Debian10 LXDE Install - ewsdocker/ewsdocker.github.io GitHub Wiki
-
December 3, 2020 - Revised to Debian 10.6-0.
Contents
- Hardware Overview
- A description of the involved hardware.
- Install Debian 10 DVD
- Step-by-step installation instructions to create a Debian 10-based workstation.
- Networking and Resolver
- Configure Network Manager, .
- Add Storage Drives
- (Optional). Create/Install Storage Drives.
- Firewalls
- Select nftables or iptables firewall.
- Docker-CE
- Install and setup docker.
- GUI Desktop
- Install and setup a gui desktop environment.
- Complete the Installation of GUI Desktop
- Complete the setup.
- Console Display Mode
- Console display mode.
- Resources
- Internet-based Reading Resources
Refer to the resources listed at the end of this document for a list of additional resources and articles.
- enp0s3 - Internet Lan Adapter
-
An Ethernet adapter, providing the global Internet (or External netwrok) interface. All Internet traffic passes through here.
Host name: deb-10-6-ws
Host fqn: deb-10-6-ws.internet.lan
Host address: 192.168.0.254
-
Network name: internet.lan
Network address: 192.168.0.0
Network mask: 255.255.252.0
Network gateway: 192.168.0.1
- enp0s8 - Virtual Lan Adapter (Virtual / VirtualBox Hosts only)
-
An internal virtual lan adapter interface providing communications between virtualized clients and with the Host operating system.
Host name: deb-10-6-vir
Host fqn: deb-10-6-vir.virtual.lan
Host address: 172.20.2.254
-
Network name: virtual.lan
Network address: 172.20.2.0
Network mask: 255.255.252.0
- enp0s9 - Local Lan Adapter (Optional)
-
An Ethernet adapter, providing access to local network.
Host name: deb-10-6-lcl
Host fqn: deb-10-6-lcl.local.lan
Host address: 10.0.2.254
-
Network name: local.lan
Network address: 10.0.2.0
Network mask: 255.255.252.0
In the following discussion, the computer is an AMD-64 Quad-core CPU desktop system with 16 GB memory, 2 physical (Ethernet) network adapters, and at least one virtual (Ethernet) network adapter.
The system will be configured as a desktop workstation platform with 2 network adapters:
xhttp://www.debian.org/releases/stable/debian-installer/
and select an appropriate image for the download. For the processor indicated above, the amd64-DVD-1 iso image is recommended.
For example: https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-10.6.0-amd64-DVD-1.iso ONLY the first iso image in the 3-image DVD group is required if the Internet is available during installation.
Log-in as root
-
Or su, or sudo -s, or use sudo before restricted commands.
The Debian 10 (Buster) Installation Steps with Screenshots web page provides a visual step-by-step instruction for installing Debian 10 from the newly created ISO boot disk.
When the Choose Software to Install screen appears. Select only the following item:
Standard system utilities
Press continue to complete the installation;
After performing
Step:8) Boot your newly installed system with Debian 10
the system will be in console-mode.
Sign-in as user root with the
password created in the above installation.
APT Setup and Additional Utilities
Edit the file /etc/apt/sources.list. Comment out the cd repository, as follows:
#deb cdrom:
Modify the following line in /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ buster main
and replace it with
deb http://ftp.us.debian.org/debian/ buster main contrib non-free
Update the apt cache
apt update
apt upgrade
apt install apt apt-utils apt-transport-https gpm gdebi nano sudo curl wget net-tools network-manager resolvconf ssh openssh-server
usermod -aG sudo <username>
Reboot to install the new software.
Login as user
Log-in with your user name (not root) and password.
Then login as a super-user with the sudo command.
sudo -s
This allows you to become root until the next exit command.
After logging-in, a mouse device may be displayed, if one is active.
The GPM mouse driver is enabled when the system is installed. If there is no mouse installed, or you don't want to use a mouse, the GPM driver may be disabled.
systemctl stop gpm.service
systemctl disable gpm.serivce
To re-enable the GPM mouse driver,
systemctl enable gpm.service
systemctl start gpm.service
Edit the /etc/NetworkManager/NetworkManager.conf file and change the managed setting to true.
[ifupdown]
managed=true
netadptSetup network adapters
Edit the file /etc/network/interfaces, modify the enp0s3 interface definition, and configure additional interfaces, as follows:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet static
address 192.168.0.254
network 192.168.0.0
netmask 255.255.252.0
gateway 192.168.0.1
dns-nameserver 192.168.0.1
dns-nameserver 8.8.4.4
dns-search internet.lan
auto enp0s8
iface enp0s8 inet static
address 172.20.2.254
network 172.20.2.0
netmask 255.255.252.0
auto enp0s9
iface enp0s9 inet static
address 10.0.2.254
network 10.0.2.0
netmask 255.255.252.0
Edit the local /etc/hosts file and modify the following ipV4 settings:
127.0.0.1 localhost
127.0.1.1 deb-10-6-ws.internet.lan
192.168.0.254 deb-10-6-ws.internet.lan deb-10-6-ws
172.20.2.254 deb-10-6-virt.virtual.lan
10.0.2.254 deb-10-6-lcl.local.lan
Do not remove the ipV6 settings - firewalld will not work properly if they are removed (a bug in iptables 1.8.2-4).
Edit the /etc/hostname file and set a fully-qualified-name (fqn) for the host.
deb-10-6-ws.internet.lan
apt-get -y install resolvconf
systemctl enable resolvconf.service
systemctl start resolvconf.service
Contents of the resolv.conf.d/head file are the first lines added to the resolver automatically. It normally starts with a comment. Additional lines may be added following the comments.
echo "# ewsdocker" >> /etc/resolvconf/resolv.conf.d/head
Contents of the resolv.conf.d/base file are always added to the resolver automatically, and immediately following the contents of the resolv.conf.d/head file.
echo "nameserver 8.8.8.8" > /etc/resolvconf/resolv.conf.d/base
echo "search internet.lan" >> /etc/resolvconf/resolv.conf.d/base
These lines will appear after the contents of the head file in the dynamically created resolv.conf file.
-
Contents of the resolv.conf.d/tail file are added to the resolver automatically,
and immediately following the contents of the resolv.conf.d/base file.
echo "nameserver 8.8.8.8" > /etc/resolvconf/resolv.conf.d/tail
These lines will appear after the contents of the base file in the dynamically created resolv.conf file.
Enable Resolver to auto start on boot start-up
systemctl enable systemd-resolved.service
Update the resolv.conf file from the database settings
resolvconf --enable-updates
resolvconf -u
Check the contents of the newly created /etc/resolv.conf (should be pointing to /run/resolv.conf). Then check the output of
cat /run/resolv.conf
Reboot.
Install the software configuration changes and start the resolver.
Install additional storage drives.
If additional storage drives need to be installed, follow the steps outlined in Linux Disk Drive Installation before proceeding to the next step.
modprobe nf_tables
echo $?
If the result is not 0, the kernel modules are not present.
- nftables strategies
-
The approach chosen runs both the nftables and iptables systems together. This requires the removal of firewalld in favor of the nftables system in its place.
To do this successfully, the nftables rulesets must- be backwards compatible to tools using iptables;
- replace inet table with an ip and ipv6 table;
- name all chains exactly as in iptables: INPUT, OUTPUT & FORWARD;
- start the nftables firewall (systemd) prior to starting iptables.
This approach will allow iptables-dependent applications to continue to operate, as long as the conditions above are adhered to.
Stop and remove the firewalld package.
systemctl stop firewalld.service
systemctl disable firewalld.service
apt-get remove -y firewalld
Install the nftables package.
apt-get install -y nftables
Rename the current /etc/nftables.conf configuration file to /etc/nftables.conf.orig
mv /etc/nftables.conf /etc/nftables.conf.orig
Create an empty /etc/nftables.conf configuration file
touch /etc/nftables.conf
Copy the following block to the /etc/nftables.conf file:
#!/usr/sbin/nft -f
flush ruleset
# IPv4
table ip filter {
chain INPUT {
type filter hook input priority 0; policy drop;
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state established,related accept
tcp dport { http, https, ssh, 53, 43, 8000 } accept
}
chain FORWARD {
type filter hook forward priority 0; policy drop;
}
chain OUTPUT {
# allow all outwards traffic
type filter hook output priority 0; policy accept;
}
}
# IPv6
table ip6 filter {
chain INPUT {
type filter hook input priority 0; policy drop;
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state established,related accept
# accept neighbour discovery otherwise connectivity breaks
icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
}
chain FORWARD {
type filter hook forward priority 0; policy drop;
}
chain OUTPUT {
# allow all outwards traffic
type filter hook output priority 0; policy accept;
}
}
Enable and start
systemctl enable nftables
systemctl start nftables
If firewalld is being installed as the firewall service, follow the steps outlined in
before proceeding to the next step.
Docker-CE
Install Docker-CE 19 (optional).
If installing Docker-CE, follow the instructions in the steps outlined in
before proceeding to the next step.
The GPM mouse driver is enabled when the system is installed. Before installing the X-11 Server, the GPM driver should be disabled, allowing the X-11 mouse system to take over.
systemctl stop gpm.service
systemctl disable gpm.serivce
To re-enable the GPM mouse driver,
systemctl enable gpm.service
systemctl start gpm.service
Install X-11 Server (optional).
apt install xorg chameleon-cursor-theme comixcursors-lefthanded comixcursors-lefthanded-opaque comixcursors-righthanded comixcursors-righthanded-opaque
reboot
Install LXDE desktop (optional).
- Install the Lightweight X-11 Desktop Environment, LXDE (installs openbox and lightdm)
apt-get install lxde reboot - At the LightDM login manager, change the Desktop type from Default xsession to LXDE
NOTE:
-
X-11 Server MUST be installed first.
Install VirtualBox Client (VirtualBox Guests only).
-
Install linux kernel support files for VirtualBox,
apt-get install dkms
Insert the VirtualBox Guest Additions DVD in the dvd drive
Change to the mounted device
cd /media/cdrom0
and run the Guest Additions Installer
sh ./VBoxLinuxAdditions.run
When it is completed, unmount / remove the VirtualBox Guest Additions DVD;
To enable access to VirtualBox resources, on a per-user basis,
usermod -aG vboxsf <user name>
Reboot.
Install the Google Chrome browser
cd to the download directory and run the following command:
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
Install the downloaded file
gdebi google-chrome*.deb
Cleanup.
rm *.deb
systemctl set-default multi-user.target
reboot
systemctl set-default graphical.target
reboot
Intel oneAPIBase Toolkit (Optional)
apt autoremove intel-hpckit intel-basekit
Install the Intel repository public key
wget https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB
apt-key add GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB
rm GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB
add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
apt-get update
apt install -y intel-basekit
List Repository Contents
apt-cache pkgnames intel
or
apt-cache pkgnames intel | grep kit$
apt-cache pkgnames intel | grep kit | grep -v runtime
apt-cache pkgnames intel | grep intel-oneapi | grep -v intel-oneapi-runtime
apt-cache pkgnames intel | grep intel-oneapi-runtime