Skip to Content

Minimal Ubuntu

Posted on

Ubuntu 18.04 “Bionic Beaver” is the latest LTS release (5 years support) of the popular Linux operating system. I use Ubuntu’s minimal install image to create a console-only base configuration that can be customized for various tasks and alternate desktops.

Let’s go!

Below is a visual walk-through of a sample Ubuntu setup that makes use of an entire disk divided into 3 partitions: a root partition, encrypted swap, and encrypted home.

0. Prepare install media

Download the 64-bit minimal installer (32-bit for older machines) and burn to CD or flash the image to a USB stick. 1 Using the minimal console installer vs. the graphical installer provides more options during setup.

Minimal installer (requires network connection) downloads all the latest packages during setup.

1. Launch

Install

Select language

Select location

Configure keyboard

Keyboard

I use the Colemak keyboard layout …

Keyboard

A device with a single network interface is auto-detected and configured (otherwise the installer prompts to select an interface) …

DHCP

Hostname

Mirror country

Mirror archive

Proxy

Contents of the installer are now loaded into memory and the USB stick can safely be removed. 2

Full name

Username

User password

Verify password

Configure clock

Timezone

2. Partitions

Sample layout:

  • sda1 is a 24GB root partition
  • sda5 is a 2GB LUKS random key encrypted swap partition
  • sda6 uses the remaining storage as a LUKS passphrase encrypted home partition

Partitioning method

Partition disks

Partition table

Free space

New partition

Partition size

Primary partition

Beginning

Done with partition

Free space

New partition

Partition size

Logical partition

Beginning

Use as

Encrypt volume

If the hard disk has not been securely wiped prior to installing Ubuntu you may want to configure Erase data: yes. Note, however, that depending on the size of the disk this operation can last several hours …

Encryption key

Random key

Done with partition

Free space

New partition

Partition size

Logical partition

Use as

Encrypt volume

Encryption key

Passphrase

Done with partition

Configure encrypt

Write changes

Create encrypt

Device to encrypt

Finish

Passphrase

Re-enter passphrase

Encrypt volume swap

Encrypt volume

Mount point

Home

Reserved blocks can be used by privileged system processes to write to disk - useful if a full filesystem blocks users from writing - and reduce disk fragmentation. On large, non-root partitions extra space can be gained by reducing the 5% default reserve set by Ubuntu to 1%

Reserved blocks

Percent reserved

Done with partition

Finish

Write changes

Partitions formatting

3. Install packages and finish up

No automatic updates

Alternative: For a home server setup I like to select Install security updates automatically for a device often running unattended.

Un-select all tasks 3 for a minimal install …

Software selection

Core packages are downloaded and the installer makes its finishing touches …

Dowload and install

GRUB

UTC

Finish install

4. First boot

User is prompted for the passphrase to unlock the encrypted partition …

Enter encrypt passphrase

Login

Login … then run timedatectl to confirm system time+date is properly set.

5. Kernel options

After running a minimal install on my laptop with LUKS encryption, the boot process would halt for ~30 seconds then generate this message …

Gave up waiting for suspend/resume device

… followed by a prompt for the passphrase to unlock encrypted home, then continue to login.

[ Fix! ] System is looking for a swap device for suspend-to-disk/hibernate and fails to recognize my encrypted swap. I don’t use hibernate, so I disable the task by adding kernel option noresume.

Modify /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet noresume"

… and update …

$ sudo update-grub

Link: boot delayed by 30sec waiting for suspend/resume device

6. Network

Check which network interfaces are detected and settings …

$ ip a

Wired interfaces are usually auto-configured by default and assigned an IP address courtesy of DHCP.

To assign a static address, deactivate the wired interface and create a new entry in /etc/network/interfaces. Sample entry for enp3s0

# The primary network interface
auto enp3s0
#iface enp3s0 inet dhcp
iface enp3s0 inet static
address 192.168.1.88
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1

Bring up|down interface with sudo if{up,down} enp3s0.

Create a temporary wireless interface connection to WPA2 encrypted access points manually using wpa_supplicant + wpa_passphrase + dhclinet. Sample setup of wlp1s0

sudo ip link set wlp1s0 up            # bring up interface
iw dev wlp1s0 link                    # get link status
sudo iw dev wlp1s0 scan | grep SSID   # scan for access points
sudo -i                               # simulate a root login shell (for wpa_supplicant)
wpa_supplicant -B -i wlp1s0 -c<(wpa_passphrase "MY_SSID" "MY_PASSPHRASE")   # connect to WPA/WPA2 ... '-B' sends the process to the background
exit
sudo dhclient wlp1s0                  # obtain IP address

More permanent configurations may be set in /etc/default/interfaces. Sample setup 4 with a static IP address …

iface wlp1s0 inet static
address 192.168.1.77
netmask 255.255.255.0
gateway 192.168.1.1                                                              
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE
dns-nameservers 8.8.8.8 8.8.4.4                                                  

Alternative setup using DHCP …

allow-hotplug wlp1s0
iface wlp1s0 inet dhcp
wpa-ssid MY_SSID
wpa-psk MY_PASSPHRASE                                       
dns-nameservers 8.8.8.8 8.8.4.4

Once a link is established install an (optional) network manager utility. Packages network-manager and network-manager-gnome provide the console nmcli and graphical nm-applet clients respectively. Comment out (deactivate) any entries in interfaces that will be managed by network-manager.

7. Secure access using SSH keys

Create cryptographic keys, install the OpenSSH server, and configure remote access.

8. Where to go next …

… is up to YOU. Yeehaw.

Happy hacking!

Notes


  1. An alternative is adding the image to a USB stick with multiple Linux installers. [return]
  2. Recommended: Otherwise the partitioning tool may designate the USB device as primary (sda) storage and lead to broken partition layouts. [return]
  3. The task selection menu can be run post-install using sudo tasksel. [return]
  4. Multiple wireless static IP address setups can be created with iface wlp1s0_NAME inet static and [de]activated with sudo if{up.down} wlp1s0=wlp1s0_NAME. [return]