Manual Debian Install

Manual Debian Install#

Standard#

In this example we will do a manual installation of Debian GNU/Linux from another Debian GNU/Linux system.

This gives us more control on the packages to install and more variability on disk configurations. This method is similar to the one used to install Arch Linux.

Vedi anche

  • D.3. Installing Debian GNU/Linux from a Unix/Linux System [1]

  • RAID - ArchWiki [2]

  • Syslinux - ArchWiki [3] [4]

Partition name

Mount point

mdadm name

/dev/nvme0n1p0

/boot

/dev/md0

/dev/nvme0n1p1

/

/dev/md1

/dev/nvme0n1p2

/home

/dev/md2

/dev/nvme0n1p3

/data

/dev/md3

/dev/nvme1n1p0

/boot

/dev/md0

/dev/nvme1n1p1

/

/dev/md1

/dev/nvme1n1p2

/home

/dev/md2

/dev/nvme1n1p3

/data

/dev/md3

  1. install the packages to perform a Debian installation

    apt-get install debootstrap arch-install-scripts
    
  2. create GPT partitions using fdisk and set their type to Linux RAID

    fdisk /dev/nvme0n1
    # [ ... ]
    
    fdisk /dev/nvme1n1
    # [ ... ]
    
  3. make the RAID devices

    mdadm --create --verbose --level=1 --metadata=1.0 --raid-devices=2 /dev/md0 /dev/nvme0n1p0 /dev/nvme1n1p0
    mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md1 /dev/nvme0n1p1 /dev/nvme1n1p1
    mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md2 /dev/nvme0n1p2 /dev/nvme1n1p2
    mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md3 /dev/nvme0n1p3 /dev/nvme1n1p3
    
  4. make the filesystems

    mkfs.ext4 /dev/md0
    mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md1
    mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md2
    mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md3
    
  5. enable a swap partiton optionally

  6. mount the partitions

    mount /dev/md1 /mnt/debinst
    mkdir /mnt/debinst/boot /mnt/debinst/home /mnt/debinst/data
    mount /dev/md0 /mnt/debinst/boot
    mount /dev/md2 /mnt/debinst/home
    mount /dev/md3 /mnt/debinst/data
    
  7. debootstrap

    /usr/sbin/debootstrap --arch amd64 bullseye /mnt/debinst https://debian.mirror.garr.it/debian/
    
  8. generate the fstab file

    genfstab -U /mnt/debinst >> /mnt/debinst/etc/fstab
    
  9. do a chroot

    arch-chroot /mnt/debinst
    
  10. set the timezone, locale and fix the binaries path for the root user

    echo 'PATH=$PATH:/sbin' >> ~/.bashrc
    dpkg-reconfigure tzdata
    apt-get install locales && dpkg-reconfigure locales
    locale-gen
    
  11. install these packages: these are just a selection of stuff I frequently use

    apt-get install apt-transport-tor f2fs-tools btrfs-progs htop openssh-server openssh-client sshfs haveged ntpsec apache2 postfix dovecot-core fail2ban cups ffmpeg motion rtorrent docker smartmontools autossh screen nut python3-pip curl wget python3 git sane irqbalance unbound thermald earlyoom dnscrypt-proxy qemu-system-x86 qemu rsync roundcube-core schedtool certbot python-certbot-apache lshw usbutils powertop offlineimap gdisk bash-completion linux-image-amd64 man-db w3m dnsutils lm-sensors borgmatic python3-bs4 console-setup keyboard-configuration
    
  12. update the RAID configuration

    apt-get install mdadm
    mdadm --detail --scan >> /etc/mdadm.conf
    
  13. install the bootloader. I prefer using Syslinux on servers but unfortunately it needs to be installed manually on Debian

    apt-get install syslinux extlinux
    mkdir /boot/syslinux
    cp /usr/lib/syslinux/modules/bios/*.c32 /boot/syslinux/
    extlinux --install /boot/syslinux
    sgdisk /dev/nvme0n1 --attributes=1:set:2
    sgdisk /dev/nvme1n1 --attributes=1:set:2
    sgdisk /dev/nvme0n1 --attributes=1:show
    sgdisk /dev/nvme1n1 --attributes=1:show
    dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/nvme0n1
    dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/nvme1n1
    
  14. add this configuration for the bootloader

    /boot/syslinux/syslinux.cfg#
     1# Config file for Syslinux -
     2# /boot/syslinux/syslinux.cfg
     3#
     4# Comboot modules:
     5#   * menu.c32 - provides a text menu
     6#   * vesamenu.c32 - provides a graphical menu
     7#   * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders
     8#   * hdt.c32 - hardware detection tool
     9#   * reboot.c32 - reboots the system
    10#
    11# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux.
    12# If /usr and /boot are on the same file system, symlink the files instead
    13# of copying them.
    14#
    15# If you do not use a menu, a 'boot:' prompt will be shown and the system
    16# will boot automatically after 5 seconds.
    17#
    18# Please review the wiki: https://wiki.parabola.nu/index.php/Syslinux
    19# The wiki provides further configuration examples
    20
    21DEFAULT debian
    22PROMPT 0        # Set to 1 if you always want to display the boot: prompt
    23TIMEOUT 50
    24# You can create syslinux keymaps with the keytab-lilo tool
    25KBDMAP it.ktl
    26
    27# Menu Configuration
    28# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux
    29#UI menu.c32
    30UI vesamenu.c32
    31
    32# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
    33MENU TITLE Debian GNU/Linux
    34MENU COLOR border       35;40   #ff777caa #a0000000 std
    35MENU COLOR title        1;35;40 #ff777caa #a0000000 std
    36MENU COLOR sel          7;35;47 #e0ffffff #20777caa all
    37MENU COLOR unsel        35;40   #ff777caa #a0000000 std
    38MENU COLOR help         35;40   #c0b2b2b2 #a0000000 std
    39MENU COLOR timeout_msg  35;40   #ff777caa #00000000 std
    40MENU COLOR timeout      1;35;40 #ff777caa #00000000 std
    41MENU COLOR msg07        35;40   #ff777caa #a0000000 std
    42MENU COLOR tabmsg       35;40   #ff777caa #00000000 std
    43
    44MENU WIDTH 78
    45MENU MARGIN 4
    46MENU ROWS 7
    47MENU VSHIFT 10
    48MENU TABMSGROW 14
    49MENU CMDLINEROW 14
    50MENU HELPMSGROW 16
    51MENU HELPMSGENDROW 29
    52
    53# boot sections follow
    54#
    55# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
    56#
    57#-*
    58
    59LABEL debian
    60MENU LABEL Debian 5.10.0-13
    61LINUX ../vmlinuz-5.10.0-13-amd64
    62APPEND root=UUID=4a276a15-c79b-49ba-ac6e-17564eafb9fd rw
    63INITRD ../initrd.img-5.10.0-13-amd64
    64
    65# If you want Memtest on syslinux, use this LABEL section to launch it (install the memtest86+ package)
    66LABEL memtest
    67MENU LABEL Memtest86+
    68LINUX ../memtest86+/memtest.bin
    69
    70LABEL hdt
    71   MENU LABEL HDT (Hardware Detection Tool)
    72   COM32 hdt.c32
    73
    74LABEL reboot
    75   MENU LABEL Reboot
    76   COM32 reboot.c32
    77
    78LABEL poweroff
    79   MENU LABEL Poweroff
    80   COM32 poweroff.c32
    

    Nota

    The UUID of the root filesystem in this example is 4a276a15-c79b-49ba-ac6e-17564eafb9fd. You can get this value

    lsblk -o name,uuid | grep md1
    

    The kernel version is 5.10.0-13-amd64

  15. add these modules to the initramfs

    /etc/initramfs-tools/modules#
     1# List of modules that you want to include in your initramfs.
     2# They will be loaded at boot time in the order below.
     3#
     4# Syntax:  module_name [args ...]
     5#
     6# You must run update-initramfs(8) to effect this change.
     7#
     8# Examples:
     9#
    10# raid1
    11# sd_mod
    12
    13encrypt
    14
    15lvm2
    16fsck
    17udev
    18keyboard
    19autodetect
    20raid1
    21raid10
    22f2fs
    23fscrypto
    24crc32-pclmul
    25crc32c_generic
    26crc32c-intel
    27crc32_generic
    28libcrc32c
    
  16. update the initramfs

    update-initramfs -k all -u
    
  17. blacklist the kernel package so we don’t have to deal changing the bootloader configuration every time a new kernel is available. This way you are responsible to remove the blacklist and update Syslinux’s configuration when needed

    apt-mark hold linux-image-amd64
    

    Nota

    To remove the hold run

    apt-mark unhold linux-image-amd64
    
  18. edit /etc/network/interfaces to get a static IP address

  19. enable the OpenSSH server

    systemctl enable ssh
    
  20. temporarely enable root access via ssh. Set this value

    PermitRootLogin yes
    

    Avvertimento

    Remember to disable root access once you create new users!

  21. add a new root password

    passwd root
    
  22. run sync and quit

    sync
    exit
    
  23. unmount the partitions

    umount -R /mnt/debinst
    

Variations#

Encryption#

If you are encrypting the root partition using LVM on LUKS you have to change the bootloader configuration and the crypttab file.

Vedi anche

  • dm-crypt/Encrypting an entire system - ArchWiki [5]

  1. change Syslinux’s APPEND lines

    /boot/syslinux/syslinux.cfg#
    # [ ... ]
      APPEND cryptdevice=UUID=ABCD-0123:cryptlvm root=/dev/MyLVMgroupName/root rw
    # [ ... ]
    
  2. edit the crypttab file like this

    /etc/crypttab#
    # <target name>   <source device>         <key file>      <options>
    key              UUID=ABCD-0123  none        luks
    

Nota

  • ABCD-0123 is the UUID of the physical partition.

  • MyLVMgroupName is the name of the LVM group where the root partition is installed.

Footnotes