After the install

These are the steps I copy and paste after a standard Debian install. This also applies to e.g. Raspberry Pi

So I log in via ssh as user houghi and become root with either su – or sudo -i First some update, upgrades and installs. The second line of installs is if there is a GUI. If not, skip it. This is all to be done before the user has done a first login. So I log in via ssh as user houghi and become root with either su – or sudo -i

apt update
apt upgrade -y
apt install -y imagemagick vim mc htop nmap nfs-common nfs-kernel-server rsync screen iperf3 curl shellcheck apt-transport-https ccze bc lynx jhead fortunes libpam-google-authenticator locate whois dnsutils xinetd rename unattended-upgrades chrony nala neofetch figlet
apt install -y vim-gtk3 libavahi-compat-libdnssd1 libqt5core5a libqt5gui5 libqt5network5 libqt5widgets5 gparted grub-customizer xbindkeys wmctrl mssh geeqie
update-alternatives --set editor /usr/bin/vim.basic
sed -i 's/.*motd/#&/' /etc/pam.d/sshd

Setting up ssh. Only user houghi will be allowed to log in and google authenticator will be active. I have a shared /home directory, otherwise you need to configure 2FA. Look on this page for more info.

cat << _EOF_ >> /etc/ssh/sshd_config
PermitRootLogin no
AllowUsers houghi
echo "auth required" >> /etc/pam.d/sshd
sed -i 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config

Add the data to log in to /home/houghi, so I can log in if /home is not mounted

mount left:/home /tmp
cp /tmp/houghi/.googleautenticator /home/houghi/.
umount /tmp

Add partitions to fstab. (See that it adds the underscores)

cat << _EOF_ >> /etc/fstab
#Added by houghi
left:/home              /home           nfs     defaults,_netdev        0 0
left:/data              /data           nfs     defaults,_netdev        0 0
left:/usr/local         /usr/local      nfs     defaults,_netdev        0 0

Set up the directories As I have a shared /home directory, I need to have separate .config and .local files. So ,config will be symlinjked to /.BAKHOME/$USER and that will be symlinked to $HOME/.CONFIG/$HOSTNAME/.config. Because the $HOSTNAME id different, the symlink is as well.

mkdir -p /.BAKHOME
mkdir -p /data
mkdir -p /home/houghi/.CONFIG/$HOSTNAME/.config
mkdir -p /home/houghi/.CONFIG/$HOSTNAME/.local
ln -s /home/houghi/.CONFIG/$HOSTNAME /.BAKHOME/houghi

Populate the .config files

for DIR in Terminal autostart mc xfce4
         rsync -azxh /home/houghi/.CONFIG/right/.config/${DIR} /home/houghi/.config

Install Brave

curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
apt update
apt install -y brave-browser

Writing three files for rsync to work.An explanation on rsync will follow.

cat << _EOF_ >>  /etc/rsyncd.conf
pid file = /run/
lock file = /run/rsyncd.lock
log file = /var/log/rsync.log
uid = root
gid = root
read only = true
timeout = 300
path = /
comment = backup
exclude from = /etc/rsyncd.exclude
cat << _EOF_ >> /etc/rsyncd.exclude
- /dev
- /run
- /sys
- /data
- /usr/local
- /lost+found
- /media
- /mnt
- /proc
- /tmp
- /home
- /srv
echo "
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
 disable = no
 flags = IPv6
 socket_type = stream
 port = 873
 wait = no
 user = root
 server = /usr/bin/rsync
 server_args = --daemon
 log_on_failure += USERID

" > /etc/xinetd.d/rsyncd

Password-less login, restarting of services so the user will automagically log in.

Go to .CONFIG on left and make a directory of the new machine and then copy some other to the directory.

dpkg -i /home/houghi/Downloads/synergy_1.10.3.stable_b120+ca35737a_debian_amd64.deb
rm /home/houghi/.config/Synergy/Synergy.conf
sed -i 's/#autologin-user=/autologin-user=houghi/g' /etc/lightdm/lightdm.conf
sed -i 's/#autologin-user-timeout=0/autologin-user-timeout=0/g' /etc/lightdm/lightdm.conf
/etc/init.d/xinetd restart
service ssh restart
init 3
init 5

And that is basically it. Obviously different things need to be done as well.