenv
python 3.9

Creates:

SSH key pair for authenticating with GitHub, GitLab et al.
GPG key pair for signing git commits.

Configures:

GitHub and GitLab as trusted hosts
git name and email address

Enables:

Commit signing
CPU performance mode
Local domain name at <SERVER NAME>.local

Build your own tanuki

This list contains Amazon UK affiliate links. As an Amazon Associate, I earn from qualifying purchases.

If you want to follow along, these are the parts I use:

Prepare an SSH key pair

You'll need an SSH key pair to authenticate SSH sessions from your Mac into tanuki.

On your Mac:

ssh-keygen -t ed25519 -C cariad@hey.com  # Use your own email address
ssh-add -K ~/.ssh/id_ed25519             # Add to ssh-agent to remember your passphrase
pbcopy < ~/.ssh/id_ed25519.pub           # Copy your public key to the clipboard

Add your new key to your GitHub account. The Ubuntu installer will download your key from GitHub and set up OpenSSH for you.

Prepare an Ubuntu USB stick

Download Ubuntu Server 20.10. Use BitTorrent; I like transmission/transmission.
Burn the ISO to a USB stick. I like balena-io/etcher.

Personalise

To run this script yourself, fork the project then edit your identity.sh.

Configure UEFI

Connect tanuki to a keyboard, monitor and network.
Turn tanuki on and hammer F2 to open the UEFI menu.
Press F9 to load optimised defaults.
Change:
- Advanced / Onboard devices / HD audio: disable
- Advanced / Onboard devices / Digital microphone: disable
- Advanced / Onboard devices / WLAN: disable
- Advanced / Onboard devices / Bluetooth: disable
- Advanced / Onboard devices / HDMI CEC control: disable
- Cooling / Fan control mode: Cool
Press F10 to save and exit.

Install Ubuntu

Plug in the USB stick.
Reboot and hammer F10 to open the boot menu.
Boot from the USB stick.
During the Ubuntu installation wizard, choose the default options with these exceptions:
- Partition the entire disk but don't make an LVM group. LVM will partition only half of your SSD.
- Enable OpenSSH. Import your public SSH key from GitHub. Do not allow password authentication over SSH.
- Do not install any featured snaps.

Bootstrap

bootstrap.sh is a lightweight script to enable tanuki's local domain name so subsequent steps can be easily run in an SSH session.

On tanuki:

git clone https://github.com/cariad/tanuki ~/.tanuki
cd ~/.tanuki
./bootstrap.sh

Terrible things will happen if you:

Clone to anywhere other than ~/.tanuki
Ever delete ~/.tanuki

Install and configure all the things

Open an SSH session from your Mac:

ssh cariad@tanuki.local

Run setup.sh on tanuki:

cd ~/.tanuki
./setup.sh

Finalising

SSH authentication

setup.sh will output a public SSH key which allows tanuki to authenticate with services like GitHub and GitLab without passwords.

You must add the public SSH key to GitHub, GitLab et al yourself.

Commit signing

git will be configured to sign commits, but you must enable it in Visual Studio Code if you commit via the Command Palette.

Set git.enableCommitSigning to true.

setup.sh will also output a GPG key which must be added to GitHub, GitLab et al for your signature to be recognised.

Hello there! 🎉

My name's Cariad, and I'm an freelance DevOps engineer.

I'd love to spend more time working on open source projects, but I need to chase gigs that pay the rent. If this project has value to you, please consider ☕️ sponsoring me.

Thank you! ❤️