Please find below my installation log with the debian testing distribution.

Hardware configuration

kernel rebuild

apt-get install build-essential autoconf automake gcc-3.3 g++3.3
apt-get install kernel-package
apt-get install module-assistant
vi /etc/kernel-pkg.conf
apt-get install linux-headers-2.6.15-1-686-smp
apt-get install debhelper kernel-package libqt3-mt-dev xlibs-dev libxtst-dev fakeroot rpm wget

ati driver

apt-get install fglrx-control fglrx-driver fglrx-kernel-src
apt-get install xbase-clients

• build module

module-assistant a-i fglrx

• perform required modifications to /etc/X11/xorg.conf

aticonfig --initial

hauppauge pv350 ivtv driver installation

1. get driver from http://ivtvdriver.org/index.php/Main_Page stable releases can be found at http://dl.ivtvdriver.org/ivtv/stable/
2. before installation do a

cd ivtv-*
make && make install
cd utils
cp ivtvfbctl ivtvctl ivtv-detect ivtv-encoder ivtvplay ivtv-mpegindex ivtvfwextract.pl ivtv-radio utils/ivtv-tune /usr/local/bin
apt-get install libconfig-inifiles-perl
cd ..

1. firmware installation following http://ivtvdriver.org/index.php/Firmware or http://ivtv.writeme.ch/tiki-index.php?page=FirmwareVersions

wget ftp://ftp.shspvr.com/download/wintv-pvr_150-500/inf/pvr_2.0.24.23035.zip
unzip pvr_2.0.24.23035.zip
cp HcwMakoA.ROM /usr/lib/hotplug/firmware/v4l-cx25840.fw
cp HcwFalcn.rom /usr/lib/hotplug/firmware/v4l-cx2341x-enc.fw
wget ftp://ftp.shspvr.com/download/wintv-pvr_250-350/inf/pvr_1.18.21.22254_inf.zip
unzip pvr_1.18.21.22254_inf.zip
utils/ivtvfwextract.pl pvr_1.18.21.22254_inf.zip
cp v4l-cx2341x-init.mpg /usr/lib/hotplug/firmware
rm /lib/modules/ivtv-fw-enc.bin
mv /lib/modules/ivtv-fw-dec.bin /usr/lib/hotplug/firmware/v4l-cx2341x-dec.fw
modprobe ivtv
dmesg
ivtvctl -d /dev/video0 -u 0x7f0000
ivtvctl -d /dev/video0 -p 4
ivtvctl -d /dev/video0 -f width=720,height=576
ivtv-tune --device=/dev/video0 --freqtable=france --channel=50
mplayer /dev/video0

Server configuration

ssh and rsync

apt-get install ssh rsync

dns server

apt-get install bind9

• in /etc/bind modify following files:

db.courville.org
db.0.168.192

• modify named.conf.options and named.conf.local

postfix smtp mail server: with smtp-auth and tls

• install postfix and other mail tools that I like

apt-get install postfix mutt procmail emil fetchmail

• edit following giles

/etc/postfix/main.cf
/etc/postfix/virtual
/etc/mailname

• update aliases and virtual map

postmap /etc/postfix/virtual
postalias /etc/aliases

• add support for sasl2

apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util
dpkg-reconfigure postfix
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = hyperion.courville.org'
/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
rm -fr /var/run/saslauthd

• edit file /etc/default/saslauthd to perform the following modifications:

START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
MECHANISMS="pam"

• edit file /etc/init.d/saslauthd to perform the following modifications:

#PWDIR=/var/run/saslauthd
PWDIR="/var/spool/postfix/var/run/${NAME}"
#PIDFILE="/var/run/${NAME}/saslauthd.pid"
PIDFILE="${PWDIR}/saslauthd.pid"
<snip>
#       dir=`dpkg-statoverride --list $PWDIR`
        dir="root sasl 755 ${PWDIR}"

• restart sasl auth deamon:

/etc/init.d/saslauthd start

• test if everything is in order:

telnet localhost 25
ehlo localhost

• if the following appears then it is fine:

250-STARTTLS
250-AUTH

dovcots imap server with ssl support

apt-get install dovecot-common dovecot-imapd
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

• in order to enable ssl certificates and keys need to be generated: let's rely on postfix key previously generated key achieve that goal

cd /etc/postfix/ssl/
openssl req -new -key smtpd.key -out dovecot.csr
openssl x509 -req -days 3650 -in dovecot.csr -signkey smtpd.key -out dovecot.crt
openssl req -new -x509 -extensions v3_ca -keyout dovecot-cakey.pem -out dovecot-cacert.pem -days 3650
mv dovecot* /etc/dovecot

• edit /etc/dovecot/dovecot.conf file and add following lines

protocols = imaps
log_path = /var/log/dovecot.log
syslog_facility = mail
ssl_cert_file = /etc/dovecot/dovecot.crt
ssl_key_file = /etc/dovecot/dovecot.key
ssl_key_password = *REPLACEBYYOURPASSWD*

apache2 ssl configuration

• instasll apache2 remove apache

apt-get install apache2
apt-get remove apache

• edit default configuration:

cd /etc/apache2/sites-available/
cp default 0080-main

• make the following changes into 0080-main

Directory /var/www
RedirectMatch ^/$ /mediawiki/

• make the following redirections (historical purposes...):

RedirectMatch ^/marilou$ http://www.courville.org/gallery/Marilou-est-l%E0%21
RedirectMatch ^/phpwiki/Gcc$ http://hyperion/mediawiki/index.php/Gcc
RedirectMatch ^/phpwiki/Hauppauge%20PVR%20250$ http://hyperion/mediawiki/index.php/Hauppauge_PVR_250
RedirectMatch ^/phpwiki/Mythtv$ http://hyperion/mediawiki/index.php/Mythtv
RedirectMatch ^/phpwiki/$ http://hyperion/mediawiki/

• generate ssl certificate:

apache2-ssl-certificate

• create default configuration for port 443 https:

cd /etc/apache2/sites-available
cp default 0443-ssl

• activate the links through

a2ensite 0080-main
a2ensite 0443-ssl

• add Listen 443 in /etc/apache2/ports.conf
• in /etc/apache2/sites-available/0443-ssl insert

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

• enable the modules

a2enmod ssl
a2enmod rewrite

• add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

• restart apache2:

/etc/init.d/apache2 force-reload

enable both php5 and php4 support

I followed the instructions from http://www.howtoforge.com/book/print/1012

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert
apt-get install libapache2-mod-php5 php4-cgi
apt-get install php5-imap php-pear php5-curl php5-dev php5-gd php5-ldap php5-mhash php5-mysql php5-odbc php5-recode php5-snmp php5-sqlite php5-xmlrpc php5-xsl php4-auth-pam php4-imagick php4-mcrypt php4-sqlite php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt

• edit /etc/apache2/apache2.conf and change

#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.pl index.php index.php4 index.xhtml

• add suitable handler for .php4 files

AddHandler php-script .php4
Action php-script /cgi-bin/php4

• enable following modules

a2enmod actions
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

• restart apache2

/etc/init.d/apache2 restart

provide pxe boot capabilities and dhcp server

I have a diskless mediabox that boot using pxe with custom geexbox distribution http://www.geexbox.org

apt-get install tftpd-hpa dhcp3-server inetd

• parametrize tftpd server editing /etc/default/tftpd-hpa

RUN_DAEMON="yes"
OPTIONS="-l -s /tftpboot"

• in /etc/dhcp3/dhcpd.conf put for file RELATIVE PATH to /tftpboot

filename "/GEEXBOX.i386/boot/pxelinux.0";
<snip>
option root-path "/tftpboot/GEEXBOX.i386/";

• create tftpboot directory

mkdir /tftpboot

• update /etc/exports to allow clients
• copy the result of make pxe of geekbox under /tftpboot/GEEKBOX.i386

fight agains spam: spamassassin

apt-get install spamassassin spamc spampd

• enable it in /etc/default/spamassassin

becom a NIS server

 apt-get install nis

• domaine: courville.org
• in /etc/ypserv.securenets

# This line gives access to everybody. PLEASE ADJUST!
255.255.255.0   192.168.0.0

• modify following files
• add in /etc/defaultdomain

 courville.org

• edit /etc/default/nis

NISSERVER=master

• edit /var/yp/Makefile to propagate also admin group assignements

# MINGID is the lowest gid that will be included in the group maps.
MINUID=1000
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
MINUID=1000
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
MINGID=4

• regenerate maps:

cd /var/yp
make

file server: nfs and autofs

apt-get install autofs

• update yp
• on remote machine make

ln -s /misc/home home

• put autofs in /etc/auto.misc

time accuracy: ntp server

apt-get install ntp-server ntp-doc ntp ntpdate

• add in /etc/ntp.conf

server ntp.via.ecp.fr
server ntp.univ-angers.fr
server delphi.phys.univ-tours.fr

ftp server

apt-get install proftpd proftpd-common

print server for deskjet 970cxi

• buy turboprint from http://www.turboprint.de (this program is really good an fairly inexpensive)

apt-get install libgtk1.2 impose+ fig2ps transfig html2ps a2ps enscript

backuppc

The solution to backups: backuppc

 apt-get install backuppc
 apt-get install libfile-rsync-perl libfile-rsyncp-perl

• protect the access:

htpasswd /etc/backuppc/htpasswd backuppc

• modify /etc/backuppc/loclhost.pl in order to define all the regexps for the backups in file incexcl-hyperion

$Conf{XferMethod} = 'rsync';
$Conf{RsyncShareName} = '/' ;
$Conf{RsyncArgs} = [
  '--numeric-ids',
  '--perms',
  '--owner',
  '--group',
  '--devices',
  '--links',
  '--times',
  '--block-size=2048',
  '--recursive',
  '--exclude-from=/etc/backuppc/incexcl-hyperion',
  '--exclude-from=/etc/backuppc/incexcl-global',
];
$Conf{RsyncRestoreArgs} = [
  '--numeric-ids',
  '--perms',
  '--owner',
  '--group',
  '--devices',
  '--links',
  '--times',
  '--block-size=2048',
  '--relative',
  '--ignore-times',
  '--recursive',
];

• generate ssh keys for root and backuppc and grant access for backuppc user to root

ssh-keygen -t rsa
cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
touch ~/.ssh/authorized_keys
cat BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys

• add in front of the authorized_keys from "hyperion.courville.org" before the ssh-rsa to limit access to host.
• note: you need to copy /etc/backuppc/incexcl-* file to all hosts to backup

Web services

router web statistics: mrtg

apt-get install rddtools mrtg

• enable snmp on linksys wrt54gs router with dd-wrt alternative firmware
• generate configuration file

cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[_]: bits,growright' --ifref=ip --output /etc/mrtg.cfg public@192.168.0.1 test it
env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

• open http://localhost/mrtg

mediawiki installation

• If you are transfering a mediawiki database from another computer you need first to perform a backup

mysqldump -u root --single-transaction wikidb > backup-wikidb.sql

• prior of installing mediawiki you need to restore the database on the target computer

mysql -u root
mysql> create database wikidb;
mysql> use wikidb;
mysql> source backup-wikidb.sql;

• then and only then install mediawiki:

apt-get install libapache2-mod-proxy-html
apt-get install mediawiki mediawiki-math
apt-get install libcache-memcached-perl memcached turck-mmcache imagemagick libgd2
apt-get install php4-gd2 turck-mmcache memcached tetex-extra gv postscript-viewer xpdf-reader pdf-viewer texi2html dvipng chktex lacheck rubber sam2p libcache-memcached-perl memcached turck-mmcache

• open http://localhost/mediawiki for configuration

mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/LocalSettings.php
chmod 600 /etc/mediawiki/LocalSettings.php
cp ~www-data/Images/courville-wiki.png /usr/share/mediawiki/skins/common/images/

• perform custom modifications to /etc/mediawiki/LocalSettings.php: restrict login and edition

## Shared memory settings
$wgUseMemCached = true;
$wgMemCachedServers = array('localhost');
#force users to login for edit
$wgWhitelistEdit = true;
$wgWhitelistRead = false;
#preventing new user registration http://meta.wikimedia.org/wiki/Preventing_Access and http://meta.wikimedia.org/wiki/Talk:Setting_user_rights_in_MediaWiki
$wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
#change default logo
#put logo into /usr/share/mediawiki/skins/common/images
#$wgLogo = '/var/www/Images/courville-wiki.png';
$wgLogo = "$wgStylePath/common/images/courville-wiki.png";

• in /etc/php5/apache2/php.ini increase memory from 8M to 20M
• make sure that /etc/mediawiki/LocalSettings.php has permission 600

gallery installation

• install gallery:

apt-get install gallery imagemagick jhead libjpeg-progs mysql-server

• enable configuration of gallery

/usr/share/gallery/configure.sh

• setup gallery opening http://localhost/gallery/setup/index.php
• once setup completed secure gallery

 /usr/share/gallery/secure.sh

webmail: squirrelmail

apt-get install squirrelmail

• configuration

/usr/sbin/squirrelmail-configure

• enabling for apache:

cd /etc/apache2/conf.d
ln -s /etc/squirrelmail/apache.conf squirrelmail
cp /var/www/Images/courville-wiki.png /usr/share/squirrelmail/images/

web statistics: awstats

apt-get install awstats libnet-ip-perl libgeo-ipfree-perl
cd /etc/awstats

• add the following plugins in /etc/awstats/awstats.conf geoipfree and Tooltips

SkipHosts="127.0.0.1 REGEX[^192\.168\.] localhost REGEX[^.*\.localdomain$] REGEX[^.*\.courville.org$]"
SiteDomain="www.courville.org"
LogFile="/var/log/apache2/access.log"
LogFormat=1

• add apache configuration file /etc/apache2/conf.d/awstats to secure icon path

Alias /awstats-icon /usr/share/awstats/icon
<Directory /usr/share/awstats/icons>
  php_flag register_globals off
  Options Indexes FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
</Directory>

• update permission in /var/log/apache2 to allow user www-data to read access logs

 chmod a+r /var/log/apache/access*

• change log file reference to apache2 in cron /etc/cron.d/:

0,10,20,30,40,50 * * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null

• in order to process old log files one can use according the FAQ the following tip:

 LogFile="/usr/share/doc/awstats/examples/logresolvemerge.pl /tmp/logs/access.log.* |"

• allow www-data user to access apache2 logs

chgrp www-data /var/log/apache2/access.log

Misc applications

new sources for multimedia support

• in /etc/apt/sources.list add

deb ftp://ftp.nerim.net/debian-marillat/ etch main
deb-src ftp://ftp.nerim.net/debian-marillat/ sid main

• add truster keys to avoid anoying warning when updating

gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --list-keys
gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys 1F41B907
gpg --armor --export 1F41B907 | apt-key add -
gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys 2D230C5F
gpg --armor --export 2D230C5F | apt-key add -

• get mplayer and co.

apt-get install ksubtile acidrip mencoder-586 mplayer-586 mplayer-skin-blue w32codecs

easy search for a package that contains a file

apt-get install apt-file
apt-file update

vim

apt-get install vim
update-alternatives --config vi

versioning

apt-get install tla subversion subversion-tools cvs

zsh

apt-get install zsh

rox

Lightwave file manager

apt-get install rox-filer

apt

• resolve E: Dynamic MMap ran out of room issue when performing an apt-get update: put in /etc/apt/apt.conf

APT::Cache-Limit 16777216;

• apt pinning to stay in testing: /etc/apt/preferences

Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release a=testing
Pin-Priority: 1000

Package: *
Pin: release a=unstable
Pin-Priority: 800

Package: *
Pin: release a=experimental
Pin-Priority: 700

tv applications

mythtv

apt-get install libqt3c102-mt mythtv mythtv-backend mythtv-common mythtv-database mythtv-doc mythtv-frontend mythtv-themes libmyth-0.19 
apt-get install xmltv-gui xmltv-util xmltv libxmltv-perl

• allow to connect as mythtv user by adding to /etc/sudoers

marc ALL=(mythtv) ALL, (root) /usr/bin/su mythtv

• or allow mythtv to access localhost:0.0

xauth nextract - localhost.localdomain/unix:0 | ssh mythtv@localhost xauth nmerge - 

• perform setup:

sudo -u mythtv mythtv-setup
sudo /etc/init.d/mythtv-backend start

• for avoiding error getting channel lists: No channels could be found at /usr/bin/tv_grab_fr in tv_grab_fr --configure in .xmltv/tv_grab_fr.conf or retreive corrected version through cvs at http://cvs.sourceforge.net/viewcvs.py/*checkout*/xmltv/xmltv/grab/fr/tv_grab_fr?rev=1.23

channel 1 tf1.GIF;/c_img/chaine/tf1.GIF
channel 2 france2.GIF;/c_img/chaine/france2.GIF
channel 3 france3.GIF;/c_img/chaine/france3.GIF
channel 35 rtbf.GIF;/c_img/chaine/rtbf.GIF
channel 37 tsr.GIF;/c_img/chaine/tsr.GIF
channel 4 canalplus.GIF;/c_img/chaine/canalplus.GIF
channel 5 arte.GIF;/c_img/chaine/arte.GIF
channel 6 m6.GIF;/c_img/chaine/m6.GIF
channel 7 france5.GIF;/c_img/chaine/france5.GIF
channel 8 rtl9.GIF;/c_img/chaine/rtl9.GIF
channel 9 tmc.GIF;/c_img/chaine/tmc.GIF

fricorder

In order to record tv programs from your freebox retreive fricorder from http://manatlan.online.fr/fricorder.php

apt-get install python2.4 python2.4-gtk2 python2.4-gnome2-extras python2.4-glade2 python2.4-xml zenity
apt-get install vlc vlc-plugin-alsa vlc-plugin-arts vlc-plugin-esd vlc-plugin-ggi vlc-plugin-glide vlc-alsa vlc-esd vlc-ggi vlc-gnome vlc-gtk vlc-qt
apt-get install -f vlc/unstable libavahi-common3/unstable

• openwrt configuration for freebox: follow http://guillaume.rince.free.fr/spip/rubrique.php?id_rubrique=14
• accept udp input from freebox/freeplayer multiposte:

iptables -A INPUT -p udp -s 212.27.38.253 -j ACCEPT

tv program grabbers

• install another tv program grabber via vbi interface: nxtvepg

apt-get install nxtvepg

zapping tv viewer

apt-get install zapping

User configuration

propagate user key into another user

• generate key for user1

ssh-keygen -t dsa -b 1024

• then propagate the key to user2

ssh-copy-id -i ~/.ssh/id_dsa.pub user2@localhost

change shell for zsh

chsh -s /bin/zsh marc

backup and synchronization

• note that -a is equivalent to -rlptgoD

 rsync -av --numeric-ids --block-size=2048 --exclude-from=./incexcl / root@booster:/agraver/hyperion

• in file incexcl put

- /proc/
- /dev/
- /sys/
- /mnt/
- /media/
- /var/autofs/
- /tmp/
- /incexcl
- /etc/network/interfaces