|
|
|
# installation : Debian stable
|
|
|
|
|
|
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
|
|
|
|
|
|
## d-i
|
|
|
|
|
|
|
|
* *(quand possible)* démarrage sur réseau [généralement *F12*]
|
|
|
|
|
|
|
|
*[si pas preseed]*
|
|
|
|
|
|
|
|
* *(quand possible)* amd64
|
|
|
|
* lang=en
|
|
|
|
* location=Switzerland
|
|
|
|
* locales=en_US.UTF-8
|
|
|
|
* keyboard=en_US
|
|
|
|
|
|
|
|
*[si nécessaire pour l'installation via réseau]*
|
|
|
|
|
|
|
|
* network_hardware/missing_firmware=yes
|
|
|
|
|
|
|
|
*[- si serveur]*
|
|
|
|
|
|
|
|
*[HOSTNAME est un [pays](https://fr.wikipedia.org/wiki/Liste_des_pays_du_monde#Liste_principale),
|
|
|
|
si possible en relation avec la fonction principale de l'ordinateur]*
|
|
|
|
|
|
|
|
* hostname=$HOSTNAME.$DOMAIN
|
|
|
|
|
|
|
|
*[- si workstation]*
|
|
|
|
|
|
|
|
* hostname=workstation.$DOMAIN
|
|
|
|
|
|
|
|
*[si pas preseed]*
|
|
|
|
|
|
|
|
*[- si on voyage dans le monde]*
|
|
|
|
|
|
|
|
* APT=http.debian.net
|
|
|
|
|
|
|
|
*[- si au contraire on reste en Suisse]*
|
|
|
|
|
|
|
|
* APT=ftp.ch.debian.org
|
|
|
|
|
|
|
|
*[si preseed, itopieitopie et itopie]*
|
|
|
|
|
|
|
|
* root:$PASSWORD<br />
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
* rescue:$PASSWORD<br />
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
|
|
|
|
*[- si serveur]*
|
|
|
|
|
|
|
|
Note : pas nécessaire de mettre un label
|
|
|
|
|
|
|
|
* partition_disk=manual
|
|
|
|
* 1MB:primary:beginning:reserved_BIOS_boot_area (type de partition) *(or* not used*)*<br />
|
|
|
|
1GB:primary:beginning:RAID-1<br />
|
|
|
|
all:primary:beginning:RAID-1
|
|
|
|
* configure_software_RAID<br />
|
|
|
|
create_MD_device:RAID-1:(1GB)sda2+sdb2<br />
|
|
|
|
create_MD_device:RAID-1:(all)sda3+sdb3 *(all - 5GB if encrypted)*
|
|
|
|
|
|
|
|
*[- si chiffrement]*
|
|
|
|
|
|
|
|
* use_partition_as:encryption<br />
|
|
|
|
device:(all)md1<br />
|
|
|
|
erase_data:no *(yes if new disk)*
|
|
|
|
* configure_encryption<br />
|
|
|
|
create_encrypted_device:(all)md1<br />
|
|
|
|
[le mot de passe devrait être utilisé que pour la première connexion et ensuite pour en ajouter un deuxième, ce dernier à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
* configure_LVM<br />
|
|
|
|
VG:$HOSTNAME:(all)md1 *(md1_crypt if encrypted)*<br />
|
|
|
|
LV:swap:8GB *(2GB for VMs and PC Engines APU1!)*<br />
|
|
|
|
LV:root:10GB *(all for VMs!)*<br />
|
|
|
|
LV:srv:all *(no srv for PC Engines APU1!)*
|
|
|
|
* configure_mountpoints<br />
|
|
|
|
root:ext4:/<br />
|
|
|
|
srv:ext4:/srv *(no srv for VMs or PC Engines APU1!)*<br />
|
|
|
|
swap:swap<br />
|
|
|
|
md0:ext2:/boot
|
|
|
|
|
|
|
|
*[- si workstation]*
|
|
|
|
|
|
|
|
* partition_disk=guided, use entire disk
|
|
|
|
* partition_layout=all files in one partition
|
|
|
|
|
|
|
|
*[si serveur]*
|
|
|
|
|
|
|
|
* package_survey=true
|
|
|
|
|
|
|
|
*[- si serveur]*
|
|
|
|
|
|
|
|
* software=SSH+standard
|
|
|
|
|
|
|
|
*[- si workstation]*
|
|
|
|
|
|
|
|
* software=SSH+standard+laptop
|
|
|
|
|
|
|
|
*[si preseed]*
|
|
|
|
|
|
|
|
* postfix/mailname: $HOSTNAME.$DOMAIN
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
* grub=MBR
|
|
|
|
|
|
|
|
*[reboot]*
|
|
|
|
|
|
|
|
|
|
|
|
## configuration commune
|
|
|
|
|
|
|
|
*[devenir root]*
|
|
|
|
|
|
|
|
$ su -
|
|
|
|
|
|
|
|
*[si chiffrement]*
|
|
|
|
|
|
|
|
# cryptsetup luksAddKey /dev/mapper/md1
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
|
|
|
|
*[si pas workstation, pas VM, pas PowerPC ou pas ARM]*
|
|
|
|
|
|
|
|
[Permet d'installer le Grub sur les deux disques]
|
|
|
|
|
|
|
|
# cat /proc/cpuinfo
|
|
|
|
# dpkg-reconfigure grub-pc
|
|
|
|
grub-pc grub-pc/install_devices multiselect /dev/sda, /dev/sdb
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# apt-get clean
|
|
|
|
# apt-get update
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# apt-get install etckeeper
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
group/passwd/shadow AND rsync, VOIR <https://bugs.debian.org/533290>]
|
|
|
|
|
|
|
|
# etckeeper commit '[etckeeper] leftover stuff'
|
|
|
|
|
|
|
|
*[si contrôle complet de l'ordinateur]*
|
|
|
|
|
|
|
|
# nano /etc/etckeeper/etckeeper.conf
|
|
|
|
[uncomment]
|
|
|
|
AVOID_DAILY_AUTOCOMMITS=1
|
|
|
|
AVOID_COMMIT_BEFORE_INSTALL=1
|
|
|
|
# etckeeper commit 'etckeeper/etckeeper.conf: avoid autocommits'
|
|
|
|
|
|
|
|
*[si preseed]*
|
|
|
|
|
|
|
|
# exit
|
|
|
|
$ passwd
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
$ su -
|
|
|
|
# passwd
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/inubo.kdb]
|
|
|
|
# etckeeper commit 'passwd [rescue|root]'
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# sed -i -e 's/^PermitRootLogin\ yes$/PermitRootLogin\ no/' /etc/ssh/sshd_config
|
|
|
|
# service ssh restart
|
|
|
|
# etckeeper commit 'ssh/sshd_config: PermitRootLogin no'
|
|
|
|
|
|
|
|
*[ATTENTION, pas par défaut et seulement si on comprend les implications de la commande ci-dessous]*
|
|
|
|
|
|
|
|
[>> En commantant AcceptEnv, les variables linguistiques du client ne sont pas envoyées à la session cible ssh]
|
|
|
|
|
|
|
|
# sed -i -e 's/^AcceptEnv/#AcceptEnv/' /etc/ssh/sshd_config
|
|
|
|
# service ssh restart
|
|
|
|
# etckeeper commit 'ssh/sshd_config: comment AcceptEnv'
|
|
|
|
|
|
|
|
*[si login via LDAP]*
|
|
|
|
|
|
|
|
# sed -i -e 's/^#PasswordAuthentication\ yes$/PasswordAuthentication no/' /etc/ssh/sshd_config
|
|
|
|
# service ssh restart
|
|
|
|
# etckeeper commit 'ssh/sshd_config: PasswordAuthentication no'
|
|
|
|
|
|
|
|
*[si VM]*
|
|
|
|
|
|
|
|
# nano /etc/ssh/sshd_config
|
|
|
|
[add]
|
|
|
|
Port 22(300 + $IP)
|
|
|
|
# service ssh restart
|
|
|
|
# etckeeper commit 'ssh/sshd_config: add Port 22(300 + $IP)'
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# echo 'APT::Install-Recommends "false";' >/etc/apt/apt.conf.d/99recommends
|
|
|
|
# etckeeper commit 'apt/apt.conf.d/99recommends: false'
|
|
|
|
|
|
|
|
*[si pas workstation et connexion Internet par VDSL ou fibre optique]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/372712>
|
|
|
|
<http://blog.ganneff.de/blog/2008/09/01/pdiffs-1.html>]
|
|
|
|
|
|
|
|
# echo 'Acquire::PDiffs "false";' >/etc/apt/apt.conf.d/99pdiffs
|
|
|
|
# etckeeper commit 'apt/apt.conf.d/99pdiffs: false'
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
PAS FAIT]
|
|
|
|
|
|
|
|
# dpkg-reconfigure locales
|
|
|
|
locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, fr_CH.UTF-8 UTF-8, it_IT.UTF-8 UTF-8
|
|
|
|
locales locales/default_environment_locale: None
|
|
|
|
# etckeeper commit 'locale.gen: add fr_CH.UTF-8 && it_IT.UTF-8'
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# apt-get install screen
|
|
|
|
|
|
|
|
*[- si besoin de renommer un utilisateur]*
|
|
|
|
|
|
|
|
# groupmod -n rescue it
|
|
|
|
# usermod -c rescue -d /home/rescue -m -l rescue it
|
|
|
|
|
|
|
|
*[copier dans /home/rescue le contenu du dossier
|
|
|
|
inubo/commun/Realisation/inubo/default-user]*
|
|
|
|
|
|
|
|
# exit
|
|
|
|
# scp -r [$USER]@[$HOST]:[...]commun/Realisation/inubo/default-user/* .
|
|
|
|
$ mv ssh/ .ssh
|
|
|
|
$ mv bashrc .bashrc
|
|
|
|
$ mv colordiffrc .colordiffrc
|
|
|
|
$ mv gitconfig .gitconfig
|
|
|
|
$ mv screenrc .screenrc
|
|
|
|
|
|
|
|
*[- si workstation]*
|
|
|
|
|
|
|
|
$ rm -rf bin/* procmail
|
|
|
|
|
|
|
|
*[- si pas workstation]*
|
|
|
|
|
|
|
|
$ mv procmailrc DOTprocmailrc
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
$ su -
|
|
|
|
# cp /home/rescue/.gitconfig ~/
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# apt-get install ntp
|
|
|
|
|
|
|
|
*[- si serveur NTP]*
|
|
|
|
|
|
|
|
# nano /etc/hosts
|
|
|
|
[add]
|
|
|
|
$IP $(hostname -f) $(hostname) ntp.$(dnsdomainname)
|
|
|
|
# nano /etc/rc.local
|
|
|
|
[add before `exit 0`]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# Accept NTP requests
|
|
|
|
/sbin/iptables -A INPUT -p udp --sport 123 --dport 123 -m state --state NEW -j ACCEPT
|
|
|
|
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# /etc/rc.local
|
|
|
|
# etckeeper commit "hosts: $(hostname) is also ntp.$(dnsdomainname)"
|
|
|
|
|
|
|
|
*[- si pas serveur NTP et pas workstation]*
|
|
|
|
|
|
|
|
# nano /etc/ntp.conf
|
|
|
|
[uncomment]
|
|
|
|
server ntp.$(dnsdomainname) iburst
|
|
|
|
[comment]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
#server 0.debian.pool.ntp.org iburst
|
|
|
|
#server 1.debian.pool.ntp.org iburst
|
|
|
|
#server 2.debian.pool.ntp.org iburst
|
|
|
|
#server 3.debian.pool.ntp.org iburst
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service ntp restart
|
|
|
|
# ntpdc -n -c peers
|
|
|
|
remote local st poll reach delay offset disp
|
|
|
|
=======================================================================
|
|
|
|
=185.31.100.112 $IP nn nnnn n n.nnnnn nnnnnnnn n.nnnnn
|
|
|
|
# etckeeper commit "ntp.conf: server ntp.$(dnsdomainname) iburst"
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# dpkg-reconfigure apt-listchanges
|
|
|
|
apt-listchanges apt-listchanges/which select both
|
|
|
|
apt-listchanges apt-listchanges/confirm boolean true
|
|
|
|
# etckeeper commit 'apt/listchanges.conf: confirm=1 && which=both'
|
|
|
|
|
|
|
|
*[si pas VM]*
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# apt-get install smartmontools
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# nano /etc/default/smartmontools
|
|
|
|
[uncomment]
|
|
|
|
start_smartd=yes
|
|
|
|
# service smartmontools restart
|
|
|
|
# etckeeper commit 'default/smartmontools: start_smartd=yes'
|
|
|
|
|
|
|
|
*[si pas preseed]*
|
|
|
|
|
|
|
|
# apt-get install --purge postfix
|
|
|
|
postfix/main_mailer_type: Local only
|
|
|
|
postfix/mailname: $(hostname -f)
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
postfix/mail_to if postmaster/root if empty to first user, not nobody]
|
|
|
|
|
|
|
|
*[- si relay via SMTP]*
|
|
|
|
|
|
|
|
# dpkg-reconfigure postfix
|
|
|
|
postfix/main_mailer_type: Satellite system
|
|
|
|
postfix/mailname: $(hostname -f)
|
|
|
|
postfix/relayhost: [mail.$(dnsdomainname)]
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[remove]
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
[insert after
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
|
|
# information on enabling SSL in the smtp client.]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## <https://bugs.debian.org/330885>
|
|
|
|
smtp_tls_note_starttls_offer = yes
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
smtp_tls_security_level = encrypt
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service postfix restart
|
|
|
|
# echo 'test!' | mail -s "test Postfix $(hostname -f)" it@itopie.ch
|
|
|
|
# etckeeper commit 'postfix/main.cf: Satellite system'
|
|
|
|
|
|
|
|
*[- si relay via SMTP-submission]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
AJOUTER RELAY VIA Gmail?
|
|
|
|
<https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/>
|
|
|
|
<http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/>]
|
|
|
|
|
|
|
|
# dpkg-reconfigure postfix
|
|
|
|
postfix/main_mailer_type: Internet with smarthost
|
|
|
|
postfix/mailname: $(hostname -f)
|
|
|
|
postfix/relayhost: [mail.$(dnsdomainname)]:587
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[remove]
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
[insert after
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
|
|
# information on enabling SSL in the smtp client.]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## <https://bugs.debian.org/330885>
|
|
|
|
smtp_tls_note_starttls_offer = yes
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
|
|
|
|
*[-- si pas d'accès au relayhost, donc nom d'utilisateur et mot de passe]*
|
|
|
|
|
|
|
|
# echo "[mail.$(dnsdomainname)]:587 it@$(dnsdomainname):$PASSWORD" >/etc/postfix/sasl/sasl_passwd
|
|
|
|
# chmod 600 !$
|
|
|
|
# postmap !$
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[insert after
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
smtp_tls_security_level = encrypt
|
|
|
|
smtp_sasl_auth_enable = yes
|
|
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
|
|
|
|
smtp_sasl_security_options = noanonymous
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'postfix/main.cf: smtp_sasl_auth_enable = yes'
|
|
|
|
|
|
|
|
*[-- si empreinte TLS]*
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[insert after
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
smtp_tls_security_level = fingerprint
|
|
|
|
smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
|
|
smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
|
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
smtp_tls_mandatory_ciphers = high
|
|
|
|
smtp_tls_fingerprint_cert_match = ${SERVER_PUBKEY_FINGERPRINT}
|
|
|
|
smtp_tls_fingerprint_digest = sha1
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'postfix/main.cf: smtp_tls_security_level = fingerprint'
|
|
|
|
|
|
|
|
*[-- de toute façon]*
|
|
|
|
|
|
|
|
# service postfix restart
|
|
|
|
|
|
|
|
**WARNING**: la commande ci-dessous peut générer une boucle si le dossier procmailrc n'a pas été renommé en DOTprocmailrc
|
|
|
|
|
|
|
|
# echo 'test!' | mail -s "test Postfix $(hostname -f)" it@itopie.ch
|
|
|
|
|
|
|
|
# echo 'test!' | mail -s "test procmail local + forward $(hostname -f)" rescue
|
|
|
|
# su -c 'mutt' rescue
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# apt-get install uptimed
|
|
|
|
|
|
|
|
*[si RAID et au moins un disque USB]*
|
|
|
|
|
|
|
|
# nano /etc/default/grub
|
|
|
|
[replace
|
|
|
|
GRUB_CMDLINE_LINUX=""
|
|
|
|
grub-pc grub2/linux_cmdline string string rootdelay=5
|
|
|
|
]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## delay for USB disk before mdadm activation
|
|
|
|
## <http://www.pcengines.info/forums/?page=post&id=A9566846-B9B9-42D0-809A-8CEBE2EF9EBD&fid=1A77794F-FF7D-44CA-AF64-CAA2588102ED>
|
|
|
|
GRUB_CMDLINE_LINUX="rootdelay=5"
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# update-grub
|
|
|
|
[reboot and test]
|
|
|
|
# etckeeper commit 'default/grub: GRUB_CMDLINE_LINUX+="rootdelay=5"'
|
|
|
|
|
|
|
|
*[si pas workstation, pas Mac, pas PowerPC ou pas ARM]*
|
|
|
|
|
|
|
|
# cat /proc/cpuinfo
|
|
|
|
# nano /etc/default/grub
|
|
|
|
[replace
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
|
|
|
|
GRUB_CMDLINE_LINUX=""
|
|
|
|
grub-pc grub2/linux_cmdline string string console=ttyS0,9600
|
|
|
|
grub-pc grub2/linux_cmdline_default string console=tty0 quiet
|
|
|
|
]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## <http://www.kernel.org/doc/Documentation/serial-console.txt>
|
|
|
|
## kernel command line on both serial console and VGA
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 quiet"
|
|
|
|
## kernel command line on serial console only
|
|
|
|
GRUB_CMDLINE_LINUX="console=ttyS0,9600"
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
[insert after
|
|
|
|
#GRUB_TERMINAL=console]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## GRUB output on both serial console and VGA
|
|
|
|
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=9600"
|
|
|
|
GRUB_TERMINAL_INPUT="serial console"
|
|
|
|
GRUB_TERMINAL_OUTPUT="serial gfxterm"
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# update-grub
|
|
|
|
[toujours, sauf si VM ou APU]
|
|
|
|
# nano /etc/inittab
|
|
|
|
[uncomment]
|
|
|
|
[- si VM, virt-install a déjà modifié la ligne en utilisant vt102]
|
|
|
|
[- si APU, d-i a déjà modifié la ligne en utilisant 115200 et vt102]
|
|
|
|
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
|
|
|
|
[reboot and test]
|
|
|
|
# etckeeper commit '*: primary output is serial console'
|
|
|
|
|
|
|
|
*[si pas workstation, sauvegarde, VM ou ordinateurs internes (e.g. inubo.ch ou itopie.ch)]*
|
|
|
|
|
|
|
|
# apt-get install dnsmasq
|
|
|
|
# nano /etc/dnsmasq.conf
|
|
|
|
[uncomment]
|
|
|
|
domain-needed
|
|
|
|
[uncomment]
|
|
|
|
bogus-priv
|
|
|
|
[uncomment]
|
|
|
|
strict-order
|
|
|
|
[either:
|
|
|
|
[replace]
|
|
|
|
interface=eth0
|
|
|
|
[:]
|
|
|
|
[add]
|
|
|
|
except-interface=eth0
|
|
|
|
]
|
|
|
|
### [uncomment]
|
|
|
|
### addn-hosts=/var/run/openvpn.hosts
|
|
|
|
[uncomment]
|
|
|
|
expand-hosts
|
|
|
|
[uncomment]
|
|
|
|
domain=$(dnsdomainname)
|
|
|
|
[replace]
|
|
|
|
dhcp-range=192.168.$(ip r s | grep 'default via' | cut -d '.' -f 3).50,192.168.$(ip r s | grep 'default via' | cut -d '.' -f 3).150,12h
|
|
|
|
[uncomment]
|
|
|
|
read-ethers
|
|
|
|
[uncomment]
|
|
|
|
dhcp-option=42,0.0.0.0
|
|
|
|
[uncomment]
|
|
|
|
dhcp-option=vendor:MSFT,2,1i
|
|
|
|
# nano /etc/ethers
|
|
|
|
[add MAC/hostname pairs]
|
|
|
|
# nano /etc/hosts
|
|
|
|
[add IP/hostname pairs]
|
|
|
|
# service dnsmasq restart
|
|
|
|
# nano /etc/sysctl.conf
|
|
|
|
[uncomment]
|
|
|
|
net.ipv4.ip_forward=1
|
|
|
|
# service procps restart
|
|
|
|
# nano /etc/rc.local
|
|
|
|
[add before `exit 0`]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# Accept internal DNS requests
|
|
|
|
/sbin/iptables -A INPUT -p udp -i eth0 --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT
|
|
|
|
# Accept internal DHCP requests
|
|
|
|
/sbin/iptables -A INPUT -p udp -i eth0 --sport 67:68 --dport 67:68 -m state --state NEW -j ACCEPT
|
|
|
|
|
|
|
|
# Forward local traffic to the Internet
|
|
|
|
### module:ipt_MASQUERADE needed for MASQUERADE
|
|
|
|
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.$(ip r s | grep 'default via' | cut -d '.' -f 3).0/24 -j MASQUERADE
|
|
|
|
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# /etc/rc.local
|
|
|
|
[dhcping -c client-IP-address -s server-IP-address -h client-hardware-address]
|
|
|
|
# etckeeper commit 'dnsmasq.conf: dhcp-range=192.168.$SUBNET.50,192.168.$SUBNET.150,12h'
|
|
|
|
|
|
|
|
*[si IP fixe et pas VM]*
|
|
|
|
|
|
|
|
# nano /etc/hosts
|
|
|
|
[replace]
|
|
|
|
$IP $(hostname -f) $(hostname)
|
|
|
|
[si pas VM]
|
|
|
|
# nano /etc/network/interfaces
|
|
|
|
[replace]
|
|
|
|
iface eth0 inet static
|
|
|
|
address $IP/$SUBNET
|
|
|
|
gateway $IP_GATEWAY
|
|
|
|
# dns-* options are implemented by the resolvconf package, if installed
|
|
|
|
dns-domain $(dnsdomainname)
|
|
|
|
dns-search $(dnsdomainname)
|
|
|
|
dns-nameservers $IP_DNS
|
|
|
|
[si pas VM]
|
|
|
|
# nano /etc/resolv.conf
|
|
|
|
[replace]
|
|
|
|
domain $(dnsdomainname)
|
|
|
|
search $(dnsdomainname)
|
|
|
|
nameserver $IP_DNS
|
|
|
|
# nano /etc/ssh/sshd_config
|
|
|
|
[add]
|
|
|
|
Port 22$IP
|
|
|
|
# service ssh restart
|
|
|
|
# etckeeper commit 'network/interfaces: fixed IP'
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
|
|
|
|
256 NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN root@$HOST (ECDSA)
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/default-user/ssh/config]
|
|
|
|
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
2048 NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN:NN root@$HOST (RSA)
|
|
|
|
[à sauver dans inubo/commun/Realisation/inubo/default-user/ssh/config]
|
|
|
|
|
|
|
|
# nano /etc/apt/sources.list
|
|
|
|
[remove or comment any "deb cdrom" line]
|
|
|
|
# apt-get update
|
|
|
|
# etckeeper commit 'apt/sources.list: comment cdrom'
|
|
|
|
|
|
|
|
# nano /etc/apt/sources.list
|
|
|
|
[add "contrib non-free" to all wheezy sources]
|
|
|
|
# apt-get update
|
|
|
|
# etckeeper commit 'apt/sources.list: add contrib non-free'
|
|
|
|
|
|
|
|
# nano /etc/apt/sources.list
|
|
|
|
[add at the end]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
deb http://ftp.ch.debian.org/debian/ wheezy-backports main contrib non-free
|
|
|
|
deb-src http://ftp.ch.debian.org/debian/ wheezy-backports main contrib non-free
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# apt-get update
|
|
|
|
# etckeeper commit 'apt/sources.list: add backports'
|
|
|
|
|
|
|
|
*[si contrôle complet de l'ordinateur]*
|
|
|
|
|
|
|
|
# etckeeper vcs mv apt/sources.list apt/sources.list.d/http.debian.net.list
|
|
|
|
# etckeeper commit 'apt/sources.list.d/http.debian.net.list: new file'
|
|
|
|
|
|
|
|
*[si pas PowerPC ou ARM]*
|
|
|
|
|
|
|
|
# cat /proc/cpuinfo
|
|
|
|
|
|
|
|
*[si Intel]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/770761>]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
SI 686-pae IL FAUT INSTALLER LE NOYAU A LA MAIN]
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports intel-microcode iucode-tool linux-image-$(uname -r | cut -d '-' -f 3)
|
|
|
|
|
|
|
|
*[si AMD]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports amd64-microcode
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
[reboot]
|
|
|
|
# dmesg | grep microcode
|
|
|
|
[some output]
|
|
|
|
|
|
|
|
*[OPTIONNEL: pilote proprietaires]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports firmware-linux [firmware-$DRIVER]
|
|
|
|
|
|
|
|
*[OPTIONNEL: liste des paquets privatifs]*
|
|
|
|
|
|
|
|
# apt-get install vrms
|
|
|
|
|
|
|
|
*[OPTIONNEL: editeur des partitions pour GPT, e.g. Mac]*
|
|
|
|
|
|
|
|
# apt-get install parted
|
|
|
|
|
|
|
|
*[OPTIONNEL: configuration avancé des paramétres du disque dur]*
|
|
|
|
|
|
|
|
# apt-get install hdparm
|
|
|
|
|
|
|
|
*[OPTIONNEL: gestionnaire de fichiers]*
|
|
|
|
|
|
|
|
# apt-get install mc
|
|
|
|
|
|
|
|
*[OPTIONNEL: fancy differences]*
|
|
|
|
|
|
|
|
# apt-get install colordiff
|
|
|
|
|
|
|
|
*[OPTIONNEL: combien mon OS est sécure?]*
|
|
|
|
|
|
|
|
# apt-get install debsecan
|
|
|
|
# dpkg-reconfigure debsecan
|
|
|
|
debsecan debsecan/suite select wheezy
|
|
|
|
debsecan debsecan/report boolean true
|
|
|
|
# etckeeper commit 'default/debsecan: SUITE=wheezy'
|
|
|
|
|
|
|
|
|
|
|
|
## workstation (pour convention)
|
|
|
|
|
|
|
|
*[- archives les plus courants]*
|
|
|
|
|
|
|
|
# apt-get install zip unzip p7zip unrar[-free]
|
|
|
|
|
|
|
|
*[- serveur graphique]*
|
|
|
|
|
|
|
|
# apt-get install xserver-xorg [xserver-xorg-video-$DRIVER libdrm-$DRIVER]
|
|
|
|
|
|
|
|
*[- si tablette]*
|
|
|
|
|
|
|
|
# apt-get install xserver-xorg-input-wacom [xinput-calibrator xinput]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
xinput-calibrator QUE A PARTIR DE Debian jessie]
|
|
|
|
|
|
|
|
*[- si graphique 3D/OpenGL]*
|
|
|
|
|
|
|
|
# apt-get install mesa-utils libgl1-mesa-glx libgl1-mesa-dri
|
|
|
|
|
|
|
|
*[- Display Manager]*
|
|
|
|
|
|
|
|
# apt-get install desktop-base hicolor-icon-theme lightdm
|
|
|
|
|
|
|
|
*[- Desktop Environment]*
|
|
|
|
|
|
|
|
# apt-get install \
|
|
|
|
lxde lxappearance-obconf lxpolkit lxtask \
|
|
|
|
arandr \
|
|
|
|
xscreensaver \
|
|
|
|
network-manager-gnome network-manager-openvpn-gnome dnsmasq-base modemmanager mobile-broadband-provider-info ppp \
|
|
|
|
blueman \
|
|
|
|
gnome-keyring libpam-gnome-keyring seahorse \
|
|
|
|
gvfs gvfs-bin gvfs-backends gvfs-fuse gigolo \
|
|
|
|
gnome-screenshot \
|
|
|
|
shotwell \
|
|
|
|
keepassx [lxde-icon-theme]
|
|
|
|
|
|
|
|
[RAISON:
|
|
|
|
lxappearance-obconf: configure OpenBox from LXDE
|
|
|
|
arandr: until LXRandR will have mirroring/extending features
|
|
|
|
dnsmasq-base: connection sharing via NetworkManager
|
|
|
|
modemmanager: GSM/GPRS connections via NetworkManager
|
|
|
|
mobile-broadband-provider-info: GSM/GPRS settings for NetworkManager
|
|
|
|
gnome-keyring: user-only connections via NetworkManager
|
|
|
|
seahorse: frontend to GNOME Keyring
|
|
|
|
gvfs: GIO/GVfs support
|
|
|
|
gvfs-backends: mount smb:// and obex:// in PCManFM
|
|
|
|
gvfs-bin: mount smb:// from CLI (e.g. at login)
|
|
|
|
gvfs-fuse: export GIO/GVfs mounts in ~/.gvfs/
|
|
|
|
gigolo: manage GIO/GVfs mounts
|
|
|
|
shotwell: fast viewer with printing support (gpicview does not)]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
AVEC shotwell gpicview EST DU COUP INUTILE, L'ENLEVER ET DONC PAS DE lxde, MAIS DIRECTEMENT SES COMPOSANTS?]
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
florence: virtual keyboard (at-spi2-core)
|
|
|
|
light-locker: screensaver based on lightdm
|
|
|
|
lxlauncher: iPhone-style icons
|
|
|
|
usb-modeswitch: for "special" USB adapter, e.g. Wi-Fi cards or 3G modems]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
light-locker QUE A PARTIR DE Debian jessie]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/688969>]
|
|
|
|
|
|
|
|
# nano /etc/xdg/openbox/LXDE/rc.xml
|
|
|
|
[add after
|
|
|
|
<chainQuitKey>C-g</chainQuitKey>]
|
|
|
|
|
|
|
|
<!-- from /etc/xdg/openbox/rc.xml:
|
|
|
|
<http://bugs.debian.org/754207>
|
|
|
|
<http://bugs.debian.org/754558>
|
|
|
|
-->
|
|
|
|
<!-- Launch gnome-screenshot when PrintScreen is pressed -->
|
|
|
|
<keybind key="Print">
|
|
|
|
<action name="Execute"><command>gnome-screenshot -i</command></action>
|
|
|
|
</keybind>
|
|
|
|
# etckeeper commit 'xdg/openbox/LXDE/rc.xml: (#754558) add Print keybinding'
|
|
|
|
|
|
|
|
# nano /etc/xdg/openbox/LXDE/rc.xml
|
|
|
|
[add after
|
|
|
|
<chainQuitKey>C-g</chainQuitKey>]
|
|
|
|
|
|
|
|
<!-- instead of LXRandR
|
|
|
|
<http://bugs.debian.org/765620>
|
|
|
|
-->
|
|
|
|
<!-- Launch arandr when Fn+Screen is pressed -->
|
|
|
|
<keybind key="XF86Display">
|
|
|
|
<action name="Execute"><command>arandr</command></action>
|
|
|
|
</keybind>
|
|
|
|
# etckeeper commit 'xdg/openbox/LXDE/rc.xml: (#765620) add Fn+Screen keybinding'
|
|
|
|
|
|
|
|
# nano /etc/xdg/openbox/LXDE/rc.xml
|
|
|
|
[add before
|
|
|
|
<keybind key="A-F11">]
|
|
|
|
<!-- as in GNOME and (L)Ubuntu:
|
|
|
|
<http://bugs.debian.org/754560>
|
|
|
|
<https://en.wikipedia.org/wiki/Table_of_keyboard_shortcuts#Navigation>
|
|
|
|
-->
|
|
|
|
<keybind key="A-F1">
|
|
|
|
<action name="Execute">
|
|
|
|
<command>lxpanelctl menu</command>
|
|
|
|
</action>
|
|
|
|
</keybind>
|
|
|
|
|
|
|
|
# etckeeper commit 'xdg/openbox/LXDE/rc.xml: (#754560) add A-F1 keybinding'
|
|
|
|
|
|
|
|
# nano /etc/xdg/openbox/LXDE/rc.xml
|
|
|
|
[add before
|
|
|
|
<!--keybindings for LXPanel -->]
|
|
|
|
<!-- Keybindings for finding files -->
|
|
|
|
<!-- as in Windows:
|
|
|
|
<http://bugs.debian.org/777637>
|
|
|
|
-->
|
|
|
|
<keybind key="W-f">
|
|
|
|
<action name="Execute">
|
|
|
|
<command>pcmanfm --find-files</command>
|
|
|
|
</action>
|
|
|
|
</keybind>
|
|
|
|
|
|
|
|
# etckeeper commit 'xdg/openbox/LXDE/rc.xml: (#777637) add W-f'
|
|
|
|
|
|
|
|
*[-- périphériques Bluetooth in PCManFM]*
|
|
|
|
|
|
|
|
# mkdir -p /etc/skel/.gconf/apps/blueman/transfer
|
|
|
|
# cat <<EOF >!$/%gconf.xml
|
|
|
|
<?xml version="1.0"?>
|
|
|
|
<gconf>
|
|
|
|
<entry name="browse_command" mtime="$(date +%s)" type="string">
|
|
|
|
<stringvalue>pcmanfm obex://[%d]</stringvalue>
|
|
|
|
</entry>
|
|
|
|
</gconf>
|
|
|
|
EOF
|
|
|
|
# chmod 700 /etc/skel/.gconf /etc/skel/.gconf/apps /etc/skel/.gconf/apps/blueman /etc/skel/.gconf/apps/blueman/transfer
|
|
|
|
# chmod 600 /etc/skel/.gconf/apps/blueman/transfer/%gconf.xml
|
|
|
|
# etckeeper commit 'skel/.gconf/apps/blueman/transfer/%gconf.xml: (#761286) new file'
|
|
|
|
|
|
|
|
*[-- partages GIO/GVfs]*
|
|
|
|
|
|
|
|
# ln -s .gvfs /etc/skel/Réseau
|
|
|
|
# etckeeper commit 'skel/Réseau: new file'
|
|
|
|
|
|
|
|
# nano /etc/xdg/autostart/gigolo.desktop
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
[Desktop Entry]
|
|
|
|
Name=Gigolo
|
|
|
|
Name[fr]=Gigolo
|
|
|
|
Comment=A simple frontend to easily connect to remote filesystems
|
|
|
|
Comment[fr]=Une interface simple pour se connecter facilement à des systèmes de fichiers à distance
|
|
|
|
Icon=gtk-network
|
|
|
|
Exec=gigolo
|
|
|
|
Terminal=false
|
|
|
|
Type=Application
|
|
|
|
StartupNotify=false
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'xdg/autostart/gigolo.desktop: (#754592) new file'
|
|
|
|
|
|
|
|
# mkdir -p /etc/skel/.config/gigolo
|
|
|
|
# cat <<EOF >!$/config
|
|
|
|
[ui]
|
|
|
|
start_in_systray=true
|
|
|
|
EOF
|
|
|
|
# chmod 700 /etc/skel/.config /etc/skel/.config/gigolo
|
|
|
|
# etckeeper commit 'skel/.config/gigolo/config: new file'
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
raccourcis avec la souris]
|
|
|
|
|
|
|
|
# apt-get install --purge -t wheezy-backports pcmanfm libfm-modules libfm-tools
|
|
|
|
|
|
|
|
[RAISON:
|
|
|
|
libfm-modules: search functions since libfm >= 1.2.0-1
|
|
|
|
libfm-tools: replace lxshortcut since libfm >= 1.2.0-1]
|
|
|
|
|
|
|
|
*[- gestion/installation des paquets]*
|
|
|
|
|
|
|
|
# apt-get install synaptic gdebi
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/756855>]
|
|
|
|
|
|
|
|
[RAISON:
|
|
|
|
gdebi: logiciels tiers, e.g. Dropbox ou Skype]
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
gnome-packagekit: 74.8MB
|
|
|
|
software-center: 81.1MB]
|
|
|
|
|
|
|
|
*[- audio/video]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/754229>]
|
|
|
|
|
|
|
|
# apt-get install \
|
|
|
|
alsa-utils volumeicon-alsa \
|
|
|
|
vlc
|
|
|
|
|
|
|
|
*[-- contrôle du volume]*
|
|
|
|
|
|
|
|
# nano /etc/xdg/autostart/volumeicon-alsa.desktop
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
[Desktop Entry]
|
|
|
|
Name=Volume Icon
|
|
|
|
Name[fr]=Icône pour le contrôle du volume
|
|
|
|
Comment=Lightweight volume control for the systray
|
|
|
|
Comment[fr]=Simple contrôle du volume pour la barre d'état
|
|
|
|
Icon=volume
|
|
|
|
Exec=volumeicon
|
|
|
|
Terminal=false
|
|
|
|
Type=Application
|
|
|
|
StartupNotify=false
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'xdg/autostart/volumeicon-alsa.desktop: (#749324) new file'
|
|
|
|
|
|
|
|
# mkdir -p /etc/skel/.config/volumeicon
|
|
|
|
# cat <<EOF >!$/volumeicon
|
|
|
|
[StatusIcon]
|
|
|
|
lmb_slider=true
|
|
|
|
mmb_mute=true
|
|
|
|
show_sound_level=true
|
|
|
|
theme=White Gnome
|
|
|
|
|
|
|
|
[Hotkeys]
|
|
|
|
up_enabled=true
|
|
|
|
down_enabled=true
|
|
|
|
mute_enabled=true
|
|
|
|
EOF
|
|
|
|
# chmod 700 /etc/skel/.config/
|
|
|
|
# etckeeper commit 'skel/.config/volumeicon/volumeicon: new file'
|
|
|
|
|
|
|
|
*[--- si pas Debian jessie]*
|
|
|
|
|
|
|
|
# nano /etc/skel/.config/volumeicon/volumeicon
|
|
|
|
[add after
|
|
|
|
show_sound_level=true]
|
|
|
|
onclick=x-terminal-emulator -e 'alsamixer'
|
|
|
|
# etckeeper commit 'skel/.config/volumeicon/volumeicon: (#754231) x-terminal-emulator'
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
pavucontrol: necessary for Skype >= 4.3, even if libpulse0:i386?
|
|
|
|
xfce4-mixer: fancier (gstreamer0.10-alsa)]
|
|
|
|
|
|
|
|
*[-- support pour lecture des DVD avec DRM]*
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/apt/sources.list.d/download.videolan.org.list
|
|
|
|
deb http://download.videolan.org/pub/debian/stable/ /
|
|
|
|
deb-src http://download.videolan.org/pub/debian/stable/ /
|
|
|
|
EOF
|
|
|
|
# apt-key adv --keyserver pool.sks-keyservers.net --recv-keys 8F0845FE77B16294429A79346BCA5E4DB84288D9
|
|
|
|
[si ça ne joue pas:
|
|
|
|
# wget -O - http://download.videolan.org/pub/debian/videolan-apt.asc | apt-key add -]
|
|
|
|
# apt-get update
|
|
|
|
# etckeeper commit 'apt/sources.list.d/download.videolan.org.list: new file'
|
|
|
|
|
|
|
|
# apt-get install libdvdcss2
|
|
|
|
|
|
|
|
*[- gravage des CD/DVD]*
|
|
|
|
|
|
|
|
# apt-get install brasero cdrdao dvd+rw-tools gstreamer0.10-plugins-ugly [libdvdcss2]
|
|
|
|
|
|
|
|
[RAISON:
|
|
|
|
cdrdao: burn audio+data CDs and byte-to-byte copy
|
|
|
|
dvd+rw-tools: support rewritables DVDs and BDs
|
|
|
|
libdvdcss2: copy encrypted DVDs
|
|
|
|
gstreamer0.10-plugins-ugly: more audio formats (e.g. H264/m4a)]
|
|
|
|
|
|
|
|
*[- suite Internet]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports \
|
|
|
|
iceweasel \
|
|
|
|
icedove iceowl-extension xul-ext-sogo-connector \
|
|
|
|
pidgin pidgin-otr gstreamer0.10-alsa gstreamer0.10-ffmpeg
|
|
|
|
[pour le support des langues voir plus bas: iceweasel-l10n-fr icedove-l10n-fr iceowl-l10n-fr]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/236227>]
|
|
|
|
|
|
|
|
# nano /etc/icedove/pref/icedove.js
|
|
|
|
[add at the end]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
// <https://bugs.debian.org/236227>
|
|
|
|
pref("print.postscript.paper_size", "iso_a4");
|
|
|
|
pref("print.print_paper_height", "297.00");
|
|
|
|
pref("print.print_paper_name", "iso_a4");
|
|
|
|
pref("print.print_paper_size_type", 1);
|
|
|
|
pref("print.print_paper_size_unit", 1);
|
|
|
|
pref("print.print_paper_width", "210.00");
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# nano /etc/iceweasel/pref/iceweasel.js
|
|
|
|
[add at the end]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
// <https://bugs.debian.org/236227>
|
|
|
|
pref("print.postscript.paper_size", "iso_a4");
|
|
|
|
pref("print.print_paper_height", "297.00");
|
|
|
|
pref("print.print_paper_name", "iso_a4");
|
|
|
|
pref("print.print_paper_size_type", 1);
|
|
|
|
pref("print.print_paper_size_unit", 1);
|
|
|
|
pref("print.print_paper_width", "210.00");
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'ice*/pref/ice*.js: (#236227) iso_a4'
|
|
|
|
[RAISON:
|
|
|
|
iceowl-extension: CalDAV support (icedove)
|
|
|
|
xul-ext-sogo-connector: CardDAV support (icedove), <https://bugzilla.mozilla.org/show_bug.cgi?id=546932>
|
|
|
|
gstreamer0.10-alsa: audio support (pidgin), <https://bugs.debian.org/770516>
|
|
|
|
gstreamer0.10-ffmpeg: video support (pidgin), <https://bugs.debian.org/770516>]
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
addressbooks-synchronizer: synchronise contacts via files (icedove), <https://bugs.debian.org/605743> [Codha]
|
|
|
|
addressbooktab: address book window as a tab (icedove)
|
|
|
|
contact-tabs: better way to manage contacs (icedove)
|
|
|
|
enigmail: OpenPGP support, better with gnupg-agent and gnupg-curl for HKPS (icedove)
|
|
|
|
jitsi: cross-platform IM in Java with full audio/video support and desktop sharing across, <https://bugs.debian.org/755489> et <https://bugs.debian.org/760853>
|
|
|
|
keysync: synchronize OTR keys between different clients (jitsi, pidgin)
|
|
|
|
xul-ext-gnome-keyring: store passwords in GNOME Keyring, <https://bugzilla.mozilla.org/show_bug.cgi?id=309807>
|
|
|
|
xul-ext-mailredirect: add bounce button (icedove), <https://bugs.debian.org/772674>
|
|
|
|
xul-ext-noscript: manage script execution]
|
|
|
|
|
|
|
|
[installer les extension pour tout le monde dans:
|
|
|
|
/usr/local/src et liens symboliques dans /usr/share/mozilla/extensions]
|
|
|
|
|
|
|
|
*[-- si Adobe Flash]*
|
|
|
|
|
|
|
|
# apt-get install flashplugin-nonfree [xul-ext-flashblock]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
LE PAQUET N'EST PAS MIS A JOUR A CHAQUE NOUVELLE VERSION DE FLASH:
|
|
|
|
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700092>
|
|
|
|
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746258>
|
|
|
|
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776708>]
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/cron.weekly/local_flashplugin-nonfree
|
|
|
|
#!/bin/sh
|
|
|
|
## <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700092#24>
|
|
|
|
test -x /usr/sbin/update-flashplugin-nonfree || exit 0
|
|
|
|
/usr/sbin/update-flashplugin-nonfree --install --quiet
|
|
|
|
EOF
|
|
|
|
# chmod a+x /etc/cron.weekly/local_flashplugin-nonfree
|
|
|
|
# etckeeper commit 'cron.weekly/local_flashplugin-nonfree: (#700092) new file'
|
|
|
|
|
|
|
|
*[-- si XMPP avec support audio/video et partage d'écran]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
jitsi QUE DANS Debian unstable, MAIS PAQUET UPSTREAM <https://download.jitsi.org/jitsi/debian/>]
|
|
|
|
|
|
|
|
# dpkg -i /path/to/jitsi_${VERSION}_$(uname -r | cut -d '-' -f 3).deb
|
|
|
|
# apt-key del EB0AB654
|
|
|
|
# rm /etc/apt/sources.list.d/jitsi.list
|
|
|
|
|
|
|
|
*[-- si clé OTR à synchroniser entre ChatSecure/Pidgin et Jitsi]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/774531>]
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports keysync python-pkg-resources
|
|
|
|
# exit
|
|
|
|
$ cd ~/.jitsi
|
|
|
|
$ keysync -i pidgin -o jitsi
|
|
|
|
$ su -
|
|
|
|
|
|
|
|
*[-- si synchronisation des mails via SSH]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports syncmaildir syncmaildir-applet
|
|
|
|
|
|
|
|
*[-- si Skype]*
|
|
|
|
|
|
|
|
<https://wiki.debian.org/skype>
|
|
|
|
|
|
|
|
*[--- si 64-bit]*
|
|
|
|
|
|
|
|
# dpkg --add-architecture i386
|
|
|
|
# apt-get update
|
|
|
|
|
|
|
|
*[--- de toute façon]*
|
|
|
|
|
|
|
|
# dpkg -i /path/to/skype_${VERSION}_i386.deb
|
|
|
|
# apt-get install -f
|
|
|
|
|
|
|
|
*[- suite bureautique]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports \
|
|
|
|
libreoffice libreoffice-gnome libreoffice-pdfimport fonts-liberation \
|
|
|
|
evince pdfmod
|
|
|
|
[pour le support des langues voir plus bas: libreoffice-l10n-fr hunspell-fr-comprehensive]
|
|
|
|
[RAISON:
|
|
|
|
libreoffice-gnome: GIO/gvfs support]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
pas de dialogue impression GTK même si libreoffice-gtk!
|
|
|
|
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775168>
|
|
|
|
<http://ask.libreoffice.org/en/question/3078/choose-gui-toolkit-for-lo-session/>
|
|
|
|
<https://bugs.documentfoundation.org/show_bug.cgi?id=69381>
|
|
|
|
<https://bugs.documentfoundation.org/show_bug.cgi?id=70889>
|
|
|
|
|
|
|
|
<https://debian-administration.org/users/dkg/weblog/89>
|
|
|
|
<http://ask.libreoffice.org/en/question/22742/why-doesnt-registrymodificationsxcu-in-the-presets-folder-get-distributed-to-a-new-user/>
|
|
|
|
<https://bugs.documentfoundation.org/show_bug.cgi?id=69609&redirected_from=fdo>
|
|
|
|
<http://www.linuxtag.org/2012/fileadmin/www.linuxtag.org/slides/Thorsten%20Behrens%20-%20LibreOffice%20configuration%20management%20-%20Tools_%20approaches%20and%20best%20practices.p331.pdf>]
|
|
|
|
|
|
|
|
# cat <<EOF >/usr/lib/libreoffice/share/registry/local_UseSystemPrintDialog.xcd
|
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<oor:data xmlns:oor="http://openoffice.org/2001/registry">
|
|
|
|
<dependency file="main"/>
|
|
|
|
<oor:component-data oor:package="org.openoffice.Office" oor:name="Common" xml:lang="en-US">
|
|
|
|
<node oor:name="Misc">
|
|
|
|
<prop oor:name="UseSystemPrintDialog" oor:op="fuse">
|
|
|
|
<value>true</value>
|
|
|
|
</prop>
|
|
|
|
<prop oor:name="ExperimentalMode" oor:op="fuse">
|
|
|
|
<value>true</value>
|
|
|
|
</prop>
|
|
|
|
</node>
|
|
|
|
</oor:component-data>
|
|
|
|
</oor:data>
|
|
|
|
EOF
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
libreoffice-style-tango: GTK icons
|
|
|
|
ttf-mscorefonts-installer: Arial, Courier New and Times New Roman]
|
|
|
|
|
|
|
|
*[- serveur d'impression]*
|
|
|
|
|
|
|
|
# apt-get install \
|
|
|
|
cups cups-pk-helper cups-pdf ghostscript-cups \
|
|
|
|
system-config-printer system-config-printer-udev
|
|
|
|
# etckeeper commit '[cups] leftover stuff'
|
|
|
|
|
|
|
|
# service cups stop
|
|
|
|
# nano /etc/cups/cupsd.conf
|
|
|
|
[replace]
|
|
|
|
Browsing Off
|
|
|
|
# service cups start
|
|
|
|
# etckeeper commit 'cups/cupsd.conf: Browsing Off'
|
|
|
|
|
|
|
|
*[déjà fait par le preseed]*
|
|
|
|
|
|
|
|
# dpkg-reconfigure libpaper1
|
|
|
|
libpaper1 libpaper/defaultpaper select a4
|
|
|
|
# etckeeper commit 'papersize: (#493722) a4'
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
system-config-printer: "Option 'printer-resolution' has value '(unknown IPP tag)' and cannot be edited."
|
|
|
|
<https://bugs.debian.org/656640>]
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports python-cups
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
system-config-printer -> cups-pk-helper: always aks for root password even if in lpadmin
|
|
|
|
<https://bugs.debian.org/698504>
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/polkit-1/localauthority/10-vendor.d/org.opensuse.cupspkhelper.pkla
|
|
|
|
[Adding or changing system-wide CUPS settings]
|
|
|
|
Identity=unix-group:lpadmin;unix-group:sudo
|
|
|
|
Action=org.opensuse.cupspkhelper.mechanism.*
|
|
|
|
ResultAny=no
|
|
|
|
ResultInactive=no
|
|
|
|
ResultActive=yes
|
|
|
|
EOF
|
|
|
|
# etckeeper commit 'polkit-1/localauthority/10-vendor.d/org.opensuse.cupspkhelper.pkla: (#698504)'
|
|
|
|
|
|
|
|
*[- Java]*
|
|
|
|
|
|
|
|
# apt-get install \
|
|
|
|
default-jre \
|
|
|
|
icedtea-plugin [openjdk-$VERSION-jre openjdk-$VERSION-jre-lib]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
MIEUX UTILISER <https://wiki.debian.org/UnattendedUpgrades> ET <https://help.ubuntu.com/community/AutomaticSecurityUpdates>]
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/cron.weekly/local_openjdk-6-jre-headless
|
|
|
|
#!/bin/sh
|
|
|
|
apt-get install -y openjdk-6-jre-headless
|
|
|
|
EOF
|
|
|
|
# chmod a+x /etc/cron.weekly/local_openjdk-6-jre-headless
|
|
|
|
# etckeeper commit 'cron.weekly/local_openjdk-6-jre-headless: new file'
|
|
|
|
|
|
|
|
*[- démarrage graphique]*
|
|
|
|
|
|
|
|
# apt-get install plymouth-drm
|
|
|
|
# plymouth-set-default-theme joy -R
|
|
|
|
# nano /etc/default/grub
|
|
|
|
[replace
|
|
|
|
grub-pc grub2/linux_cmdline_default string quiet splash]
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
|
|
|
|
# update-grub
|
|
|
|
[reboot and test]
|
|
|
|
# etckeeper commit 'plymouth/plymouthd.conf: Theme=joy'
|
|
|
|
|
|
|
|
*[-- si problèmes graphiques]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
SI 686-pae IL FAUT INSTALLER LE NOYAU A LA MAIN]
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports linux-image-$(uname -r | cut -d '-' -f 3)
|
|
|
|
|
|
|
|
*[-- une fois tout OK et écran final]*
|
|
|
|
|
|
|
|
[pour decouvrir les modes graphiques supportés par GRUB,
|
|
|
|
taper c quand GRUB démarre et ensuite commande videoinfo]
|
|
|
|
# nano /etc/default/grub
|
|
|
|
[uncomment]
|
|
|
|
GRUB_GFXMODE=$SCREEN_RESOLUTION
|
|
|
|
|
|
|
|
*[- si chiffrement]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/617196>]
|
|
|
|
|
|
|
|
# dpkg-reconfigure grub-pc
|
|
|
|
[all ENTER]
|
|
|
|
|
|
|
|
*[- de toute façon]*
|
|
|
|
|
|
|
|
# update-grub
|
|
|
|
[reboot and test]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
PAS LA MEME IMAGE QUE plymouth]
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
ON VOIT TOUJOURS UN PEU DE TEXTE]
|
|
|
|
|
|
|
|
# etckeeper commit 'default/grub: GRUB_GFXMODE=$SCREEN_RESOLUTION'
|
|
|
|
|
|
|
|
*[- dossier par défaut]*
|
|
|
|
|
|
|
|
# apt-get install xdg-user-dirs xdg-utils
|
|
|
|
|
|
|
|
*[- inubo]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports owncloud-client [owncloud-client-cmd]
|
|
|
|
|
|
|
|
*[- recherche indexée]*
|
|
|
|
|
|
|
|
# apt-get install tracker-gui tracker-miner-fs tracker-utils [tracker-extract]
|
|
|
|
|
|
|
|
*[- outils graphiques]*
|
|
|
|
|
|
|
|
# apt-get install gimp inkscape scribus simple-scan [xsane]
|
|
|
|
|
|
|
|
*[- RDP]*
|
|
|
|
|
|
|
|
# apt-get install remmina-plugin-rdp freerdp-x11
|
|
|
|
|
|
|
|
*[- tous, mais principalement pour les portables]*
|
|
|
|
|
|
|
|
# apt-get install xfce4-power-manager gpointing-device-settings
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/674439>]
|
|
|
|
|
|
|
|
# nano /etc/xdg/autostart/xfce4-power-manager.desktop
|
|
|
|
[replace]
|
|
|
|
OnlyShowIn=XFCE;LXDE;
|
|
|
|
# nano /usr/share/applications/xfce4-power-manager-settings.desktop
|
|
|
|
[replace]
|
|
|
|
OnlyShowIn=XFCE;LXDE;
|
|
|
|
# etckeeper commit 'xdg/autostart/xfce4-power-manager.desktop: (#674439) OnlyShowIn+=LXDE'
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/755688>
|
|
|
|
<https://bugs.debian.org/660887>]
|
|
|
|
|
|
|
|
# nano /usr/share/applications/gpointing-device-settings.desktop
|
|
|
|
[add]
|
|
|
|
Name[fr]=Souris et pavé tactile
|
|
|
|
Comment[fr]=Définir les préférences pour la souris et le pavé tactile
|
|
|
|
[replace]
|
|
|
|
OnlyShowIn=GNOME;LXDE;
|
|
|
|
|
|
|
|
*[-- si touchpad avec tapotement]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/572956>]
|
|
|
|
|
|
|
|
# mkdir /etc/X11/xorg.conf.d/
|
|
|
|
# nano !$/class-touchpad-tapping.conf
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## <https://bugs.debian.org/572956>
|
|
|
|
## <file:////usr/share/doc/xserver-xorg-input-synaptics/README.Debian>
|
|
|
|
## <http://askubuntu.com/questions/12435/how-do-i-restore-two-finger-middle-click-again>
|
|
|
|
Section "InputClass"
|
|
|
|
Identifier "touchpad-tapping"
|
|
|
|
MatchIsTouchpad "true"
|
|
|
|
Driver "synaptics"
|
|
|
|
Option "TapButton1" "1"
|
|
|
|
Option "TapButton2" "2"
|
|
|
|
Option "TapButton3" "3"
|
|
|
|
EndSection
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'X11/xorg.conf.d/class-touchpad-tapping.conf: (#572956) new file'
|
|
|
|
|
|
|
|
*[- NTFS]*
|
|
|
|
|
|
|
|
# apt-get install ntfs-3g
|
|
|
|
|
|
|
|
*[- Windows]*
|
|
|
|
|
|
|
|
*[-- si 32-bit]*
|
|
|
|
|
|
|
|
# apt-get install wine
|
|
|
|
|
|
|
|
*[-- si 64-bit]*
|
|
|
|
|
|
|
|
# dpkg --add-architecture i386
|
|
|
|
# apt-get update
|
|
|
|
# apt-get install wine-bin:i386
|
|
|
|
|
|
|
|
*[- utilisateurs et groupes]*
|
|
|
|
|
|
|
|
# apt-get install gnome-system-tools
|
|
|
|
|
|
|
|
*[- lecteur des empreintes digitales]*
|
|
|
|
|
|
|
|
# apt-get install libpam-fprintd
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
xscreensaver PAS BIEN INTEGRE]
|
|
|
|
|
|
|
|
*[- customisation]*
|
|
|
|
|
|
|
|
# apt-get install \
|
|
|
|
openbox-themes \
|
|
|
|
$(apt-cache search icon theme | sort | grep icon-theme | awk '{print $1}' | tr '\n' ' ')
|
|
|
|
[la commande entre parenthèses permet d'installer tous les packets dont le nom contient "icon-theme"]
|
|
|
|
|
|
|
|
*[- applications par défaut:
|
|
|
|
<http://lkubaski.wordpress.com/2012/10/29/understanding-file-associations-in-lxde-and-pcmanfm/>
|
|
|
|
<http://crunchbang.org/forums/viewtopic.php?id=8451>
|
|
|
|
<https://bugs.debian.org/522998>
|
|
|
|
<http://wiki.lxde.org/en/Desktop_Preferred_Applications_Specification>]*
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/xdg/mimeapps.list
|
|
|
|
# <http://freedesktop.org/wiki/Specifications/mime-apps-spec/>
|
|
|
|
# check the output of \`xdg-mime query default \$MIMETYPE\`
|
|
|
|
[Default Applications]
|
|
|
|
application/pdf=evince.desktop
|
|
|
|
application/x-debian-package=gdebi.desktop
|
|
|
|
application/x-extension-txt=leafpad.desktop
|
|
|
|
image/bmp=shotwell-viewer.desktop
|
|
|
|
image/gif=shotwell-viewer.desktop
|
|
|
|
image/jpeg=shotwell-viewer.desktop
|
|
|
|
image/jpg=shotwell-viewer.desktop
|
|
|
|
image/png=shotwell-viewer.desktop
|
|
|
|
image/svg+xml=inkscape.desktop
|
|
|
|
image/tiff=shotwell-viewer.desktop
|
|
|
|
text/plain=leafpad.desktop
|
|
|
|
EOF
|
|
|
|
|
|
|
|
*[-- si pas Debian jessie]*
|
|
|
|
|
|
|
|
# mkdir -p /usr/local/share/applications
|
|
|
|
# chmod g+w !$
|
|
|
|
# ln -s /etc/xdg/mimeapps.list !$/defaults.list
|
|
|
|
|
|
|
|
*[-- de toute façon]*
|
|
|
|
|
|
|
|
# etckeeper commit 'xdg/mimeapps.list: new file'
|
|
|
|
|
|
|
|
*[- fonds d'écran itopie]*
|
|
|
|
*[A REMPLACER AVEC update-alternatives --bin desktop-background]*
|
|
|
|
|
|
|
|
# tar axvf /path/to/itopie_-_black_2_-_wallpapers_$YYYYMMDD.tar.gz -C /
|
|
|
|
|
|
|
|
|
|
|
|
### finalisation
|
|
|
|
|
|
|
|
*[- langues]*
|
|
|
|
|
|
|
|
# dpkg-reconfigure keyboard-configuration
|
|
|
|
[reboot and test]
|
|
|
|
# etckeeper commit 'default/keyboard: XKBLAYOUT=ch && XKBVARIANT=fr'
|
|
|
|
|
|
|
|
# dpkg-reconfigure locales
|
|
|
|
locales locales/default_environment_locale: fr_CH.UTF-8
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
*** update-locale: Warning: LANGUAGE ("en_US:en") is not compatible with LANG (fr_CH.UTF-8). Disabling it.
|
|
|
|
root@workstation:/etc# git diff
|
|
|
|
diff --git a/default/locale b/default/locale
|
|
|
|
index 4212b70..175b9c8 100644
|
|
|
|
--- a/default/locale
|
|
|
|
+++ b/default/locale
|
|
|
|
@@ -1,3 +1,3 @@
|
|
|
|
# File generated by update-locale
|
|
|
|
-#LANG="en_US.UTF-8"
|
|
|
|
-LANGUAGE="en_US:en"
|
|
|
|
+LANG=fr_CH.UTF-8
|
|
|
|
+#LANGUAGE="en_US:en"
|
|
|
|
--8<---------------cut here---------------end--------------->8---]
|
|
|
|
|
|
|
|
# etckeeper commit 'default/locale: LANG=fr_CH.UTF-8'
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports \
|
|
|
|
iceweasel-l10n-fr icedove-l10n-fr iceowl-l10n-fr \
|
|
|
|
libreoffice-l10n-fr \
|
|
|
|
hyphen-fr hunspell-fr-comprehensive mythes-fr
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
iceowl-l10n-fr QUE A PARTIR DE Debian jessie]
|
|
|
|
|
|
|
|
[RAISON:
|
|
|
|
hyphen-fr: règles pour les traits d'union
|
|
|
|
hunspell-fr-comprehensive: dictionnaire complet (avant et après la réforme du 1990)
|
|
|
|
mythes-fr: synonymes]
|
|
|
|
|
|
|
|
*[- aide]*
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports \
|
|
|
|
debian-faq-fr debian-handbook debian-history debian-reference-fr doc-debian-fr \
|
|
|
|
libreoffice-help-fr \
|
|
|
|
gimp-help-fr scribus-doc
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
debian-faq-fr, debian-handbook, debian-history ET doc-debian-fr PAS AJOUTES AU MENU COMME debian-reference-fr]
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
doc-base: manage documentation on Debian
|
|
|
|
yelp: show doc-base documentation]
|
|
|
|
|
|
|
|
*[- si pas ordinateur pour images]*
|
|
|
|
|
|
|
|
# /home/rescue/bin/configure-host.sh $HOSTNAME [$DOMAIN]
|
|
|
|
|
|
|
|
*[- si IP fixe voir en haut, si non]*
|
|
|
|
|
|
|
|
# nano /etc/network/interfaces
|
|
|
|
[replace lines for eth0/wlan0]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## eth0/wlan0 managed by NetworkManager
|
|
|
|
## <http://bugs.debian.org/606268>
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'network/interfaces: (#606268) eth0/wlan0 managed by NetworkManager'
|
|
|
|
|
|
|
|
# nano /etc/.gitignore
|
|
|
|
[add at the end]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
|
|
|
|
## useless if managed by NetworkManager
|
|
|
|
## ppp makes backups, useless as well
|
|
|
|
resolv.conf*
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# git rm -f resolv.conf*
|
|
|
|
# etckeeper commit '.gitignore: resolv.conf managed by NetworkManager'
|
|
|
|
|
|
|
|
*[- si Wi-Fi]*
|
|
|
|
|
|
|
|
# apt-get install crda [iw wpasupplicant]
|
|
|
|
# nano /etc/default/crda
|
|
|
|
[replace]
|
|
|
|
REGDOMAIN=CH
|
|
|
|
# etckeeper commit 'default/crda: REGDOMAIN=CH'
|
|
|
|
|
|
|
|
*[- installation imprimantes]*
|
|
|
|
|
|
|
|
# w3m https://localhost:631
|
|
|
|
[pilote générique pour la plupart: /usr/share/ppd/ghostscript/model/pxl[color|moro].ppd]
|
|
|
|
# etckeeper commit 'cups/ppd/$PRINTER.ppd: new file'
|
|
|
|
|
|
|
|
*[- login déroulant]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
NOUVEAU greeter A CODER, <http://www.freedesktop.org/wiki/Software/LightDM/Development/>]
|
|
|
|
|
|
|
|
*[- partage Windows]*
|
|
|
|
|
|
|
|
# cat <<EOF >/etc/skel/.config/gigolo/bookmarks
|
|
|
|
[$NAME]
|
|
|
|
host=$HOSTNAME
|
|
|
|
scheme=smb
|
|
|
|
share=$SHARE
|
|
|
|
autoconnect=1
|
|
|
|
EOF
|
|
|
|
# etckeeper commit 'skel/.config/gigolo/bookmarks: new file
|
|
|
|
|
|
|
|
|
|
|
|
### user creation
|
|
|
|
|
|
|
|
*[- fake LDAP user]*
|
|
|
|
|
|
|
|
# addgroup \
|
|
|
|
--gid 5002 \
|
|
|
|
$ORG
|
|
|
|
# adduser \
|
|
|
|
--force-badname \
|
|
|
|
--home /home/users/prenom.nom \
|
|
|
|
--uid UID \
|
|
|
|
--gid 5002 \
|
|
|
|
--gecos "PRENOM NOM" \
|
|
|
|
prenom.nom
|
|
|
|
# etckeeper commit 'adduser prenom.nom'
|
|
|
|
|
|
|
|
*[- si langue différente du système]*
|
|
|
|
|
|
|
|
# su - $USER
|
|
|
|
$ nano ~/.xsessionrc
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## langue de l'environnement graphique
|
|
|
|
export LANG=fr_CH.UTF-8
|
|
|
|
export LANGUAGE=fr_CH:fr
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
$ nano ~/.bashrc
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## langue de l'environnement textuel
|
|
|
|
export LANG=fr_CH.UTF-8
|
|
|
|
export LANGUAGE=fr_CH:fr
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
$ exit
|
|
|
|
|
|
|
|
*[- login avec empreinte digitale]*
|
|
|
|
|
|
|
|
# fprintd-enroll [-f empreinte] $USER
|
|
|
|
|
|
|
|
*[- groupes]*
|
|
|
|
|
|
|
|
*[-- netdev, gestion des connexions réseau pour tout le monde]*
|
|
|
|
|
|
|
|
# adduser $USER netdev
|
|
|
|
# etckeeper commit 'adduser $USER netdev (network-manager)'
|
|
|
|
|
|
|
|
*[-- lpadmin, gestion des imprimantes]*
|
|
|
|
|
|
|
|
# adduser $USER lpadmin
|
|
|
|
# etckeeper commit 'adduser $USER lpadmin (cups)'
|
|
|
|
|
|
|
|
*[-- FUSE, accès disques NTFS/ntfs-3g et partage Windows/gvfs-fuse]*
|
|
|
|
|
|
|
|
# adduser $USER fuse
|
|
|
|
# etckeeper commit 'adduser $USER fuse (gvfs-fuse && ntfs-3g)'
|
|
|
|
|
|
|
|
*[- liens vers partages Windows]*
|
|
|
|
|
|
|
|
$ nano ~/.gtk-bookmarks
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
file:///home/users/${USER}/R%C3%A9seau/${SHARE}%20sur%20${IP} $NAME
|
|
|
|
smb://$IP/$PARTAGE
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
|
|
|
|
*[- logiciels RDP/Windows à distance]*
|
|
|
|
|
|
|
|
# xfreerdp \
|
|
|
|
-s "C:\\Progra~1\\$SOFTWARE.EXE" \
|
|
|
|
-c "O:\\Immbo8\\" \
|
|
|
|
-g workarea \
|
|
|
|
-D \
|
|
|
|
-T "$PROGRAM" \
|
|
|
|
-z \
|
|
|
|
--plugin rdpdr --data disk:$USER:/home/$USER \
|
|
|
|
printer:$PRINTERMODEL -- \
|
|
|
|
-u "$USER" \
|
|
|
|
$PRINTERIP
|
|
|
|
|
|
|
|
*[- contrôle taille du papier par défaut]*
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
<https://bugs.debian.org/236227>]
|
|
|
|
|
|
|
|
* Mozilla Firefox:
|
|
|
|
* Fichier -> Mise en page -> Taille du papier: A4
|
|
|
|
* Mozilla Thunderbird:
|
|
|
|
* Fichier -> Mise en page -> Taille du papier: A4
|
|
|
|
|
|
|
|
## Configuration de postfix en mode "satellite"
|
|
|
|
|
|
|
|
### Mise à jour du système
|
|
|
|
|
|
|
|
# apt-get update
|
|
|
|
|
|
|
|
### Vérifier que libsasl2-modules est bien installé (c'est normalement le cas)
|
|
|
|
|
|
|
|
# apt-get -s install libsasl2-modules
|
|
|
|
|
|
|
|
### Installer postfix (mais normalement il est déjà installé)
|
|
|
|
|
|
|
|
# apt-get install postfix
|
|
|
|
|
|
|
|
--> Satellite system
|
|
|
|
--> FQDN de la machine
|
|
|
|
|
|
|
|
### Vérifier la configuration
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
|
|
|
|
--> myhostname = FQDN
|
|
|
|
|
|
|
|
### Configuration des autorisations (ouvrir ou créer le fichier)
|
|
|
|
|
|
|
|
# nano /etc/postfix/sasl/sasl_passwd
|
|
|
|
|
|
|
|
mail.isp.ext:587 username:password
|
|
|
|
|
|
|
|
### Créer le hash du pwd
|
|
|
|
|
|
|
|
# postmap /etc/postfix/sasl/sasl_passwd
|
|
|
|
|
|
|
|
--> Crée un fichier sasl_passwd.db
|
|
|
|
|
|
|
|
### Sécuriser les mots de passe
|
|
|
|
|
|
|
|
# chown root:root /etc/postfix/sasl/sasl_passwd*
|
|
|
|
# chmod 0600 /etc/postfix/sasl/sasl_passwd*
|
|
|
|
|
|
|
|
### Configurer le relai - vérifier la configuration
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
|
|
|
|
--> relayhost = mail.isp.ext:587
|
|
|
|
--> il se peut qu'il faille des [] pour encadrer le FQDN
|
|
|
|
|
|
|
|
### Ajouter à la fin du fichier ou remplacer la section existante
|
|
|
|
|
|
|
|
# enable SASL
|
|
|
|
smtp_sasl_auth_enable = yes
|
|
|
|
# disallow methods that allow anonymous authentication.
|
|
|
|
smtp_sasl_security_options = noanonymous
|
|
|
|
# where to find sasl_passwd
|
|
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
|
|
|
# Enable STARTTLS encryption
|
|
|
|
smtp_use_tls = yes
|
|
|
|
# where to find CA certificates
|
|
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
|
|
|
|
### Configurer les alias pour l'envoi de mails
|
|
|
|
|
|
|
|
# nano /etc/aliases
|
|
|
|
root: it@itopie.ch
|
|
|
|
rescue: it@itopie.ch
|
|
|
|
|
|
|
|
Régénérer les aliases :
|
|
|
|
# newaliases
|
|
|
|
|
|
|
|
### Vérifier le domaine d'envoi
|
|
|
|
|
|
|
|
Vérifier que le domaine d'envoi est bien référencé sur un DNS public (à cause du reverse DNS utilisé à des fins d'anti-spam).
|
|
|
|
|
|
|
|
# nano /etc/mailname
|
|
|
|
|
|
|
|
Exemple :
|
|
|
|
|
|
|
|
codha.ch
|
|
|
|
|
|
|
|
### Redémarrer le service
|
|
|
|
|
|
|
|
# service postfix restart
|
|
|
|
|
|
|
|
### Tester
|
|
|
|
|
|
|
|
# sendmail recipient@elsewhere.com
|
|
|
|
From: you@example.com
|
|
|
|
Subject: Test mail
|
|
|
|
This is a test email
|
|
|
|
.
|
|
|
|
|
|
|
|
### Exemple de fichier main.cf (Codha)
|
|
|
|
|
|
|
|
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
|
|
|
|
|
|
|
|
|
|
|
# Debian specific: Specifying a file name will cause the first
|
|
|
|
# line of that file to be used as the name. The Debian default
|
|
|
|
# is /etc/mailname.
|
|
|
|
#myorigin = /etc/mailname
|
|
|
|
|
|
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
|
|
|
biff = no
|
|
|
|
|
|
|
|
# appending .domain is the MUA's job.
|
|
|
|
append_dot_mydomain = no
|
|
|
|
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
|
|
#delay_warning_time = 4h
|
|
|
|
|
|
|
|
readme_directory = no
|
|
|
|
|
|
|
|
# TLS parameters
|
|
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
|
|
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
|
smtpd_use_tls=yes
|
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
smtp_sasl_auth_enable = yes
|
|
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
|
|
|
|
smtp_sasl_security_options = noanonymous
|
|
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
smtp_tls_note_starttls_offer = yes
|
|
|
|
smtp_use_tls = yes
|
|
|
|
|
|
|
|
myhostname = tortue.apres-ge.ch
|
|
|
|
alias_maps = hash:/etc/aliases
|
|
|
|
alias_database = hash:/etc/aliases
|
|
|
|
myorigin = /etc/mailname
|
|
|
|
mydestination = tortue.apres-ge.ch, localhost.apres-ge.ch, localhost
|
|
|
|
relayhost = mail.infomaniak.com:587
|
|
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
|
|
mailbox_command = procmail -a "$EXTENSION"
|
|
|
|
mailbox_size_limit = 0
|
|
|
|
recipient_delimiter = +
|
|
|
|
inet_interfaces = all
|
|
|
|
|
|
|
|
|
|
|
|
Source : https://www.linode.com/docs/email/postfix/postfix-smtp-debian7 |