{"id":16428154,"url":"https://github.com/remileduc/debian-config-perso","last_synced_at":"2025-11-19T09:01:55.388Z","repository":{"id":75661867,"uuid":"151601156","full_name":"remileduc/debian-config-perso","owner":"remileduc","description":"Files for my personal debian config, so I don't have to recreate them each time...","archived":false,"fork":false,"pushed_at":"2019-06-02T10:14:04.000Z","size":639,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-25T06:32:43.551Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/remileduc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-04T16:18:27.000Z","updated_at":"2019-06-02T10:14:06.000Z","dependencies_parsed_at":"2023-06-07T07:15:08.246Z","dependency_job_id":null,"html_url":"https://github.com/remileduc/debian-config-perso","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/remileduc/debian-config-perso","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remileduc%2Fdebian-config-perso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remileduc%2Fdebian-config-perso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remileduc%2Fdebian-config-perso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remileduc%2Fdebian-config-perso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/remileduc","download_url":"https://codeload.github.com/remileduc/debian-config-perso/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remileduc%2Fdebian-config-perso/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":285215532,"owners_count":27133906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-19T02:00:05.673Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T08:15:18.640Z","updated_at":"2025-11-19T09:01:55.369Z","avatar_url":"https://github.com/remileduc.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n    MIT License\n\n    Copyright (c) 2018 Rémi Ducceschi\n\n    Permission is hereby granted, free of charge, to any person obtaining a copy\n    of this software and associated documentation files (the \"Software\"), to deal\n    in the Software without restriction, including without limitation the rights\n    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n    copies of the Software, and to permit persons to whom the Software is\n    furnished to do so, subject to the following conditions:\n\n    The above copyright notice and this permission notice shall be included in all\n    copies or substantial portions of the Software.\n\n    THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n    SOFTWARE\n--\u003e\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/remileduc/debian_config_perso/blob/master/LICENSE)\n\nDebian config\n=============\n\nFiles for my personal debian config, so I don't have to recreate them each time...\n\n### Table of contents ###\n\n[Installation](#installation)\n- [Sid](#sid)\n- [Partitionning](#partitionning)\n- [KDE](#kde)\n\n[Copy config files](#copy-config-files)\n\n[Home encryption](#home-encryption)\n- [Create keyfile](#create-keyfile)\n- [Add the keyfile as a key](#add-the-keyfile-as-a-key)\n- [Change crypttab](#change-crypttab)\n- [Key slots management](#key-slots-management)\n\n[Ramdisk](#ramdisk)\n\n[Software](#software)\n- [Setup](#setup)\n- [System packages](#system-packages)\n- [Firefox extensions](#firefox-extensions)\n- [Kodi extensions](#kodi-extensions)\n\n[Firewall](#firewall)\n\n[Samba](#samba)\n\n[Useful information](#useful-information)\n- [Sudo](#sudo)\n- [SSH](#ssh)\n- [KDE Connect](#kde-connect)\n\n[Rescue](#rescue)\n- [Mount LUKS partition](#mount-luks-partition)\n- [Chroot to zotac](#chroot-to-zotac)\n\nInstallation\n------------\n\n### Sid ###\n\n1. download a Testing daily-build netinst for Debian: https://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/\n1. download the daily built mini iso for Debian: https://d-i.debian.org/daily-images/amd64/daily/netboot/\n1. extract the mini iso to your freshly formatted USB key\n1. copy the `efi` folder from the testing netinst iso to your USB key\n\nAt the beginning, choose `Advanced options -\u003e Expert install`. Then, when chosing repositories, select `Sid`.\n\n### Partitionning ###\n\n- efi = 100 Mio (unused) with boot flag, FAT32\n- /boot = 400 Mio\n- / = 50 Gio, ENCRYPTED\n- /mount/persistent = size of RAM, ENCRYPTED, `defaults,nodev,noexec,nosuid,noatime,nodiratime`\n- /home = everything else, ENCRYPTED\n- no swap\n\n### KDE ###\n\nDuring installation process, chose to install KDE.\n\nCopy config files\n-----------------\n\nCopy all the files to their destination. Some files are hidden...\n\nTo update Grub, you'll need to run `update-grub`.\n\nHome encryption\n---------------\n\nFollow instructions here (listed below): https://debian-facile.org/viewtopic.php?id=9101\n\nEverything should be run in root.\n\n### Create keyfile ###\n\nThis keyfile holds the keypass to open the home partition\n\n```bash\ndd if=/dev/random of=/root/sda4_keyfile bs=4096 count=1\nchmod a-rwx,u=r /root/sda4_keyfile\n```\n\n### Add the keyfile as a key ###\n\nWe add the generated keyfile as a key to open Home. Here, the UUID used is the UUID of the Home partition (/dev/sda4), not the encrypted partition (/dev/mapper/sda4_crypt). Use `blkid` to fetch the UUID.\n\n```bash\ncryptsetup luksAddKey /dev/disk/by-uuid/c4295a74-5c31-475b-aa57-b9fa4c2de36e /root/sda4_keyfile\n```\n\n### Change crypttab ###\n\nWe tell to the file `/etc/crypttab` to automatically fetch the keyfile (same rules as earlier for the UUID):\n\n```bash\nsda4_crypt UUID=c4295a74-5c31-475b-aa57-b9fa4c2de36e /root/sda4_keyfile luks,discard\n```\n\nThen, reboot and pray...\n\n### Key slots management ###\n\nAdd key\n```bash\ncryptsetup luksAddKey /dev/sdb1 /root/file # use file as a key\ncryptsetup luksAddKey /dev/sdb1 # will ask for a passphrase\n```\n\nDelete key\n```bash\ncryptsetup luksKillSlot /dev/sdb1 2 # 2 is the key slot to remove\n```\n\nChange key\n```bash\ncryptsetup luksChangeKey /dev/sdb1 -S 2 # 2 is the key slot to remove\n```\n\nShow infos\n```bash\ncryptsetup luksDump /dev/sdb1\n```\n\nRamdisk\n-------\n\nFollow the steps in this repository: [debian-systemd-ramdisk](https://github.com/remileduc/debian-systemd-ramdisk).\n\nSoftware\n--------\n\n### Setup ###\n\nTo install 32 bits packages, you need to enable the 32 bits architecture:\n\n```bash\ndpkg --add-architecture i386\n```\n\nTo install the last version of Kodi, you need to enable the *deb-multimedia* repository. To do so, you need to install the key:\n\n```bash\nsudo apt-get update -oAcquire::AllowInsecureRepositories=true\nsudo apt-get install deb-multimedia-keyring\n```\n\n### System packages ###\n\n**Uninstall** the following:\n\n```\nappstream firefox-esr firefox-esr-l10n-fr xserver-xorg-video-intel\n```\n\nInstall the following:\n\n```\nandroid-tools-adb android-tools-fastboot cowsay cowsay-off firefox firefox-l10n-fr firmware-iwlwifi firmware-misc-nonfree firmware-realtek git kdeconnect kodi mlocate qbittorrent rsync samba ufw vlc\n```\n\n### Firefox extensions ###\n\n- [Behind the overlay - revival](https://addons.mozilla.org/fr/firefox/addon/behind-the-overlay-revival/)\n- [Cast Kodi](https://addons.mozilla.org/fr/firefox/addon/castkodi/)\n- [HTTPS Everywhere](https://addons.mozilla.org/fr/firefox/addon/https-everywhere/)\n- [uBlock Origin](https://addons.mozilla.org/fr/firefox/addon/ublock-origin/)\n\n### Kodi extensions ###\n\n- enable [remote control](https://kodi.wiki/view/Smartphone/tablet_remotes)\n- [InputStream Adaptative](https://kodi.wiki/view/Add-on:InputStream_Adaptive)\n    - `apt install kodi-inputstream-adaptive`\n- [InputStream RTMP](https://kodi.wiki/view/Add-on:RTMP_Input)\n    - `apt install kodi-inputstream-rtmp`\n- [YouTube](https://kodi.wiki/view/Add-on:YouTube)\n- [CU Lyrics](https://kodi.wiki/view/Add-on:CU_LRC_Lyrics)\n\nFirewall\n--------\n\nWe use Uncomplicated Firewall (`ufw`). The goal is to accept nothing except the\nneeded, and only on the local network.\n\nTo star, we need to enable `ufw`:\n\n```bash\nsystemctl enable ufw\nservice ufw start\nufw enable\n```\n\nThen, we need the following rules:\n\n```bash\nufw default deny incoming\nufw default allow outgoing\nufw default allow routed\n# To finish\nufw reload\n```\n\n**Note:** Full configuration of the Firewall is done in the router step. See [debian-vpn-router](https://github.com/remileduc/debian-vpn-router).\n\nTo check `ufw` rules:\n\n```bash\nufw status verbose\n```\n\nTo clear rules:\n```bash\nufw reset\nufw enable\n```\n\nSamba\n-----\n\nInstall the package `samba`.\n\nAdd the current user as a samba user:\n\n```bash\nsmbpasswd -a sid\n```\n\nCreate a shared folder and create some links (not root!)\n\n```bash\ncd ~\nmkdir Téléchargements/p2p\nmkdir shared \u0026\u0026 cd shared\nln -s ../Documents Documents\nln -s ../Images Pictures\nln -s ../Musique Music\nln -s ../Vidéos/ Videos\nln -s ../Téléchargements/ Downloads\n```\n\nEdit samba config file `/etc/samba/smb.conf`:\n\n```\n# In [global] section:\n   allow insecure wide links = yes\n\n# In [homes] section:\n   available = no\n\n# At the end of the file, create a new section:\n[shared]\n   comment = Shared folders for Zotac\n   follow symlinks = yes\n   wide links = yes\n   path = /home/sid/shared\n   available = yes\n   valid users = sid\n   read only = no\n   browsable = yes\n   public = yes\n   writable = yes\n```\n\nRestart the service `smbd` and connect to `\\\\IP\\shared`.\n\nUseful information\n------------------\n\n### Sudo ###\n\nmanagesudo permission:\n\n```bash\n# give sudo permission:\nusermod -aG sudo sid\n# remove sudo permission:\ndeluser sid sudo\n```\n\n### SSH ###\n\nIn order to be able to login as `root` via SSH, you need to edit the file\n`/etc/ssh/sshd_config` and add the following line:\n\n```\nPermitRootLogin yes\n```\n\n### KDE Connect ###\n\nCommands for KDE Connect:\n- `suspend` = qdbus org.kde.Solid.PowerManagement /org/freedesktop/PowerManagement Suspend\n- `voldown` = qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"decrease_volume\"\n- `volup` = qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"increase_volume\"\n- `show konsole` = qdbus org.kde.KWin /KWin setCurrentDesktop 1\n- `show internet` = qdbus org.kde.KWin /KWin setCurrentDesktop 2\n- `show kodi` = qdbus org.kde.KWin /KWin setCurrentDesktop 4\n\nRescue\n------\n\nAll commands should be run as root unless specified.\n\n### Mount LUKS partition ###\n\nTo mount a LUKS encrypted partition:\n\n```bash\n# first we decrypt\ncryptsetup luksOpen /dev/sda3 zotac\n# then we mount\nmkdir /media/zotac\nmount /dev/mapper/zotac /media/zotac\n```\n\nIf needed, we can unmount it to relock it:\n```bash\numount /media/zotac\ncryptsetup luksClose zotac\n```\n\n### Chroot to zotac ###\n\nWe assume that the system partition is mounted in `/media/zotac`.\n\nFirst we need to prepare all the system folders:\n\n```bash\nmount --bind /dev /media/zotac/dev\nmount -t proc /proc /media/zotac/proc\nmount --bind /run  /media/zotac/run\nmount -t sysfs /sys /media/zotac/sys\n```\n\n**Note**: to only install new kernel, do this:\n```bash\nmount /dev/sda2 /media/zotac/boot\nmount -o bind /proc /media/zotac/proc\nmount -o bind /proc /media/zotac/dev\n```\n\nFinally, the chroot:\n\n```bash\nchroot /media/zotac\n```\nTo quit, just run `exit`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremileduc%2Fdebian-config-perso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fremileduc%2Fdebian-config-perso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremileduc%2Fdebian-config-perso/lists"}