STATUS: Frozen (2019-11-17)
No more updates for this guide.
Please refer to the TOC page.
If you install Debian GNU/Linux in expert mode, like this guide in this site, some of the essential tools are not be installed.
Buster feedback (gpg package).
DON'T FORGET WE ARE IN READ-ONLY ROOT FILESYSTEM.
root# apt install ... # this is okay root# something other # may require rw /, so, root# mount -o remount,rw / (and do something) root# mount -o remount,ro / # don't forget this, too.
Apt-Cacher NG (optional but recommended)
As a number of Debian hosts grows, downloading .deb files become a problem.
It consumes Debian mirror's bandwidth too much.
- Apt-Cacher NG is the very solution.
- It significantly increase the upgrade speed, too.
root# apt install apt-cacher-ng
Server & Clients
DIRECT is a fallback when the proxy is down.
root# nano /etc/apt/apt.conf.d/02-proxy Acquire::http::Proxy "http://RAW_SERVER_IP_ADDRESS:3142"; Acquire::http::Proxy DIRECT;
Avoid using hostname.
Apt-Cacher NG Web UI
The most biggest problem with minimum system installation might be a lack of man-db and less.
root# apt install less man-db # at least
Debian stretch has gpg but buster does not on this minimal installation process.
If you need it, install gpg manually (buster).
Suspend to RAM (optional)
To suspend to RAM, we need s2ram in uswsusp package.
root# apt install uswsusp
To make machine suspended by power button, edit /etc/systemd/logind.conf, HandlePowerKey=suspend.
Make sure you enabled CPU C state support on BIOS.
System temperature monitoring is very important.
Warm hardware does not last so long. Keep them cooled.
root# apt install lm-sensors root# sensors-detect # follow its instruction. ... Do you want to add these lines automatically to /etc/modules? (yes/NO)yes # your choice root# /etc/init.d/kmod start [ ok ] Starting kmod (via systemctl): kmod.service.
and then, you can know the temperatures by,
It also tell you voltages and fan speeds provided the firmware support is available.
S.M.A.R.T. and NVMe device monitoring (optional)
To monitor HDD/SSD/NVMe health status, we need two packages.
root# apt install smartmontools nvme-cli
You should at least test your new HDD once.
It takes times, but it pays. Same could be said for SATA SSDs.
root# smartctl --test=extend /dev/sdX root# smartctl --all /dev/sdX | more # after the est. finish time.
To check health status of storage device,
root# nvme list root# nvme smart-log /dev/nvmeX # for NVMe root# smartctl --all /dev/sdX # for SATA HDD and SSD
Cron for SSD/NVMe status check
It would be good to have some cron jobs to monitor SSD/NVMe health.
This tells us installed NVMe basic health status everyday, as syslog "nvme" entry (which would be sent as a part log logcheck summary mails).
For SATA SSDs, simply use smartmontools.
Debian handy tools (optional)
apt-file can search package by a file name.
root# apt install apt-file root# apt-file update # should do this after upgrades
user$ apt-file search FILENAME # try ``s2ram`` for example.
Automatic System Upgrades (optional)
unattended-upgrades allows you to keep the box updated.
However, in "ro" root filesystem Debian, we do not recommend this.
root# apt install unattended-upgrades # we do not recommend this. root# dpkg-reconfigure unattended-upgrades # after remount,rw /
Especially on "ro" root filesystem sometimes it fails to remount "/" "/usr" as "ro"; it means "ro" become "rw" after automatic upgrades (and you probably miss it for a while).
- You should subscribe to the debian security mailing list,
- You should do upgrades manually.
Unfortunately we need more reboot (or file lock workarounds) on "ro" root filesystem kept "read-only" after upgrades.
Various Firmware binaries (optional)
There are two firmware packages, free and non-free.
It become an important license issue when you re-distribute the system.
Free firmwares are installable without license issues.
root# apt install firmware-linux-free
For non-free firmwares, you have to add non-free in sources.list.
Now you have AppArmor enabled Read-Only filesystem Debian GNU/Linux Stretch.
Thank you for reading this guide. Have a nice day.