Debian Sid Desktop Base

From Bit Binary Wiki
(Difference between revisions)
Jump to: navigation, search
Line 27: Line 27:
  apt-get dist-upgrade
  apt-get dist-upgrade

Revision as of 09:53, 12 January 2014



This article aims to be a quick, high level run through of setting up a desktop system running Debian Sid. Essentially it provides base applications and configuration to get a minimal system running X.


Install Debian Wheezy with a minimal install, numerous guides exist online for this.

Tip: During Tasksel it is recommended to unselect all options.

Enabling Sid

Update your apt sources to use sid with a Debian mirror closer to your location by reviewing the available Debian mirrors.

I use the file /etc/apt/sources.list.d/sid.list for my sid apt sources.

mv /etc/apt/sources.list /etc/apt/sources.list.d/sid.list
cat > /etc/apt/sources.list.d/sid.list <<EOF
deb sid main non-free contrib
deb-src sid main non-free contrib

Now update and upgrade.

apt-get update
apt-get dist-upgrade

Install SSH

Update and then install ssh.

apt-get update
apt-get install --no-install-recommends ssh

Then connect via SSH from a workstation and continue the rest of the install by first installing some extra SSH recommends

apt-get install --no-install-recommends tcpd openssh-blacklist openssh-blacklist-extra

APT Configuration

aptitude and apt-get will keep track of each other (except for held packages) so you can use both, but you should choose one and stick to it. I use apt-get for software management and aptitude for various things such as the aptitude why command.

Disable Recommends

Disable recommended packages installing by default by creating the file /etc/apt/apt.conf.d/10recommends with the following content.

editor /etc/apt/apt.conf.d/10recommends
APT "";
APT::Install-Recommends "false";

Then update apt-get again.

apt-get update


Now install some useful apt tools (and recommended packages), Search the web for infromation on them or use apt-cache show packagename if you want to know more.

apt-get install deborphan debfoster apt-file python-apt lsb-release file iso-codes dialog \
cruft apt-rdepends reportbug apt-show-versions dctrl-tools

Optional: If you would like to review bug reports related to packages before they are installed you can use apt-listbugs

apt-get install apt-listbugs
Tip: If you would like apt-file to sync after each apt-get update you can create a configuration file at /etc/apt/apt.conf.d/90apt-file with the following content. This only works for apt-get not aptitude.
editor /etc/apt/apt.conf.d/90apt-file
APT::Update::Post-Invoke {"/usr/bin/apt-file update"; };

This adds more time for apt-get update to run, but is handy. You can read more about it here.

Then update apt-file or simply run apt-get update if you used the tip above.

apt-file update


Optionally add extra architecture repositories if required. For example to add i386 to an AMD64 system

dpkg --add-architecture i386

Check architectures by running...

cat /var/lib/dpkg/arch

Editor and Pager

apt-get install vim vim-doc vim-scripts vim-addon-manager less

Select default text editor by selecting /usr/bin/vim.basic in the update-alternatives dialogue as follows.

update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor).

  Selection    Path                Priority   Status
* 0            /bin/nano            40        auto mode
  1            /bin/nano            40        manual mode
  2            /usr/bin/vim.basic   30        manual mode
  3            /usr/bin/vim.tiny    10        manual mode

Press enter to keep the current choice[*], or type selection number: 2


Because the Debian installer may have configured our system to get it's network settings via DHCP or added some un-required details if configured statically, we change it to fit our requirements (in this example the IP address is used).

Note: allow-hotplug eth0 is replaced with auto eth0; otherwise restarting the network may fail, and we'd have to reboot the whole system.

Edit /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

Then restart networking.

nohup sh -c "ifdown eth0 && ifup eth0"

You will need to reconnect your SSH session on the new IP unless you configure the network settings via the console.


Edit /etc/hosts substituting the computers hostname where applicable.     localhost.localdomain    localhost     debian.example.local  debserver

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run...

echo debserver.example.local > /etc/hostname
invoke-rc.d start

Afterwards check the hostname and fqdn are correct.

hostname -f
Tip: An alternative is to use the libnss-myhostname package


Install the latest firmware packages to support your hardware. You are free to exclude any you don't need, I just install all of the available firmware to save headaches if the server has to be moved/restored to new hardware for example.

apt-file update
apt-get update
apt-get install firmware-linux firmware-linux-nonfree

Running the following command will list the available firmware:

apt-file --package-only search /lib/firmware/

If you want to install all firmware you can run:

apt-get install $(apt-file --package-only search /lib/firmware/ | tr '\n' ' ')


Base software to install.

apt-get install htop build-essential module-assistant linux-headers-amd64 \
tofrodos dosfstools fakeroot hdparm ntfs-3g rsync dkms bash-doc hwdata unp psmisc \
bzip2 p7zip rar unrar unzip zip p7zip-full lzop lzip lzma ntp fontconfig lshw \
hwinfo syslinux dnsutils sshfs screen telnet lsof bash-completion parted gdisk atop \
Note: locate/mlocate are excluded from server installations, use with caution on server installs and ensure you check your exclusiuons in /etc/updatedb.conf

Configuration Files


The Bash Section on this wiki includes example Bash startup files



On servers, root SSH access is disallowed so I setup an "admin" user with sudo rights.

apt-get install sudo

Add a standard user with sudo access

useradd --comment "Admin Account" --groups sudo --create-home --shell /bin/bash --user-group myuser
passwd myuser

Or if you have an existing user account

gpasswd -a myuser sudo

Logon as your new user via SSH and edit /etc/ssh/sshd_config

Alter PermitRootLogin to no

PermitRootLogin no

Save the file, exit and restart SSH

sudo invoke-rc.d ssh restart

You might also like to use the rootpw option for sudo which prompts sudo users for the root password instead of their own. If so create the file /etc/sudoers.d/rootpw by executing the following command:

sudo visudo -f /etc/sudoers.d/rootpw

Insert the following into the file and save it.

Defaults        rootpw
Tip: If you make a mistake just log on to the console as root an correct it.

System Tweaks

atime and diratime

Edit /etc/fstab and add noatime and optionally nodiratime to it. For example...

UUID=303a3234-0ba0-4779-ad1b-4d3bd095a224 / ext4 noatime,nodiratime,errors=remount-ro 0 1

Then reboot.

TTY Scrollback Buffer

To increase the TTY Scrollback see TTY Scrollback Buffer Size


apt-get install xorg mesa-utils xbase-clients xsel dbus-x11 xfonts-terminus xfonts-terminus-dos \
xfonts-terminus-oblique ttf-mscorefonts-installer gsfonts-x11 ttf-dejavu ttf-liberation ttf-freefont \
fonts-droid libgl1-mesa-dri
apt-get install rxvt-unicode
apt-get install gtk2-engines gtk2-engines-murrine gtk2-engines-pixbuf gtk2-engines-aurora lxappearance \
librsvg2-common qt4-qtconfig  desktop-base dmz-cursor-theme xdg-user-dirs xdg-utils hicolor-icon-theme  \
libfile-mimeinfo-perl menu-l10n libgtk2.0-bin libegl1-mesa-drivers libnet-dbus-perl libx11-protocol-perl


apt-get install alsa-base alsa-utils libasound2-plugins


apt-get install systemd policykit-1 upower udisks libpam-ck-connector sg3-utils


apt-get install i3 i3lock suckless-tools i3status dunst libcap2-bin libpam-cap


apt-get install iceweasel flashplugin-nonfree default-jre icedtea-7-plugin aspell-en myspell-en-au
Personal tools