{"id":21112107,"url":"https://github.com/fazlearefin/debian-dev-machine-setup","last_synced_at":"2025-07-08T17:32:23.998Z","repository":{"id":245559543,"uuid":"818402638","full_name":"fazlearefin/debian-dev-machine-setup","owner":"fazlearefin","description":"Configure your Debian 12 Bookworm as a development workstation for DevOps or DevSecOps work","archived":false,"fork":false,"pushed_at":"2024-09-12T16:59:33.000Z","size":154,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-09-12T23:05:13.325Z","etag":null,"topics":["ansible","bookworm","debian","devops","devsecops","secops","tmux","zsh"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fazlearefin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security.yml","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-21T19:19:09.000Z","updated_at":"2024-09-12T16:59:37.000Z","dependencies_parsed_at":"2024-08-04T03:41:13.726Z","dependency_job_id":"5fd8283f-8e29-4e08-b691-e5b6707e181f","html_url":"https://github.com/fazlearefin/debian-dev-machine-setup","commit_stats":null,"previous_names":["fazlearefin/debian-dev-machine-setup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fdebian-dev-machine-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fdebian-dev-machine-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fdebian-dev-machine-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fdebian-dev-machine-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fazlearefin","download_url":"https://codeload.github.com/fazlearefin/debian-dev-machine-setup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225452146,"owners_count":17476521,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","bookworm","debian","devops","devsecops","secops","tmux","zsh"],"created_at":"2024-11-20T01:26:20.226Z","updated_at":"2025-07-08T17:32:23.970Z","avatar_url":"https://github.com/fazlearefin.png","language":"Shell","readme":"# debian-dev-machine-setup | Debian 12\n\n## Description\n\nThis repository contains Ansible playbooks to configure a system as a development machine after a clean install.\n\nThe playbooks are designed for Debian-based systems with minimal modifications but have only been tested on:\n\n- **Debian 12/Bookworm (stable)**\n\nThe screenshot below shows the *p10k zsh theme with tmux*:\n\n![p10k-zsh-theme-tmux](.images/screenshot-p10k-tmux.png)\n\n---\n\n## What Gets Installed and Configured?\n\nAs a DevSecOps Engineer, I work daily with tools like AWS, Docker, Ansible, and Terraform. If you’re in a similar profession, this setup will likely meet your needs. The system is also easily extensible using Ansible roles.\n\nBelow is a summary of the packages installed and configured, organized by roles:\n\n- **role: base**\n  - Mounts `/tmp` on tmpfs to reduce SSD read/write operations and extend SSD lifespan, with no leftover files on system shutdown.\n  - Sets the default system editor to Vim instead of Nano.\n  - Enables the UFW firewall and installs the GUFW graphical frontend.\n  - Tunes system swappiness to minimize swapping.\n  - Upgrades all system packages.\n  - Installs archiving tools like `zip`, `rar`, and others.\n  - Installs LibreOffice.\n  - Installs Foliate (an e-book reader) and markdown viewers/editors like Glow, Apostrophe, and Obsidian.\n  - Installs power management tools like [TLP](https://github.com/linrunner/TLP).\n  - Installs development tools such as `android-tools`, `awscli`, `httpie`, `clusterssh`, `docker`, `filezilla`, `golang`, `poetry`, and more.\n  - Installs Nala, an alternative package management tool to `apt`/`apt-get`.\n  - Installs code formatters and linters like `black`, `ruff`, and `ansible-lint`.\n  - Sets up Go programming language directories.\n  - Installs download tools like `axel`, `transmission`, `wget`, and `aria2`.\n  - Installs image, audio, and video tools like `vlc`, `totem`, `gimp`, and `imagemagick`.\n  - Installs virtualization tools like VirtualBox, Docker, and Docker Compose.\n  - Optionally enables night light settings for eye comfort (set `base_permanent_night_light.night_light_enabled` to `True`).\n  - Enables `fzf` fuzzy finder in the Zsh terminal; see this [YouTube video](https://www.youtube.com/watch?v=1a5NiMhqAR0) for usage instructions.\n- **role: hashicorp**\n  - Installs Vagrant, Terraform, and Packer.\n- **role: terminal_customizations**\n  - Downloads and installs Nerd Fonts from [ryanoasis/nerd-fonts](https://github.com/ryanoasis/nerd-fonts), ideal for terminals and programming editors.\n  - Copies and enables a sample Tilix configuration file with a configured Nerd Font.\n  - Copies and enables a sample `~/.tmux.conf` file with the [Tmux Plugin Manager](https://github.com/tmux-plugins/tpm) and several Tmux plugins if one does not exist.\n    - Open Tilix and run the `tmux` command, or enable the custom command option in Tilix.\n    - Edit `~/.tmux.conf` as needed.\n- **role: vim**\n  - Installs Vim packages.\n  - Installs the [amix/vimrc](https://github.com/amix/vimrc) Vim distribution.\n  - Creates a sample Vim customization file at `~/.vim_runtime/my_configs.vim`.\n    - Additional Vim settings are enabled in `~/.vim_runtime/my_configs.vim`, which are not part of the Vim distribution. Edit this file as needed.\n- **role: zsh**\n  - Installs the Zsh package and sets it as the user’s default shell.\n  - Installs the Antigen Zsh plugin manager.\n  - Copies and enables a sample `~/.zshrc` file if one does not exist, including:\n    - A function to prevent `ssh-agent` from repeatedly prompting for encrypted SSH key passwords when opening new terminals.\n    - Additional shell aliases, functions, and variables in `~/.shell_aliases.sh`, `~/.shell_functions.sh`, and `~/.shell_variables.sh`.\n  - Installs [ohmyzsh](https://github.com/ohmyzsh/ohmyzsh) and enables select bundled plugins.\n  - Enables the Bullet Train Zsh theme (other themes like Powerlevel10k can also be configured).\n- **role: firefox**\n  - Adds the Mozilla Firefox APT repository.\n  - Installs the latest version of Firefox (the bundled ESR version in Debian is outdated).\n    - Use the command `apt-cache policy firefox firefox-esr` to verify which repository is used for updates.\n- **role: googlechrome**\n  - Adds the Google Chrome APT repository.\n  - Installs Google Chrome.\n- **role: vscode**\n  - Adds the Visual Studio Code APT repository.\n  - Installs Visual Studio Code.\n  - Installs popular Visual Studio Code extensions.\n- **role: privacy**\n  - Installs Tor.\n  - Configures Tor to run at boot and excludes certain countries as exit nodes.\n    - Edit `/etc/tor/torrc` as needed.\n  - Installs ProxyChains.\n  - Configures ProxyChains to use Tor; see [my Medium story](https://fazlearefin.medium.com/tunneling-traffic-over-tor-network-using-proxychains-34c77ec32c0f) for usage instructions.\n    - Edit `/etc/proxychains4.conf` as needed.\n  - Installs the Metadata Anonymization Toolkit.\n- **role: security**\n  - Installs ClamAV (antivirus) and its GNOME interface. Perform manual scans from Nautilus or the CLI using `clamscan` (`clamd` is not installed due to its high memory usage).\n  - Installs Firejail for sandboxing applications.\n  - Enables additional AppArmor profiles.\n\n---\n\n## Step 0 | Prerequisites for Running the Ansible Playbooks\n\nOn the system to be configured, perform the following steps.\n\nInstall `ansible` and `git` using either `pip` or `apt`:\n\n```bash\nsudo apt update\nsudo apt full-upgrade -y\nsudo apt install ansible git -y\n```\n\nClone this repository (avoid cloning into `/tmp`, as it is cleaned and mounted on tmpfs):\n\n```bash\ngit clone https://github.com/fazlearefin/debian-dev-machine-setup.git\ncd debian-dev-machine-setup\n```\n\n## Step 1 | Running the Playbooks to Configure Your System\n\nRun the following command as the primary user of the system, **not as `root`**:\n\n```bash\nansible-playbook main.yml -vv -e \"{ laptop_mode: True }\" -e \"local_username=$(id -un)\" -K\n```\n\nEnter the sudo password when prompted for `BECOME password:`.\n\nThe `main.yml` playbook may take 15 minutes to an hour to complete.\n\nAfter completion, reboot your system to apply all changes.\n\n\u003e ### What is `laptop_mode`?\n\n#### Setting `laptop_mode` to `True`\n- Installs battery-saving packages like [TLP](https://github.com/linrunner/TLP).\n\n#### Setting `laptop_mode` to `False`\n- Skips battery-saving packages like [TLP](https://github.com/linrunner/TLP).\n\n---\n\n## Known Issues\n\n- If the Ansible playbook halts after completing some tasks, rerun it. Most tasks are idempotent, so running the playbook multiple times will not cause issues.\n- If your terminal displays garbled characters due to a Zsh theme, change the terminal font to a suitable Nerd Font in the terminal settings.\n- To disable fuzzy finder completions, comment out or remove the `#fzf` lines in `~/.zshrc` (this is a feature, not an issue).\n- Enabling certain [ohmyzsh](https://github.com/ohmyzsh/ohmyzsh) plugins, like **docker**, may result in an error: `tee: \u003csnip\u003e No such file or directory`. Fix this by creating the missing directory: `mkdir -p ~/.antigen/bundles/robbyrussell/oh-my-zsh/cache/completions`.\n\n---\n\n## Pull Requests and Forks\n\nPull requests are welcome, but this repository is tailored to my development needs. For personalization, consider forking the repository to suit your requirements.\n\n---\n\n## Donations\n\nIf this project saves you time and effort, feel free to make a donation. The code is completely free with *no strings attached*.\n\nBitcoin (BTC): `bc1qzlhpm94vtk2ht67etdutzcy2g5an5v6g36tp0m`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffazlearefin%2Fdebian-dev-machine-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffazlearefin%2Fdebian-dev-machine-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffazlearefin%2Fdebian-dev-machine-setup/lists"}