Windows and Linux in One

Jump to Table of Contents

Overview

These are some personal notes about setting up a very nice combined Windows and Linux productivity and development environment. It uses open source software combined with some key proprietary pieces on a single machine and avoids the hassles of a full blown VM.  This is now possible when using a Windows 10 workstation1.

Of course, I want automate this (especially since I have a tendency to refresh systems fairly often). I hope to write an guide for Ansible to enable creating the described setup with little effort, in the near future.

It is important to note this environment is geared to those who are used to the Linux ecosystem and are migrating to the new hybrid model.

Installation Notes

The Parts that Come with Your Windows License

The Base Windows Install

I won’t go into a lot of detail here as there are many guides on basic Windows installation, instead I will just a list a few key points.

  • Use at least Windows 10 Pro, Version 2004.
  • Make sure your machine is activated and fully up to date with ‘Windows Update’.
  • Tweak the base install (before adding any software or apps) and settings to your preferred base configuration2.

Configure ‘For developers’ in ‘Upgrades & Security’

  • You should go through these settings as many of them are useful to power users and developers – be careful though as there are often security implications to the options. I certainly don’t enable all the options.
  • If you do allow ‘Remote Desktop’ I recommend altering the default firewall rule to be for ‘Private’ networks only, perhaps even only for your particular subnet (assuming you aren’t using the default for your router, since if you are that limitation isn’t particularly meaningful).
  • One thing I prefer to ‘Change settings so that PC never goes to sleep when plugged in’, is to have ‘Wake on Lan’ enabled, and to install the MagicPacket app from the ‘Windows Store’ (on the host from which you will be remoting, to which you will be connecting, using Remote Desktop, or OpenSSH). MagicPacket is a nice free app that allows you to save the information to wake a particular host using the Wake on Lan ‘Magic Packet’ option (with or with out a password), which avoids the host waking up on random network traffic.

Add Windows (System) Features

Developer Essentials

This could almost be part of the ‘Base Windows Install’ except that we are adding components that wouldn’t make sense for an environment that doesn’t need Linux and/or some handy developer features.

Useful Features
  • Install Hyper-V if you need virtualization — Also enable all the Hyper-V options in “Programs & Features” in the “Control Panel”. If Hyper-V is not supported on your machine you can install VirtualBox using Chocolatey (see below).
  • Extras — Likewise, you might want the “Telnet Client” and “TFTP Client”, depending on your planned uses.
  • “Services for NFS” — There is also a small possibility you will benefit from “Services for NFS”, depending on the hosts on your network.
Allowing SSH Into Your Machine

Add Some (Free) Bits from the Windows Store

  • Windows Terminal — It’s a Microsoft Open Source project that you can participate in on GitHub. It is also quite a nice and usable terminal, that is only likely to get better with time. Currently it’s nice and light.

  • WinDbg Preview — This allows you to look at Windows ‘Crash dumps’

  • A Linux distribution from the available choices – I use Debian, but you can use whichever suits your needs.

And a Paid Microsoft Purchase (besides Windows)

  • Microsoft 365 — If you can afford it, there are many advantages over a free office suite, which I’ll leave it to other sites to discuss.

The Rest (on the Windows Side)

Install Chocolatey (a package manager for Windows)

Just follow the official install Chocolatey install guide.

Install Software for Windows Available Through Chocolatey

NOTE: The original software licenses still apply so it is important that they are compatible with your situation. You can verify that by using the Chocolatey Online Package Browser, or ChocolatelyGUI (a graphical interface for Chocolatey).

Most of the software is open source and ought to be no problem for internal use; if you are planning on ‘distributing’ anything then you need to pay close attention to licensing terms. I’ve made note of any software that you may need to play closer attention to the licensing terms, even for internal use, for which I am aware of the more complicated situation.

Install Regular User Software

If you issue the following command you will install the packages listed below the command – this is a nice set of regular applications and tools (not related to Linux or development). Obviously you will want to modify according to your needs and wants.

choco install 7zip.install audacity audacity-lame calibre cdburnerxp chocolateygui dia Firefox freac gimp gpg4win graphviz InkScape iTunes keepassxc kmymoney libre-hardware-monitor libreoffice-fresh microsoft-teams.install notepadplusplus.install paint.net rufus screentogif scribus sumatrapdf.install synctrayzor sysinternals vlc win32diskimager.install wincompose.install workrave zim zoom
PackageNameDescription
7zip7-zipCompress/Decompression and archiving/unarchiving
audacityAudacityAudio recording and editing software
audacity-lameLAME for AudacityAllow Audacity to create MP3 files
calibreCalibree-Book Library Management
cdburnerxpCDBurnerXPCreate and burn data CD, DVDs, and Blu-ray
chocolateyguiChocolateyGUIGUI for Chocolatey
diaDiaCreate and edit diagrams
FirefoxFirefoxPrivacy-oriented Web Browser
freacFre:acAudio file converter/encoder/decoder and CD ripper
gimpGIMPA very powerful graphics / image manipulation program
gpg4winGnuPG for WindowsPublic/Private Key encryption tool
graphvizGraphVizGraph Visualizer — included here to enhance Zim
InkScapeInkScapeVector graphics creator and editor
iTunesiTunesApple’s music librarian and player; you need to pay special attention to licensing terms with this one. If I don’t need the store, nor Apple product compatibility, my preference is the open source Quod Libet which is available in chocolatey’s community repo.
keepassxKeePassXCPassword management tool
kmymoneyKMyMoneyPersonal Financial Management
libre-hardware-monitorLibreHardwareMonitorSystem (CPU, memory, disk, temp, and so on monitoring in system tray)
libreoffice-freshLibreOffice FreshStable version of LibreOffice
microsoft-teamsMicrosoft TeamsVideo conferencing – note the licensing terms!
notepadplusplusNotepad++A better notepad (text editor) for Windows
paint.netPaint.NETPhoto editing software
rufusRufusUSB and SD card writer
screentogifScreenToGifScreen, webcam, and sketch board recorder and editor
scribusScribusDesktop publishing software (cross-platform)
sumatrapdfSumatraPDFPDF viewer (free)
synctrayzorSyncTrayzorSystem tray and GUI for Syncthing, for syncing files without ‘the cloud’ – note that I recommend disabling the autodiscovery and NAT traversal relays, at least if you’re still a bit paranoid like me.
vlcVideoLan ClientVideo and audio player
win32diskimagerImageWriterUSB and SD card writer
wincomposeWinComposeCompose key for windows – intuitive entry of unusual characters
workraveWorkraveRSI prevention utility (require regular breaks)
zimZimDesktop wiki / notes / freeform lists (including checkboxes) stored in plaintext format
zoomZoomVideo conferencing / chat. NB If you have more than one computer your probably need to install manually due to download restrictions; also pay attention to the licensing terms.
Install Useful Power Tools
choco install OpenSSL.Light putty.install rsync sysinternals vcxsrv wireshark xca
PackageNameDescription
OpenSSL.LightOpenSSLThe command line tool for SSL certificates and more
puttyPuTTYSSH GUI (unrelated to OpenSSH above)
rsyncrsyncOne-way file sync common on other OSes
sysinternalsSysInternalsPower tools for Windows
vcxsrvVcXsrvAn X-Windows server for Windows; useful for running X11 applications remotely and using a local display
wiresharkWiresharkWatch and analyze activity on your network
xcaXCASSL certificate creation and management
Install Development Software

This is highly dependent on what you are developing and what languages you are using. The following is a list that reflects my current situation.

choco install arduino docker-compose docker-desktop git git-credential-manager-for-windows golang html-tidy hugo nodejs.install openscad pandoc shellcheck thonny vagrant vim vscode yarn
PackageNameDescription
arduinoArduinoIDE for developing Arduino sketches
docker-composeDocker ComposeTool for launching and managing Docker machines
docker-desktopDocker DesktopDocker for modern machines, integrates with WSL2; for older machines use Docker Toolbox instead
gitGit for WindowsThe major version control and source code management system in the software world
git-credential-manager-for-windowsGit Credential Manager for WindowsManage Git credentials using the Windows system secrets store
golangGoThe Go language and standard library
html-tidyTidyValidate and clean HTML5
hugoHugoStatic website generator
nodejsNode.jsJavaScript as a language for cross-platform apps and services; includes NPM the package manager for Node.js
openscadOpenSCADProgrammatic CAD
pandocPandocConvert between document formats (e.g. markdown, pdf, docx, xml, html, and tex) on the command line
shellcheckShellCheckCheck bash / sh / dash / ksh scripts for syntax and common errors and style issues
thonnyThonnyPython IDE for beginners
vagrantVagrantcommand line tools for creating and using virtual machines (vagrant ‘boxes’) similar to the way one would use docker containers
vimVimA enhanced version of the classic vi text editor, including GVim
vscodeVisual Studio CodeCode and text editor and development environment, and more
yarnYarnAn improved package manager for Node.js

Windows Development

I don’t cover that here, but you absolutely want Visual Studio.

Additional Software

There may be additional software you want to install that is not available from the Windows Store or Chocolatey. That’s not covered here as mine are specific to my individual situation.

Linux Side

I don’t cover installation of packages and configuration of the general Linux environment except as is particular to this hybrid setup, as there are a great many guides for general Linux setup and configuration already written, and the WSL2 environment doesn’t have much that isn’t generic Linux.

Configuration Notes

Now that the software is installed there is a bit of configuration to do.

Configuring WSL so Windows Filesystems Have Proper Unix Permissions

In the WSL environment you should add /etc/wsl.conf containing something like:

[automount]
enabled = true
options = metadata,uid=1000,gid=1000,umask=0022,fmask=0011

[network]
generateHosts = true
generateResolveConf = true

See Configuring WSL Launch Settings

Once you restart WSL (which involves more than just closing your current WSL terminal; the easiest way to guarantee a WSL restart is to reboot Windows), while in WSL files and directories from Windows (e.g. under /mnt) will have more normal Unix permission. You will be able to override with chmod for the effective permissions in WSL. Also note that in some cases there are Windows ACLs that also affect your effective permissions.

And finally, it’s generally not possible to delete files which are opened by another process in Windows, and therefore in WSL (which differs from plain Linux).

Configure Visual Studio Code for Developing in WSL/WSL2

See the Visual Studio Code Guide to Developing in WSL

Using Windows SSH Client for Git for Windows

Enable the ‘ssh-agent’ Service

  • On the latest Windows 10 Pro OpenSSH agent should be installed by default. If not it can be installed by installing the “OpenSSH Client” Windows ‘feature’.

  • Execute the commands:

    Set-Service -Name 'ssh-agent' -StartupType 'Automatic'
    Start-Service 'ssh-agent'
    

Make Windows OpenSSH Client the Default for Git for Windows

To set this for a single user set the environment variable GIT_SSH to point to the OpenSSH binary in the user’s environment variables.

[Environment]::SetEnvironmentVariable("GIT_SSH", "$((Get-Command ssh).Source)", [System.EnvironmentVariableTarget]::User)

To set it for all users, set GIT_SSH in the system environment variables.

In an admin PowerShell:

[Environment]::SetEnvironmentVariable("GIT_SSH", "$((Get-Command ssh).Source)", [System.EnvironmentVariableTarget]::Machine)

Configure Git for Windows for Better Linux Compatibility

LinePurpose
1Ignore changes do file ‘mode’ bits (e.g. execute permissions)
2Make the default line ending for files Unix mode line endings. Windows 10 2004 supports text/source files of this type easily.
3Disable changing the line endings depending on whether checking out on Windows or under WSL.
4Set the default user name for commits and emails
5Set the default user email for commits and emails
6Make the default credential manager Git Credential Manager for Windows
1
2
3
4
5
6
git config --global core.fileMode false
git config --global core.eol lf
git config --global core.autocrlf false
git config --global user.name "Your Name"
git config --global user.email "Your email address"
git config --global credential.helper manager

A Bit of Extra GfW Configuration for Safer Pulls

This option prevents pulls from creating a merge or a forced update (i.e. rewriting history) or rebase. You can still git fetch and manually merge or rebase as necessary.

git config --global pull.ff only

Enabling Backups of WSL

Using a tool (in WSL) that can be run on a period basis and does ‘push’ backup is recommended. The tool I use is Borg but there are other options (like Restic).

  1. Install your backup program (e.g. apt-get install borgbackup).
  2. Create a script to do the backup.
    1. You want your ‘regular’ user for a home dir only backup.
    2. If you want to backup parts like /etc, you want the script to be executable by root, but readable only by root (or at least any passwords, etc.)
  3. In Windows, as the user account in which you installed the Linux distribution use Task Scheduler to create a period task that runs the script.
    1. Create a task (you probably want it to run even if you are not logged in).
    2. Choose your triggers.
    3. For the action:
      1. Use wsl.exe as the program to execute: NB Using the bare filename and making the C:\WINDOWS\System32 the working folder is required due to a bug in Task Scheduler.
      2. Set the folder to use as C:\WINDOWS\System32
      3. Set the arguments to -u user_to_runas -- /path/to/your/script.
    4. Complete creating the task.
    5. Save and do a test run. The ‘action’ should complete with exit code 0.

Make WSL the Default Environment for OpenSSH Server

OpenSSH on Windows is most useful for accessing the WSL/WSL2 environment. For GUI Windows applications you will need ‘Remote Desktop’ or an alternative and for system-level management you should probably use WinRMI. On the plus side, with WSL2 you can execute Windows commands from within the WSL2 environment.

To make WSL the default for OpenSSH server, in an admin PowerShell execute:

Set-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell "C:\WINDOWS\System32\wsl.exe"
Restart-Service 'sshd'

See also Microsoft’s Guide to Configuring OpenSSH Server

The Rest, as Suits Your Needs and Preferences

The rest is about learning what makes for a comfortable environment for you. I personally tend to get annoyed with ‘opinionated’ or ‘perfect’ setup guides, and am trying to create more flexible set of suggestions that can easily be adapted to suit you.

Table of Contents

  1. Overview
  2. Installation Notes
    1. The Parts that Come with Your Windows License
      1. The Base Windows Install
      2. Configure ‘For developers’ in ‘Upgrades & Security’
      3. Add Windows (System) Features
        1. Developer Essentials
        2. Useful Features
        3. Allowing SSH Into Your Machine
      4. Add Some (Free) Bits from the Windows Store
      5. And a Paid Microsoft Purchase (besides Windows)
    2. The Rest (on the Windows Side)
      1. Install Chocolatey (a package manager for Windows)
      2. Install Software for Windows Available Through Chocolatey
        1. Install Regular User Software
        2. Install Useful Power Tools
        3. Install Development Software
      3. Windows Development
      4. Additional Software
    3. Linux Side
  3. Configuration Notes
    1. Configuring WSL so Windows Filesystems Have Proper Unix Permissions
    2. Configure Visual Studio Code for Developing in WSL/WSL2
    3. Using Windows SSH Client for Git for Windows
      1. Enable the ‘ssh-agent’ Service
      2. Make Windows OpenSSH Client the Default for Git for Windows
      3. Configure Git for Windows for Better Linux Compatibility
      4. A Bit of Extra GfW Configuration for Safer Pulls
    4. Enabling Backups of WSL
    5. Make WSL the Default Environment for OpenSSH Server
    6. The Rest, as Suits Your Needs and Preferences
  4. Table of Contents
  5. Footnotes

Footnotes


  1. The Windows 10 2004 Update WSL2 (Windows Subsystem for Linux 2) combined with a number of other Windows enhancements has made the promises of WSL (that one can develop Linux software and firmware on Windows and easily run Linux binaries on Windows machines) much more of a reality. It is now practical to develop and run many types of Linux non-X114 software on Windows. Even the original WSL is more usable than when first released for general availability. The parallel development of Visual Studio Code (a very nice cross-platform editor and development environment) is an important factor as well. ↩︎

  2. Specifics depend on you or your organization. A collection of things I like to ensure on a single user desktop is:

    • Use BitLocker hard drive encryption (enable the non-TPM option if necessary).
    • Require using of Ctrl-Alt-Del (if on real hardware) so you use the ‘Secure Desktop’ to enter credentials
    • Increase the UAC settings so you always are prompted for credentials on the secure desktop, and never just click through for elevation to Administrator access.
    • Set a soft lockout for too many password attempts.
    • Don’t use a maximum password age (it causes more problems than it helps).
    • Enforce at least eight characters passwords with complexity requirements met.
    • For SMB encrypt all communications and require NTLMv2 (if you have a external device that is too old to support that, it’s time to upgrade it, unless, perhaps, you are experimenting with a new OS that isn’t mature enough to have implemented this yet).
    • Set a machine inactivity timeout (which doesn’t rely on setting the screensaver per-user to ensure that the desktop will lock when not in use).
    • Use File History for backing up the folders for backing up your data. It’s not a bare metal restore option, but it makes sure you have your data backed up, as well as giving you the ability to go back to previous versions of files. Needless to say you should make sure your back up location is encrypted on disk. It is also important to use ‘Advanced Options’ and check the Event Log for errors on a regular basis.
    • Enable system checkpoints.
    • Once you’ve got a good base image, don’t forget to make a system image.
    ↩︎
  3. In my opinion, there are two main conditions under which one would not use WSL2:

    • One’s machine doesn’t support WSL2 (e.g. due to missing CPU features).
    • One needs the bare metal virtualization mode of a hypervisor other than Hyper-V (e.g. if you need VMWare or VirtualBox with their native virtualization rather than the Hyper-V compatible virtualization).
    ↩︎
  4. Actually, while not recommended, it is possible to use VcXsrv or Xming (X servers for Windows) in order to be also be able to run X11 apps from WSL/WSL2 on your Windows desktop. The free version of Xming and VcXsrv (which is free) are somewhat dated. ↩︎