-
Notes on how i install a debian server with rootless docker and network-manager with an zsh setup
-
-
-
A perfect debian 12 install with docker and zsh!
-
-
-
- #
-
-
-
-
-
-
Prerequisites
-
-
-
- #
-
-
-
-
we first need to get the iso i’m gonna go with debian 12 bookworm and you can
-ofc install this on hardware but i’m gonna install it on a vm
-
-
-
Installation
-
-
-
- #
-
-
-
-
-
-
vm
-
-
-
- #
-
-
-
-
I will use a vm to setup the debian setup you can ofc install this
-on hardware if you want but for ease of install i will use a vm and
-the software i use to do that is QEMU/KVM.
-
-- firmware: UEFI
-- cpu: 1 Socket, 6 Cores and 1 Thread.
-- ram: 8192MiB
-- gpu: virtio(2d)
-- hdd: 100GB
-
-
-
-
Debian Installer
-
-
-
- #
-
-
-
-
I will walk you through the installer from domain
-to manually partitioning disks
-
-
-
Domain
-
-
-
- #
-
-
-
-
You now need to enter your hostname like debian-server or smth like that and for
-domain normally you can skip this but if you have setup pfsense or opnsense than
-you can enter the domain after the first dot so for me that would be home.arpa (the default).
-
-
-
Partitioning
-
-
-
- #
-
-
-
-
You need to choose guided remove swap cus we are gonna zram then remove root an readd it with xfs/btrfs
-if using an ssd if not you can use ext4 it will give an warning after continueing cus there is no swap
-but you can just ignore that by hitting no and then continue with the install.
-
-
-
Mirrors
-
-
-
- #
-
-
-
-
You should choose the default (deb.debian.org) if you don’t know which to choose.
-
-
-
Desktop Selection
-
-
-
- #
-
-
-
-
Untick all but ‘Debian desktop environment’, ‘standard utils’ and enable ‘SSH server’.
-
-
-
Finnish!
-
-
-
- #
-
-
-
-
It should now be installed.
-
-
-
Setting up
-
-
-
- #
-
-
-
-
-
-
Sudo
-
-
-
- #
-
-
-
-
We now need to go to tty2 (ctrl + alt + f2) then login with root cus we need to add our user to the sudoers group
-and we do that with:
-
/usr/sbin/usermod -aG sudo user
-
then we exit root (ctrl + d) and login with our user and we should now be in the sudoers file!
-
-
-
SSH
-
-
-
- #
-
-
-
-
Now we need to setup an ssh connection we do that with first enabling the service:
-
sudo systemctl enable --now ssh
-
We need to check for what ip to connect too with ip a:
-
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host noprefixroute
- valid_lft forever preferred_lft forever
-2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
- link/ether 52:54:00:09:75:ef brd ff:ff:ff:ff:ff:ff
- inet 192.168.122.221/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
- valid_lft 2798sec preferred_lft 2798sec
- inet6 fe80::5054:ff:fe09:75ef/64 scope link noprefixroute
- valid_lft forever preferred_lft forever
-
And in 2. inet 192.168.122.221 is the ip we need to connect too.
-
-
-
Refreshing Mirrors (and fixing kitty)
-
-
-
- #
-
-
-
-
We now need to fix kitty cus if you may have noticed the ssh connection is acting up
-this is kitty to fix that we need to do this
-
sudo apt update && sudo apt upgrade -y && sudo apt install kitty -y
-sudo apt remove gdm -y
-
And then reconnect with the ssh session.
-
-
-
Installing Required Packages
-
-
-
- #
-
-
-
-
We will now install all the required packages for this server install:
-
sudo apt install cargo fuse-overlayfs slirp4netns neovim git curl zsh neofetch dust make cmake rustc btop uidmap dbus-user-session -y
-
For Mcfly:
-
curl -LSfs https://raw.githubusercontent.com/cantino/mcfly/master/ci/install.sh | sudo sh -s -- --git cantino/mcfly
-
For eza:
-
sudo mkdir -p /etc/apt/keyrings
-wget -qO- https://raw.githubusercontent.com/eza-community/eza/main/deb.asc | sudo gpg --dearmor -o /etc/apt/keyrings/gierens.gpg
-echo "deb [signed-by=/etc/apt/keyrings/gierens.gpg] http://deb.gierens.de stable main" | sudo tee /etc/apt/sources.list.d/gierens.list
-sudo chmod 644 /etc/apt/keyrings/gierens.gpg /etc/apt/sources.list.d/gierens.list
-sudo apt update && sudo apt install -y eza
-
And for dust:
-
curl -LSfs "https://objects.githubusercontent.com/github-production-release-asset-2e65be/125563061/dbaf86ba-0a32-4f0d-abca-61197ec0ce0d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240402%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240402T133137Z&X-Amz-Expires=300&X-Amz-Signature=d68092527396ef57f3c4c0634616386a1a59e2f7a50b850e64202bbb14f1d471&X-Amz-SignedHeaders=host&actor_id=46651680&key_id=0&repo_id=125563061&response-content-disposition=attachment%3B%20filename%3Ddu-dust_1.0.0-1_amd64.deb&response-content-type=application%2Foctet-stream" -o dust.deb
-sudo dpkg -i dust.deb && rm dust.deb
-
-
-
Setting up zsh (will be done later)
-
-
-
- #
-
-
-
-
-
-
Setting up docker with a website!
-
-
-
- #
-
-
-
-
We are now gonna setup docker with a
- website
-
-
-
Docker Install
-
-
-
- #
-
-
-
-
We need to add some lines to /etc/sysctl.conf:
-
sudo /bin/su -c "echo 'net.ipv4.ip_unprivileged_port_start=0' >> /etc/sysctl.conf"
-sudo /bin/su -c "echo 'kernel.unprivileged_userns_clone=1' >> /etc/sysctl.conf"
-sudo /bin/su -c "echo 'vm.max_map_count=262144' >> /etc/sysctl.conf"
-sudo sysctl --system
-
It’s now time to install docker!
-we first need to add the docker keyrings and you can do that with this:
-
sudo apt-get update
-sudo install -m 0755 -d /etc/apt/keyrings
-sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-sudo chmod a+r /etc/apt/keyrings/docker.asc
-
after that is done we need to add the repo to our sources:
-
echo \
- "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
- $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt update
-
we can now finally install docker with uptodate versions:
-
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
now that docker is installed we ofc need to test it first to check if it is installed
-correctly or not and you can do that with this:
-
sudo docker run hello-world
-
if it worked then docker is installed correctly!
-
-
-
Setting up rootless for docker
-
-
-
- #
-
-
-
-
now that we have docker installed we don’t want to run everything with root and
-want to run it securily with our user in rootless mode to do that we need to run
-this simple script from docker themselfs:
-
sudo systemctl disable --now docker.service docker.socket
-dockerd-rootless-setuptool.sh install
-systemctl --user enable --now docker
-
and again to check if it’s installed correctly we can run this command:
-
-
-
Setting up nginx
-
-
-
- #
-
-
-
-
Now that docker is installed and working we now need to add some folder for them
-where to place the containers and such and to do that we just need to add these:
-
mkdir ~/docker && cd ~/docker
-
For setting up a site with nginx just clone my git repo for a docker container with nginx:
-
git clone https://git.kaleyfischer.xyz/DRAGONTOS/nginx-docker && cd nginx-docker
-
Now that we are in the nginx-docker container we need to build the container
-
-