diff options
author | Andreas Fankhauser hiddenalpha.ch | 2024-05-12 12:55:07 +0200 |
---|---|---|
committer | Andreas Fankhauser hiddenalpha.ch | 2024-05-12 12:55:07 +0200 |
commit | 5cc4c2b95df9bf6998d92496ca0e0064314fba39 (patch) | |
tree | ac7d979f81a86703508ff23e2694a6b4d6bfe4d5 /doc/note/setup-debian/setup-debian.txt | |
parent | 1dc9f8c9db499a326ceee6cb3b48878ee17ff9fa (diff) | |
parent | 95d934e8e3918832c03f05b2fc32cb5d5272cb83 (diff) | |
download | UnspecifiedGarbage-wip-LatitudeReSetup-20230620.zip UnspecifiedGarbage-wip-LatitudeReSetup-20230620.tar.gz |
Merge remote-tracking branch 'ha-public/master' into wip-LatitudeReSetup-20230620wip-LatitudeReSetup-20230620
Diffstat (limited to 'doc/note/setup-debian/setup-debian.txt')
-rw-r--r-- | doc/note/setup-debian/setup-debian.txt | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/doc/note/setup-debian/setup-debian.txt b/doc/note/setup-debian/setup-debian.txt new file mode 100644 index 0000000..b36945e --- /dev/null +++ b/doc/note/setup-debian/setup-debian.txt @@ -0,0 +1,130 @@ + +How to Setup debian for MY needs +================================ + +## Partitioning + +Use the smaller & faster SSD for the system. Make sure it consists of TWO +partitions so system can be easily upgraded later by just replacing it by a new +install in the other partition. + +I prefer to put users home to a larger (maybe a HDD) for data storage. If +there's only ONE drive, we need an additional partition for the home too. + + +## Base system + +Install base system through debians ISO installers. Usually net installer is +fine. + +Do NOT install ANY additional bloat! Eg untick ALL extra software like desktops +etc. Even disable the standard-system-utilities option. + + +## Install core tools + +ALWAYS use '--no-install-recommends' when installing something to prevent +useless bloat to be installed. + + && apt install -y --no-install-recommends vim net-tools openssh-server openssh-client bash bash-completion + + +## Setup firewall + +WARN: Does NOT setup the effective rules. Rules need to be filled in by admin. + +WARN: This snippet may cut-off network connections. Including your remote shell! + + && $SUDO apt install -y --no-install-recommends iptables iptables-persistent \ + && printf '# TODO add contents here\n' | $SUDO tee /etc/iptables/src-default >/dev/null \ + && printf '\n[WARN ] Needs more setup: /etc/iptables/src-default\n\n' \ + && printf '%s\n' \ + '## Apply from file' '' \ + 'ncat /etc/iptables/src-default | $SUDO iptables-restore' '' \ + '## store current session as default' '' \ + '$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null' \ + | $SUDO tee /etc/iptables/README >/dev/null \ + && printf '# TODO setup file contents\n' | $SUDO tee /etc/iptables/src-default4 >/dev/null \ + && printf '%s\n' \ + '*filter' '' \ + '# Loopback' \ + '-A INPUT -i lo -j ACCEPT' \ + '-A OUTPUT -o lo -j ACCEPT' '' \ + '# Log blocked connection attemps' \ + '-A INPUT -j LOG --log-prefix "Fw6BadInn: " --log-level 6' \ + '-A FORWARD -j LOG --log-prefix "Fw6BadFwd: " --log-level 6' \ + '-A OUTPUT -j LOG --log-prefix "Fw6BadOut: " --log-level 6' '' \ + '# Disallow any non-whitelisted packets' \ + '-A INPUT -j DROP' \ + '-A FORWARD -j REJECT' \ + '-A OUTPUT -j REJECT' '' \ + 'COMMIT' | $SUDO tee /etc/iptables/src-default6 >/dev/null \ + && printf '%s\n' \ + '*filter' \ + '-A INPUT -j ACCEPT' \ + '-A FORWARD -j ACCEPT' \ + '-A OUTPUT -j ACCEPT' \ + 'COMMIT' | $SUDO tee /etc/iptables/src-allowAll4 >/dev/null \ + && $SUDO touch /etc/iptables/src-tmp \ + + +## Mount home partition + +# /etc/fstab +UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /mnt/nameOfHdd ext4 noatime 0 2 +/mnt/nameOfHdd/home /home none bind 0 0 + + +## Configure Locale + +- In "/etc/locale.gen" Enable all of: + "de_CH.UTF-8 UTF-8", "de_CH ISO-8859-1", "en_DK.UTF-8 UTF-8", "en_DK ISO-8859-1". +- Run "locale-gen". +- Check list with "locale -a". +- Change "/etc/default/locale" contents to: + LANG=en_DK.UTF-8 + LANGUAGE="en_US:en" + + +## Install Desktop Env + + && $SUDO apt install -y --no-install-recommends xorg openbox mate-terminal lightdm light-locker feh scrot lxpanel qalculate-gtk gmrun gnome-system-monitor vim-gtk3 \ + && mkdir ~/.config ~/.config/openbox || true \ + && update-alternatives \ + +Populate "/etc/environment" as described by "./etc-environment". + + +## Install whatever needed + + && $SUDO apt install -y --no-install-recommends \ + `# basic CLI` \ + vim htop pv openssh-client iptables iptables-persistent xxd zip unzip xz-utils p7zip-full \ + file trash-cli genisoimage ncat curl \ + `# basic UI` \ + firefox-esr file-roller thunderbird chromium evince \ + `# software devel` \ + git sqlite3 manpages-dev gdb qemu-utils qemu-system wireshark samba tigervnc-viewer \ + `# server` \ + nginx-light avahi-daemon \ + `# mDNS client & tools` \ + libnss-mdns avahi-utils \ + `# multimedia` \ + pulseaudio pavucontrol vlc audacity eom darktable gimp lame flac opus-tools ffmpeg \ + `# encryption` \ + keepassxc gpg \ + `# UI customization` \ + gnome-themes-extra \ + `# Office Suite` \ + libreoffice-writer libreoffice-calc libreoffice-draw libxrender1 libgl1 \ + fonts-crosextra-caladea fonts-crosextra-carlito fonts-dejavu fonts-liberation \ + fonts-liberation2 fonts-linuxlibertine fonts-noto-core fonts-noto-mono fonts-noto-ui-core \ + fonts-sil-gentium-basic pdftk-java \ + `# Others` \ + lm-sensors fancontrol bc rsync \ + `# Nvidia graphics (open)` \ + mesa-utils clinfo mesa-opencl-icd \ + `# Nvidia graphics (non-free, DoesNotWorkYet)` \ + nvidia-detect nvidia-tesla-470-driver linux-headers-amd64 \ + + |