Subhadip's Blog

My experience with the computing world!

My list of things to do after installing Debian on the PC

Introduction

I like the fact that Debian does not do a lot of customizations over the upstream packages by default but this also means extra work for you for setting up things after installing Debian on the PC. The upside is that you get to customize things exactly the way you like it. It definitely helps to have a list to start with and this post lists down some of the customizations I make after installing a fresh copy of Debian.


Table of Contents


Update apt sources

The Debian package archive contains the following areas:

On a default installation of Debian, the apt sources.list only includes the main archive area. To also include the other archives, edit the /etc/apt/sources.list with root permission and add them as below.

deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware

Adding a swap file

Nowadays I prefer having swap files over swap partitions, mainly because files can be resized more easily than partitions. This is useful when I want to change the swap size. To create a swap file and use as swap, execute the following commands:

sudo dd if=/dev/zero of=/swapfile bs=1024 count=$((4*1024*1024)) #create an empty file of size 4GB
sudo chmod 600 /swapfile #restrict the permissions of the file
sudo mkswap /swapfile #convert the file type to a swap file
sudo swapon /swapfile #use the file as swap

And to reload the swap configurations after restart, append the following to /etc/fstab:

# Swap file created on DATE
/swapfile       none    swap    sw      0       0

More details can be found on the Debian wiki.

Install updates and required packages

This section lists the commands to install the packages that I absolutely need to have on my system and does not come pre-installed with Debian.

sudo apt update
sudo apt upgrade
sudo apt install \
        tmux \
        fzf \
        neovim \
        git \
        wget \
        bash-completion \
        chromium \
        bsd-mailx \
        unattended-upgrades \
        apt-listchanges \
        pass \
        pwgen \
        firewalld \
        thunderbird

Here are the brief descriptions about the installed packages:

Enable bash completion

In the earlier versions for Debian, tab-completion for bash did not come enabled by default. But at least in Debian 12, this automatically gets enabled. If it is not enabled by default for you, uncomment the following section in /etc/bash.bashrc to enable it for all users:

if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi

If you only want to enable it for selected users, paste the above content in the ~/.bashrc file.

Enable auto-update

The Gnome and KDE variants of Debian come with pre-installed utilities for automatic installation of system updates but not the XFCE variant, the one that I use. But it can be achieved through unattended-upgrades.

To enable unattended upgrades, make sure that the in the /etc/apt/apt.conf.d/50unattended-upgrades file the following section has at least the Debian and Debian-Security lines uncommented:

Unattended-Upgrade::Origins-Pattern {
    // Codename based matching:
    // This will follow the migration of a release through different
    // archives (e.g. from testing to stable and later oldstable).
    // Software will be the latest available for the named release,
    // but the Debian release itself will not be automatically upgraded.
    //      "origin=Debian,codename=${distro_codename}-updates";
    //      "origin=Debian,codename=${distro_codename}-proposed-updates";
    "origin=Debian,codename=${distro_codename},label=Debian";
    "origin=Debian,codename=${distro_codename},label=Debian-Security";

    // Archive or Suite based matching:
    // Note that this will silently match a different release after
    // migration to the specified archive (e.g. testing becomes the
    // new stable).
    //      "o=Debian,a=stable";
    //      "o=Debian,a=stable-updates";
    //      "o=Debian,a=proposed-updates";
    //      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

If you also have Google Chrome installed and you want unattended upgrade to take care of the Google Chrome updates automatically, add the following line to the above section.

    "origin=Google LLC,codename=stable,label=Google";

To enable update reports over mail, uncomment the following section and add the user to which the reports should be sent:

Unattended-Upgrade::Mail "subhadip";

To enable the unattended-upgrades to run periodically, run the following command:

sudo dpkg-reconfigure -plow unattended-upgrades

Add firewall rules

By default the Debian firewall policy allows all incoming and outgoing network traffics. This is not necessarily insecure but I prefer restricting what goes in and comes out of my system. In the past, I used to use an iptables based script to customize the firewall policy. But as of Debian 10, iptables is replaced by nftables and the usage of firewall management utilities like firewalld is recommended.

firewalld does not come installed by default and needs to be installed manually. OOTB, firewalld uses the public zone as default which allows outgoing traffic but blocks incoming traffic on all ports except ssh and dhcpv6-client. To disable them, use the following commands:

sudo firewall-cmd --remove-service=ssh --permanent
sudo firewall-cmd --remove-service=dhcpv6-client --permanent

Install latest Firefox

Debian comes with the ESR version of Firefox. To install the latest stable version of Firefox, I use a bash script which is hosted on my GitHub account. Download and run the script as executable.

wget -O firefox-updater.sh https://raw.githubusercontent.com/subhadig/dotfiles/master/bin/firefox-updater
chmod u+x firefox-updater.sh
./firefox-updater.sh

The script downloads the latest tarball package of Firefox from the official site and unpacks it under /opt along with creating a .desktop file in /usr/share/applications. It automatically detects if the user has sudo privileges and prompts for the user or the root password accordingly during the installation. This script can also be used to update Firefox when a new version is available.

The script already links the firefox executable to /usr/bin/firefox-latest to make sure that it’s on the PATH. Execute the following command to also link it to /usr/bin/firefox:

sudo ln -s /opt/firefox/firefox /usr/bin/firefox

Enable showing user lists at login

Debian by default does not display the available usernames on graphical login screen but I like to show the user list so that usernames can easily be selected at login. To enable user lists at login for lightdm, my display manager of choice, paste the following content in /etc/lightdm/lightdm.conf.d/01_my.conf:

[Seat:*]
greeter-hide-users=false

Create users

To create new users, use the following Debian command:

adduser <username>

To change/update passwords of the created users:

passwd <username>

Desktop Environment specific customizations

I use XFCE as the desktop environment. So the customizations here are specific to XFCE only.

Panel customizations

By default XFCE comes with two panels, one at the top and one at the bottom of the screen. I move the bottom panel which is a launcher for applications to the left. Also in the top panel, I make the following changes:

Update appearances

This section includes changing themes, updating fonts settings and general look and feel of the desktop.

XFCE font settings

I usually play with the Hinting and Sub-pixel order settings till I get the best combination because these settings is dependent on the hardware and can vary from one hardware combination to another.

Conclusion

The steps are tested on a Debian 12 Bookworm installation. The choices made in this post are based on my personal requirements and preferences, it almost certainly will be different in your case. So the steps shared in this post should not be followed without understanding what they are meant for and if they are required for your case. For me, this post will definitely make it a lot easier when next time I install Debian on a new system.



Tags