Debian Sid Desktop Base

From Bit Binary Wiki
Jump to: navigation, search

Contents

Introduction

This article aims to be a quick, high level run through of setting up a desktop system running Debian Sid. Essentially it provides base applications and configuration to get a minimal system running X from which you can then build a UI on.

Text highlighted yellow should be reviewed and updated where applicable for your installation.

Install

Install Debian Wheezy with a minimal install, numerous guides exist online for this.

Tip: During Tasksel it is recommended to unselect all options.

Enabling Sid

Update your apt sources to use sid with a Debian mirror closer to your location by reviewing the available Debian mirrors.

I use the file /etc/apt/sources.list.d/sid.list for my sid apt sources.

mv /etc/apt/sources.list /etc/apt/sources.list.d/sid.list
cat > /etc/apt/sources.list.d/sid.list <<EOF
deb http://mirror.internode.on.net/pub/debian/ sid main non-free contrib
deb-src http://mirror.internode.on.net/pub/debian/ sid main non-free contrib
EOF

Now update and upgrade.

apt-get update
apt-get dist-upgrade

Install SSH

Update and then install ssh.

apt-get update
apt-get install --no-install-recommends ssh

Then connect via SSH from a workstation and continue the rest of the install by first installing some extra SSH recommends

apt-get install --no-install-recommends tcpd openssh-blacklist openssh-blacklist-extra

APT Configuration

aptitude and apt-get will keep track of each other (except for held packages) so you can use both, but you should choose one and stick to it. I use apt-get for software management and aptitude for various things such as the aptitude why command.

Disable Recommends

Disable recommended packages installing by default by creating the file /etc/apt/apt.conf.d/10recommends with the following content.

editor /etc/apt/apt.conf.d/10recommends
APT "";
APT::Install-Recommends "false";

Then update apt-get again.

apt-get update


Utilities

Now install some useful apt tools (and recommended packages), Search the web for infromation on them or use apt-cache show packagename if you want to know more.

apt-get install deborphan debfoster apt-file python-apt lsb-release file iso-codes dialog \
cruft apt-rdepends reportbug apt-show-versions dctrl-tools

Optional: If you would like to review bug reports related to packages before they are installed you can use apt-listbugs

apt-get install apt-listbugs
Tip: If you would like apt-file to sync after each apt-get update you can create a configuration file at /etc/apt/apt.conf.d/90apt-file with the following content. This only works for apt-get not aptitude.
editor /etc/apt/apt.conf.d/90apt-file
APT::Update::Post-Invoke {"/usr/bin/apt-file update"; };

This adds more time for apt-get update to run, but is handy. You can read more about it here.

Then update apt-file or simply run apt-get update if you used the tip above.

apt-file update

Multi-Arch

Optionally add extra architecture repositories if required. For example to add i386 to an AMD64 system

dpkg --add-architecture i386

Check architectures by running...

cat /var/lib/dpkg/arch
amd64
i386

Editor and Pager

apt-get install vim vim-doc vim-scripts vim-addon-manager less

Select default text editor by selecting /usr/bin/vim.basic in the update-alternatives dialogue as follows.

update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor).

  Selection    Path                Priority   Status
------------------------------------------------------------
* 0            /bin/nano            40        auto mode
  1            /bin/nano            40        manual mode
  2            /usr/bin/vim.basic   30        manual mode
  3            /usr/bin/vim.tiny    10        manual mode

Press enter to keep the current choice[*], or type selection number: 2

Networking

Because the Debian installer may have configured our system to get it's network settings via DHCP or added some un-required details if configured statically, we change it to fit our requirements (in this example the IP address 192.0.2.1 is used).

Note: allow-hotplug eth0 is replaced with auto eth0; otherwise restarting the network may fail, and we'd have to reboot the whole system.

Edit /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.0.2.1
    netmask 255.255.255.0
    gateway 192.0.2.254

Then restart networking.

nohup sh -c "ifdown eth0 && ifup eth0"

You will need to reconnect your SSH session on the new IP unless you configure the network settings via the console.

Hostname

Edit /etc/hosts substituting the computers hostname where applicable.

127.0.0.1     localhost.localdomain    localhost
192.0.2.1     debian.example.local  debserver

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run...

echo debserver.example.local > /etc/hostname
invoke-rc.d hostname.sh start

Afterwards check the hostname and fqdn are correct.

hostname
debian.example.local
hostname -f
debian.example.local
Tip: An alternative is to use the libnss-myhostname package

Firmware

Install the latest firmware packages to support your hardware. You are free to exclude any you don't need, I just install all of the available firmware to save headaches if the server has to be moved/restored to new hardware for example.

apt-file update
apt-get update
apt-get install firmware-linux firmware-linux-nonfree

Running the following command will list the available firmware:

apt-file --package-only search /lib/firmware/

If you want to install all firmware you can run:

apt-get install $(apt-file --package-only search /lib/firmware/ | tr '\n' ' ')

Software

Base software to install.

apt-get install htop build-essential module-assistant linux-headers-amd64 \
tofrodos dosfstools fakeroot hdparm ntfs-3g rsync dkms bash-doc hwdata unp psmisc \
bzip2 p7zip rar unrar unzip zip p7zip-full lzop lzip lzma ntp fontconfig lshw \
hwinfo syslinux dnsutils sshfs screen telnet lsof bash-completion parted gdisk atop \
ca-certificates
Note: locate/mlocate are excluded from server installations, use with caution on server installs and ensure you check your exclusiuons in /etc/updatedb.conf

Configuration Files

Bash

The Bash Section on this wiki includes example Bash startup files

Vim

Security

On servers, root SSH access is disallowed so I setup an "admin" user with sudo rights.

apt-get install sudo

Add a standard user with sudo access

useradd --comment "Admin Account" --groups sudo --create-home --shell /bin/bash --user-group myuser
passwd myuser

Or if you have an existing user account

gpasswd -a myuser sudo

Logon as your new user via SSH and edit /etc/ssh/sshd_config

Alter PermitRootLogin to no

PermitRootLogin no

Save the file, exit and restart SSH

sudo invoke-rc.d ssh restart

You might also like to use the rootpw option for sudo which prompts sudo users for the root password instead of their own. If so create the file /etc/sudoers.d/rootpw by executing the following command:

sudo visudo -f /etc/sudoers.d/rootpw

Insert the following into the file and save it.

Defaults        rootpw
Tip: If you make a mistake just log on to the console as root an correct it.

System Tweaks

atime and diratime

Edit /etc/fstab and add noatime and optionally nodiratime to it. For example...

UUID=303a3234-0ba0-4779-ad1b-4d3bd095a224 / ext4 noatime,nodiratime,errors=remount-ro 0 1

Then reboot.

TTY Scrollback Buffer

To increase the TTY Scrollback see TTY Scrollback Buffer Size

User Account

useradd --comment "Firstname Surname" --groups sudo,cdrom,floppy,sudo,audio,dip,video,plugdev,fuse --create-home --shell /bin/bash --user-group myuser
passwd myuser


X

apt-get install xorg mesa-utils xbase-clients xsel dbus-x11 xfonts-terminus xfonts-terminus-dos \
xfonts-terminus-oblique ttf-mscorefonts-installer gsfonts-x11 ttf-dejavu ttf-liberation ttf-freefont \
fonts-droid libgl1-mesa-dri
apt-get install desktop-base dmz-cursor-theme xdg-user-dirs xdg-utils libfile-mimeinfo-perl menu-l10n \
libegl1-mesa-drivers libnet-dbus-perl libx11-protocol-perl myspell-en-au aspell-en

Alsa

apt-get install alsa-base alsa-utils libasound2-plugins

systemd

apt-get install systemd policykit-1 upower udisks libpam-ck-connector sg3-utils

i3

apt-get install i3 i3lock suckless-tools i3status dunst libcap2-bin libpam-cap

Iceweasel

apt-get install iceweasel flashplugin-nonfree default-jre icedtea-7-plugin aspell-en myspell-en-au
Personal tools