Add Debian install guide - new-install

commit 7934770dd8616a8ded9fa804e189b7bad1b44f8d
parent 8a881f0af6a55faaf845a5db8bdf6f66c7c1b962
Author: Chris Bracken <chris@bracken.jp>
Date:   Fri,  1 Oct 2021 12:42:44 -0700

Add Debian install guide

Working around Ubuntu's default desktop environment by installing the
server distro has become more work than just installing Debian.
Years ago, I switched to using Ubuntu Server for a Linux desktop because
it had better driver and firmware support at the time. That seems to
have resolved itself, and it's less effort to just install a
stripped-down Debian these days.

Diffstat:
A debian_install.md  | 309 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 309 insertions(+), 0 deletions(-)
diff --git a/debian_install.md b/debian_install.md
@@ -0,0 +1,309 @@
+Debian install with UEFI boot
+=============================
+
+This provides a basic rundown of process of a minimal Debian Linux install with
+the following setup:
+
+  * UEFI boot
+  * LVM filesystem
+  * Sway WM using Wayland
+
+This guide assumes a wired ethernet connection and a working DHCP server.
+
+
+Create USB boot disk
+--------------------
+
+Download an install image from https://debian.org/download, then write it to a
+disk using `dd`. Reboot the machine to be imaged and use the machine's BIOS
+features to boot from the USB drive in UEFI mode.
+
+
+Walk through the Debian installer
+---------------------------------
+
+Rough notes for installer (TODO: fill this out):
+* When prompted to partition the disk, select to use the whole disk with LVM.
+* When prompted to verify the LVM partitioning, adjust the space allocated to
+  each volume, partition, as necessary.
+* When prompted for which service to install, select none. Install the OpenSSH
+  server if desired.
+
+Reboot the machine.
+
+Verify the machine booted into UEFI mode:
+
+    ls /sys/firmware/efi/efivars
+
+If the directory does not exist, the system is likely booted in BIOS mode. You
+will want to enter BIOS and enable UEFI boot, then reboot from the USB drive in
+UEFI mode and restart installation.
+
+Next, we'll apply any immediate updates and remove any leftover unnecessary
+packages from the install process.
+
+    sudo apt upgrade
+    sudo apt autoremove
+    sudo apt clean
+
+Next we'll purge any leftover config files from any removed packages:
+
+    dpkg -l | grep '^rc '| awk '{print $2}' | xargs sudo dpkg -P
+
+
+Disable password/challenge-response ssh
+---------------------------------------
+
+Edit `/etc/ssh/sshd_config` to set the following:
+
+    PubkeyAuthentication yes
+    PasswordAuthentication no
+    ChallengeResponseAuthentication no
+
+Then restart sshd with:
+
+    systemctl restart ssh
+
+
+Install additional shells
+-------------------------
+
+    apt install zsh zsh-doc
+
+
+Configure filesystem support
+----------------------------
+
+Next, we'll set up automounting USB disks. Since many of these are FAT32 format,
+we'll also install tools for dealing with dos partitions:
+
+    apt install udisks2 udisks2-doc
+    apt install dosfstools
+
+We'll also add support for mounting NFS partitions:
+
+    apt install nfs-common
+
+
+Generate localisations
+----------------------
+
+Edit `/etc/locales.gen` and uncomment locales that we care about.
+
+    en_CA.UTF-8
+    fr_CA.UTF-8
+    ja_JP.UTF-8
+
+Then, regenerate the localisation files.
+
+    locale-gen
+
+
+Get audio working
+-----------------
+
+Install and configure pulseaudio:
+
+    apt install pulseaudio pulseaudio-utils
+
+I've noticed that every time I install, the default output seems to be muted.
+You can check this and unmute with:
+
+    pacmd list-sinks
+    pacmd set-sink-mute 0 no
+
+
+Install useful packages
+-----------------------
+
+Since `vim` is far nicer to work in than `ed`, `ex`, or `vim`, we'll install
+it first:
+
+    apt install vim
+
+Support for zip archives is handy:
+
+    apt install zip unzip
+
+Next, terminal multiplexing support via tmux:
+
+    apt install tmux
+
+Next, compilers and development tools:
+
+    apt install gcc g++ gdb binutils
+    apt install clang lld lldb
+    apt install python3
+    apt install golang
+    apt install rustc rust-doc cargo cargo-doc
+    apt install nasm
+    apt install generate-ninja ninja-build
+    apt install cmake cmake-doc
+    apt install meson
+    apt install scdoc
+
+And, source control:
+
+    apt install git tig
+
+For a GUI environment, we install Sway, an i3-like Wayland-based window manager:
+
+    apt install sway sway-backgrounds                     # Sway: Use noto fonts if prompted
+    apt install swayidle swaylock                         # Screen lock support
+    apt install xwayland x11-xserver-utils                # Xwayland support
+    apt install alacritty                                 # terminal
+    apt install grim jq slurp libnotify-bin wl-clipboard  # screenshots
+    apt install wofi                                      # app launcher (dmenu alternative)
+    apt install mako-notifier                             # notifications
+
+Next, install some additional Western and Japanese fonts:
+
+    apt install fonts-liberation
+    apt install fonts-ipafont
+    apt install fonts-noto
+
+Add some media players:
+
+    apt install sxiv
+    apt install mpv
+    apt install cmus
+
+Add chat clients:
+
+    # Install Signal from https://signal.org
+    apt install weechat weechat-doc
+
+Add web/gopher/gemini browsers:
+
+    apt install firefox-esr
+    apt install w3m
+    apt install lynx
+    apt install amfora    # Debian 12 or later
+
+Add useful utilities:
+
+    apt install pass      # GPG-based password maanger
+    apt install mc        # Command-line file manager
+    apt install apt-file  # List files in apt packages
+
+
+Install Japanese input support
+------------------------------
+
+fcitx5 is the IME frontend for Japanese input, while mozc provides the candidate
+selection backend. Install all the required packags:
+
+    apt install fcitx5-mozc
+
+Note that as of summer 2021, the Wayland IME protocol is still unstable. fcitx5
+only has partial integration with the sway window manager on Wayland. Under
+Xwayland, it works fine.
+
+
+Install mutt email client
+-------------------------
+
+Install mutt:
+
+    apt install mutt
+
+Install msmtp for SMTP sending and ca-certificates for TLS:
+
+    apt install msmtp
+    apt install ca-certificates
+
+Install notmuch for search/indexing:
+
+    apt install notmuch-mutt
+
+Install HTML-to-text support and URL handling:
+
+    apt install w3m urlscan
+
+Install isync (also known as mbsync):
+
+    apt install isync
+
+Install abook for address book support:
+
+    apt install abook
+
+
+Configure NFS
+-------------
+
+By default, NFS assumes identical user and group IDs on the client and server.
+NFSv4 can be configured to use `idmapd` to map user IDs between client and
+server, but this requires a little bit of legwork up front on the server and all
+clients.
+
+On both the client and server, edit `/etc/idmapd.conf` ensure the domain line is
+set consistently across both:
+```
+Domain = bracken.jp
+```
+
+With the default security mechanism, [idmapd][idmapping] support is disabled.
+You can verify this by running:
+```sh
+cat /sys/module/nfs/parameters/nfs4_disable_idmapping
+cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
+```
+
+To re-enable ID mapping, you can manually `echo N` into each of those files as
+root to temporarily re-enable it until next boot. To make these changes
+permanent across re-boots, edit `/etc/modprobe.d/nfs.conf` to contain:
+```
+options nfs nfs4_disable_idmapping=0
+options nfsd nfs4_disable_idmapping=0
+```
+
+Note that, as noted in the [idmapd][idmapping] section of the NFS wiki, it is
+_not_ necessary to run the nfs-imapd systemd service since there's already a
+newer ID mapper built-in. You can see this by running:
+```sh
+dmesg | grep id_resolver
+```
+
+Finally, we edit `/etc/fstab` to add the new mounts and make them user-mountable:
+```
+# Filesystem                   Mountpoint           Type Options                           Dump  Pass
+servername:/path/to/directory  /path/to/mountpoint  nfs  rw,nfsvers=4,_netdev,user,noauto  0     0
+```
+
+```
+systemctl start nfs-idmapd
+```
+
+[idmapping]: https://wiki.archlinux.org/title/NFS#Enabling_NFSv4_idmapping
+
+
+HP printer support
+------------------
+
+Next, we'll configure [CUPS][cups_guide] printer support for HP printers,
+mostly since that's what I have.
+
+    apt install cups hplip
+    doas vi /etc/sane.d/dll.d/hplip  # uncomment or add hpaio
+
+Start the CUPS printer daemon:
+
+    doas systemctl enable cups.service
+
+Add the printer:
+
+    doas hp-setup -i # PPD files under /usr/share/ppd/HP/
+
+Alternatively list the ZeroConf printers, then add one:
+
+    lpinfo --include-schemes dnssd -v
+    lpadmin -E                                 \  # Enable
+        -p "HP_Color_LaserJet"                 \  # Printer name
+        -D "HP Color LaserJet MFP M277dw"      \  # Description
+        -v "dnssd://HP%20Color%20LaserJet..."  \  # URL
+        -m everywhere                             # Model
+
+The model 'everywhere' is used for all printers produced after about 2009.
+
+[cups_guide]: https://wiki.archlinux.org/index.php/CUPS

	new-install Notes on OS intalls
	git clone https://git.bracken.jp/new-install.git
	Log \| Files \| Refs \| LICENSE