Setup Debian

A script to automate the setup of a new Debian based operating system, tuned to my personal liking. Included are setup scripts for both Debian based desktops and servers.

Table of Contents

• Requirements
• Usage
  • Import Signing Key
  • Desktop Setup
  • Server Setup
• Setup Features
  • Desktop Setup Features
  • Server Setup Features

Requirements

• Debian or Debian based operating system
• Gnome or Plasma is required for desktop usage
• Access to terminal/shell where output is visible
• Terminal/shell user has sudo privileges
• bash & curl must be installed already
• gpg recommended for signature verification
• Working internet connection

Usage

Import Signing Key

Add xmready's PGP signing key to your keyring

gpg --keyserver "hkps://keys.openpgp.org" --recv-keys 17AF13F5D2F5013A

Desktop Setup

1. Change working directory to /tmp

cd /tmp

2. Download setup-desktop.sh with the checksums & signature from the latest release

curl \
    --fail \
    --location \
    --output-dir "$PWD" \
    --remote-name \
    "https://github.com/xmready/setup-debian/releases/latest/download/{setup-desktop.sh,SHA256SUMS_DESKTOP,SHA256SUMS_DESKTOP.sign}"

3. Verify the PGP signature

gpg --verify "SHA256SUMS_DESKTOP.sign" "SHA256SUMS_DESKTOP"

4. Make setup-desktop.sh executable

chmod +x "setup-desktop.sh"

5. Verify the checksum of setup-desktop.sh against SHA256SUMS_DESKTOP

sha256sum --ignore-missing -c "SHA256SUMS_DESKTOP"

6. Run the setup script

./setup-desktop.sh

Server Setup

1. Change working directory to /tmp

cd /tmp

2. Download setup-server.sh with the checksums & signature from the latest release

curl \
    --fail \
    --location \
    --output-dir "$PWD" \
    --remote-name \
    "https://github.com/xmready/setup-debian/releases/latest/download/{setup-server.sh,SHA256SUMS_SERVER,SHA256SUMS_SERVER.sign}"

3. Verify the PGP signature

gpg --verify "SHA256SUMS_SERVER.sign" "SHA256SUMS_SERVER"

4. Make setup-server.sh executable

chmod +x "setup-server.sh"

5. Verify the checksum of setup-server.sh against SHA256SUMS_SERVER

sha256sum --ignore-missing -c "SHA256SUMS_SERVER"

6. Run the setup script

./setup-server.sh

Setup Features

Desktop Setup Features

For Debian desktop systems setup-desktop.sh will do the following:

1. Update & upgrade all packages with apt-get
2. Install the following packages with apt-get
   • bash-completion
   • build-essential
   • checkinstall
   • curl
   • fastfetch
   • flatpak
   • fprintd
   • fzf
   • git
   • gnupg
   • incus
   • libpam-fprintd
   • lm-sensors
   • nmap
   • pipx
   • python3-pip
   • qrencode
   • rename
   • rsync
   • ssh-audit
   • ufw
   • wget
3. Customize .bashrc for the current user
   • Increase HISTSIZE & HISTFILESIZE
   • Customize prompt to display time, working dir, & current Git branch if applicable
   • Replace prompt symbol with arrow
   • Place prompt symbol & user input on newline
   • Disable Flow Control
   • Append current session's command history to the history file
   • Read any new lines from the history file
   • Set up fzf key bindings and fuzzy completion
4. Enable fingerprint authentication
5. Install Tor
   • Add Tor repository
   • Install tor & deb.torproject.org-keyring
   • Disable tor.service from starting automatically
6. Install Signal
   • Add Signal repository
   • Install signal-desktop
7. Install Node Version Manager
   • Install latest nvm version to current user
   • Update .bashrc to use nvm automatically in directories with a .nvmrc file
   • Install latest stable version of Node.js
   • Creates the nvm alias default which points to the latest stable release
8. Install & configure Vim
   • Install vim-nox & YouCompleteMe dependencies
   • Install ycmcompile script in /usr/local/bin/
   • Clone vim-config repository to ~/.vim
   • Create symlink in ~ to custom .vimrc
   • Install custom .vimrc for root user
   • Install the following Nerd Fonts for current user
     • DejaVuSansMono
     • FiraCode
     • Hack
     • JetBrainsMono
9. Install & configure Rclone
   • Install latest rclone version
   • Create directories for mounting Google Drive VFS
   • Create directory ~/.config/rclone/
   • Install systemd unit files for running rclone as a service
   • Install dispatcher script so rclone runs when connected to the internet
10. Autoremove and clean packages using apt-get
11. Install verified Flatpak apps
    • Firefox
    • GIMP
    • GnuCash
    • Kdenlive
    • KeePassXC
    • Kleopatra
    • Plex
    • qBittorrent
    • Rnote
    • Thunderbird
    • Ungoogled Chromium
12. Install custom scripts/commands for all users
    • autoupgrade (requires sudo)
    • temps
    • dnsleaktest
13. Harden network security
    • Disable tcp timestamps
    • Set default firewall policy with ufw
    • Enable ufw
14. Reboot system after 60 seconds

Server Setup Features

For Debian server systems setup-server.sh will do the following:

1. Update & upgrade all packages with apt-get
2. Install the following packages with apt-get
   • curl
   • fail2ban
   • git
   • gnupg
   • lm-sensors
   • rsync
   • screen
   • ufw
3. Customize .bashrc for the current user
   • Increase HISTSIZE & HISTFILESIZE
   • Disable Flow Control
   • Append current session's command history to the history file
   • Read any new lines from the history file
4. Configure Vim
   • Install custom .vimrc for current user
   • Install custom .vimrc for root user
5. Autoremove and clean packages using apt-get
6. Install custom scripts/commands for all users
   • autoupgrade (requires sudo)
   • temps
   • dnsleaktest
7. Harden network security
   • Disable tcp timestamps
   • Set default firewall policy with ufw
   • Allow incoming connections on port 22 with ufw
   • Enable ufw
   • Generate a new & strong ssh host key with ssh-keygen
   • Install hardened ssh config file
8. Reboot system after 60 seconds