sapient/debian-resources
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: initial commit of Debian Resources

Browse Source
This commit is contained in:
sapient
2026-03-22 00:54:29 -07:00
commit 9aa7e4833d
8 changed files with 1553 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
virtual-wg0.conf
*.log
.venv/

163
Debian Deployment Guide.md Normal file
View File

@@ -0,0 +1,163 @@
# Debian Deployment Guide
This step-by-step guide outlines the process of recreating the `testunit-zalpha` system, a Debian testing-based environment tailored for development, virtualization, container management, and media hosting.
## 1. Initial OS Installation
1. Gather the Debian Testing (forky/sid) installer ISO.
2. Install with the following partitioning scheme:
- EFI System Partition (`/boot/efi`) - ~1GB, vfat
- Root Partition (`/`) - ~200GB, **btrfs**
- Swap Partition (`[SWAP]`) - ~5GB
3. During installation, configure the root filesystem to use `zstd:3` compression. You may need to edit `/etc/fstab` post-install to add the `compress-force=zstd:3` option to the root subvolume (`@rootfs`).
## 2. Post-Install User & Groups
After booting into the initial system, add your primary user to the necessary groups for administration and hardware access:
```bash
sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER
```
If you prefer passwordless sudo for testing environments:
```bash
sudo visudo
# Add: username ALL=(ALL) NOPASSWD: ALL
sudo passwd -d $USER
```
## 3. Repositories & Pinning
### 3.1 Sources List
Configure `/etc/apt/sources.list` for testing, stable, and unstable:
```text
deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free
deb http://security.debian.org/debian-security/ testing-security main non-free-firmware contrib non-free
deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free
deb http://debian.osuosl.org/debian/ stable main non-free-firmware contrib non-free
deb http://debian.osuosl.org/debian/ sid main non-free-firmware contrib non-free
```
### 3.2 Add Third-Party Repositories
**Docker:**
```bash
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: trixie
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF
```
**Thorium Browser:**
```bash
sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list
```
### 3.3 APT Pinning
Create `/etc/apt/preferences.d/99-debian` to prioritize `testing` over `unstable`:
```text
Package: *
Pin: release a=testing
Pin-Priority: 600
Package: *
Pin: release a=testing-updates
Pin-Priority: 700
Package: *
Pin: release a=unstable
Pin-Priority: 100
```
Update apt sources:
```bash
sudo apt update
```
## 4. Installed Packages
### 4.1 Base Utilities & Desktop
```bash
sudo apt install ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar gocryptfs cryfs securefs wireguard lzop lz4 w3m w3m-img elinks picom dosbox task-cinnamon-desktop
sudo apt install -t sid yt-dlp
```
Remove unnecessary defaults:
```bash
sudo apt remove brasero thunderbird libreoffice-core
rm ~/.local/share/keyrings/login.keyring
```
### 4.2 Docker Deployment
```bash
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```
Configure Docker Daemon (`/etc/docker/daemon.json`):
```json
{
"default-address-pools": [
{"base": "172.17.0.0/12", "size": 20},
{"base": "192.168.0.0/16", "size": 24}
]
}
```
Restart Docker: `sudo systemctl restart docker`
### 4.3 Development & Cross-Compilation
```bash
# Add foreign architecture for cross-compiling
sudo dpkg --add-architecture armhf
sudo apt update
# Install build tools
sudo apt install build-essential pkg-config cmake make autoconf automake libtool gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf lib32stdc++6 lib32gcc-s1 protobuf-compiler libprotobuf-dev libncurses-dev zlib1g-dev:armhf libssl-dev:armhf libncurses-dev:armhf libzstd-dev:armhf libsdl2-dev libsdl2-ttf-dev libsdl2-image-dev cc65 fceux zstd git php golang npm nodejs xxhash python3-xxhash pipx
```
## 5. System Configuration
### 5.1 Dockge Installation
```bash
sudo mkdir -p /opt/stacks /opt/dockge
cd /opt/dockge
curl https://dockge.kuma.pet/compose.yaml --output compose.yaml
sudo docker compose up -d
```
### 5.2 Network Mounts (fstab)
Edit `/etc/fstab` to add network file systems and shared folders (adjust IPs as needed):
```text
# 9p Virtio Host Folder
Public-sapient /home/user/Public 9p trans=virtio,version=9p2000.L,msize=104857600,uid=1000,gid=1000,access=client,cache=none,dirsync,x-systemd.automount,nofail 0 0
# NFS Hive Storage
10.8.0.10:/storage /mnt/hive nfs defaults,_netdev,x-systemd.automount,noatime 0 0
```
Create mount points:
```bash
sudo mkdir -p /mnt/hive
```
### 5.3 WireGuard VPN (wg0)
Generate keys and create `/etc/wireguard/wg0.conf`:
```ini
[Interface]
Address = 10.8.0.50/24
ListenPort = 33303
PrivateKey = <generated_private_key>
[Peer]
PublicKey = <central_server_public_key>
Endpoint = 82.29.54.2:51820
AllowedIPs = 10.8.0.0/24
PersistentKeepalive = 25
```
Enable and start:
```bash
sudo systemctl enable --now wg-quick@wg0
```
### 5.4 Swap Configuration
Install and configure `zram-tools` to enable the 4GB `zram0` swap device, supplementing the partition swap.
## 6. Final Steps
1. Configure `picom` as your compositor of choice in the session startup.
2. Verify SSH configuration (`/etc/ssh/sshd_config`) has `KbdInteractiveAuthentication no` and `UsePAM yes`.
3. Migrate Dockge stacks into `/opt/stacks` and start them using Dockge UI (`http://<ip>:5001`).

165
Debian Setup Notes.md Executable file
View File

@@ -0,0 +1,165 @@
# Debian Setup Notes
# User Groups (admin)
```sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER```
# setup sources.list
deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free
deb http://security.debian.org/debian-security testing-security main non-free-firmware contrib non-free
deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free
# Essential packages
```
apt install ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar gocryptfs cryfs securefs wireguard lzop lz4
```
# RSYNC key home files, folders
```
10.8.0.2:~/.local/bin ~/.local/
10.8.0.2:~/.tmux.conf ~/
```
# Add Docker's official GPG key:
```
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
```
# Add the repository to Apt sources:
```
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF
```
```
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```
# Dockge setup
## Quick Setup
```bash
# Create the directory structure
sudo mkdir -p /opt/stacks /opt/dockge
# Download and run the installer
cd /opt/dockge
curl https://dockge.kuma.pet/compose.yaml --output compose.yaml
docker compose up -d
```
Access at `http://your-ip:5001`
# NFS
## Install packages
```
sudo apt install nfs-kernel-server nfs-common
```
## Create/edit exports on server
```
sudo nano /etc/exports
sudo exportfs -arv
sudo systemctl enable --now nfs-server
```
## Create mount points
```
sudo mkdir -p /mnt/{clust,omega,zion,hive}
```
## fstab entries
```
# Cthulhu
10.0.0.10:/storage /mnt/hive nfs rw,noatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,_netdev,x-systemd.automount 0 0
# Azathoth
10.0.0.2:/storage /mnt/omega nfs defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30 0 0
# Zion
10.8.0.1:/storage /mnt/zion nfs defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30 0 0
# Galaxy
10.8.0.99:/storage /mnt/galaxy nfs4 rsize=16777216,wsize=16777216,hard,proto=tcp,timeo=600,retrans=2,ac,acregmin=60,acregmax=600,acdirmin=60,acdirmax=600,noatime,_netdev,x-systemd.automount 0 0
```
# WireGuard Setup
## Generate keys
```
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key
```
### Config File Example
```
# /etc/wireguard/wg0.conf
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = <server_private.key contents>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# Client 1 (Zion)
[Peer]
PublicKey = <zion_public.key>
AllowedIPs = 10.8.0.2/32
# Client 2 (Galaxy)
[Peer]
PublicKey = <galaxy_public.key>
AllowedIPs = 10.8.0.99/32
```
## Enable IP forwarding
```
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Start and enable
sudo systemctl enable --now wg-quick@wg0
```
### WG Quick reference
```
# Check status
sudo wg show
# Restart
sudo systemctl restart wg-quick@wg0
# View handshake
sudo wg show wg0 latest-handshakes
# Check status
sudo wg show
# Restart
sudo systemctl restart wg-quick@wg0
# View handshake
sudo wg show wg0 latest-handshakes
```
# Samba
# fstab

43
Debian Setup-Testing special-instructions.md Executable file
View File

@@ -0,0 +1,43 @@
# Debian TestUnit
These settings are only for "testing" virtual machines.
Mount the public folder as plan9 shared:
sudo mount -t 9p -o trans=virtio,version=9p2000.L,msize=104857600,uid=1000,gid=1000,access=client,cache=none,dirsync Public-sapient /home/user/Public
#### no passwd for sudo
```
sudo visudo
```
#### Find the line for your user or group and change it to:
`
username ALL=(ALL) NOPASSWD: ALL
`
### Remove user's password
```
sudo passwd -d $USER
```
### Installing Thorium
apt update
apt upgrade
apt install thorium-browser
sudo rm -fv /etc/apt/sources.list.d/thorium.list && \
sudo rm -fv /etc/apt/sources.list.d/thorium.list && sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list && sudo apt update
sudo apt install thorium-browser
ln -s /usr/bin/thorium-shell ./chromium
### Unneccsary default packages
firefox
brasero
thunderbird
libreoffice-core
### Remove gnome keyring
rm .local/share/keyrings/login.keyring

1118
System Overview.md Normal file
View File

File diff suppressed because it is too large Load Diff

23
fstab_old Executable file
View File

@@ -0,0 +1,23 @@
# /etc/fstab: addendum
# Shared ~/Public
Public-sapient /home/user/Public 9p trans=virtio,version=9p2000.L,msize=104857600,uid=1000,gid=1000,access=mapped-xattr,cache=none,dirsync,x-systemd.automount,nofail 0 0
# manual command for testing
#sudo mount -t 9p -o trans=virtio,version=9p2000.L,msize=104857600,access=mapped-xattr,cache=none Public-sapient /home/user/Public
# CTH
10.8.0.10:/storage /mnt/hive nfs defaults,_netdev,x-systemd.automount,noatime 0 0
# AZA
10.8.0.2:/storage /mnt/omega nfs defaults,_netdev,x-systemd.automount,noatime 0 0
# NYAR
10.8.0.20:/storage /mnt/clust nfs defaults,_netdev,x-systemd.automount,noatime 0 0
# ZION
#10.8.0.1:/storage /mnt/zion nfs defaults,_netdev,x-systemd.automount,noatime,intr,x-systemd.device-timeout=10 0 0
# GALAXY
10.8.0.99:/storage /mnt/galaxy nfs4 rw,noatime,async,nfsvers=4.2,proto=tcp,_netdev,x-systemd.automount,intr,timeo=600,retrans=5,namlen=255,hard,x-systemd.device-timeout=10 0 0

26
pins.txt Executable file
View File

@@ -0,0 +1,26 @@
#Package: *
#Pin: release a=stable
#Pin-Priority: 800
#Package: *
#Pin: release a=stable-backports
#Pin-Priority: 900
Package: *
Pin: release a=testing
Pin-Priority: 600
Package: *
Pin: release a=testing-updates
Pin-Priority: 700
Package: *
Pin: release a=unstable
Pin-Priority: 100

12
scripti.sh Normal file
View File

@@ -0,0 +1,12 @@
sudo apt update && sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: trixie
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF