Putting this here so I don’t have to search through my notes everytime! Run as root.

Update

apt-get update
apt-get upgrade

Install Essentials

apt-get install nano
apt-get install build-essential

Enable SSH

apt update
apt install openssh-server
#Allow SSH through firewall  
ufw allow ssh
#Check status of SSH sevice
systemctl status ssh

Join Domain

#Install realm
apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
#Verify Full Hostname:
sysctl kernel.hostname
#Join domain
realm join --user=USER DOMAIN
#Verify domain join
realm list
#Add allowed users to login
realm permit USER@DOMAIN
#Edit config
cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
nano /etc/sssd/sssd.conf

Edit sssd.conf to allow users to login without FQDN. Set “use_fully_qualified_names” to “False” and “fallback_homedir” to “/home/%u”

use_fully_qualified_names = False
fallback_homedir = /home/%u

Resetart sssd service after changes to sssd.conf.

systemctl restart sssd

Edit /etc/pam.d/common-session to create domain user home folder at login.

nano /etc/pam.d/common-session

Add this line directly after session required pam_unix.so in common-session:

session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022

Add sudo Users

usermod -aG sudo USERNAME

Firewall

replace NETWORK/NETWORK_MASK and PORT. Add/remove lines as needed.

#Install iptables-persistent
apt-get install iptables-persistent
#Show exiting firewall
sudo iptables -S
#Clear exiting firewall if needed
sudo iptables -F
#Add firewall rules
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -s NETWORK/NETWORK_MASK -j ACCEPT
sudo iptables -A INPUT -s NETWORK/NETWORK_MASK -p tcp -m tcp --dport PORT -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
#Save firewall rules
iptables-save > /etc/iptables/rules.v4
#Reload firewall service and verify results
service ufw restart
service ufw status
sudo iptables -S

Install XRDP

If you must.

#Install xrdp
sudo apt install -y xrdp xorgxrdp-hwe-18.04
#Configure xrdp
sudo sed -e 's/^new_cursors=true/new_cursors=false/g' -i /etc/xrdp/xrdp.ini
sudo systemctl restart xrdp
#
D=/usr/share/ubuntu:/usr/local/share:/usr/share:/var/lib/snapd/desktop
cat <<EOF > ~/.xsessionrc
export GNOME_SHELL_SESSION_MODE=ubuntu
export XDG_CURRENT_DESKTOP=ubuntu:GNOME
export XDG_DATA_DIRS=${D}
export XDG_CONFIG_DIRS=/etc/xdg/xdg-ubuntu:/etc/xdg
EOF
#
cat <<EOF | tee /etc/polkit-1/localauthority/50-local.d/xrdp-color-manager.pkla
[Netowrkmanager]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
#restart service
systemctl restart polkit

Install Nvidia CUDA

See https://developer.nvidia.com/cuda-downloads for the correct runfile for your version of Ubuntu.

#Download
wget https://developer.download.nvidia.com/compute/cuda/11.0.3/local_installers/cuda_11.0.3_450.51.06_linux.run
#Install
sh cuda_11.0.3_450.51.06_linux.run
#Test
nvidia-smi

CUDA can be installed with the package manager, but I usually have better luck with the run file. See https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html for other install options.

Further Reading:
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=realmd
https://developer.nvidia.com/cuda-downloads
https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html