Skip to main content

Debian 12 Bookworm - Server & Desktop Configuration, Common Packages, KVM Virtualization with Virt-Manager

1293 words·
Linux Debian Desktop
Table of Contents

Packages Server
#

Here are the configuration steps and packages I usually adopt on a fresh Debian server.

# Switch to root user
su -

OpenSSH Server
#

# Install OpenSSH package
apt install openssh-server -y

# Check status
systemctl status ssh

Sudo
#

# Update package index
apt update

# Install sudo
apt install sudo

# Add user "username" to sudo group
adduser username sudo

NeoVIM
#

# Install NeoVIM
sudo apt install neovim -y

# Open file in neoVIM
nvim filename
# Set default editor
sudo update-alternatives --config editor

Docker & Docker Compose
#

#!/bin/bash

# Install Docker and Docker Compose on Debian

sudo apt-get update
sudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
# Add user "username" to Docker group
adduser username docker

Firewalld
#

# Install Firewalld
sudo apt update && sudo apt install firewalld -y

# Start & enable after boot (Should be enabled per default)
sudo systemctl start firewalld && sudo systemctl enable firewalld

# Check status
sudo systemctl status firewalld

AWS CLI
#

# Prerequisites: Install zip tool
sudo apt install unzip -y
# Download & install AWS CLIv2
cd /tmp &&
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&
unzip awscliv2.zip &&
sudo ./aws/install
# Test / check version
/usr/local/bin/aws --version

# Start AWS CLI configuration
aws configure

VLAN Package
#

# Install VLAN package
sudo apt install vlan -y

# Load VLAN module & enable startup
modprobe 8021q && echo "8021q" >> /etc/modules

Other Common packages
#

# Install packages
sudo apt install bridge-utils wget curl git unzip -y

Packages Virtualization
#

KVM, QUEMU, libvirt & virt-manager
#

# Install KVM, QUEMU, libvirt & virt-manager
sudo apt update && 
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst libvirt-daemon virt-manager -y


# Add your non root user to libvirt & KVM group
sudo adduser `whoami` libvirt &&
sudo adduser `whoami` kvm
  • Checks if the CPU supports hardware virtualization
# Install CPU-Checker package
sudo apt install cpu-checker

# Test system
kvm-ok

AppArmor
#

Note: “virt-aa-helper” reads the VM’s configuration and generates an AppArmor profile that permits access to those resources. According to a GitHub issue I found, there are multiple restricted file paths that will not be added to the AppArmor profile under any circumstance. So then the ISO or disk image is storage in one of those directories, the following error appears in Virt-Manager:

# Virt-Manager error
Error starting domain: internal error: cannot load AppArmor profile 'libvirt-31e1bd9c-b905-4110-ac26-0470aeebc162'

In this case it’s best to just change the directory. Otherwise custom directories can be define in /etc/apparmor.d/libvirt/libvirt-<VM-UUID>, replace <VM-UUID> with the UUID of the VM like 31e1bd9c-b905-4110-ac26-0470aeebc162.

  • Optional: Disable AppArmor (Should not be done in production)
# Open qemu.conf
sudo vi /etc/libvirt/qemu.conf

# Disable security driver
security_driver = "none"

# Restart libvirtd service
sudo systemctl restart libvirtd

Cockpit
#

# Install Cockpit
sudo apt update && sudo apt install cockpit -y

# Start and enable Cockpit: Should be enabled by default
sudo systemctl start cockpit.socket && sudo systemctl enable cockpit.socket

# Check status
sudo systemctl status cockpit.socket

# Open webinterface
http://localhost:9090/
# Optional packages: Plugin virtual machines
sudo apt install cockpit-machines -y

# Optional packages: Plugin Docker
sudo apt install cockpit-docker -y

Packages Desktop
#

VSCode
#

# Prerequisites
sudo apt update
sudo apt install software-properties-common apt-transport-https wget gpg -y

# Import GPG Key
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
sudo install -D -o root -g root -m 644 packages.microsoft.gpg /usr/share/keyrings/packages.microsoft.gpg

# Add repository
sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'

# Update repository index
sudo apt update

# Install VSCode
sudo apt install code -y

Browser
#

Brave Browser
#

# Prerequisites
sudo apt update
sudo apt install curl -y

# Import GPG Key
sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg

# Add repository
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list

# Update repository index
sudo apt update

# Install Brave
sudo apt install brave-browser -y

Google Chrome
#

# Download the .deb package
https://www.google.com/chrome/

Microsoft Edge
#

# Prerequisites
sudo apt update
sudo apt install software-properties-common apt-transport-https ca-certificates curl -y

# Import GPG Key
curl -fSsL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft-edge.gpg > /dev/null

# Add repository
echo 'deb [signed-by=/usr/share/keyrings/microsoft-edge.gpg] https://packages.microsoft.com/repos/edge stable main' | sudo tee /etc/apt/sources.list.d/microsoft-edge.list

# Install Microsoft Edge
sudo apt update && sudo apt install microsoft-edge-stable

KeePassXC
#

# Add repository
sudo add-apt-repository ppa:phoerious/keepassxc

# Install KeePassXC
sudo apt update &&  sudo apt install keepassxc -y

OBS Studio
#

# Install OBS Studio
sudo apt update && sudo apt install ffmpeg obs-studio -y

System Utilites
#

GParted
#

GNOME Partition Editor: Visual partition editor

# Install GParted
sudo apt install gparted -y

Meld
#

Meld is a visual diff and merge tool

# Install Meld
sudo apt install meld -y

Konsole Terminal
#

Terminal from the KDE Plasma desktop

# Install konsole
sudo apt install konsole -y

Dolphin File Manager
#

File Manager from the KDE Plasma desktop

# Install Dolphin
sudo apt install dolphin -y

Multimedia
#

Spotify
#

# Import GPG Key
curl -sS https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg

# Add repository
echo "deb http://repository.spotify.com stable non-free" | sudo tee /etc/apt/sources.list.d/spotify.list

# Install Spotify
sudo apt update && sudo apt install spotify-client -y

Note: To login with the Spotify app it was necessary to install Google Chrome.

Steam
#

# Download the .deb package
https://store.steampowered.com/about/

Discord
#

# Prerequisites
sudo apt update && sudo apt install wget -y

# Download & install .deb package
wget "https://discord.com/api/download?platform=linux&format=deb" -O discord.deb && sudo dpkg -i ./discord.deb

User & Sudo
#

Create User
#

# Create User: Without PW
sudo adduser --disabled-password  username

Sudo Group
#

# Add user to sudo group
sudo adduser username sudo
# Edit sudoers file
sudo visudo

# No root pw prompt for user
username ALL=(ALL) NOPASSWD:ALL

Apt Repositories
#

Apt Error (CD-ROM)
#

# Update package index
apt update

# Shell output
Ign:1 cdrom://[Debian GNU/Linux 12.4.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20231210-17:57] bookworm InRelease
Err:2 cdrom://[Debian GNU/Linux 12.4.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20231210-17:57] bookworm Release
  Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs
Hit:3 http://security.debian.org/debian-security bookworm-security InRelease
Hit:4 http://deb.debian.org/debian bookworm InRelease
Hit:5 http://deb.debian.org/debian bookworm-updates InRelease
Reading package lists... Done
E: The repository 'cdrom://[Debian GNU/Linux 12.4.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20231210-17:57] bookworm Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The following error message indicates that the APT package manager is trying to access software packages from a CD-ROM source which is no longer available. This is a common issue when the system was initially installed from a CD-ROM or DVD and the corresponding entry remains in the APT sources list.

  • Remove or comment out the CDROM entry
# Swtich to root user
su -

# Open the sources list file
vi /etc/apt/sources.list

# Remove "deb cdrom" entry
deb cdrom:[Debian GNU/Linux 12.4.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20231210-17:57]/ bookworm main non-free-firmware

Default Apt Repositories
#

The Repository lines should look as follows:

deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware

# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware