Basic Debian Installation: Difference between revisions
Jump to navigation
Jump to search
DrEdWilliams (talk | contribs) mNo edit summary |
DrEdWilliams (talk | contribs) mNo edit summary |
||
| Line 7: | Line 7: | ||
* let it finish and reboot | * let it finish and reboot | ||
== | == Basic system prep == | ||
Most of the initial configuration is now contained in a script that can be executed directly from the config server as root on the target system: | |||
curl -s http://config/config/debian-basic-config.sh | bash | |||
wget -qO http://config/config/debian-basic-config.sh | bash | |||
The contents of this script are included here for reference, though updates to the script may occur without updates to this page: | |||
<pre>#!/bin/sh | |||
# | |||
# script to do the basic install of a debian headless server | |||
# | |||
# Assumptions: | |||
# - this is run as root immediately after the install has completed | |||
# - the hostname has been set as desired before this script is run | |||
# - an administrator account 'ewilliam' was created during installation | |||
# | |||
# invoke using one of these commands: | |||
# | |||
# wget -qO http://config/config/debian-basic-config.sh | bash | |||
# curl -s http://config/config/debian-basic-config.sh | bash | |||
# | |||
= | CONFIG=http://config/config | ||
# first -- install all the basic necessities (some may already be there) | |||
apt-get install -y net-tools zsh sudo rsync mlocate wget nfs-common psmisc | |||
apt-get install -y aptitude sshfs git curl | |||
== | # the ssmtp package is not officially supported under buster | ||
# download the package from stretch and install | |||
SSMTP_DEB=ssmtp_2.64-9_amd64.deb | |||
#SSMTP_DEB=ssmtp_2.64-8+b2_amd64.deb | |||
wget http://http.us.debian.org/debian/pool/main/s/ssmtp/${SSMTP_DEB} | |||
apt-get install -y ./${SSMTP_DEB} | |||
# now get all the updates | |||
apt-get -y upgrade | |||
==== Configure shared filesystem access | # make sudo passwordless for group wheel | ||
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD | |||
chmod 440 /etc/sudoers.d/91-wheel-NOPASSWD | |||
usermod -aG sudo ewilliam | |||
# now that zsh is installed, make it the default | |||
chsh -s /bin/zsh | |||
chsh -s /bin/zsh ewilliam | |||
# copy the standard zsh config files | |||
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc | |||
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc | |||
chown ewilliam.ewilliam /home/ewilliam/.zshrc | |||
# load ssh known_hosts from the config server | |||
mkdir -p /root/.ssh | |||
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts | |||
mkdir -p /home/ewilliam/.ssh | |||
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts | |||
chown -R ewilliam.ewilliam /home/ewilliam/.ssh | |||
# get backup scripts | |||
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup | |||
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh | |||
chmod +x /usr/local/bin/rsync_backup.sh /etc/cron.daily/backup | |||
# configure log server | |||
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf | |||
systemctl restart rsyslog | |||
# enable mail to the central email server | |||
# unlike the CentOS version of the ssmtp package, this doesn't recognize the /etc/aliases file | |||
# to make it work, the hostname needs to be set to 'williams.localnet' and the mail server must be at 'mail' | |||
sed -i 's/^hostname=.*$/hostname=williams.localnet/' /etc/ssmtp/ssmtp.conf | |||
# get the standard /etc/hosts file | |||
curl -s $CONFIG/hosts -o /etc/hosts | |||
# install more supporting stuff | |||
apt-get install -y gpg apt-transport-https | |||
# install metricbeat, using the standard config file on the config server | |||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - | |||
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list | |||
apt-get install -y metricbeat | |||
curl -s $CONFIG/centos7/metricbeat.yml -o /etc/metricbeat/metricbeat.yml | |||
chmod 640 /etc/metricbeat/metricbeat.yml | |||
sudo systemctl enable --now metricbeat | |||
# install webmin | |||
wget -qO - https://download.webmin.com/jcameron-key.asc | sudo apt-key add - | |||
echo "deb https://download.webmin.com/download/repository sarge contrib" | sudo tee -a /etc/apt/sources.list.d/webmin.list | |||
apt-get install -y webmin | |||
# install the host/known_hosts synchronization | |||
curl -s $CONFIG/host_check.sh > /etc/cron.hourly/host_check | |||
chmod +x /etc/cron.hourly/host_check | |||
# now reboot | |||
reboot</pre> | |||
== Configure shared filesystem access == | |||
add these lines to the bottom of /etc/fstab | add these lines to the bottom of /etc/fstab | ||
storage1:/files /files nfs4 soft 0 0 | storage1:/files /files nfs4 soft 0 0 | ||
| Line 66: | Line 120: | ||
mount /backup | mount /backup | ||
== Non-Free Drivers == | |||
Debian's militant policy towards non-free drivers can be rather annoying. The Radeon built-in graphics controller on the motherboard for lamppost (ASUS M4A785-M) apparently needs some 'non-free' firmware, which is not detected during the install process, even though I'm using the non-free firmware installation disk image. Because the firmmware is not loaded during the install, it isn't included in the initramdisk, and therefore the device is loaded in an inoperative state. There is a firmware package available to install: | Debian's militant policy towards non-free drivers can be rather annoying. The Radeon built-in graphics controller on the motherboard for lamppost (ASUS M4A785-M) apparently needs some 'non-free' firmware, which is not detected during the install process, even though I'm using the non-free firmware installation disk image. Because the firmmware is not loaded during the install, it isn't included in the initramdisk, and therefore the device is loaded in an inoperative state. There is a firmware package available to install: | ||
apt install firmware-amd-graphics | apt install firmware-amd-graphics | ||
Revision as of 21:49, 17 December 2020
Debian 10 "Buster" standard install from firmware-amd64-DVD (which includes the proprietary firmware that is supposedly not included in the other install disks)
- Do a normal 'Install' option from the boot menu
- if that hangs on the network device detection, do the 'Expert Install' option from the 'Advanced' menu and select the default options
- select basic options, one partition formatting, and only the minimal software selection, but make sure the 'SSHD server' option is selected
- For a graphic workstation, select the desired desktop from the list
- let it finish and reboot
Basic system prep
Most of the initial configuration is now contained in a script that can be executed directly from the config server as root on the target system:
curl -s http://config/config/debian-basic-config.sh | bash wget -qO http://config/config/debian-basic-config.sh | bash
The contents of this script are included here for reference, though updates to the script may occur without updates to this page:
#!/bin/sh
#
# script to do the basic install of a debian headless server
#
# Assumptions:
# - this is run as root immediately after the install has completed
# - the hostname has been set as desired before this script is run
# - an administrator account 'ewilliam' was created during installation
#
# invoke using one of these commands:
#
# wget -qO http://config/config/debian-basic-config.sh | bash
# curl -s http://config/config/debian-basic-config.sh | bash
#
CONFIG=http://config/config
# first -- install all the basic necessities (some may already be there)
apt-get install -y net-tools zsh sudo rsync mlocate wget nfs-common psmisc
apt-get install -y aptitude sshfs git curl
# the ssmtp package is not officially supported under buster
# download the package from stretch and install
SSMTP_DEB=ssmtp_2.64-9_amd64.deb
#SSMTP_DEB=ssmtp_2.64-8+b2_amd64.deb
wget http://http.us.debian.org/debian/pool/main/s/ssmtp/${SSMTP_DEB}
apt-get install -y ./${SSMTP_DEB}
# now get all the updates
apt-get -y upgrade
# make sudo passwordless for group wheel
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD
chmod 440 /etc/sudoers.d/91-wheel-NOPASSWD
usermod -aG sudo ewilliam
# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam
# copy the standard zsh config files
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc
# load ssh known_hosts from the config server
mkdir -p /root/.ssh
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts
mkdir -p /home/ewilliam/.ssh
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts
chown -R ewilliam.ewilliam /home/ewilliam/.ssh
# get backup scripts
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh /etc/cron.daily/backup
# configure log server
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
systemctl restart rsyslog
# enable mail to the central email server
# unlike the CentOS version of the ssmtp package, this doesn't recognize the /etc/aliases file
# to make it work, the hostname needs to be set to 'williams.localnet' and the mail server must be at 'mail'
sed -i 's/^hostname=.*$/hostname=williams.localnet/' /etc/ssmtp/ssmtp.conf
# get the standard /etc/hosts file
curl -s $CONFIG/hosts -o /etc/hosts
# install more supporting stuff
apt-get install -y gpg apt-transport-https
# install metricbeat, using the standard config file on the config server
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
apt-get install -y metricbeat
curl -s $CONFIG/centos7/metricbeat.yml -o /etc/metricbeat/metricbeat.yml
chmod 640 /etc/metricbeat/metricbeat.yml
sudo systemctl enable --now metricbeat
# install webmin
wget -qO - https://download.webmin.com/jcameron-key.asc | sudo apt-key add -
echo "deb https://download.webmin.com/download/repository sarge contrib" | sudo tee -a /etc/apt/sources.list.d/webmin.list
apt-get install -y webmin
# install the host/known_hosts synchronization
curl -s $CONFIG/host_check.sh > /etc/cron.hourly/host_check
chmod +x /etc/cron.hourly/host_check
# now reboot
reboot
add these lines to the bottom of /etc/fstab
storage1:/files /files nfs4 soft 0 0 storage1:/backup/systems/<hostname>/current /backup nfs4 soft 0 0
make the mount points:
mkdir /files mkdir /backup
mount the filesystems:
mount /files mount /backup
Non-Free Drivers
Debian's militant policy towards non-free drivers can be rather annoying. The Radeon built-in graphics controller on the motherboard for lamppost (ASUS M4A785-M) apparently needs some 'non-free' firmware, which is not detected during the install process, even though I'm using the non-free firmware installation disk image. Because the firmmware is not loaded during the install, it isn't included in the initramdisk, and therefore the device is loaded in an inoperative state. There is a firmware package available to install:
apt install firmware-amd-graphics
... but even after rebooting it doesn't load because by the time the root filesystem is mounted, the devices are already initialized. Until I find a better way, the device needs to be unloaded and reloaded after boot to enable the graphics
rmmod radeon modprobe radeon