debian-resources/Debian Setup Notes.md

Debian Setup Notes

User Groups (admin)

sudo usermod -aG sudo,adm,docker,dialout,plugdev,netdev,systemd-journal $USER

setup sources.list

deb http://debian.osuosl.org/debian/ testing main non-free-firmware contrib non-free deb http://security.debian.org/debian-security testing-security main non-free-firmware contrib non-free deb http://debian.osuosl.org/debian/ testing-updates main non-free-firmware contrib non-free

Essential packages

apt install ncdu btop tmux fish fail2ban ripgrep rsync btrfs-progs htop mosh p7zip iperf3 fd-find mc kitty-terminfo curl git bat unrar rclone rar gocryptfs cryfs securefs wireguard lzop lz4

RSYNC key home files, folders

10.8.0.2:~/.local/bin ~/.local/
10.8.0.2:~/.tmux.conf ~/

Add Docker's official GPG key:

sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add the repository to Apt sources:

sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Dockge setup

Quick Setup

# Create the directory structure
sudo mkdir -p /opt/stacks /opt/dockge

# Download and run the installer
cd /opt/dockge
curl https://dockge.kuma.pet/compose.yaml --output compose.yaml

docker compose up -d

Access at http://your-ip:5001

NFS

Install packages

sudo apt install nfs-kernel-server nfs-common

Create/edit exports on server

sudo nano /etc/exports
sudo exportfs -arv
sudo systemctl enable --now nfs-server

Create mount points

sudo mkdir -p /mnt/{clust,omega,zion,hive}

fstab entries

# Cthulhu
10.0.0.10:/storage /mnt/hive nfs rw,noatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,_netdev,x-systemd.automount 0 0

# Azathoth
10.0.0.2:/storage  /mnt/omega  nfs  defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30  0  0

# Zion
10.8.0.1:/storage  /mnt/zion  nfs  defaults,_netdev,x-systemd.automount,noatime,user,x-systemd.device-timeout=30  0  0

# Galaxy
10.8.0.99:/storage  /mnt/galaxy  nfs4 rsize=16777216,wsize=16777216,hard,proto=tcp,timeo=600,retrans=2,ac,acregmin=60,acregmax=600,acdirmin=60,acdirmax=600,noatime,_netdev,x-systemd.automount 0 0

WireGuard Setup

Generate keys

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

Config File Example

# /etc/wireguard/wg0.conf
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = <server_private.key contents>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client 1 (Zion)
[Peer]
PublicKey = <zion_public.key>
AllowedIPs = 10.8.0.2/32

# Client 2 (Galaxy)
[Peer]
PublicKey = <galaxy_public.key>
AllowedIPs = 10.8.0.99/32

Enable IP forwarding

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Start and enable
sudo systemctl enable --now wg-quick@wg0

WG Quick reference

# Check status
sudo wg show

# Restart
sudo systemctl restart wg-quick@wg0

# View handshake
sudo wg show wg0 latest-handshakes
# Check status
sudo wg show

# Restart
sudo systemctl restart wg-quick@wg0

# View handshake
sudo wg show wg0 latest-handshakes

Samba

fstab