|
|
@@ -13,8 +13,6 @@ breadcrumbs:
|
|
|
{:.no_toc}
|
|
|
Debian 10 Buster
|
|
|
|
|
|
-**TODO:** Clean up.
|
|
|
-
|
|
|
## Basic Setup
|
|
|
|
|
|
### Installation
|
|
|
@@ -81,44 +79,33 @@ Debian 10 Buster
|
|
|
|
|
|
- Install `qemu-guest-agent`.
|
|
|
|
|
|
-### Networking 1
|
|
|
-
|
|
|
-- Setup network manager:
|
|
|
- - If you need VLAN and/or bonding support for ifupdown, install `vlan` and/or `ifenslave`.
|
|
|
-
|
|
|
- If you want to use systemd-networkd instead, see [System](system.md#replace-ifupdown-with-systemd-networkd).
|
|
|
-- Setup DNS:
|
|
|
- - Enable `systemd-resolved.service`, the systemd resolver.
|
|
|
- - Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
|
|
|
-- Setup NTP:
|
|
|
- - Check the timezone: `timedatectl`
|
|
|
- - If wrong: `timedatectl set-timezone Europe/Oslo`
|
|
|
- - `timedatectl set-ntp true`
|
|
|
- - Add `ntp.justervesenet.no` to `/etc/systemd/timesyncd.conf`.
|
|
|
- - Restart and see status for service `systemd-timesyncd`.
|
|
|
-- Setup firewall:
|
|
|
- - Install: `iptables iptables-persistent netfilter-persistent`
|
|
|
- - Add basic rules (it defaults to accepting everything).
|
|
|
-- Reboot and make sure it still works.
|
|
|
-
|
|
|
-### Networking 2
|
|
|
-
|
|
|
-#### Setup
|
|
|
-
|
|
|
-- Update the DNS servers in `/etc/resolv.conf`.
|
|
|
-- Install extra functionality for ifupdown:
|
|
|
- - VLAN: `vlan`
|
|
|
- - Bonding/LACP: `ifenslave`
|
|
|
-
|
|
|
-#### Replace ifupdown with systemd-networkd
|
|
|
-
|
|
|
-- Make the new networkd configs.
|
|
|
- - Extra network device configs: `/etc/systemd/network/*.netdev`
|
|
|
- - Network configs: `/etc/systemd/network/*.network`
|
|
|
-- (Re)move the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
|
|
|
-- Enable systemd-networkd: `systemctl enable systemd-networkd`
|
|
|
-- Reboot and test.
|
|
|
-- Check the status: `networkctl [status [-a]]`
|
|
|
+### Networking
|
|
|
+
|
|
|
+1. (Alternative 1) Setup ifupdown (default):
|
|
|
+ - For VLAN support, install `vlan`.
|
|
|
+ - For bond support, install `ifenslave`.
|
|
|
+1. (Alternative 2) Setup networkd:
|
|
|
+ - Make the new networkd configs.
|
|
|
+ - Special network device configs: `/etc/systemd/network/*.netdev`
|
|
|
+ - Network configs: `/etc/systemd/network/*.network`
|
|
|
+ - Check `...` for the networkd version of the current network configuration. Copy them ... 123
|
|
|
+ - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
|
|
|
+ - Enable systemd-networkd: `systemctl enable systemd-networkd`
|
|
|
+ - Check the status: `networkctl [status [-a]]`
|
|
|
+1. Setup DNS:
|
|
|
+ - Enable `systemd-resolved.service`, the systemd resolver.
|
|
|
+ - Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
|
|
|
+1. Setup NTP:
|
|
|
+ - Check the timezone: `timedatectl`
|
|
|
+ - If wrong: `timedatectl set-timezone Europe/Oslo`
|
|
|
+ - Enable network time: `timedatectl set-ntp true`
|
|
|
+ - In `/etc/systemd/timesyncd.conf`, set `ntp.justervesenet.no`.
|
|
|
+ - Restart `systemd-timesyncd`.
|
|
|
+ - Check **TODO**.
|
|
|
+1. Setup firewall:
|
|
|
+ - Install: `iptables iptables-persistent netfilter-persistent`
|
|
|
+ - Add basic rules (it defaults to accepting everything).
|
|
|
+1. Reboot and make sure it still works.
|
|
|
|
|
|
### Security
|
|
|
|
Håvard O. Nordstrand