debian 12

国内源

Debian 的软件源配置文件是 /etc/apt/sources.list。可以先备份配置文件。
一般情况下,将/etc/apt/sources.list文件中Debian默认的软件仓库地址和安全更新仓库地址修改为国内的镜像地址即可,
比如将deb.debian.org和security.debian.org改为mirrors.tuna.tsinghua.edu.cn,并使用https访问,可使用如下命令:

1
sed -i "s@http://\(deb\|security\).debian.org@https://mirrors.xxx.com@g" /etc/apt/sources.list
1
2
3
4
5
6
7
8
9
$ cat /etc/apt/sources.list
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-free

基础软件

1
apt install git vim

防火墙

1
2
3
4
5
6
7
8
9
10
11
12
## 防火墙设置, Azure 这种防火墙由服务商管理的,不用再配置防火墙。shell
apt-get update && apt-get install ufw
ufw enable
ufw status
ufw status verbose

ufw allow 23/tcp # 23 是你的ssh端口号,ssh是tcp协议
ufw allow ssh # 这是开放预设的 22 端口的

ufw allow http  #添加80端口

ufw allow https  #添加443端口

ssh

ssh 服务器配置: /etc/ssh/sshd_config
改完后 systemctl restart sshd 重启一下sshd服务

1
2
3
4
5
PermitRootLogin yes # 允许root登录
PermitRootLogin prohibit-password   # 不允许root密码登录

PubkeyAuthentication yes    # 允许秘钥登录
PasswordAuthentication no   # 不允许密码登录,如果服务器还有其他用户,可以把其他用户的密码登录也禁用了

ssh 秘钥配置

1
2
3
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f ./id_rsa # 生成秘钥
cat id_rsa.pub > ~/.ssh/authorized_keys # 可以使用自己的公钥
chmod 600 ~/.ssh/authorized_keys

git 基础配置

1
2
3
4
apt install git
git config --global user.email "example@qq.com"
git config --global user.name "example"
git config --global credential.helper store

docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 先卸载旧版冲突的软件, 如果有,还需要删除 /var/lib/docker
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
# Add Docker's official GPG key:
apt-get update
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update
# install docker
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

podman

1
apt install podman podman-compose

centos 7

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# 防火墙设置
systemctl status firewalld
firewall-cmd --list-all
firewall-cmd --add-port=80/any --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --reload
# ssh 配置秘钥
ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f ./id_rsa # 生成秘钥
cat id_rsa.pub > ~/.ssh/authorized_keys # 可以使用自己的公钥
chmod 600 ~/.ssh/authorized_keys
## 基础软件安装
yum install -y dnf epel-release && yum update -y
yum groupinstall -y "Development Tools" 
yum install -y  openssh-server vim wget which
yum clean all
curl -sSL https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -o miniconda.sh \
    && bash miniconda.sh -bfp /usr/local/ \
    && rm -rf miniconda.sh \
    && conda config --add channels https://mirrors.bfsu.edu.cn/anaconda/pkgs/free/ \
    && conda config --add channels https://mirrors.bfsu.edu.cn/anaconda/pkgs/main/ \
    && conda config --add channels https://mirrors.bfsu.edu.cn/anaconda/pkgs/r/ \
    && conda config --add channels https://mirrors.bfsu.edu.cn/anaconda/cloud/bioconda/ \
    && conda config --add channels https://mirrors.bfsu.edu.cn/anaconda/cloud/conda-forge/ \
    && conda config --set show_channel_urls yes \
    && conda config --set channel_priority strict \
    && conda install -y -n base conda-libmamba-solver \
    && conda config --set solver libmamba \
    && conda update -y --all \
    && conda clean --all --yes \
    && pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
conda install -y git    # centos本身的库里面没有新版git,需要使用conda下载
yum install -y docker docker-compose    # 注意服务不要通过 conda 安装,不然systemctl会无法管理
yum remove -y docker \
    docker-client \
    docker-client-latest \
    docker-common \
    docker-latest \
    docker-latest-logrotate \
    docker-logrotate \
    docker-engine
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable docker
systemctl start docker
## git 基础配置
git config --global user.email "example@qq.com"
git config --global user.name "example"
git config --global credential.helper store

armbian

配置网络

如果你在Armbian中使用Netplan作为网络配置管理工具,那么NetworkManager将会读取和遵循Netplan的配置文件。
这意味着直接编辑:/etc/NetworkManager/system-connections/<connection_name> 文件可能不会生效,因为NetworkManager将优先考虑Netplan的配置。
Netplan配置文件:/etc/netplan/01-netcfg.yaml

1
2
3
netplan apply   # 使Netplan配置文件生效
ip route    # 查看路由表
ip add  # 查看接口