######################## Installing a New Desktop ######################## Windows ======= If it's going to have windows, install windows first. If you're installing any games, etc, give windows 200GB? or so, since many are multi-gigabyte. Leave the rest of the disk blank Install Windows * Grab the ISO from ``.../group/admins/scratch/windows/iso`` if you need it * Grab the various component installers from ``.../group/admins/scratch/windows/installers``, too. (Just ``both/`` and ``NNbit`` for your particular NN; probably 64.) * Go through the windows install procedure. Use the usual admin password. * Set the license server: Run cmd and type :: cscript \windows\system32\slmgr.vbs -skms jhkms1.win.ad.jhu.edu cscript \windows\system32\slmgr.vbs -dli It should indicate "Licensed". * Install some programs * Kerberos (kfw-...) * Network Identity Manager (netidmgr-...) * OpenAFS client (openafs-...) * OpenAFS utilities (openafs-...-tools-...; these are 32 bit regardless) * SCEP (scepinstall.exe) * Firefox * VLC * ... Kerberos, NIM, and OpenAFS should be installed in that order. * Map the Z: drive to ``/afs/acm.jhu.edu`` (go to NETWORK/AFS, right click). Choose to map automatically. * Create an ACM guest account with the usual password Debian Linux ============ .. todo this is so fucking stale Installation ------------ * Install ssh server (at least) * Preeeety much just keep pressing enter until it's done. * For expedience, you may wish to not select any optional software and do that later, when it can be mostly fire-and-forget. * Be sure to create a large partition (50G) for ``/var/cache/openafs`` * You may want to only allocate 50-100G as the root partition and give the rest to a ``/var/games/steam`` or the like. This is currently not standard. * Reboot into your new world Configure networking -------------------- If you're behind CS, you want a ``/etc/network/interfaces`` file like the below; it is very important to use CS's resolvers and not ours because various services (like http://isis.jhu.edu) have different internal and external addresses, with the border gateway not properly set up to handle seeing the external addresses from internal hosts. :: auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 128.220.35.177 netmask 255.255.255.0 gateway 128.220.35.1 dns-nameservers 128.220.13.50 dns-nameservers 10.200.1.1 dns-nameservers 10.200.2.2 dns-search acm.jhu.edu (If this is on the 70. network, substitute s/35/70/ as appropriate). Install the ACM meta-package ---------------------------- Follow the instructions here_ to install the jhuacm apt repository (as of August 2015). .. _here: https://www.acm.jhu.edu/~admins.pub/systems/metapackages-and-apt.html#installing-the-repository You want to install the ``jhuacm-desktop`` package. Answer the configuration options as indicated below: :: AFS CELL acm.jhu.edu KRB REALM acm.jhu.edu LDAP SERVER ldap://ldap.acm.jhu.edu LDAP BASE dc=acm,dc=jhu,dc=edu LDAP tables passwd, group It might ask about LDAP bindings for root; I left it blank. Better would be to answer no if it asks if you want that. https://www.acm.jhu.edu/~admins.pub/systems/metapackages-and-apt.html#installing-the-repository Then, once an AFS client is running (check ``systemctl status openafs-client``, note that you may need to restart this service once because of a debian bug), run the desktop-postinstall.sh script located at ``/afs/acm.jhu.edu/group/admins.pub/scripts/desktop-postinstall.sh``. I (bjr) have commented out the "apt-get install" part of this script but the rest still works. At this point you should be set! Install desktop environments ---------------------------- The metapackages currently do not pull in any desktop environments. Everyone has different feelings about desktop environments, obviously. I (bjr) usually install and configure KDE4+kdm as the default when doing a desktop install. This was the state of most desktops before my time, too. jhuacm-desktop should probably (but does not currently) install the full set of DEs/WMs we want to offer: some collection of desktops and tiling window managers. For the moment, KDE + GNOME + i3 + awesome is probably a good starter set. What desktop-postinstall does: ------------------------------ You don't need to do any of this (the script does it for you), but the documentation has been preserved here regardless. Follow the instructions in :ref:`install-common_config_ssh` to harden the SSH configuration. Add the following lines via visudo:: %desktopadmins ALL=(ALL:ALL) ALL %sysadmins ALL=(ALL:ALL) ALL In /etc/pam.d/common-auth, remove the "pam_afs_session.so" line (or just comment it out). This will prevent AFS tokens from going away when a user runs sudo. Follow the hard-mount semantics instructions in :doc:`../core/afsdoc/client`. If you skipped task selection before, do so now.