This is not really a comprehensive guide to installing everything for every situation but more of a general guideline. We get a lot of stuff about Linux help and how can we make Linux accessible for people and the masses.
I installed Debian for my Family (I use Fedora) so let’s start here. Hey this is not to say force someone onto a platform they do not understand. Recommend what works best for them. Advocate Linux as a good option but in the end of the day there are different strokes for different folks.
Each episode in my posts will do this for a different distributions as we go detailing the repositories and processes for each that work best for everyday tasks and stability from my experience. The forum is welcome to chime in
Let’s begin
So Debian 10 got released: Debian 10 Post by @AdminDev
Why debian?
I am going to highlight some reasons here that I believe make it a great choice contrary to popular belief by many communities. However I will list a couple reasons at the end why it may not be a good choice for certain conditions.
Reason Numero Uno: The Comprehensive Installer
Unfortunately early in Debian’s lifetime it attained a reputation for being hard to install and that sentiment has never altogether gone away. In reality, though, the reverse is true, and Debian has the most thorough-going installer available. Ive installed many distributions. Ive done so thousands of times because of my own stupidity in a lot of cases. Although most people installing Debian only need a shortened version, the Debian Installer allows the selection of almost every detail – so long, of course, as you are prepared to spend a couple of hours installing. So the advanced version of the installer may always be used to customize everything when you are having difficulty.
Reason Numero Dos. Degrees of Freedom
As we all know with a lot of distros Debian alike installs with only free software. However, if you choose to work with proprietary software, add contrib non-free
to the end of each line of /etc/apt/sources.list, then run apt-get update
. The contrib section contains free software that requires non-free software to run, while non-free section contains proprietary software. Officially, neither section is tested as thoroughly as the rest of Debian, but unofficially, their standards remain high within these repositories and I highly recommend them as sources for average people.
Reason Numero Tres. Massive Hardware Architectures
Each Debian release officially supports nine hardware architectures, ranging from amd64 (64 bit Intel) to arm64 and PowerPC. Another five architectures are unofficially supported, while three are unsupported but listed anyway. This is more than most any other distribution out of the box that I have tried. This makes it a safe bet for any hardware. Its even used on some MIPS routers.
Reason Numero Cuatro. Transitions are slow and “stable”
Often “stable” is a joke thrown around by a lot of us primarily because well we like to be edgy about our distros. However, the introduction of new technologies like Systemd often causes problems when upgrading to a new release. We saw a ton of this back when SystemD was new. However, Debian makes a point of creating packages that make the changeover as smooth as an ordinary upgrade. They do this by remaining a bit behind the world and only on what is considered stable software. Stability is good for the average user. It does not mean less secure. Debian regularly backports and patches older software and they have a very passionate and dedicated community that is a Meritocracy.
Reason Numero Cinco. The Largest Number of Installed Packages
Im not counting how many packages Debian includes but its over 40,000 packages – and possibly over 50,000. The point is not the number but the fact that most linux packages will be built for Debian just like Fedora and SUSE (RHEL/Slackware Based distributions). This is great for software support. A lot of software “Officially” supports Debian like steam which is dropping support for UBUNTU.
Reason Numero Seis. Provides options between Cutting Edge and Stability
Debian’s three main repositories are Stable, Testing, and Unstable. These repositories are supposed to be organized for the purposes of producing a new release, but it is a rare user who can resist the temptation to raid Testing and Unstable for the most recent software. Do not mix these repositories unless you know what you are doing. If you are on “stable” enabled backports if you want slightly more updates and other updates for graphics drivers.
Reason Numero Siete. Simple everlasting Stability and Security
All distributions have guidelines for their packages, but the Debian Policy Manual is by far the most comprehensive. The manual details every possible aspect of what a package may contain and how it can interact with other packages, and every package must adhere to it. The result is that the Debian Stable repository is almost certainly the most dependable version of Linux available period said done. I dont see “I can make distro xyz as dependable” as an argument because its not OOB standard behaviour.
Why Not Debian?
I can think of 3 good reasons
1. Debian Installs with Only Free Software
With Debian, getting non-free software is as easy as adding the repositories. However, for some users, even that is too much effort. They prefer a Debian derivative like Linux Mint or Ubuntu that makes getting non-free drivers or tools like Flash even easier. This is just one step in the process that can get annoying to some. However for average folk it may not if someone else is doing their admin work.
2. Debian Uses Systemd – This is for a select few users
While most users have accepted the introduction of Systemd a few years ago, there is part of the community that will continue to fault Debian for using it. They see Systemd as too powerful an administration tool, and suspect it as a ploy by Red Hat to control the desktop. If you believe such things I guess Debian isnt for you. However in true Libre fashion they have provided a solution you may employ but I do not recommend myself.
The Debian wiki includes instructions for replacing Systemd with Init, but the process is cumberson, so those who object to Systemd often prefer a derivative distribution like Devuan, which installs without Systemd. Modern systems run with systemd just fine.
3. Debian Software is simply never up to date save security patches
The cost of Debian’s stability is often software that is several versions behind the latest. This cost becomes especially obvious in the kernel and desktop environment. Thus if you have really bleeding edge hardware it may not always work out of the box. This can be fixed by running a bleeding edge vanilla kernel but that compromises stability. There are updated repositories for software but they will conflict on distribution upgrades so if you want bleeding edge I suggest you consult Fedora and wait for my next release of these posts.
Alright so your deciding on Debian. I say its a solid choice. Lets begin some work on installing.
First off read the Install manual. This is quite important. If I give you a bunch of cut and paste pictures you will not learn. So Please read it. Here it is for Debian 10
https://www.debian.org/releases/buster/amd64/index
Follow it and install the distribution from your desired version. I suggest you run the distribution live before installing.
Here is a link to live OS install images:
https://www.debian.org/CD/live/
As for a choice of desktop environments I dont mind which one you choose. If you are looking for a recommendation. Choose MATE. This desktop environment has never had issues with any drivers.
The MATE Desktop Environment is the continuation of GNOME 2. It provides an intuitive and attractive desktop environment using traditional metaphors for Linux and other Unix-like operating systems.
MATE is under active development to add support for new technologies while preserving a traditional desktop experience. See the Roadmap. The MATE Manifesto outlines some of the principles that guide the project.
YMMV this is a screenshot of vanilla MATE
Here is a screenshot of my themed version on Debian 10 on one of my older machines. (My laptop and main desktop use Fedora) Its really easy to do. DE’s are distro agnostic typically
That being said let us move forward.
Booting with NVIDIA and AMD desktop graphics cards should go without issue. If you have Optimus on a laptop you will need to append nouveau.modeset=0 (This assumes you havea modern system with the modeset driver like Debian 10)
So you have reached the desktop and hopefully everything went well:
How I would setup the desktop and how it is setup for my parents as well.
Change editor to nano (.bashrc)
The default editor is vi or vim and is rather daunting to average users. Nano is a much more user friendly command line alternative so lets make it so. Execture nano .bashrc
(or you may change it globally in ETC). Add this to the end of the configuration file
export EDITOR=nano
export VISUAL=nano
Modify sudoers file add some feedback and humor
The average person may find it disconcerting that when they type in the terminal after “sudo” that they cannot have any sort of feedback that they are typing their password. Let’s add asterix feedback. I also added insults to when you do not get the password right for a bit of humor. LOL. Using trusty easy nano go ahead and sudo nano /etc/sudoers
and add or modify the following lines:
Defaults env_reset,pwfeedback
Defaults insults
Edit regulatory data to reflect country of locality
It is rather annoying that most distributions will opt for the global “00” config. While it works it can mess with certain parts of the system such as wireless transmissions. We can change it or leave it as is. If I know the computer will always be in a country I opt to change it to the country code. The country code follows International Standards Organization 3166 alpha 2 format. You can find a list of countries here.
sudo nano /etc/default/crda
This will reveal a spot to place this code. Change it if you will.
Fix the #1 wireless issue on Linux
Unfortunately most cards will be fine on linux but notably broadcom cards still have the issue where if Linux has power management on it will result in slow performance. I just turn it off to be safe. My parents are on a 10 GBE connection from my old hardware switch so I dont worry about this save my mothers laptop. Again this is a normal person guide. This will help the average. I have posted below however 10 GBE sysctl.conf tweaks in the rare case you have a 10 GBE home setup. Take them if you would like YMMV.
sudo iwconfig <adapter> power off
SYSCTL Tweaks for 10 GBE network performance
A collection of TCP tweaks that helped maximize 10 GBE NIC peformance on average. Normally this is not needed. I went ahead and did so for kicks.
# Maximum socket buffer size
net.core.optmem_max = 134217728
# Maximum receive socket buffer size
net.core.rmem_max = 134217728
# Maximum send socket buffer size
net.core.wmem_max = 134217728
# Minimum, initial and max TCP Receive buffer size in Bytes
net.ipv4.tcp_rmem = 4096 33554432 134217728
# Minimum, initial and max buffer space allocated
net.ipv4.tcp_wmem = 4096 33554432 134217728
# Minimum, initial and max buffer space allocated
net.ipv4.tcp_mem = 6672016 6682016 7185248
# Maximum number of packets queued on the input side
net.core.netdev_max_backlog = 300000
# Auto tuning
net.ipv4.tcp_moderate_rcvbuf =1
# Don't cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
# Congestion Control
net.ipv4.tcp_congestion_control=reno
# If you are using jumbo frames set this to avoid MTU black holes.
net.ipv4.tcp_mtu_probing = 1
# Define mine free vm memory
vm.min_free_kbytes = 524288
# Extra TCP Tweaks
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.core.netdev_max_backlog = 250000
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_window_scaling=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
# Enable for wireless internet links only (Wireless Fiber for ex)
# net.ipv4.tcp_frto=2
# net.ipv4.tcp_frto_response=2
A few things I need before continuing
Curl does not come out of the box with debian MATE so I installed it and a few other things needed for my later modifications. Here is how I did so:
sudo apt update && sudo apt build-dep curl && sudo apt install curl wget apt-transport-https dirmngr
Better/Faster and Non Free sources
Ultimately anybody who does anything for convenience will run into needing some non free sources here and there. For example say the hardware has an NVIDIA or AMD GPU you wish to enable full performance of. You will likely need this. Please consult your manual for how to do this for your specific distribution. As for debian consult its manual or see how to do so from a binary standpoint. I have made a NVIDIA post on this on this forum for installing from the binary however if you can avoid needing to do so and use the drivers that come with the distribution that would be best. The binary drivers now come with DKMS so they are more problem free however they can still cause issues. Going through these routes will require software for build environments and kernel builds and make and DKMS. I just install the whole lot of them and stop worrying. See steps below
Setup proper kernel Build Environments (Most people will need this in some form)
# Install microcode depending on your system architecture
sudo apt install build-essential cmake g++ dkms acpid lshw software-properties-common llvm clang firmware-linux firmware-linux-nonfree amd64-microcode gcc-multilib curl wget apt-transport-https dirmngr git
# Install kernel headers
sudo apt install linux-headers-$(uname -r)
# Build some dependencies
sudo apt build-dep linux
A decent sources config
Lets enable the sources. First off choose a mirror thats fastest and closest to you. (I would google how to do so if you do not know already. The master mirror list for debian can be found here. I tend to choose a mirror that runs on a major server or network backbone in the area. My parents live in an undisclosed location in the Intermountain Western United States. Syringa Networks is a major backbone so it simply made sense. Here is what my sources file looks like the repositories I added to it. This setup will do for almost everybody and so I have saved you the time in finding the information on it.
sudo nano /etc/apt/sources.list
Add or modify the file to reflect everything you would like out of my file below. If you do not want to choose a mirror you may leave the default URL’s in place as they will universally work.
#------------------------------------------------------------------------------#
# OFFICIAL DEBIAN REPOS
#------------------------------------------------------------------------------#
deb http://mirrors.syringanetworks.net/debian/ stable main contrib non-free
deb-src http://mirrors.syringanetworks.net/debian/ stable main contrib non-free
deb http://mirrors.syringanetworks.net/debian/ stable-updates main contrib non-free
deb-src http://mirrors.syringanetworks.net/debian/ stable-updates main contrib non-free
deb http://security.debian.org/ stable/updates main
deb-src http://security.debian.org/ stable/updates main
deb http://mirrors.syringanetworks.net/debian/ buster-backports main
deb-src http://mirrors.syringanetworks.net/debian/ buster-backports main
#------------------------------------------------------------------------------#
# THIRD PARTY REPOS
#------------------------------------------------------------------------------#
# Atom Editor
deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main
# Debian Multimedia
deb [arch=amd64,i386] https://www.deb-multimedia.org stable main non-free
# Google Earth
deb [arch=amd64] http://dl.google.com/linux/earth/deb/ stable main
# Spotify
deb http://repository.spotify.com stable non-free
# Lutris
deb http://download.opensuse.org/repositories/home:/strycore/Debian_9.0/ ./
# Wine Staging
deb https://dl.winehq.org/wine-builds/debian/ buster main
In addition to adding to the sources list Linux is very secure. It uses GPG keys to verify the authenticity of sources. You will need to acquire those keys. For everything within my sources list above I have provided the keys below: (Further explanation of which is what coming soon)
sudo -i
curl -L https://packagecloud.io/AtomEditor/atom/gpgkey | apt-key add -
wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb && dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 3766223989993A70
apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys E58A9D36647CAE7F
apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys A87FF9DF48BF1C90
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F24AEA9FB05498B7
wget -nc https://dl.winehq.org/wine-builds/winehq.key
sudo apt-key add winehq.key
wget -nc https://download.opensuse.org/repositories/home:/strycore/Debian_9.0/Release.key -O- | sudo apt-key add -
Add 32 bit support
If the software your folks are going to run requires i386 libraries it makes sense to enable it globally. I have as they do require software/do some light gaming that requires it. As do NVIDIA Graphics Drivers.
sudo dpkg --add-architecture i386
Update and Upgrade
Need I explain why this is an important step?
sudo apt update && sudo apt-upgrade
Making MATE look good
MATE provides a traditional UNIX desktop look. I love it. So does my family. Its simple and easy to use. It can be elegant though its not out of the box. Let us change that.
sudo apt install adapta*
Then set the adapta theme in appearance. Done. You can even click customize and change to the papirus icon pack which I prefer with adapta. Thus your environment will look like mine across any distro or platform.
Firewall
sudo apt install firewalld
Out of the box its pretty good. Its set to public by default and its a very good firewall. I use it over UFW and what not.
Here is the manual: https://firewalld.org/documentation/
I am an advocate of reading documentation. Others may not be but it will save you headache a lot of the time. That being said my parents setup is “Trusted” instead of “Public” due to being behind a PFSense wall. If its a laptop I straight out right recommend setting it to “block” and that is the most secure setup. Public however will do fine for almost every out of the box.
Installing some common software
If you used my sources file this should go without issue. Wine is a windows program environment to run Windows programs on Linux. Spotify is a great music streaming service. Steam is a great game service/DRM to have all your games in one place. Lutris supports and augments steam nowadays with proton being also integrated into steam. Atom is an amazing text editor that I use and my parents use to open readme’s in GUI and also in my case to quickly look at mark up. VLC is the best multipurpose media player around
sudo apt install spotify-client steam atom lutris wine vlc
Some Linux Audio backend tweaks.
Almost all modern PC’s support 24bit audio. You can ignore this if your PC does not. However some backend tweaks are needed to make it happen. Here is what I do for standard stereo systems (again average system)
sudo nano /etc/pulse/daemon.conf
I add these lines to the end:
default-sample-format = s24le
default-sample-rate = 96000
alternate-sample-rate = 48000
default-sample-channels = 2
default-channel-map = front-left,front-right
default-fragments = 2
default-fragment-size-msec = 125
resample-method = soxr-vhq
enable-lfe-remixing = no
high-priority = yes
nice-level = -11
realtime-scheduling = yes
realtime-priority = 9
rlimit-rtprio = 9
daemonize = no
Proceed to make ALSA a slave to PULSEAUDIO to enforce these rates by editing the configuration and making it a slave.
sudo nano /etc/asound.conf
# Use PulseAudio plugin hw
pcm.!default {
type plug
slave.pcm hw
}
Thats pretty much all there is too it.
Is it the end?
Well no not really but I dont really know how much more you could ask for. I suppose if people ask or If I find something worth being default out of the box I will post it below . The rest of the settings of the system are all user to configure items such as power saving settings in GUI etc. I have not included them for that reason
Also The forum may chime in by editing my Wiki’d post below about things they find helpful. You can sign your modification to the wiki or leave it “anonymous”. Ive thrown in what is the common software with this setup below as well as links to their documentation and some screenshots.
Hope this helps
~Heimdallr Out