Difference between revisions of "Debian Linux Post Install Steps"

From Aram's Wiki
Jump to: navigation, search
(Create a user)
(SSH)
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[Category:Linux]]
 +
 
== Introduction ==
 
== Introduction ==
  
Line 9: Line 11:
 
  hostnamectl set-hostname sky.mgk.ro
 
  hostnamectl set-hostname sky.mgk.ro
 
  reboot
 
  reboot
 +
 +
=== Scaleway ===
 +
 +
If you're on a braindead platform like Scaleway, you might also need to disable this:
 +
 +
systemctl disable scw-set-hostname
 +
 +
== Package management ==
 +
 +
=== Enable more repositories ===
 +
 +
cat <<EOT >/etc/apt/sources.list
 +
deb http://deb.debian.org/debian/ stretch main contrib non-free
 +
deb-src http://deb.debian.org/debian/ stretch main contrib non-free
 +
 +
deb http://security.debian.org/debian-security stretch/updates main contrib non-free
 +
deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free
 +
 +
deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
 +
deb-src http://deb.debian.org/debian/ stretch-updates main contrib non-free
 +
EOT
 +
 +
=== Do not install recommended and suggested packages ===
 +
 +
cat <<EOT >/etc/apt/apt.conf.d/50norecommends
 +
APT::Install-Recommends "false";
 +
APT::Install-Suggests "false";
 +
EOT
  
 
== Update the software ==
 
== Update the software ==
Line 15: Line 45:
 
  reboot
 
  reboot
  
== Do not install recommended and suggested packages ==
+
== User management ==
 +
 
 +
=== Create a user (cloud computing) ===
 +
 
 +
useradd -c 'Aram Hăvărneanu' -G users -m -s /bin/bash -g staff aram
 +
passwd -l aram
 +
 
 +
Enable passwordless sudo for the staff group:
  
  cat >/etc/apt/apt.conf.d/50norecommends <<EOT
+
  echo '%staff ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/91-staff-no-password
APT::Install-Recommends "false";
 
APT::Install-Suggests "false";
 
EOT
 
  
== Create a user ==
+
=== Fix the user created during installation (non-cloud) ===
  
  useradd -c 'Aram Hăvărneanu' -G users -m -s /bin/bash -g staff aram
+
  usermod -a -G staff aram
 
  passwd -l aram
 
  passwd -l aram
  
Line 38: Line 72:
 
  # as a user
 
  # as a user
 
  mkdir -p .ssh
 
  mkdir -p .ssh
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANJ9BKKslS9Zqp1dRWL1nRiLmFp7nGvP06zPJ4L7cES aram@emerald.local' >> .ssh/authorized_keys
 
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
 
  echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys
 +
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys
 
  chmod 700 .ssh
 
  chmod 700 .ssh
 
  chmod 644 .ssh/authorized_keys
 
  chmod 644 .ssh/authorized_keys
 +
 +
== Install packages ==
 +
 +
For home installations you might want to install avahi.
 +
 +
apt install avahi-daemon
 +
 +
For development system you might want to install:
 +
 +
apt install rsync git build-essential linux-headers-amd64 gccgo gccgo-go golang-go clang clang-format clang-tidy
 +
 +
And if you have [[Install newer kernels in Debian stable|backports]]:
 +
 +
apt -t stretch-backports install clang-6.0 golang-go
 +
apt autoremove
 +
 +
== Newer kernel ==
 +
 +
If it's a testing or development system, perhaps you might want a [[Install newer kernels in Debian stable|newer kernel]].

Latest revision as of 15:34, 8 February 2023


Introduction

Everything on this page needs to be done as root, unless specified, so su to root.

sudo -i

Set hostname

hostnamectl set-hostname sky.mgk.ro
reboot

Scaleway

If you're on a braindead platform like Scaleway, you might also need to disable this:

systemctl disable scw-set-hostname

Package management

Enable more repositories

cat <<EOT >/etc/apt/sources.list
deb http://deb.debian.org/debian/ stretch main contrib non-free
deb-src http://deb.debian.org/debian/ stretch main contrib non-free

deb http://security.debian.org/debian-security stretch/updates main contrib non-free
deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free

deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://deb.debian.org/debian/ stretch-updates main contrib non-free
EOT

Do not install recommended and suggested packages

cat <<EOT >/etc/apt/apt.conf.d/50norecommends
APT::Install-Recommends "false";
APT::Install-Suggests "false"; 
EOT

Update the software

apt update && apt -y upgrade
reboot

User management

Create a user (cloud computing)

useradd -c 'Aram Hăvărneanu' -G users -m -s /bin/bash -g staff aram
passwd -l aram

Enable passwordless sudo for the staff group:

echo '%staff ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/91-staff-no-password

Fix the user created during installation (non-cloud)

usermod -a -G staff aram
passwd -l aram

Enable passwordless sudo for the staff group:

echo '%staff ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/91-staff-no-password

SSH

For ssh access, use su to switch from root to the user and then add ssh keys.

su - aram
# as a user
mkdir -p .ssh
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnkro8LT0TS+NTOIB787wfqIwv2VTmXXYsnsoVk71UE aram@horizon.local' >> .ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dcfsqZJWTNTCfATbD6WiZyWoK3AiihynONRjCrtMw aram@oceanic.local' >> .ssh/authorized_keys
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRc0UWKrFpCv/EOUo2jpEQt+C/pa0tc1rUWKgjbKTp7 aram@edengate.local' >> .ssh/authorized_keys
chmod 700 .ssh
chmod 644 .ssh/authorized_keys

Install packages

For home installations you might want to install avahi.

apt install avahi-daemon

For development system you might want to install:

apt install rsync git build-essential linux-headers-amd64 gccgo gccgo-go golang-go clang clang-format clang-tidy

And if you have backports:

apt -t stretch-backports install clang-6.0 golang-go
apt autoremove

Newer kernel

If it's a testing or development system, perhaps you might want a newer kernel.