Setting up a new Software Heritage desktop machine

Debian install

• Stable
• root w/temporary password; no regular user (after setting up root password, cancel twice and jump forward to clock settings)
• full disk with LVM; reduce home LV to leave half of the disk free
• Standard system utilities, ssh server, no desktop environment (puppet will install that)

Base system setup (from console)

• Login as root
• Enable password root access in ssh (/etc/ssh/sshd_config, PermitRootLogin yes)
• Write down IP configuration and add the machine to the Gandi DNS
• Test SSH login as root from your workstation
• Stay at your desk :)

Full system setup (from your desk)

• SSH login as root
• Edit sources.list to add testing
• apt-get update, dist-upgrade, autoremove --purge
  • While you wait, create Vpn certificates for the new machine
  • add the machine to the puppet configuration, in the swh_desktop role
• apt-get install puppet openvpn
• configure openvpn per Vpn
  • add pergamon IP address to /etc/resolv.conf
  • add louvre.softwareheritage.org to /etc/hosts
• configure puppet
  • systemctl disable puppet
  • server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
  • puppet agent --enable
  • puppet agent -t
  • run puppet on pergamon to update munin server config
• set proper root password, add it to password store
• reboot