Check out my first novel, midnight's simulacra!
Debian Unstable: Difference between revisions
From dankwiki
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
Update 2019-03-30: wow, this page sure is out of date! My next install is going to be [[Arch]] anyway. It's been a fantastic 20 years, Debian, and I'm happy to write you a letter of recommendation. | |||
==Installing Sid== | ==Installing Sid== | ||
* Acquire the [http://www.debian.org/devel/debian-installer/ daily businesscard ISO]. | * Acquire the [http://www.debian.org/devel/debian-installer/ daily businesscard ISO]. | ||
Line 19: | Line 21: | ||
** If not, retrieve them using <tt>blkid</tt>, and replace the /dev references | ** If not, retrieve them using <tt>blkid</tt>, and replace the /dev references | ||
* Install mcelog. Edit <tt>/etc/default/mcelog</tt>, adding "--syslog_error" to DAEMON_OPTS. | * Install mcelog. Edit <tt>/etc/default/mcelog</tt>, adding "--syslog_error" to DAEMON_OPTS. | ||
* Install <tt>mingetty</tt>. Open <tt>/etc/inittab</tt> and convert 'getty 38400' to 'mingetty'. | |||
====networking-related==== | |||
* Install ntpd. Edit <tt>/etc/default/ntp</tt>, changing NTPD_OPTS to '-g -x'. | * Install ntpd. Edit <tt>/etc/default/ntp</tt>, changing NTPD_OPTS to '-g -x'. | ||
** This allows the clock to be arbitrarily set once (presumably on startup), without slew delay | ** This allows the clock to be arbitrarily set once (presumably on startup), without slew delay | ||
* Unless the machine is intended as a mail server, set up a smarthost with <tt>ssmtp</tt>, purging <tt>Postfix</tt>/<tt>Exim</tt> | * Unless the machine is intended as a mail server, set up a smarthost with <tt>ssmtp</tt>, purging <tt>Postfix</tt>/<tt>Exim</tt> | ||
* Install openssh-server. Disable password-based authentication (use only keys). | * Install openssh-server. Disable password-based authentication (use only keys). | ||
** Debian already ships OpenSSH configured to use Protocol 2 only. | ** Debian already ships OpenSSH configured to use Protocol 2 only. | ||
** Optionally disable reverse DNS lookups: <tt>UseDNS no</tt> | ** Optionally disable reverse DNS lookups: <tt>UseDNS no</tt> | ||
** Optionally disable password-based auth: <tt>PasswordAuthentication no</tt> | ** Optionally disable password-based auth: <tt>PasswordAuthentication no</tt> | ||
* Add <tt>iptables</tt> rules to <tt>/etc/network/interfaces</tt> | |||
** Filter unused RFC 1938 addresses via the RAW table and [http://ipset.netfilter.org/tips.html ipset] | |||
** Filter INVALID and UNKNOWN states via the INPUT table (if appropriate) (requires connection tracking) | |||
* Enable IPv4 and IPv6 forwarding, if appropriate, in <tt>/etc/sysctl.conf</tt>: | |||
** <tt>net.ipv4.ip_forward=1</tt> | |||
** <tt>net.ipv6.conf.all.forwarding=1</tt> (note: disables Stateless Address Autoconfiguration!) | |||
==Multiuser== | ==Multiuser== | ||
* Clone my home directory from https://github.com/dankamongmen/dankhome.git | * Clone my home directory from https://github.com/dankamongmen/dankhome.git |
Latest revision as of 23:56, 30 March 2019
Update 2019-03-30: wow, this page sure is out of date! My next install is going to be Arch anyway. It's been a fantastic 20 years, Debian, and I'm happy to write you a letter of recommendation.
Installing Sid
- Acquire the daily businesscard ISO.
- These won't work from time to time, especially when base packages are being upgraded (the installer will expect a version which is no longer available)
- Prepare external firmware, if necessary
- Boot the ISO, selecting an Expert install
Post-install
sudo
- Install sudo. Edit /etc/sudoers (using visudo) to allow the sudo group to run all commands without a password:
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
- Add user account to sudo group
debconf
- dpkg-reconfigure debconf, set minimum priority to Low
- dpkg-reconfigure -a, reconfiguring all debconf questions
boot process
- Edit /etc/default/rcS, enabling FSCKFIX, VERBOSE, RAMRUN, RAMLOCK
- Edit /etc/default/grub, removing "quiet" from GRUB_CMDLINE_LINUX_DEFAULT
- Rerun update-grub
- Ensure LABEL or UUID directives are being used in /etc/fstab
- If not, retrieve them using blkid, and replace the /dev references
- Install mcelog. Edit /etc/default/mcelog, adding "--syslog_error" to DAEMON_OPTS.
- Install mingetty. Open /etc/inittab and convert 'getty 38400' to 'mingetty'.
- Install ntpd. Edit /etc/default/ntp, changing NTPD_OPTS to '-g -x'.
- This allows the clock to be arbitrarily set once (presumably on startup), without slew delay
- Unless the machine is intended as a mail server, set up a smarthost with ssmtp, purging Postfix/Exim
- Install openssh-server. Disable password-based authentication (use only keys).
- Debian already ships OpenSSH configured to use Protocol 2 only.
- Optionally disable reverse DNS lookups: UseDNS no
- Optionally disable password-based auth: PasswordAuthentication no
- Add iptables rules to /etc/network/interfaces
- Filter unused RFC 1938 addresses via the RAW table and ipset
- Filter INVALID and UNKNOWN states via the INPUT table (if appropriate) (requires connection tracking)
- Enable IPv4 and IPv6 forwarding, if appropriate, in /etc/sysctl.conf:
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1 (note: disables Stateless Address Autoconfiguration!)
Multiuser
- Clone my home directory from https://github.com/dankamongmen/dankhome.git
- Set a color for the local machine in .pcolor
- This is based on the binary bin/color, and hooks to PS1 in .bashrc
- Install compiz and gdm3.
- If SSH keys will be homed on this (hopefully local) machine...
- Install libpam-ssh, and configure it
- Recently, this can be done entirely inside of debconf -- no editing of PAM configs by hand
- Remove info and install pinfo
- FIXME plenty more..
External Applications
Perforce
- Grab the amd64 Perforce binaries
- Unpack the P4V tarball to local/
- Update the local/ symlink: ln -sf abspath local/p4
- Set up the p4 command line utility: chmod 775 p4 and mv p4 local/p4/bin
Flash
- So long as there's no native 64-bit Linux client, you can either...
- Use the GNU Gnash plugin, which works kinda
- Use the 32-bit player with nspluginwrapper, from Debian Multimedia
Debian Multimedia
- See the page at http://debian-multimedia.org/
- Add deb http://www.debian-multimedia.org sid main non-free to /etc/apt/sources.list, and install debian-multimedia-keyring