commit 9aa7e4833d48d8e463e74adc0decb6e71316a055 Author: sapient Date: Sun Mar 22 00:54:29 2026 -0700 chore: initial commit of Debian Resources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e52650e --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +virtual-wg0.conf +*.log +.venv/ diff --git a/Debian Deployment Guide.md b/Debian Deployment Guide.md new file mode 100644 index 0000000..e5f8935 --- /dev/null +++ b/Debian Deployment Guide.md @@ -0,0 +1,163 @@ +# Debian Deployment Guide + +This step-by-step guide outlines the process of recreating the `testunit-zalpha` system, a Debian testing-based environment tailored for development, virtualization, container management, and media hosting. + +## 1. Initial OS Installation +1. Gather the Debian Testing (forky/sid) installer ISO. +2. Install with the following partitioning scheme: + - EFI System Partition (`/boot/efi`) - ~1GB, vfat + - Root Partition (`/`) - ~200GB, **btrfs** + - Swap Partition (`[SWAP]`) - ~5GB +3. During installation, configure the root filesystem to use `zstd:3` compression. You may need to edit `/etc/fstab` post-install to add the `compress-force=zstd:3` option to the root subvolume (`@rootfs`). + +## 2. Post-Install User & Groups +After booting into the initial system, add your primary user to the necessary groups for administration and hardware access: +```bash +sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER +``` +If you prefer passwordless sudo for testing environments: +```bash +sudo visudo +# Add: username ALL=(ALL) NOPASSWD: ALL +sudo passwd -d $USER +``` + +## 3. Repositories & Pinning + +### 3.1 Sources List +Configure `/etc/apt/sources.list` for testing, stable, and unstable: +```text +deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free +deb http://security.debian.org/debian-security/ testing-security main non-free-firmware contrib non-free +deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free +deb http://debian.osuosl.org/debian/ stable main non-free-firmware contrib non-free +deb http://debian.osuosl.org/debian/ sid main non-free-firmware contrib non-free +``` + +### 3.2 Add Third-Party Repositories +**Docker:** +```bash +sudo install -m 0755 -d /etc/apt/keyrings +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo tee /etc/apt/sources.list.d/docker.sources < + +[Peer] +PublicKey = +Endpoint = 82.29.54.2:51820 +AllowedIPs = 10.8.0.0/24 +PersistentKeepalive = 25 +``` +Enable and start: +```bash +sudo systemctl enable --now wg-quick@wg0 +``` + +### 5.4 Swap Configuration +Install and configure `zram-tools` to enable the 4GB `zram0` swap device, supplementing the partition swap. + +## 6. Final Steps +1. Configure `picom` as your compositor of choice in the session startup. +2. Verify SSH configuration (`/etc/ssh/sshd_config`) has `KbdInteractiveAuthentication no` and `UsePAM yes`. +3. Migrate Dockge stacks into `/opt/stacks` and start them using Dockge UI (`http://:5001`). diff --git a/Debian Setup Notes.md b/Debian Setup Notes.md new file mode 100755 index 0000000..ad6ca2e --- /dev/null +++ b/Debian Setup Notes.md @@ -0,0 +1,165 @@ +# Debian Setup Notes + +# User Groups (admin) +```sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER``` + +# setup sources.list + +deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free +deb http://security.debian.org/debian-security testing-security main non-free-firmware contrib non-free +deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free + + + +# Essential packages + +``` +apt install ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar gocryptfs cryfs securefs wireguard lzop lz4 +``` + + +# RSYNC key home files, folders + +``` +10.8.0.2:~/.local/bin ~/.local/ +10.8.0.2:~/.tmux.conf ~/ + +``` + +# Add Docker's official GPG key: +``` +sudo apt update +sudo apt install ca-certificates curl +sudo install -m 0755 -d /etc/apt/keyrings +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo chmod a+r /etc/apt/keyrings/docker.asc +``` + +# Add the repository to Apt sources: +``` +sudo tee /etc/apt/sources.list.d/docker.sources < /etc/wireguard/server_public.key +chmod 600 /etc/wireguard/server_private.key +``` + +### Config File Example +``` +# /etc/wireguard/wg0.conf +[Interface] +Address = 10.8.0.1/24 +ListenPort = 51820 +PrivateKey = +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + +# Client 1 (Zion) +[Peer] +PublicKey = +AllowedIPs = 10.8.0.2/32 + +# Client 2 (Galaxy) +[Peer] +PublicKey = +AllowedIPs = 10.8.0.99/32 +``` + +## Enable IP forwarding +``` +echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf +sudo sysctl -p + +# Start and enable +sudo systemctl enable --now wg-quick@wg0 +``` +### WG Quick reference +``` +# Check status +sudo wg show + +# Restart +sudo systemctl restart wg-quick@wg0 + +# View handshake +sudo wg show wg0 latest-handshakes +# Check status +sudo wg show + +# Restart +sudo systemctl restart wg-quick@wg0 + +# View handshake +sudo wg show wg0 latest-handshakes +``` + +# Samba + +# fstab + + + diff --git a/Debian Setup-Testing special-instructions.md b/Debian Setup-Testing special-instructions.md new file mode 100755 index 0000000..9f2f491 --- /dev/null +++ b/Debian Setup-Testing special-instructions.md @@ -0,0 +1,43 @@ +# Debian TestUnit + + +These settings are only for "testing" virtual machines. + +Mount the public folder as plan9 shared: +sudo mount -t 9p -o trans=virtio,version=9p2000.L,msize=104857600,uid=1000,gid=1000,access=client,cache=none,dirsync Public-sapient /home/user/Public + +#### no passwd for sudo +``` +sudo visudo +``` + +#### Find the line for your user or group and change it to: +` +username ALL=(ALL) NOPASSWD: ALL +` + +### Remove user's password +``` +sudo passwd -d $USER +``` + +### Installing Thorium + +apt update +apt upgrade +apt install thorium-browser +sudo rm -fv /etc/apt/sources.list.d/thorium.list && \ +sudo rm -fv /etc/apt/sources.list.d/thorium.list && sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list && sudo apt update +sudo apt install thorium-browser +ln -s /usr/bin/thorium-shell ./chromium + +### Unneccsary default packages +firefox +brasero +thunderbird +libreoffice-core + +### Remove gnome keyring + + rm .local/share/keyrings/login.keyring + diff --git a/System Overview.md b/System Overview.md new file mode 100644 index 0000000..5556eca --- /dev/null +++ b/System Overview.md @@ -0,0 +1,1118 @@ +# System Overview — testunit-zalpha + +> Generated: 2026-03-11 — from live system inspection and shell history analysis + +--- + +## 1. Identity & OS + +| Field | Value | +|---|---| +| **Hostname** | `testunit-zalpha` | +| **OS** | Debian GNU/Linux **forky/sid** (testing/unstable) | +| **Kernel** | `6.18.12+deb14-amd64` (SMP PREEMPT_DYNAMIC, 2026-02-17) | +| **Architecture** | x86_64 (amd64) — with `armhf` as foreign arch | +| **Machine ID** | `f15ca37c8b4441e281d76f39f086dd31` | +| **Locale** | `en_US.UTF-8` | +| **Keyboard** | US (`pc105`) | +| **Virtualization** | KVM guest (Intel VT-x, full virtualization) | + +--- + +## 2. Hardware (Virtual) + +### CPU +| Field | Value | +|---|---| +| **Model** | Intel Core i5-10500H @ 2.50GHz | +| **Cores / Threads** | 4 cores / 8 threads (1 socket) | +| **Features** | SSE4.2, AVX2, AES-NI, SGX | + +### Memory +| Type | Total | Used | Available | +|---|---|---|---| +| **RAM** | 15 GiB | ~4.0 GiB | ~11 GiB | +| **Swap** | 9.2 GiB (zram 4G + partition 5.2G) | 557 MiB | 8.6 GiB | + +### Storage +| Device | Size | Type | FS | Mount | +|---|---|---|---|---| +| `vda1` | 976M | part | vfat | `/boot/efi` | +| `vda2` | 193.9G | part | **btrfs** | `/` | +| `vda3` | 5.2G | part | swap | `[SWAP]` | +| `zram0` | 4G | disk | swap | `[SWAP]` | + +**Btrfs subvolume:** `@rootfs` (compress-force=zstd:3) + +**Root disk usage:** 89G used / 104G available (47%) + +### Shared / Network Mounts +| Source | Mount | Type | Notes | +|---|---|---|---| +| `Public-sapient` | `/home/user/Public` | 9p (virtio) | Host shared folder, 954G total (364G used) | +| `10.8.0.10:/storage` | `/mnt/hive` | NFS | WireGuard peer, automount | + +--- + +## 3. Networking + +### Interfaces +| Interface | IP Address | Notes | +|---|---|---| +| `lo` | 127.0.0.1/8 | Loopback | +| `enp0s5` | 10.0.2.15/24 | Primary (DHCP via NAT) | +| `wg0` | 10.8.0.50/24 | **WireGuard VPN tunnel** | +| `docker0` | 172.16.0.1/20 | Docker default bridge (down) | +| `br-500701b9de18` | 172.16.16.1/20 | `dockge_default` network (up) | +| `br-f138d1ef28e6` | 172.25.0.1/16 | `internal-net` (down) | +| `br-8676d84f91a9` | 172.24.0.1/16 | `matrix` network (down) | + +### DNS +- Nameserver: `10.0.2.3` (generated by NetworkManager) + +### Default Route +- `10.0.2.2` via `enp0s5` + +### WireGuard (wg0) +| Field | Value | +|---|---| +| **Node name** | vertman | +| **Local address** | 10.8.0.50/24 | +| **Listening port** | 33303 | +| **Peer endpoint** | 82.29.54.2:51820 (Zion - central server) | +| **Peer AllowedIPs** | 10.8.0.0/24 | +| **Keepalive** | 25 seconds | +| **Transfer** | 14.63 GiB received / 414 MiB sent | + +### Docker Networks +| Name | Driver | Subnet | +|---|---|---| +| `bridge` (docker0) | bridge | 172.16.0.0/20 | +| `dockge_default` | bridge | 172.16.16.0/20 | +| `internal-net` | bridge | 172.25.0.0/16 | +| `matrix` | bridge | 172.24.0.0/16 | + +--- + +## 4. APT Sources & Pinning + +### Repositories +| Source | Suites | Components | +|---|---|---| +| `http://debian.osuosl.org/debian/` | testing, testing-updates, stable, sid | main, non-free-firmware, contrib, non-free | +| `http://security.debian.org/debian-security/` | testing-security | main, non-free-firmware, contrib, non-free | +| Docker CE | trixie | stable | +| Thorium Browser | stable | main | +| Antigravity | antigravity-debian | main | + +### APT Pinning (`/etc/apt/preferences.d/`) +| Suite | Priority | +|---|---| +| `testing` | 600 | +| `testing-updates` | 700 | +| `unstable` (sid) | 100 | +| `stable` / `stable-backports` | (commented out) | + +### Signing Keys (`/etc/apt/keyrings/`) +- `docker.asc` — Docker official GPG key +- `antigravity-repo-key.gpg` — Antigravity agent repo + +--- + +## 5. Users & Security + +### User Accounts (interactive shell) +| User | UID | Shell | Home | +|---|---|---|---| +| `root` | 0 | /bin/bash | /root | +| `user` | 1000 | /usr/bin/bash | /home/user | + +### Group Memberships (user) +`sudo`, `adm`, `docker`, `dialout`, `cdrom`, `floppy`, `audio`, `dip`, `video`, `plugdev`, `users`, `systemd-journal`, `netdev`, `scanner`, `bluetooth`, `lpadmin` + +### SSH Configuration +- Password auth: **disabled** (KbdInteractiveAuthentication no) +- PAM: enabled +- X11 Forwarding: enabled +- SFTP subsystem: enabled + +### Fail2ban +- Installed and **enabled** at boot +- Default configuration (no custom `jail.local` found) + +--- + +## 6. System Services (Enabled at Boot) + +### Core System +- `systemd`, `systemd-oomd`, `systemd-timesyncd`, `systemd-pstore` +- `cron`, `anacron`, `logrotate` +- `unattended-upgrades` +- `grub2-common` + +### Display & Desktop +- `lightdm` (with `slick-greeter`) +- Desktop environments: **Cinnamon** (task-cinnamon-desktop), **LXQt**, **IceWM**, **Openbox** +- `picom` (compositor) + +### Networking +- `NetworkManager`, `networking`, `wpa_supplicant` +- `wg-quick@wg0` (WireGuard) +- `ssh` / `sshd` +- `fail2ban` +- `iperf3` +- `avahi-daemon` +- `ModemManager` + +### Hardware +- `bluetooth`, `blueman-mechanism` +- `power-profiles-daemon`, `switcheroo-control` +- `lm-sensors` +- `udisks2` +- `console-setup`, `keyboard-setup` +- `cups`, `cups-browsed` + +### Containers +- `containerd` +- Docker daemon (via containerd, not a separate systemd unit) + +### Virtualization +- `qemu-guest-agent`, `spice-vdagent` + +### Storage +- `zramswap` (zram-based swap) + +--- + +## 7. Docker & Container Infrastructure + +### Versions +| Component | Version | +|---|---| +| Docker Engine | 29.2.1 | +| Docker Compose | v5.1.0 | + +### Docker Daemon Config (`/etc/docker/daemon.json`) +```json +{ + "default-address-pools": [ + {"base": "172.17.0.0/12", "size": 20}, + {"base": "192.168.0.0/16", "size": 24} + ] +} +``` + +### Docker Storage Usage +| Type | Total | Active | Size | Reclaimable | +|---|---|---|---|---| +| Images | 134 | 1 | 121.2 GB | 53.0 GB (43%) | +| Containers | 1 | 1 | 234 KB | 0 B | +| Local Volumes | 126 | 0 | 628 MB | 628 MB (100%) | +| Build Cache | 323 | 0 | 55.0 GB | 53.8 GB | + +### Active Container +- **dockge** (`louislam/dockge:1`) — healthy, running + +### Stack Directories (`/opt/stacks/`) +Currently active stacks directory: `jellyseerr`, `searxng`, `soularr` + +Also contains: `DOCKER_ISSUES.md`, `MIGRATION.md`, `STATUS.md`, `update_secrets.py`, `update_secrets_v2.py` + +### Docker Images (134 total, notable services) +**Fediverse / Social:** akkoma, pyfedi, lemmy, peertube, movim, flotilla, nostr (zooid, nostrudel) + +**Media:** jellyfin, jellyseerr, tdarr, navidrome, funkwhale, rhythmbox, smplayer, qmmp + +**Arr Stack:** sonarr, radarr, lidarr, prowlarr, bazarr, sabnzbd, flaresolverr + +**Communication:** matrix (mautrix bridges: WhatsApp, Signal, Telegram, Discord, Meta), stoat chat, jitsi, mirotalk, rocket.chat, hedgedoc, privatebin + +**Proxy / Web:** nginx-proxy-manager, caddy, anubis, piped (YouTube frontend), rimgo (Imgur), redlib (Reddit), quetre, mlmym + +**Infrastructure:** postgres (multiple versions), redis, mariadb, mongo, elasticsearch, valkey, meilisearch, keydb, rabbitmq, nats, minio + +**Monitoring:** grafana, prometheus, node-exporter, uptime-kuma, jellystat + +**Other:** dockge, bytestash, linkwarden, romm, slskd, enigma-bbs, spacebar, transmission, openspeedtest, tor-hidden-service, gemini server, p2pool (XMR), adminer, freshrss, wizarr + +### Dockge (`/opt/dockge/`) +- Running at port 5001 +- Stack directory: `/opt/stacks` + +--- + +## 8. Filesystem Layout + +### Btrfs Root +- Subvolume: `@rootfs` +- Compression: `zstd:3` (force) +- UUID: `066b5bc2-a3ed-4d4b-9a34-1ed539e210e4` + +### fstab +``` +UUID=066b5bc2-... / btrfs defaults,subvol=@rootfs,compress-force=zstd:3 0 0 +UUID=792F-3E59 /boot/efi vfat umask=0077 0 1 +UUID=6b59c7d7-... none swap sw 0 0 +/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0 +Public-sapient /home/user/Public 9p trans=virtio,version=9p2000.L,...,x-systemd.automount,nofail 0 0 +10.8.0.10:/storage /mnt/hive nfs defaults,_netdev,x-systemd.automount,noatime 0 0 +``` + +### GRUB Configuration +- Default: 0 +- Timeout: 5 seconds +- Kernel params: `quiet` + +--- + +## 9. Development Environment + +### Compilers & Build Tools +- **GCC/G++ 15** (native x86_64) +- **GCC/G++ 15 ARM cross-compiler** (`arm-linux-gnueabihf`) — for armhf targets +- **cc65** — 6502/NES assembler +- **CMake**, **Make**, **Autoconf/Automake**, **Libtool** +- **build-essential**, **pkg-config** +- **protobuf-compiler**, `libprotobuf-dev` +- **wabt** — WebAssembly binary toolkit + +### Languages & Runtimes +- **Python 3.13** (with venv, tk, pytest) +- **Node.js** + **npm** (with webpack, eslint, terser) +- **PHP 8.4** (cli, with opcache) +- **Go 1.24** +- **Perl 5.40** (with Tk) +- **Tcl/Tk 8.6** + +### Development Libraries +- `libsdl2-dev`, `libsdl2-image-dev`, `libsdl2-ttf-dev` — SDL2 game/UI dev +- `libncurses-dev` (amd64 + armhf) +- `zlib1g-dev` (amd64 + armhf) +- `libssl-dev:armhf`, `libzstd-dev:armhf` — ARM cross-compilation libs +- `uuid-dev` + +### Tools +- `git`, `ripgrep`, `fd-find`, `bat`, `htop`, `btop`, `tmux`, `mc`, `tree` +- `fish` (shell) +- `mosh` (mobile shell) +- `ncdu` (disk usage) +- `jq` (JSON), `w3m` (terminal browser), `elinks` +- `scrot`, `screengrab` (screenshots) +- `dosbox`, `fceux` (emulators) +- `rclone`, `rsync` +- `yt-dlp` (installed from sid) +- `xxhash` +- `pipx` +- `imagemagick` + +### Cross-Compilation Projects (from history) +- **OpenWRT / GL.iNet Flint 1 (ARMv7):** btop static build, musl toolchain, firmware downloads +- **NES development:** cc65 assembler, controller input ROM +- **NESticle UI port:** SDL2-based decompilation/reimplementation + +--- + +## 10. Desktop Environment + +### Display Manager +- **LightDM** with **Slick Greeter** + +### Available Desktop Sessions +- **Cinnamon** (primary, via `task-cinnamon-desktop`) +- **LXQt** (installed) +- **IceWM** (with experimental variant) +- **Openbox** +- **GNOME Shell** components present + +### Compositor +- **picom** (with glx/egl backend experimentation noted in history) + +### Key Desktop Applications +- **Browser:** Thorium Browser (Chromium-based) +- **Terminal:** QTerminal +- **File Manager:** PCManFM-Qt, Nemo (Cinnamon) +- **Text Editors:** gedit, nano, vim-tiny, FeatherPad +- **Media:** Rhythmbox, SMPlayer, Totem, Qmmp, Sound Juicer +- **Graphics:** Shotwell, Simple-Scan, EOG +- **Chat:** Pidgin, HexChat +- **Remote Desktop:** Remmina (RDP, VNC) +- **PDF:** QPDFView, Evince/Papers +- **Archive:** File Roller, p7zip, rar/unrar +- **System:** Synaptic, GDebi, GNOME System Monitor, QPS +- **Notes:** GNote, FeatherNotes + +### Encryption Filesystems +- `gocryptfs`, `cryfs`, `securefs`, `sshfs` + +--- + +## 11. Shell History Analysis — User Activity Summary + +Based on 1,547 lines of bash history, the user's activities break down into: + +### Initial System Setup (chronological) +1. Set user group memberships (`sudo,adm,docker,...`) +2. Configured `/etc/apt/sources.list` (testing + stable + sid) +3. Ran `apt modernize-sources` to convert to DEB822 format +4. Installed essential CLI tools (btop, tmux, fish, ripgrep, etc.) +5. Installed Docker CE + Compose from official repo +6. Set up Dockge container manager +7. Configured WireGuard VPN (`wg0`) +8. Set up 9p shared folder mount (`Public-sapient`) +9. Configured NFS mount to `10.8.0.10:/storage` +10. Installed Thorium browser +11. Removed unnecessary packages (brasero, thunderbird, libreoffice-core) +12. Set up picom compositor +13. Installed various development tools and cross-compilers + +### Ongoing Activities +- **Docker stack management:** Extensive compose up/down, log checking, stack testing +- **Cross-compilation:** Building btop for OpenWRT ARMv7 with musl toolchain +- **NES development:** cc65 assembler projects, NESticle binary analysis +- **Media management:** yt-dlp with cookies, rsync to remote servers +- **System maintenance:** apt update/upgrade/dist-upgrade cycles + +--- + +## 12. Installed Packages + +**Total installed:** 2,745 packages +- **Manually marked:** 275 packages +- **Auto (dependencies):** 2,470 packages + +### 12a. User-Explicitly-Installed Packages (from shell history `apt install` commands) + +These packages were directly requested by the user in terminal commands: + +#### Core CLI Tools +``` +ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip +iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar +gocryptfs cryfs securefs wireguard lzop lz4 +``` + +#### Docker +``` +ca-certificates curl +docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +``` + +#### Development +``` +build-essential pkg-config cmake make autoconf automake libtool +gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf +lib32stdc++6 lib32gcc-s1 +protobuf-compiler libprotobuf-dev libncurses-dev +zlib1g-dev:armhf libssl-dev:armhf libncurses-dev:armhf libzstd-dev:armhf +libsdl2-dev libsdl2-ttf-dev libsdl2-image-dev +cc65 fceux +zstd git +``` + +#### Browsers & Web +``` +thorium-browser +w3m w3m-img elinks +``` + +#### Multimedia & Other +``` +yt-dlp (from sid) +dosbox +picom +php +golang +npm nodejs +xxhash python3-xxhash +pipx +``` + +#### Removed by User +``` +brasero thunderbird libreoffice-core +``` + +### 12b. All Manually-Marked Packages (apt-mark showmanual) + +These 275 packages are marked as "manually installed" in apt — includes both user-requested and installer-selected packages: + +
+Click to expand full list (275 packages) + +``` +adduser +amd64-microcode +antigravity +apt +apt-listchanges +apt-utils +autoconf +automake +base-files +base-passwd +bash +bash-completion +bat +bind9-dnsutils +bind9-host +bsdutils +btop +btrfs-progs +build-essential +busybox +bzip2 +ca-certificates +cc65 +cmake +console-setup +containerd.io +coreutils +cpio +cron +cron-daemon-common +cryfs +curl +dash +debconf +debconf-i18n +debian-archive-keyring +debian-faq +debianutils +dhcpcd-base +diffutils +dmidecode +doc-debian +docker-buildx-plugin +docker-ce +docker-ce-cli +docker-compose-plugin +dosbox +dpkg +e2fsprogs +eject +elinks +fail2ban +fceux +fd-find +fdisk +file +findutils +fish +g++-arm-linux-gnueabihf +gcc-15-base +gcc-arm-linux-gnueabihf +gettext-base +git +gocryptfs +golang +grep +groff-base +grub-common +grub-efi-amd64 +gzip +hostname +htop +icewm +icewm-common +icewm-experimental +ifupdown +inetutils-telnet +init +initramfs-tools +init-system-helpers +installation-report +iperf3 +iproute2 +iputils-ping +keyboard-configuration +kitty-terminfo +kmod +krb5-locales +laptop-detect +less +lib32gcc-s1 +lib32stdc++6 +libacl1 +libapt-pkg7.0 +libattr1 +libaudit1 +libaudit-common +libblkid1 +libbpf1 +libbsd0 +libbz2-1.0 +libc6 +libcap2 +libcap2-bin +libcap-ng0 +libc-bin +libc-gconv-modules-extra +libcom-err2 +libcrypt1 +libdb5.3t64 +libdebconfclient0 +libedit2 +libelf1t64 +libext2fs2t64 +libfdisk1 +libgcc-s1 +libgmp10 +libgssapi-krb5-2 +libhogweed6t64 +libidn2-0 +libimage-exiftool-perl +libjansson4 +libk5crypto3 +libkeyutils1 +libkmod2 +libkrb5-3 +libkrb5support0 +liblocale-gettext-perl +liblockfile-bin +liblz4-1 +liblzma5 +libmd0 +libmnl0 +libmount1 +libncurses-dev +libncurses-dev:armhf +libncursesw6 +libnettle8t64 +libnewt0.52 +libnftables1 +libnftnl11 +libnss-systemd +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpam-systemd +libpcre2-8-0 +libpopt0 +libproc2-0 +libprotobuf-dev +libreadline8t64 +libsdl2-dev +libsdl2-image-dev +libsdl2-ttf-dev +libseccomp2 +libselinux1 +libsemanage2 +libsemanage-common +libsepol2 +libslang2 +libsmartcols1 +libss2 +libssl3t64 +libssl-dev:armhf +libstdc++6 +libsystemd0 +libsystemd-shared +libtext-charwidth-perl +libtext-iconv-perl +libtext-wrapi18n-perl +libtinfo6 +libtirpc3t64 +libtirpc-common +libtool +libudev1 +libunistring5 +libuuid1 +libxtables12 +libxxhash0 +libzstd1 +libzstd-dev:armhf +linux-image-amd64 +linux-sysctl-defaults +locales +login +login.defs +logrotate +logsave +lsof +lxqt +lz4 +lzop +make +man-db +manpages +mawk +mc +mosh +mount +nano +ncdu +ncurses-base +ncurses-bin +ncurses-term +netbase +netcat-traditional +nftables +nodejs +npm +openbox +openssh-client +openssh-server +openssl-provider-legacy +os-prober +p7zip +passwd +pciutils +perl +perl-base +php +picom +pipx +pkg-config +popularity-contest +procps +protobuf-compiler +python3-xxhash +qemu-guest-agent +rar +rclone +readline-common +reportbug +ripgrep +rsync +securefs +sed +sensible-utils +shim-signed +spice-vdagent +sqv +systemd +systemd-sysv +systemd-timesyncd +systemd-zram-generator +sysvinit-utils +tar +task-cinnamon-desktop +task-desktop +task-english +tasksel +thorium-browser +tmux +traceroute +tzdata +udev +unattended-upgrades +unrar +usbutils +util-linux +util-linux-extra +vim-common +vim-tiny +w3m +w3m-img +wamerican +wget +whiptail +wireguard +wtmpdb +xxhash +zlib1g +zlib1g-dev:armhf +zram-tools +zstd +``` + +
+ +### 12c. Full Installed Package List (all 2,745) + +
+Click to expand complete package list + +``` +0install-core +accountsservice +acl +adduser +adwaita-icon-theme +alsa-topology-conf +alsa-ucm-conf +amd64-microcode +anacron +antigravity +apparmor +appstream +apt +apt-listchanges +apt-utils +at-spi2-common +at-spi2-core +autoconf +automake +autotools-dev +avahi-daemon +avahi-utils +ayatana-indicator-application +base-files +base-passwd +bash +bash-completion +bat +bind9-dnsutils +bind9-host +bind9-libs +binutils +binutils-arm-linux-gnueabihf +binutils-common +binutils-x86-64-linux-gnu +blueman +bluetooth +bluez +bluez-obexd +bsdextrautils +bsdutils +btop +btrfs-progs +build-essential +busybox +bzip2 +ca-certificates +caribou +cc65 +cheese +cinnamon +cinnamon-common +cinnamon-control-center +cinnamon-control-center-data +cinnamon-desktop-data +cinnamon-l10n +cinnamon-screensaver +cinnamon-session +cinnamon-session-common +cinnamon-settings-daemon +cinnamon-translations +cmake +cmake-data +coinor-libcbc3.1t64 +coinor-libcgl1t64 +coinor-libclp1.17t64 +coinor-libcoinutils3v5t64 +coinor-libosi1v5t64 +colord +colord-data +console-setup +console-setup-linux +containerd.io +coreutils +cpio +cpp +cpp-15 +cpp-15-arm-linux-gnueabihf +cpp-15-x86-64-linux-gnu +cpp-arm-linux-gnueabihf +cpp-x86-64-linux-gnu +cron +cron-daemon-common +cross-config +cryfs +cryptsetup +cryptsetup-bin +cups +cups-browsed +cups-client +cups-common +cups-core-drivers +cups-daemon +cups-filters +cups-filters-core-drivers +cups-ipp-utils +cups-pk-helper +cups-ppdc +cups-server-common +curl +d-spy +dash +dbus +dbus-bin +dbus-daemon +dbus-session-bus-common +dbus-system-bus-common +dbus-user-session +dconf-cli +dconf-gsettings-backend +dconf-service +debconf +debconf-i18n +debian-archive-keyring +debian-faq +debianutils +desktop-base +desktop-file-utils +dhcpcd-base +diffstat +diffutils +dirmngr +distro-info-data +djvulibre-desktop +dmeventd +dmidecode +dmsetup +dns-root-data +dnsmasq-base +dnsutils +doc-debian +docker-buildx-plugin +docker-ce +docker-ce-cli +docker-compose-plugin +dosbox +dosfstools +dpkg +dpkg-dev +dracut-install +e2fsprogs +efibootmgr +eject +elinks +elinks-data +emacsen-common +enchant-2 +eog +eslint +espeak-ng-data +evince +evince-common +evolution-data-server +evolution-data-server-common +evolution-ews-core +exfatprogs +exif +fail2ban +fakeroot +fceux +fd-find +fdisk +feathernotes +feathernotes-l10n +featherpad +featherpad-l10n +ffmpeg +ffmpegthumbnailer +file +file-roller +findutils +fish +fish-common +five-or-more +fontconfig +fontconfig-config +fonts-dejavu +fonts-dejavu-core +fonts-dejavu-extra +fonts-dejavu-mono +fonts-droid-fallback +fonts-font-awesome +fonts-hack +fonts-lato +fonts-liberation +fonts-liberation-sans-narrow +fonts-noto-color-emoji +fonts-noto-core +fonts-noto-mono +fonts-quicksand +fonts-symbola +fonts-urw-base35 +four-in-a-row +freepats +fuse3 +fwupd +fwupd-amd64-signed +g++ +g++-15 +g++-15-arm-linux-gnueabihf +g++-15-x86-64-linux-gnu +galternatives +g++-arm-linux-gnueabihf +gcc +gcc-15 +gcc-15-arm-linux-gnueabihf +gcc-15-arm-linux-gnueabihf-base +gcc-15-base +gcc-15-cross-base +gcc-15-x86-64-linux-gnu +gcc-arm-linux-gnueabihf +gcc-x86-64-linux-gnu +gcr +gcr4 +gdebi +gdebi-core +gdm3 +gedit +gedit-common +genisoimage +geocode-glib-common +gettext +gettext-base +ghostscript +ghp-import +[... and ~2,000+ more library/dependency packages ...] +girepository-tools +git +git-man +gjs +gkbd-capplet +glib-networking +gnome-2048 +gnome-accessibility-themes +gnome-backgrounds +gnome-bluetooth-3-common +gnome-calculator +gnome-characters +gnome-chess +gnome-control-center +gnome-desktop3-data +gnome-disk-utility +gnome-font-viewer +gnome-games +gnome-keyring +gnome-klotski +gnome-logs +gnome-mahjongg +gnome-menus +gnome-mines +gnome-nibbles +gnome-online-accounts +gnome-remote-desktop +gnome-robots +gnome-screenshot +gnome-session-bin +gnome-session-common +gnome-settings-daemon +gnome-shell +gnome-shell-common +gnome-snapshot +gnome-software +gnome-sound-recorder +gnome-sudoku +gnome-sushi +gnome-system-monitor +gnome-taquin +gnome-terminal +gnome-tetravex +gnome-themes-extra +gnome-user-docs +gnome-user-share +gnote +gocryptfs +golang-1.24 +golang-1.24-doc +golang-1.24-go +golang-1.24-src +grub-common +grub-efi-amd64 +grub-efi-amd64-bin +grub-efi-amd64-signed +gstreamer1.0-alsa +gstreamer1.0-gl +gstreamer1.0-gtk3 +gstreamer1.0-gtk4 +gstreamer1.0-libav +gstreamer1.0-pipewire +gstreamer1.0-plugins-bad +gstreamer1.0-plugins-base +gstreamer1.0-plugins-good +gstreamer1.0-plugins-ugly +hexchat +htop +iperf3 +jellyfin (docker) +jq +kitty-terminfo +lightdm +lxqt +mc +mosh +nano +ncdu +nemo +nodejs +npm +openbox +openssh-client +openssh-server +p7zip +papers +pcmanfm-qt +php +php8.4 +picom +pidgin +pipewire +pipewire-pulse +pipx +python3.13 +python3.13-venv +qmmp +qpdfview +qterminal +rar +rclone +remmina +rhythmbox +ripgrep +rsync +securefs +shotwell +simple-scan +slick-greeter +smplayer +synaptic +system-config-printer +task-cinnamon-desktop +task-desktop +thorium-browser +thunderbird +tmux +totem +transmission-gtk +tree +unrar +w3m +w3m-img +webpack +wireguard +x11vnc +xscreensaver +xxhash +yt-dlp +zstd +``` + +> **Note:** The full list is 2,745 packages. The above shows key/notable packages grouped by category. Hundreds of `lib*`, `gir1.2-*`, `node-*`, and `python3-*` dependency packages are installed but omitted for readability. + +
+ +--- + +## 13. Notable Configurations & Tweaks + +### Modifications from Default Debian Install +1. **Multi-suite apt sources:** testing (primary) + stable + sid, with pinning +2. **Third-party repos:** Docker CE, Thorium Browser, Antigravity agent +3. **Foreign architecture:** `armhf` added for ARM cross-compilation +4. **Btrfs with zstd compression** on root filesystem +5. **zram swap** in addition to partition swap +6. **9p mount** for host shared folder (VM guest integration) +7. **NFS mount** to remote storage via WireGuard +8. **WireGuard VPN** active to central server (Zion) +9. **Multiple desktop environments** installed (Cinnamon, LXQt, IceWM, Openbox) +10. **Removed defaults:** brasero, thunderbird, libreoffice-core +11. **Docker with custom address pools** and Dockge management UI +12. **yt-dlp** pulled from sid (unstable) for newer version +13. **Password-less sudo** configured for testing convenience +14. **GNOME keyring disabled** (login.keyring removed) + +### WireGuard Network Topology (from setup notes) +| Node | IP | Role | +|---|---|---| +| Zion | 10.8.0.1 | Central server | +| (unknown) | 10.8.0.2 | Another peer | +| **testunit-zalpha (vertman)** | **10.8.0.50** | This machine | +| Galaxy | 10.8.0.99 | Peer | +| Cthulhu | 10.0.0.10 | NFS server (hive) | +| Azathoth | 10.0.0.2 | NFS server (omega) | diff --git a/fstab_old b/fstab_old new file mode 100755 index 0000000..0e39d43 --- /dev/null +++ b/fstab_old @@ -0,0 +1,23 @@ +# /etc/fstab: addendum + +# Shared ~/Public +Public-sapient /home/user/Public 9p trans=virtio,version=9p2000.L,msize=104857600,uid=1000,gid=1000,access=mapped-xattr,cache=none,dirsync,x-systemd.automount,nofail 0 0 +# manual command for testing +#sudo mount -t 9p -o trans=virtio,version=9p2000.L,msize=104857600,access=mapped-xattr,cache=none Public-sapient /home/user/Public + + +# CTH +10.8.0.10:/storage /mnt/hive nfs defaults,_netdev,x-systemd.automount,noatime 0 0 + +# AZA +10.8.0.2:/storage /mnt/omega nfs defaults,_netdev,x-systemd.automount,noatime 0 0 + +# NYAR +10.8.0.20:/storage /mnt/clust nfs defaults,_netdev,x-systemd.automount,noatime 0 0 + +# ZION +#10.8.0.1:/storage /mnt/zion nfs defaults,_netdev,x-systemd.automount,noatime,intr,x-systemd.device-timeout=10 0 0 + +# GALAXY +10.8.0.99:/storage /mnt/galaxy nfs4 rw,noatime,async,nfsvers=4.2,proto=tcp,_netdev,x-systemd.automount,intr,timeo=600,retrans=5,namlen=255,hard,x-systemd.device-timeout=10 0 0 + diff --git a/pins.txt b/pins.txt new file mode 100755 index 0000000..bd9bb94 --- /dev/null +++ b/pins.txt @@ -0,0 +1,26 @@ +#Package: * +#Pin: release a=stable +#Pin-Priority: 800 + +#Package: * +#Pin: release a=stable-backports +#Pin-Priority: 900 + +Package: * +Pin: release a=testing +Pin-Priority: 600 + +Package: * +Pin: release a=testing-updates +Pin-Priority: 700 + +Package: * +Pin: release a=unstable +Pin-Priority: 100 + + + + + + + diff --git a/scripti.sh b/scripti.sh new file mode 100644 index 0000000..883862b --- /dev/null +++ b/scripti.sh @@ -0,0 +1,12 @@ +sudo apt update && sudo apt install ca-certificates curl +sudo install -m 0755 -d /etc/apt/keyrings +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo chmod a+r /etc/apt/keyrings/docker.asc + +sudo tee /etc/apt/sources.list.d/docker.sources <