How to Setup debian for MY needs
================================

TODO: INSTALL PRINTER PACKAGES!!
TODO: Document how to install certbot.


## Base system

Install base system through debians ISO installers. Usually net installer is
fine.

Do NOT install ANY additional bloat! Eg untick ALL extra software like desktops
etc. Even disable the standard-system-utilities option.


## Install core tools

ALWAYS use '--no-install-recommends' when installing something to prevent
useless bloat to be installed.

  && apt install -y --no-install-recommends vim net-tools openssh-server openssh-client bash bash-completion


## Setup firewall

WARN: Does NOT setup the effective rules. Rules need to be filled in by admin.

WARN: This snippet may cut-off network connections. Including your remote shell!

  && $SUDO apt install -y --no-install-recommends iptables iptables-persistent \
  && printf '# TODO add contents here\n' | $SUDO tee /etc/iptables/src-default >/dev/null \
  && printf '\n[WARN ] Needs more setup: /etc/iptables/src-default\n\n' \
  && printf '%s\n' \
       '## Apply from file' '' \
       'cat /etc/iptables/src-default | $SUDO iptables-restore' '' \
       '## store current session as default' '' \
       '$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null' \
       | $SUDO tee /etc/iptables/README >/dev/null \
  && printf '# TODO setup file contents\n' | $SUDO tee /etc/iptables/src-default4 >/dev/null \
  && printf '%s\n' \
       '*filter' '' \
       '# Loopback' \
       '-A INPUT  -i lo -j ACCEPT' \
       '-A OUTPUT -o lo -j ACCEPT' '' \
       '# Log blocked connection attemps' \
       '-A INPUT   -j LOG --log-prefix "Fw6BadInn: " --log-level 6' \
       '-A FORWARD -j LOG --log-prefix "Fw6BadFwd: " --log-level 6' \
       '-A OUTPUT  -j LOG --log-prefix "Fw6BadOut: " --log-level 6' '' \
       '# Disallow any non-whitelisted packets' \
       '-A INPUT   -j DROP' \
       '-A FORWARD -j REJECT' \
       '-A OUTPUT  -j REJECT' '' \
       'COMMIT' | $SUDO tee /etc/iptables/src-default6 >/dev/null \
  && printf '%s\n' \
       '*filter' \
       '-A INPUT   -j ACCEPT' \
       '-A FORWARD -j ACCEPT' \
       '-A OUTPUT  -j ACCEPT' \
       'COMMIT' | $SUDO tee /etc/iptables/src-allowAll4 >/dev/null \
  && $SUDO touch /etc/iptables/src-tmp \


## Mount home partition

# /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  /mnt/nameOfHdd  ext4  noatime  0  2
/mnt/nameOfHdd/home  /home  none  bind  0  0


## Configure Locale

- In "/etc/locale.gen" Enable all of:
  "de_CH.UTF-8 UTF-8", "de_CH ISO-8859-1", "en_DK.UTF-8 UTF-8", "en_DK ISO-8859-1".
- Run "locale-gen".
- Check list with "locale -a".
- Change "/etc/default/locale" contents to:
    LANG=en_DK.UTF-8
    LANGUAGE="en_US:en"


## Install Desktop Env

  && $SUDO apt install -y --no-install-recommends xorg openbox mate-terminal lightdm light-locker feh scrot lxpanel qalculate-gtk gmrun gnome-system-monitor \
  && mkdir ~/.config ~/.config/openbox || true \
  && update-alternatives `# TODO needs args` \

Populate "/etc/environment" as described by "./etc-environment".


## Install whatever needed

  && $SUDO apt install -y --no-install-recommends \
       `# basic CLI` \
       vim htop pv openssh-client iptables iptables-persistent xxd zip unzip xz-utils p7zip-full \
       file trash-cli ncat curl \
       `# basic UI (vim-gtk required for system clipboard)` \
       vim-gtk3 firefox-esr pcmanfm file-roller thunderbird chromium okular \
       `# software devel` \
       git sqlite3 manpages-dev gdb qemu-utils qemu-system-x86 qemu-system-arm wireshark samba \
       tigervnc-viewer jq universal-ctags \
       `# network config` \
       iwgtk \
       `# server` \
       nginx-light avahi-daemon  \
       `# mDNS client & tools` \
       libnss-mdns avahi-utils \
       `# multimedia` \
       pulseaudio pavucontrol vlc audacity eom darktable gimp hugin lame flac opus-tools ffmpeg \
       `# encryption` \
       keepassxc gpg \
       `# UI customization` \
       gnome-themes-extra darkmint-gtk-theme dconf-cli \
       `# Office Suite` \
       libreoffice-writer libreoffice-calc libreoffice-draw libxrender1 libgl1 \
       fonts-crosextra-caladea fonts-crosextra-carlito fonts-dejavu fonts-liberation \
       fonts-liberation2 fonts-linuxlibertine fonts-noto-core fonts-noto-mono fonts-noto-ui-core \
       fonts-sil-gentium-basic pdftk-java \
       `# Cups Printing` \
       cups avahi-daemon \
       `# Graphics processing` \
       imagemagick \
       `# Low level ` \
       lm-sensors fancontrol exfat-fuse exfatprogs \
       `# Others` \
       systemd-sysv bc rsync qrencode libxml2-utils \
       `# Nvidia graphics (open)` \
       mesa-utils clinfo mesa-opencl-icd \
       `# Nvidia graphics (non-free, DoesNotWorkYet)` \
       nvidia-detect nvidia-tesla-470-driver linux-headers-amd64 \


## Cups Printing

# Example "/etc/cups/cupsd.conf"
#
# [online doc](https://www.cups.org/doc/man-cupsd.conf.html)
#
ServerAdmin root@localhost
LogLevel warn
#
WebInterface Yes
Listen localhost:631
Listen /run/cups/cups.sock
ServerTokens None
#
DefaultPaperSize A4
MaxJobTime 1800
PreserveJobFiles 86400
DefaultShared Yes
#ServerName example.com
#DNSSDHostName example.com
FilterNice 8
#
# Keep the original <foobar> stuff that is following in original file
#

To discover printer URIs use "ippfind".