These are the steps I copy and paste after a standard Debian install. This also applies to e.g. Raspberry Pi
So I log in via ssh as user houghi and become root with either su – or sudo -i First some update, upgrades and installs. The second line of installs is if there is a GUI. If not, skip it. This is all to be done before the user has done a first login. So I log in via ssh as user houghi and become root with either su – or sudo -i
apt update apt upgrade -y apt install -y imagemagick vim mc htop nmap nfs-common nfs-kernel-server rsync screen iperf3 curl shellcheck apt-transport-https ccze bc lynx jhead fortunes locate whois dnsutils xinetd rename unattended-upgrades chrony nala fastfetch figlet apt install -y vim-gtk3 libavahi-compat-libdnssd1 libqt5core5a libqt5gui5 libqt5network5 libqt5widgets5 gparted grub-customizer xbindkeys wmctrl mssh geeqie update-alternatives --set editor /usr/bin/vim.basic
Setting up ssh. Only user houghi will be allowed to log in and google authenticator will be active. I have a shared /home directory, otherwise you need to configure 2FA. Look on this page for more info.
cat > _EOF_ < /etc/ssh/sshd_config PermitRootLogin no AllowUsers houghi _EOF_
Add the data to log in to /home/houghi, so I can log in if /home is not mounted
mount left:/home /tmp cp /tmp/houghi/.googleautenticator /home/houghi/. umount /tmp
Add partitions to fstab. (See that it adds the underscores)
cat > _EOF_ < /etc/fstab #Added by houghi left:/home /home nfs defaults,_netdev 0 0 left:/data /data nfs defaults,_netdev 0 0 left:/usr/local /usr/local nfs defaults,_netdev 0 0 _EOF_
Set up the directories As I have a shared /home directory, I need to have separate .config and .local files. So ,config will be symlinjked to /.BAKHOME/$USER and that will be symlinked to $HOME/.CONFIG/$HOSTNAME/.config. Because the $HOSTNAME id different, the symlink is as well.
mkdir -p /.BAKHOME mkdir -p /data mkdir -p /home/houghi/.CONFIG/$HOSTNAME/.config mkdir -p /home/houghi/.CONFIG/$HOSTNAME/.local ln -s /home/houghi/.CONFIG/$HOSTNAME /.BAKHOME/houghi
Populate the .config files
for DIR in Terminal autostart mc xfce4
do
rsync -azxh /home/houghi/.CONFIG/right/.config/${DIR} /home/houghi/.config
done
Install Brave
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list apt update apt install -y brave-browser
Writing three files for rsync to work.An explanation on rsync will follow.
cat > _EOF_ < /etc/rsyncd.conf pid file = /run/rsynd.pid lock file = /run/rsyncd.lock log file = /var/log/rsync.log uid = root gid = root read only = true timeout = 300 [root] path = / comment = backup exclude from = /etc/rsyncd.exclude _EOF_
cat > _EOF_ < /etc/rsyncd.exclude - /dev - /run - /sys - /data - /usr/local - /lost+found - /media - /mnt - /proc - /tmp - /home - /srv _EOF_
echo "
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
port = 873
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
" >> /etc/xinetd.d/rsyncd
Password-less login, restarting of services so the user will automagically log in.
Go to .CONFIG on left and make a directory of the new machine and then copy some other to the directory.
dpkg -i /home/houghi/Downloads/synergy_1.10.3.stable_b120+ca35737a_debian_amd64.deb rm /home/houghi/.config/Synergy/Synergy.conf sed -i 's/#autologin-user=/autologin-user=houghi/g' /etc/lightdm/lightdm.conf sed -i 's/#autologin-user-timeout=0/autologin-user-timeout=0/g' /etc/lightdm/lightdm.conf /etc/init.d/xinetd restart service ssh restart init 3 init 5
And that is basically it. Obviously different things need to be done as well.