Subhadip's Blog

My experience with the computing world!

My list of things to do after installing Debian on the PC

- Published on 15 January, 2020 and last updated on 7 March, 2021

Introduction

I like the fact that Debian does not do a lot of customizations over the upstream packages by default but this also means extra work for you for setting up things after installing Debian on the PC. The upside is that you get to customize things exactly the way you like it. It definitely helps to have a list to start with and this post lists some of the customizations I make after installing a fresh copy of Debian.

Table of Contents

Adding a swap file

Nowadays I prefer having swap files over swap partitions, mainly because files can be resized more easily than partitions. To create a swap file and use as swap, execute the following commands:

sudo dd if=/dev/zero of=/swapfile bs=1024 count=$((4*1024*1024)) #create an empty file of size 4GB
sudo chmod 600 /swapfile #restrict the permissions of the file
sudo mkswap /swapfile #convert the file type to a swap file
sudo swapon /swapfile #use the file as swap

And to reload the swap configurations after restart, append the following to /etc/fstab:

# Swap file created on DATE
/swapfile       none    swap    sw      0       0

More details can be found on the Debian wiki.

Install updates and required packages

This section lists the commands to install the packages that I absolutely need to have on my system and does not come pre-installed with Debian.

sudo apt update
sudo apt upgrade
sudo apt install \
        tmux \
        fzf \
        neovim \
        arc-theme \
        git \
        wget \
        bash-completion \
        chromium \
        bsd-mailx \
        unattended-upgrades \
        apt-listchanges

Here are the brief descriptions about the installed packages:

Enable bash completion

Unlike some of the other Linux distributions, tab-completion for bash is not enabled in Debian by default. To enable it for all the users, uncomment the following section in /etc/bash.bashrc:

if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi

Enable auto-update

The Gnome and KDE variants of Debian come with pre-installed utilities for automatic installation of system updates but not the XFCE variant, the one that I use. But it can be achieved through unattended-upgrades.

To enable unattended upgrades, make sure that the in the /etc/apt/apt.conf.d/50unattended-upgrades file the following section has at least the Debian and Debian-Security lines uncommented:

Unattended-Upgrade::Origins-Pattern {
    // Codename based matching:
    // This will follow the migration of a release through different
    // archives (e.g. from testing to stable and later oldstable).
    // Software will be the latest available for the named release,
    // but the Debian release itself will not be automatically upgraded.
    //      "origin=Debian,codename=${distro_codename}-updates";
    //      "origin=Debian,codename=${distro_codename}-proposed-updates";
    "origin=Debian,codename=${distro_codename},label=Debian";
    "origin=Debian,codename=${distro_codename},label=Debian-Security";

    // Archive or Suite based matching:
    // Note that this will silently match a different release after
    // migration to the specified archive (e.g. testing becomes the
    // new stable).
    //      "o=Debian,a=stable";
    //      "o=Debian,a=stable-updates";
    //      "o=Debian,a=proposed-updates";
    //      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

If you also have Google Chrome installed and you want unattended upgrade to take care of the Google Chrome updates automatically, add the following line to the above section.

    "origin=Google LLC,codename=stable,label=Google";

To enable update reports over mail, uncomment the following section and add the user to which the reports should be sent:

Unattended-Upgrade::Mail "subhadip";

To enable the unattended-uggrades to run periodically, run the following command:

sudo dpkg-reconfigure -plow unattended-upgrades

Add firewall rules

By default the Debian firewall policy allows all incoming and outgoing network traffics. This is not necessarily insecure but I prefer restricting what goes in and comes out of my system. Here are the steps to setup a very simple firewall policy suitable for personal computers.

Create a script with the required rules

Paste the following content in /etc/firewall/enable.sh:

#!/bin/sh
# A very basic IPtables / Netfilter script /etc/firewall/enable.sh

PATH='/sbin'

# Flush the tables to apply changes
iptables -F

# Default policy to drop 'everything' but our output to internet
iptables -P FORWARD DROP
iptables -P INPUT   DROP
iptables -P OUTPUT  ACCEPT

# Allow established connections (the responses to our outgoing traffic)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow local programs that use loopback (Unix sockets)
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

# Uncomment this line to allow incoming SSH/SCP conections to this machine,
# for traffic from 10.20.0.2 (you can use also use a network definition as
# source like 10.20.0.0/22).
# iptables -A INPUT -s 10.20.0.2 -p tcp --dport 22 -m state --state NEW -j ACCEPT

To make the script executable, run:

sudo chmod +x /etc/firewall/enable.sh

Add a systemd service

This is required for automatically loading the rules at startup. Paste the following content in /etc/systemd/system/firewall.service:

[Unit]
Description=Add Firewall Rules to iptables

[Service]
Type=oneshot
ExecStart=/etc/firewall/enable.sh
#ExecStart=/etc/firewall/enable6.sh  #For IPV6

[Install]
WantedBy=multi-user.target

Enable the service

Run the following command:

systemctl enable firewall.service --now

More information is available on the Debian wiki

Install latest Firefox

Debian comes with the ESR version of Firefox. To install the latest stable version of Firefox, I use a bash script which is hosted on my GitHub account. Here are the steps to clone the script and install Firefox.

git clone git@github.com:subhadig/firefox_updater.git
cd firefox_updater
/firefox-updater.sh

It downloads the latest tarball package of Firefox from the official site and unpacks it under /opt. This script can also be used to update Firefox when a new version is available.

The script already links the firefox executable to /usr/bin/firefox-latest to make sure that it’s on the PATH. Execute the following command to also link it to /usr/bin/firefox:

sudo ln -s /opt/firefox/firefox /usr/bin/firefox

To create a launcher, create the file /usr/share/applications/firefox.desktop with the following content:

[Desktop Entry]
Version=1.1
Type=Application
Name=Firefox
GenericName=Web Browser
Icon=/opt/firefox/browser/chrome/icons/default/default128.png
Exec=/usr/bin/firefox-latest %u
Actions=new-window;new-private-window;
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;
Categories=Network;WebBrowser;
Keywords=web;browser;internet;
StartupNotify=true

[Desktop Action new-window]
Name=New Window
Exec=/usr/bin/firefox-latest --new-window %u

[Desktop Action new-private-window]
Name=New Private Window
Exec=/usr/bin/firefox-latest --private-window %u

Enable showing user lists at login

Debian by default does not display the available usernames on graphical login screen but I like to show the user list so that usernames can easily be selected at login. To enable user lists at login for lightdm, my display manager of choice, paste the following content in /etc/lightdm/lightdm.conf.d/01_my.conf:

[Seat:*]
greeter-hide-users=false

Create users

To create new users, use the following Debian command:

adduser <username>

To change/update passwords of the created users:

passwd <username>

Desktop Environment specific customizations

I use XFCE as the desktop environment. So the customizations here are specific to XFCE only.

Panel customizations

By default XFCE comes with two panels, one at the top and one at the bottom of the screen. I move the bottom panel which is a launcher for applications to the left. Also in the top panel, I make the following changes:

Update appearances

This section includes changing themes, updating fonts settings and general look and feel of the desktop.

XFCE font settings

I usually play with the Hinting and Sub-pixel order settings till I get the best combination because these settings is dependent on the hardware and can vary from one hardware combination to another.

Conclusion

The steps are tested on a Debian 10 Buster installation. The choices made in this post are based on my personal requirements and preferences, it will almost certainly be different in your case. So the steps shared in this post should not be followed without understanding what they are meant for and if they are required for your case. For me, this post will definitely make it a lot easier when next time I install Debian on a new system.


Tags


Click here to load the comments. By clicking you agree to the Disqus privacy policy.