debian_install.md (8195B)
1 Debian install with UEFI boot 2 ============================= 3 4 This provides a basic rundown of process of a minimal Debian Linux install with 5 the following setup: 6 7 * UEFI boot 8 * LVM filesystem 9 * Sway WM using Wayland 10 11 This guide assumes a wired ethernet connection and a working DHCP server. 12 13 14 Create USB boot disk 15 -------------------- 16 17 Download an install image from https://debian.org/download, then write it to a 18 disk using `dd`. Reboot the machine to be imaged and use the machine's BIOS 19 features to boot from the USB drive in UEFI mode. 20 21 22 Walk through the Debian installer 23 --------------------------------- 24 25 Rough notes for installer (TODO: fill this out): 26 * When prompted to partition the disk, select to use the whole disk with LVM. 27 * When prompted to verify the LVM partitioning, adjust the space allocated to 28 each volume, partition, as necessary. 29 * When prompted for which service to install, select none. Install the OpenSSH 30 server if desired. 31 32 Reboot the machine. 33 34 Verify the machine booted into UEFI mode: 35 36 ls /sys/firmware/efi/efivars 37 38 If the directory does not exist, the system is likely booted in BIOS mode. You 39 will want to enter BIOS and enable UEFI boot, then reboot from the USB drive in 40 UEFI mode and restart installation. 41 42 Next, we'll apply any immediate updates and remove any leftover unnecessary 43 packages from the install process. 44 45 sudo apt upgrade 46 sudo apt autoremove 47 sudo apt clean 48 49 Next we'll purge any leftover config files from any removed packages: 50 51 dpkg -l | grep '^rc '| awk '{print $2}' | xargs sudo dpkg -P 52 53 54 Disable password/challenge-response ssh 55 --------------------------------------- 56 57 Edit `/etc/ssh/sshd_config` to set the following: 58 59 PubkeyAuthentication yes 60 PasswordAuthentication no 61 ChallengeResponseAuthentication no 62 63 Then restart sshd with: 64 65 systemctl restart ssh 66 67 68 Install additional shells 69 ------------------------- 70 71 apt install zsh zsh-doc 72 73 74 Configure filesystem support 75 ---------------------------- 76 77 Next, we'll set up automounting USB disks. Since many of these are FAT32 format, 78 we'll also install tools for dealing with dos partitions: 79 80 apt install udisks2 udisks2-doc 81 apt install dosfstools 82 83 We'll also add support for mounting NFS partitions: 84 85 apt install nfs-common 86 87 88 Generate localisations 89 ---------------------- 90 91 Edit `/etc/locales.gen` and uncomment locales that we care about. 92 93 en_CA.UTF-8 94 fr_CA.UTF-8 95 ja_JP.UTF-8 96 97 Then, regenerate the localisation files. 98 99 locale-gen 100 101 102 Get audio working 103 ----------------- 104 105 Install and configure pulseaudio: 106 107 apt install pulseaudio pulseaudio-utils 108 109 I've noticed that every time I install, the default output seems to be muted. 110 You can check this and unmute with: 111 112 pacmd list-sinks 113 pacmd set-sink-mute 0 no 114 115 116 Install useful packages 117 ----------------------- 118 119 Since `vim` is far nicer to work in than `ed`, `ex`, or `vim`, we'll install 120 it first: 121 122 apt install vim 123 124 Support for zip archives is handy: 125 126 apt install zip unzip 127 128 Next, terminal multiplexing support via tmux: 129 130 apt install tmux 131 132 Next, compilers and development tools: 133 134 apt install gcc g++ gdb binutils 135 apt install clang lld lldb 136 apt install python3 137 apt install golang 138 apt install rustc rust-doc cargo cargo-doc 139 apt install nasm 140 apt install generate-ninja ninja-build 141 apt install cmake cmake-doc 142 apt install meson 143 apt install scdoc 144 145 And, source control: 146 147 apt install git tig 148 149 For a GUI environment, we install Sway, an i3-like Wayland-based window manager: 150 151 apt install sway sway-backgrounds # Sway: Use noto fonts if prompted 152 apt install swayidle swaylock # Screen lock support 153 apt install xwayland x11-xserver-utils # Xwayland support 154 apt install alacritty # terminal 155 apt install grim jq slurp libnotify-bin wl-clipboard # screenshots 156 apt install wofi # app launcher (dmenu alternative) 157 apt install mako-notifier # notifications 158 159 Next, install some additional Western and Japanese fonts: 160 161 apt install fonts-liberation 162 apt install fonts-ipafont 163 apt install fonts-noto 164 165 Add some media players: 166 167 apt install sxiv 168 apt install mpv 169 apt install cmus 170 171 Add chat clients: 172 173 # Install Signal from https://signal.org 174 apt install weechat weechat-doc 175 176 Add web/gopher/gemini browsers: 177 178 apt install firefox-esr 179 apt install w3m 180 apt install lynx 181 apt install amfora # Debian 12 or later 182 183 Add useful utilities: 184 185 apt install pass # GPG-based password maanger 186 apt install mc # Command-line file manager 187 apt install apt-file # List files in apt packages 188 189 190 Install Japanese input support 191 ------------------------------ 192 193 fcitx5 is the IME frontend for Japanese input, while mozc provides the candidate 194 selection backend. Install all the required packags: 195 196 apt install fcitx5-mozc 197 198 Note that as of summer 2021, the Wayland IME protocol is still unstable. fcitx5 199 only has partial integration with the sway window manager on Wayland. Under 200 Xwayland, it works fine. 201 202 203 Install mutt email client 204 ------------------------- 205 206 Install mutt: 207 208 apt install mutt 209 210 Install msmtp for SMTP sending and ca-certificates for TLS: 211 212 apt install msmtp 213 apt install ca-certificates 214 215 Install notmuch for search/indexing: 216 217 apt install notmuch-mutt 218 219 Install HTML-to-text support and URL handling: 220 221 apt install w3m urlscan 222 223 Install isync (also known as mbsync): 224 225 apt install isync 226 227 Install abook for address book support: 228 229 apt install abook 230 231 232 Configure NFS 233 ------------- 234 235 By default, NFS assumes identical user and group IDs on the client and server. 236 NFSv4 can be configured to use `idmapd` to map user IDs between client and 237 server, but this requires a little bit of legwork up front on the server and all 238 clients. 239 240 On both the client and server, edit `/etc/idmapd.conf` ensure the domain line is 241 set consistently across both: 242 ``` 243 Domain = bracken.jp 244 ``` 245 246 With the default security mechanism, [idmapd][idmapping] support is disabled. 247 You can verify this by running: 248 ```sh 249 cat /sys/module/nfs/parameters/nfs4_disable_idmapping 250 cat /sys/module/nfsd/parameters/nfs4_disable_idmapping 251 ``` 252 253 To re-enable ID mapping, you can manually `echo N` into each of those files as 254 root to temporarily re-enable it until next boot. To make these changes 255 permanent across re-boots, edit `/etc/modprobe.d/nfs.conf` to contain: 256 ``` 257 options nfs nfs4_disable_idmapping=0 258 options nfsd nfs4_disable_idmapping=0 259 ``` 260 261 Note that, as noted in the [idmapd][idmapping] section of the NFS wiki, it is 262 _not_ necessary to run the nfs-imapd systemd service since there's already a 263 newer ID mapper built-in. You can see this by running: 264 ```sh 265 dmesg | grep id_resolver 266 ``` 267 268 Finally, we edit `/etc/fstab` to add the new mounts and make them user-mountable: 269 ``` 270 # Filesystem Mountpoint Type Options Dump Pass 271 servername:/path/to/directory /path/to/mountpoint nfs rw,nfsvers=4,_netdev,user,noauto 0 0 272 ``` 273 274 ``` 275 systemctl start nfs-idmapd 276 ``` 277 278 [idmapping]: https://wiki.archlinux.org/title/NFS#Enabling_NFSv4_idmapping 279 280 281 HP printer support 282 ------------------ 283 284 Next, we'll configure [CUPS][cups_guide] printer support for HP printers, 285 mostly since that's what I have. 286 287 apt install cups hplip 288 doas vi /etc/sane.d/dll.d/hplip # uncomment or add hpaio 289 290 Start the CUPS printer daemon: 291 292 doas systemctl enable cups.service 293 294 Add the printer: 295 296 doas hp-setup -i # PPD files under /usr/share/ppd/HP/ 297 298 Alternatively list the ZeroConf printers, then add one: 299 300 lpinfo --include-schemes dnssd -v 301 lpadmin -E \ # Enable 302 -p "HP_Color_LaserJet" \ # Printer name 303 -D "HP Color LaserJet MFP M277dw" \ # Description 304 -v "dnssd://HP%20Color%20LaserJet..." \ # URL 305 -m everywhere # Model 306 307 The model 'everywhere' is used for all printers produced after about 2009. 308 309 [cups_guide]: https://wiki.archlinux.org/index.php/CUPS