Debian Sid Desktop Base
(→i3) |
|||
Line 27: | Line 27: | ||
apt-get dist-upgrade | apt-get dist-upgrade | ||
{{:Debian_Server_Base_Configuration}} | {{:Debian_Server_Base_Configuration}} | ||
− | |||
==X== | ==X== | ||
Revision as of 09:53, 12 January 2014
Contents |
Introduction
This article aims to be a quick, high level run through of setting up a desktop system running Debian Sid. Essentially it provides base applications and configuration to get a minimal system running X.
Install
Install Debian Wheezy with a minimal install, numerous guides exist online for this.
Enabling Sid
Update your apt sources to use sid with a Debian mirror closer to your location by reviewing the available Debian mirrors.
I use the file /etc/apt/sources.list.d/sid.list for my sid apt sources.
mv /etc/apt/sources.list /etc/apt/sources.list.d/sid.list
cat > /etc/apt/sources.list.d/sid.list <<EOF deb http://mirror.internode.on.net/pub/debian/ sid main non-free contrib deb-src http://mirror.internode.on.net/pub/debian/ sid main non-free contrib EOF
Now update and upgrade.
apt-get update apt-get dist-upgrade
Install SSH
Update and then install ssh.
apt-get update apt-get install --no-install-recommends ssh
Then connect via SSH from a workstation and continue the rest of the install by first installing some extra SSH recommends
apt-get install --no-install-recommends tcpd openssh-blacklist openssh-blacklist-extra
APT Configuration
aptitude and apt-get will keep track of each other (except for held packages) so you can use both, but you should choose one and stick to it. I use apt-get for software management and aptitude for various things such as the aptitude why command.
Disable Recommends
Disable recommended packages installing by default by creating the file /etc/apt/apt.conf.d/10recommends with the following content.
editor /etc/apt/apt.conf.d/10recommends
APT ""; APT::Install-Recommends "false";
Then update apt-get again.
apt-get update
Utilities
Now install some useful apt tools (and recommended packages), Search the web for infromation on them or use apt-cache show packagename if you want to know more.
apt-get install deborphan debfoster apt-file python-apt lsb-release file iso-codes dialog \ cruft apt-rdepends reportbug apt-show-versions dctrl-tools
Optional: If you would like to review bug reports related to packages before they are installed you can use apt-listbugs
apt-get install apt-listbugs
Then update apt-file or simply run apt-get update if you used the tip above.
apt-file update
Multi-Arch
Optionally add extra architecture repositories if required. For example to add i386 to an AMD64 system
dpkg --add-architecture i386
Check architectures by running...
cat /var/lib/dpkg/arch
amd64 i386
Editor and Pager
apt-get install vim vim-doc vim-scripts vim-addon-manager less
Select default text editor by selecting /usr/bin/vim.basic in the update-alternatives dialogue as follows.
update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor). Selection Path Priority Status ------------------------------------------------------------ * 0 /bin/nano 40 auto mode 1 /bin/nano 40 manual mode 2 /usr/bin/vim.basic 30 manual mode 3 /usr/bin/vim.tiny 10 manual mode Press enter to keep the current choice[*], or type selection number: 2
Networking
Because the Debian installer may have configured our system to get it's network settings via DHCP or added some un-required details if configured statically, we change it to fit our requirements (in this example the IP address 192.0.2.1 is used).
Edit /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.0.2.1 netmask 255.255.255.0 gateway 192.0.2.254
Then restart networking.
nohup sh -c "ifdown eth0 && ifup eth0"
You will need to reconnect your SSH session on the new IP unless you configure the network settings via the console.
Hostname
Edit /etc/hosts substituting the computers hostname where applicable.
127.0.0.1 localhost.localdomain localhost 192.0.2.1 debian.example.local debserver # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
Now run...
echo debserver.example.local > /etc/hostname
invoke-rc.d hostname.sh start
Afterwards check the hostname and fqdn are correct.
hostname
debian.example.local
hostname -f
debian.example.local
Firmware
Install the latest firmware packages to support your hardware. You are free to exclude any you don't need, I just install all of the available firmware to save headaches if the server has to be moved/restored to new hardware for example.
apt-file update apt-get update apt-get install firmware-linux firmware-linux-nonfree
Running the following command will list the available firmware:
apt-file --package-only search /lib/firmware/
If you want to install all firmware you can run:
apt-get install $(apt-file --package-only search /lib/firmware/ | tr '\n' ' ')
Software
Base software to install.
apt-get install htop build-essential module-assistant linux-headers-amd64 \
tofrodos dosfstools fakeroot hdparm ntfs-3g rsync dkms bash-doc hwdata unp psmisc \
bzip2 p7zip rar unrar unzip zip p7zip-full lzop lzip lzma ntp fontconfig lshw \
hwinfo syslinux dnsutils sshfs screen telnet lsof bash-completion parted gdisk atop \
ca-certificates
Configuration Files
Bash
The Bash Section on this wiki includes example Bash startup files
Vim
Security
On servers, root SSH access is disallowed so I setup an "admin" user with sudo rights.
apt-get install sudo
Add a standard user with sudo access
useradd --comment "Admin Account" --groups sudo --create-home --shell /bin/bash --user-group myuser passwd myuser
Or if you have an existing user account
gpasswd -a myuser sudo
Logon as your new user via SSH and edit /etc/ssh/sshd_config
Alter PermitRootLogin to no
PermitRootLogin no
Save the file, exit and restart SSH
sudo invoke-rc.d ssh restart
You might also like to use the rootpw option for sudo which prompts sudo users for the root password instead of their own. If so create the file /etc/sudoers.d/rootpw by executing the following command:
sudo visudo -f /etc/sudoers.d/rootpw
Insert the following into the file and save it.
Defaults rootpw
System Tweaks
atime and diratime
Edit /etc/fstab and add noatime and optionally nodiratime to it. For example...
UUID=303a3234-0ba0-4779-ad1b-4d3bd095a224 / ext4 noatime,nodiratime,errors=remount-ro 0 1
Then reboot.
TTY Scrollback Buffer
To increase the TTY Scrollback see TTY Scrollback Buffer Size
X
apt-get install xorg mesa-utils xbase-clients xsel dbus-x11 xfonts-terminus xfonts-terminus-dos \ xfonts-terminus-oblique ttf-mscorefonts-installer gsfonts-x11 ttf-dejavu ttf-liberation ttf-freefont \ fonts-droid libgl1-mesa-dri
apt-get install rxvt-unicode
apt-get install gtk2-engines gtk2-engines-murrine gtk2-engines-pixbuf gtk2-engines-aurora lxappearance \ librsvg2-common qt4-qtconfig desktop-base dmz-cursor-theme xdg-user-dirs xdg-utils hicolor-icon-theme \ libfile-mimeinfo-perl menu-l10n libgtk2.0-bin libegl1-mesa-drivers libnet-dbus-perl libx11-protocol-perl
Alsa
apt-get install alsa-base alsa-utils libasound2-plugins
systemd
apt-get install systemd policykit-1 upower udisks libpam-ck-connector sg3-utils
i3
apt-get install i3 i3lock suckless-tools i3status dunst libcap2-bin libpam-cap
Iceweasel
apt-get install iceweasel flashplugin-nonfree default-jre icedtea-7-plugin aspell-en myspell-en-au