+
Notes on how i install a debian server with rootless docker and network-manager with an zsh setup
+
+
+
A perfect debian 12 install with docker and zsh!
+
+
+
+ #
+
+
+
+
+
+
Prerequisites
+
+
+
+ #
+
+
+
+
we first need to get the iso i’m gonna go with debian 12 bookworm and you can
+ofc install this on hardware but i’m gonna install it on a vm
+
+
+
Installation
+
+
+
+ #
+
+
+
+
+
+
vm
+
+
+
+ #
+
+
+
+
I will use a vm to setup the debian setup you can ofc install this
+on hardware if you want but for ease of install i will use a vm and
+the software i use to do that is QEMU/KVM.
+
+- firmware: UEFI
+- cpu: 1 Socket, 6 Cores and 1 Thread.
+- ram: 8192MiB
+- gpu: virtio(2d)
+- hdd: 100GB
+
+
+
+
Debian Installer
+
+
+
+ #
+
+
+
+
I will walk you through the installer from domain
+to manually partitioning disks
+
+
+
Domain
+
+
+
+ #
+
+
+
+
You now need to enter your hostname like debian-server or smth like that and for
+domain normally you can skip this but if you have setup pfsense or opnsense than
+you can enter the domain after the first dot so for me that would be home.arpa (the default).
+
+
+
Partitioning
+
+
+
+ #
+
+
+
+
You need to choose guided remove swap cus we are gonna zram then remove root an readd it with xfs/btrfs
+if using an ssd if not you can use ext4 it will give an warning after continueing cus there is no swap
+but you can just ignore that by hitting no and then continue with the install.
+
+
+
Mirrors
+
+
+
+ #
+
+
+
+
You should choose the default (deb.debian.org) if you don’t know which to choose.
+
+
+
Desktop Selection
+
+
+
+ #
+
+
+
+
Untick all but ‘Debian desktop environment’, ‘standard utils’ and enable ‘SSH server’.
+
+
+
Finnish!
+
+
+
+ #
+
+
+
+
It should now be installed.
+
+
+
Setting up
+
+
+
+ #
+
+
+
+
+
+
Sudo
+
+
+
+ #
+
+
+
+
We now need to go to tty2 (ctrl + alt + f2) then login with root cus we need to add our user to the sudoers group
+and we do that with:
+
/usr/sbin/usermod -aG sudo user
+
then we exit root (ctrl + d) and login with our user and we should now be in the sudoers file!
+
+
+
SSH
+
+
+
+ #
+
+
+
+
Now we need to setup an ssh connection we do that with first enabling the service:
+
sudo systemctl enable --now ssh
+
We need to check for what ip to connect too with ip a:
+
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+ inet 127.0.0.1/8 scope host lo
+ valid_lft forever preferred_lft forever
+ inet6 ::1/128 scope host noprefixroute
+ valid_lft forever preferred_lft forever
+2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+ link/ether 52:54:00:09:75:ef brd ff:ff:ff:ff:ff:ff
+ inet 192.168.122.221/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
+ valid_lft 2798sec preferred_lft 2798sec
+ inet6 fe80::5054:ff:fe09:75ef/64 scope link noprefixroute
+ valid_lft forever preferred_lft forever
+
And in 2. inet 192.168.122.221 is the ip we need to connect too.
+
+
+
Refreshing Mirrors (and fixing kitty)
+
+
+
+ #
+
+
+
+
We now need to fix kitty cus if you may have noticed the ssh connection is acting up
+this is kitty to fix that we need to do this
+
sudo apt update && sudo apt upgrade -y && sudo apt install kitty -y
+sudo apt remove gdm -y
+
And then reconnect with the ssh session.
+
+
+
Installing Required Packages
+
+
+
+ #
+
+
+
+
We will now install all the required packages for this server install:
+
sudo apt install cargo fuse-overlayfs slirp4netns neovim git curl zsh neofetch dust make cmake rustc btop uidmap dbus-user-session -y
+
For Mcfly:
+
curl -LSfs https://raw.githubusercontent.com/cantino/mcfly/master/ci/install.sh | sudo sh -s -- --git cantino/mcfly
+
For eza:
+
sudo mkdir -p /etc/apt/keyrings
+wget -qO- https://raw.githubusercontent.com/eza-community/eza/main/deb.asc | sudo gpg --dearmor -o /etc/apt/keyrings/gierens.gpg
+echo "deb [signed-by=/etc/apt/keyrings/gierens.gpg] http://deb.gierens.de stable main" | sudo tee /etc/apt/sources.list.d/gierens.list
+sudo chmod 644 /etc/apt/keyrings/gierens.gpg /etc/apt/sources.list.d/gierens.list
+sudo apt update && sudo apt install -y eza
+
And for dust:
+
curl -LSfs "https://objects.githubusercontent.com/github-production-release-asset-2e65be/125563061/dbaf86ba-0a32-4f0d-abca-61197ec0ce0d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240402%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240402T133137Z&X-Amz-Expires=300&X-Amz-Signature=d68092527396ef57f3c4c0634616386a1a59e2f7a50b850e64202bbb14f1d471&X-Amz-SignedHeaders=host&actor_id=46651680&key_id=0&repo_id=125563061&response-content-disposition=attachment%3B%20filename%3Ddu-dust_1.0.0-1_amd64.deb&response-content-type=application%2Foctet-stream" -o dust.deb
+sudo dpkg -i dust.deb && rm dust.deb
+
+
+
Setting up zsh (will be done later)
+
+
+
+ #
+
+
+
+
+
+
Setting up docker with a website!
+
+
+
+ #
+
+
+
+
We are now gonna setup docker with a
+ website
+
+
+
Docker Install
+
+
+
+ #
+
+
+
+
We need to add some lines to /etc/sysctl.conf:
+
sudo /bin/su -c "echo 'net.ipv4.ip_unprivileged_port_start=0' >> /etc/sysctl.conf"
+sudo /bin/su -c "echo 'kernel.unprivileged_userns_clone=1' >> /etc/sysctl.conf"
+sudo /bin/su -c "echo 'vm.max_map_count=262144' >> /etc/sysctl.conf"
+sudo sysctl --system
+
It’s now time to install docker!
+we first need to add the docker keyrings and you can do that with this:
+
sudo apt-get update
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+
after that is done we need to add the repo to our sources:
+
echo \
+ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt update
+
we can now finally install docker with uptodate versions:
+
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
now that docker is installed we ofc need to test it first to check if it is installed
+correctly or not and you can do that with this:
+
sudo docker run hello-world
+
if it worked then docker is installed correctly!
+
+
+
Setting up rootless for docker
+
+
+
+ #
+
+
+
+
now that we have docker installed we don’t want to run everything with root and
+want to run it securily with our user in rootless mode to do that we need to run
+this simple script from docker themselfs:
+
sudo systemctl disable --now docker.service docker.socket
+dockerd-rootless-setuptool.sh install
+systemctl --user enable --now docker
+
and again to check if it’s installed correctly we can run this command:
+
+
+
Setting up nginx
+
+
+
+ #
+
+
+
+
Now that docker is installed and working we now need to add some folder for them
+where to place the containers and such and to do that we just need to add these:
+
mkdir ~/docker && cd ~/docker
+
For setting up a site with nginx just clone my git repo for a docker container with nginx:
+
git clone https://git.kaleyfischer.xyz/DRAGONTOS/nginx-docker && cd nginx-docker
+
Now that we are in the nginx-docker container we need to build the container
+
+