new-install

Notes on OS intalls
git clone https://git.bracken.jp/new-install.git
Log | Files | Refs | LICENSE

commit 7934770dd8616a8ded9fa804e189b7bad1b44f8d
parent 8a881f0af6a55faaf845a5db8bdf6f66c7c1b962
Author: Chris Bracken <chris@bracken.jp>
Date:   Fri,  1 Oct 2021 12:42:44 -0700

Add Debian install guide

Working around Ubuntu's default desktop environment by installing the
server distro has become more work than just installing Debian.
Years ago, I switched to using Ubuntu Server for a Linux desktop because
it had better driver and firmware support at the time. That seems to
have resolved itself, and it's less effort to just install a
stripped-down Debian these days.

Diffstat:
Adebian_install.md | 309+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 309 insertions(+), 0 deletions(-)

diff --git a/debian_install.md b/debian_install.md @@ -0,0 +1,309 @@ +Debian install with UEFI boot +============================= + +This provides a basic rundown of process of a minimal Debian Linux install with +the following setup: + + * UEFI boot + * LVM filesystem + * Sway WM using Wayland + +This guide assumes a wired ethernet connection and a working DHCP server. + + +Create USB boot disk +-------------------- + +Download an install image from https://debian.org/download, then write it to a +disk using `dd`. Reboot the machine to be imaged and use the machine's BIOS +features to boot from the USB drive in UEFI mode. + + +Walk through the Debian installer +--------------------------------- + +Rough notes for installer (TODO: fill this out): +* When prompted to partition the disk, select to use the whole disk with LVM. +* When prompted to verify the LVM partitioning, adjust the space allocated to + each volume, partition, as necessary. +* When prompted for which service to install, select none. Install the OpenSSH + server if desired. + +Reboot the machine. + +Verify the machine booted into UEFI mode: + + ls /sys/firmware/efi/efivars + +If the directory does not exist, the system is likely booted in BIOS mode. You +will want to enter BIOS and enable UEFI boot, then reboot from the USB drive in +UEFI mode and restart installation. + +Next, we'll apply any immediate updates and remove any leftover unnecessary +packages from the install process. + + sudo apt upgrade + sudo apt autoremove + sudo apt clean + +Next we'll purge any leftover config files from any removed packages: + + dpkg -l | grep '^rc '| awk '{print $2}' | xargs sudo dpkg -P + + +Disable password/challenge-response ssh +--------------------------------------- + +Edit `/etc/ssh/sshd_config` to set the following: + + PubkeyAuthentication yes + PasswordAuthentication no + ChallengeResponseAuthentication no + +Then restart sshd with: + + systemctl restart ssh + + +Install additional shells +------------------------- + + apt install zsh zsh-doc + + +Configure filesystem support +---------------------------- + +Next, we'll set up automounting USB disks. Since many of these are FAT32 format, +we'll also install tools for dealing with dos partitions: + + apt install udisks2 udisks2-doc + apt install dosfstools + +We'll also add support for mounting NFS partitions: + + apt install nfs-common + + +Generate localisations +---------------------- + +Edit `/etc/locales.gen` and uncomment locales that we care about. + + en_CA.UTF-8 + fr_CA.UTF-8 + ja_JP.UTF-8 + +Then, regenerate the localisation files. + + locale-gen + + +Get audio working +----------------- + +Install and configure pulseaudio: + + apt install pulseaudio pulseaudio-utils + +I've noticed that every time I install, the default output seems to be muted. +You can check this and unmute with: + + pacmd list-sinks + pacmd set-sink-mute 0 no + + +Install useful packages +----------------------- + +Since `vim` is far nicer to work in than `ed`, `ex`, or `vim`, we'll install +it first: + + apt install vim + +Support for zip archives is handy: + + apt install zip unzip + +Next, terminal multiplexing support via tmux: + + apt install tmux + +Next, compilers and development tools: + + apt install gcc g++ gdb binutils + apt install clang lld lldb + apt install python3 + apt install golang + apt install rustc rust-doc cargo cargo-doc + apt install nasm + apt install generate-ninja ninja-build + apt install cmake cmake-doc + apt install meson + apt install scdoc + +And, source control: + + apt install git tig + +For a GUI environment, we install Sway, an i3-like Wayland-based window manager: + + apt install sway sway-backgrounds # Sway: Use noto fonts if prompted + apt install swayidle swaylock # Screen lock support + apt install xwayland x11-xserver-utils # Xwayland support + apt install alacritty # terminal + apt install grim jq slurp libnotify-bin wl-clipboard # screenshots + apt install wofi # app launcher (dmenu alternative) + apt install mako-notifier # notifications + +Next, install some additional Western and Japanese fonts: + + apt install fonts-liberation + apt install fonts-ipafont + apt install fonts-noto + +Add some media players: + + apt install sxiv + apt install mpv + apt install cmus + +Add chat clients: + + # Install Signal from https://signal.org + apt install weechat weechat-doc + +Add web/gopher/gemini browsers: + + apt install firefox-esr + apt install w3m + apt install lynx + apt install amfora # Debian 12 or later + +Add useful utilities: + + apt install pass # GPG-based password maanger + apt install mc # Command-line file manager + apt install apt-file # List files in apt packages + + +Install Japanese input support +------------------------------ + +fcitx5 is the IME frontend for Japanese input, while mozc provides the candidate +selection backend. Install all the required packags: + + apt install fcitx5-mozc + +Note that as of summer 2021, the Wayland IME protocol is still unstable. fcitx5 +only has partial integration with the sway window manager on Wayland. Under +Xwayland, it works fine. + + +Install mutt email client +------------------------- + +Install mutt: + + apt install mutt + +Install msmtp for SMTP sending and ca-certificates for TLS: + + apt install msmtp + apt install ca-certificates + +Install notmuch for search/indexing: + + apt install notmuch-mutt + +Install HTML-to-text support and URL handling: + + apt install w3m urlscan + +Install isync (also known as mbsync): + + apt install isync + +Install abook for address book support: + + apt install abook + + +Configure NFS +------------- + +By default, NFS assumes identical user and group IDs on the client and server. +NFSv4 can be configured to use `idmapd` to map user IDs between client and +server, but this requires a little bit of legwork up front on the server and all +clients. + +On both the client and server, edit `/etc/idmapd.conf` ensure the domain line is +set consistently across both: +``` +Domain = bracken.jp +``` + +With the default security mechanism, [idmapd][idmapping] support is disabled. +You can verify this by running: +```sh +cat /sys/module/nfs/parameters/nfs4_disable_idmapping +cat /sys/module/nfsd/parameters/nfs4_disable_idmapping +``` + +To re-enable ID mapping, you can manually `echo N` into each of those files as +root to temporarily re-enable it until next boot. To make these changes +permanent across re-boots, edit `/etc/modprobe.d/nfs.conf` to contain: +``` +options nfs nfs4_disable_idmapping=0 +options nfsd nfs4_disable_idmapping=0 +``` + +Note that, as noted in the [idmapd][idmapping] section of the NFS wiki, it is +_not_ necessary to run the nfs-imapd systemd service since there's already a +newer ID mapper built-in. You can see this by running: +```sh +dmesg | grep id_resolver +``` + +Finally, we edit `/etc/fstab` to add the new mounts and make them user-mountable: +``` +# Filesystem Mountpoint Type Options Dump Pass +servername:/path/to/directory /path/to/mountpoint nfs rw,nfsvers=4,_netdev,user,noauto 0 0 +``` + +``` +systemctl start nfs-idmapd +``` + +[idmapping]: https://wiki.archlinux.org/title/NFS#Enabling_NFSv4_idmapping + + +HP printer support +------------------ + +Next, we'll configure [CUPS][cups_guide] printer support for HP printers, +mostly since that's what I have. + + apt install cups hplip + doas vi /etc/sane.d/dll.d/hplip # uncomment or add hpaio + +Start the CUPS printer daemon: + + doas systemctl enable cups.service + +Add the printer: + + doas hp-setup -i # PPD files under /usr/share/ppd/HP/ + +Alternatively list the ZeroConf printers, then add one: + + lpinfo --include-schemes dnssd -v + lpadmin -E \ # Enable + -p "HP_Color_LaserJet" \ # Printer name + -D "HP Color LaserJet MFP M277dw" \ # Description + -v "dnssd://HP%20Color%20LaserJet..." \ # URL + -m everywhere # Model + +The model 'everywhere' is used for all printers produced after about 2009. + +[cups_guide]: https://wiki.archlinux.org/index.php/CUPS