Pierstoval · May 11, 2026 13:41
diff --git a/Debian_starter.md b/Debian_starter.md
diff --git a/Debian_starter.sh b/Debian_starter.sh
 #!/bin/bash
 # Pre-requisites: sudo, curl or wget
 #
 # This script is meant to be run on a fresh Debian installation (tested on 12-Bookworm and 13-Trixie)
 # Usage: Run this script as root or with ${SUDO} privileges
 #
 # What it does:
 #    - Installs some system tools (curl, zip, wget, vim...
 #    - Sets the system's language to french.
 #    - Installs PHP and several extensions using this repository: https://deb.sury.org/
 #    - Installs Symfony CLI (https://symfony.com/download)
 #    - Installs MariaDB client and server
 #    - Installs NVM (https://github.com/nvm-sh/nvm) and uses it to install Node.js
 #    - Installs Caddy Server (https://caddyserver.com/)
 #
 # Note:
 # You can run the script by just copy-pasting this command:
 #     apt-get upgrade --update -y curl && (curl -sSL https://gist.githubusercontent.com/Pierstoval/2372ae4634322916608c4dcafe8ccfc6/raw/Debian_starter.sh | bash)
 #   Or:
 #     apt-get upgrade --update -y wget && (wget -qSO - https://gist.githubusercontent.com/Pierstoval/2372ae4634322916608c4dcafe8ccfc6/raw/Debian_starter.sh | bash)
 # ⚠ Only do this if you trust your network and understand what the script does!


 # Variables you can update

 DEFAULT_PHP_VERSION=8.5      # Change this to the desired PHP version, e.g., 8.4, 8.3, etc.
 DEFAULT_NVM_VERSION=0.40.4   # You can find latest version at https://github.com/nvm-sh/nvm

 # Leave empty for a random-generated password.
 # It will be stored in $HOME/.dbpwd for you to recover it.
 DEFAULT_MARIADB_ROOT_PASSWORD=""

 # System language
 DEFAULT_LANG=fr_FR.UTF-8













 # Other vars (you shouldn't modify anything after this line)

 PHP_VERSION="${PHP_VERSION:-"${DEFAULT_PHP_VERSION}"}"
 NVM_VERSION="${NVM_VERSION:-"${DEFAULT_NVM_VERSION}"}"

 # Feel free to change this to a custom password of yours,
 # this command generates a 25-characters long password,
 # so you could store it in secrets or a password manager.
 # In case you still want to use the root password,
 # it will be stored in $HOME/.dbpwd
 if [[ -z "${MARIADB_ROOT_PASSWORD}" && -z "${DEFAULT_MARIADB_ROOT_PASSWORD}" ]]; then
    MARIADB_ROOT_PASSWORD="$(tr -dc A-Za-z0-9_ < /dev/urandom | head -c 25)"
 else
    MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-"${DEFAULT_MARIADB_ROOT_PASSWORD}"}"
 fi

 LANG=${DEFAULT_LANG:-fr_FR.UTF-8}
 OSFILE="$(for f in /etc/os-release /etc/lsb-release /etc/redhat-release; do [ -f "$f" ] && echo "$f" && break; done)"
 if [[ -z $OSFILE ]]; then echo "Cannot find OS release file. Stopping script" ; exit 1 ; fi
 OSCODE="$(. $OSFILE && echo "${UBUNTU_CODENAME:-${DEBIAN_CODENAME:-$VERSION_CODENAME}}")"
 OSFAMILY="$(. $OSFILE && echo "${ID}")"

 SUDO=""
 if [ "$(whoami)" != "root" ]; then
    SUDO=sudo
 fi

 set -e # Exit on any error.
 set -u # Error when a variable is not defined.
 set -x # Shows every command that is executed before running it, making the script way more verbose, but more transparent.
 set -o pipefail # Any command in a pipeline (like "bash | cmd1 | cmd2" and so on) that fails makes the whole pipeline fail.

 # Base
 ${SUDO} apt update
 ${SUDO} apt upgrade -y \
 	locales-all \
 	zip \
 	git \
 	unzip \
 	wget \
 	curl \
 	net-tools \
 	libnss3-tools \
 	vim \
 	htop



 export LC_CTYPE=$LANG \
 	LC_MESSAGES=$LANG \
 	LC_ALL=$LANG



 # Deb sury repository for PHP
 ${SUDO} apt-get update
 ${SUDO} apt-get -y install lsb-release ca-certificates curl
 if command -v add-apt-repository >/dev/null 2>&1
 then
    ${SUDO} add-apt-repository ppa:ondrej/php
 else
 	if [[ $OSFAMILY == 'ubuntu' ]]; then
 		${SUDO} sh -c "echo \"\" > /etc/apt/sources.list.d/php.list"
 		${SUDO} sh -c "echo \"deb https://ppa.launchpadcontent.net/ondrej/php/ubuntu $OSCODE main \" >> /etc/apt/sources.list.d/php.list"
 		${SUDO} sh -c "echo \"deb-src https://ppa.launchpadcontent.net/ondrej/php/ubuntu $OSCODE main \" >> /etc/apt/sources.list.d/php.list"
 	else
 		${SUDO} curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
 		${SUDO} dpkg -i /tmp/debsuryorg-archive-keyring.deb
 		${SUDO} sh -c "echo \"deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $OSCODE main\" > /etc/apt/sources.list.d/php.list"
 	fi
 fi
 ${SUDO} apt-get update






 # PHP
 ${SUDO} apt install -y \
 	php${PHP_VERSION}-apcu \
 	php${PHP_VERSION}-cli \
 	php${PHP_VERSION}-curl \
 	php${PHP_VERSION}-fpm \
 	php${PHP_VERSION}-gd \
 	php${PHP_VERSION}-intl \
 	php${PHP_VERSION}-mbstring \
 	php${PHP_VERSION}-mysql \
 	php${PHP_VERSION}-pgsql \
 	php${PHP_VERSION}-sqlite3 \
 	php${PHP_VERSION}-xdebug \
 	php${PHP_VERSION}-xml \
 	php${PHP_VERSION}-zip
 # These extensions are built-in certain PHP versions, so failing is ok on these packages.
 ${SUDO} apt install -y \
 	php${PHP_VERSION}-json \
 	php${PHP_VERSION}-opcache \
 	|| true

 ${SUDO} sed -i "s/www-data/$(whoami)/g" /etc/php/${PHP_VERSION}/fpm/pool.d/www.conf

 cat >> "${HOME}/custom-php-ini-file.ini"<< EOF
 allow_url_include = off
 assert.active = on
 date.timezone = UTC
 max_execution_time = 180
 memory_limit = 1024M
 phar.readonly = off
 post_max_size = 100M
 precision = 17
 realpath_cache_size = 4M
 realpath_cache_ttl = 3600
 serialize_precision = -1
 session.use_strict_mode = On
 short_open_tag = off
 upload_max_filesize = 100M
 zend.detect_unicode = Off

 [assert]
 zend_assertions = 1
 assert.exception = 1

 [apcu]
 apc.enable_cli = 1
 apc.enabled = 1
 apc.shm_size = 128M
 apc.ttl = 7200

 [errors]
 display_errors = On
 display_startup_errors = off
 error_reporting = E_ALL & ~E_DEPRECATED

 [opcache]
 opcache.enable = 1
 opcache.enable_cli = 1
 opcache.max_accelerated_files = 50000

 [xdebug]
 ; Enable only if you need it, otherwise it will slow down your PHP setup
 xdebug.mode = off
 EOF

 ${SUDO} cp $HOME/custom-php-ini-file.ini /etc/php/${PHP_VERSION}/fpm/conf.d/99-custom.ini
 ${SUDO} cp $HOME/custom-php-ini-file.ini /etc/php/${PHP_VERSION}/cli/conf.d/99-custom.ini
 rm $HOME/custom-php-ini-file.ini





 # Symfony CLI for dev (and convenience sometimes)
 wget https://get.symfony.com/cli/installer -O - | bash
 ${SUDO} cp $HOME/.symfony5/bin/symfony /usr/local/bin/symfony





 # Database
 echo "installing mariadb"
 ${SUDO} apt install -y mariadb-server mariadb-client
 echo "stopping mariadb"
 ([[ $(ps --no-headers -o comm 1) == "systemd" ]] \
    && ${SUDO} systemctl stop mariadb \
    || echo "No global service to stop (maybe you're in a non-systemd-booted system?)") || true
 echo "starting mariadb manually"
 ${SUDO} mariadbd-safe --skip-grant-tables --skip-networking >/dev/null 2>&1 & disown
 echo "flushing privileges"
 mariadb -uroot -e "FLUSH PRIVILEGES ; ALTER USER 'root'@'localhost' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';"
 mysql -uroot -p"${MARIADB_ROOT_PASSWORD}" -e 'SELECT "it works!";'
 ${SUDO} kill `${SUDO} cat /var/run/mysqld/mysqld.pid`
 ([[ $(ps --no-headers -o comm 1) == "systemd" ]] \
    && ${SUDO} systemctl start mariadb \
    || echo "No global service to start (maybe you're in a non-systemd-booted system?)") || true
 echo "${MARIADB_ROOT_PASSWORD}" > $HOME/.dbpwd





 # Nodejs
 export NVM_DIR="$HOME/.nvm"
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v$NVM_VERSION/install.sh | bash
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
 [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion





 # Caddy, just in case
 ${SUDO} apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | ${SUDO} gpg --yes --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | ${SUDO} tee /etc/apt/sources.list.d/caddy-stable.list
 ${SUDO} apt update
 ${SUDO} apt install -y caddy
 ${SUDO} mkdir -p /var/www/




 echo "======="
 echo " Done! "
 echo "======="
	#!/bin/bash
	# Pre-requisites: sudo, curl or wget
	#
	# This script is meant to be run on a fresh Debian installation (tested on 12-Bookworm and 13-Trixie)
	# Usage: Run this script as root or with ${SUDO} privileges
	#
	# What it does:
	# - Installs some system tools (curl, zip, wget, vim...
	# - Sets the system's language to french.
	# - Installs PHP and several extensions using this repository: https://deb.sury.org/
	# - Installs Symfony CLI (https://symfony.com/download)
	# - Installs MariaDB client and server
	# - Installs NVM (https://github.com/nvm-sh/nvm) and uses it to install Node.js
	# - Installs Caddy Server (https://caddyserver.com/)
	#
	# Note:
	# You can run the script by just copy-pasting this command:
	# apt-get upgrade --update -y curl && (curl -sSL https://gist.githubusercontent.com/Pierstoval/2372ae4634322916608c4dcafe8ccfc6/raw/Debian_starter.sh \| bash)
	# Or:
	# apt-get upgrade --update -y wget && (wget -qSO - https://gist.githubusercontent.com/Pierstoval/2372ae4634322916608c4dcafe8ccfc6/raw/Debian_starter.sh \| bash)
	# ⚠ Only do this if you trust your network and understand what the script does!


	# Variables you can update

	DEFAULT_PHP_VERSION=8.5 # Change this to the desired PHP version, e.g., 8.4, 8.3, etc.
	DEFAULT_NVM_VERSION=0.40.4 # You can find latest version at https://github.com/nvm-sh/nvm

	# Leave empty for a random-generated password.
	# It will be stored in $HOME/.dbpwd for you to recover it.
	DEFAULT_MARIADB_ROOT_PASSWORD=""

	# System language
	DEFAULT_LANG=fr_FR.UTF-8













	# Other vars (you shouldn't modify anything after this line)

	PHP_VERSION="${PHP_VERSION:-"${DEFAULT_PHP_VERSION}"}"
	NVM_VERSION="${NVM_VERSION:-"${DEFAULT_NVM_VERSION}"}"

	# Feel free to change this to a custom password of yours,
	# this command generates a 25-characters long password,
	# so you could store it in secrets or a password manager.
	# In case you still want to use the root password,
	# it will be stored in $HOME/.dbpwd
	if [[ -z "${MARIADB_ROOT_PASSWORD}" && -z "${DEFAULT_MARIADB_ROOT_PASSWORD}" ]]; then
	MARIADB_ROOT_PASSWORD="$(tr -dc A-Za-z0-9_ < /dev/urandom \| head -c 25)"
	else
	MARIADB_ROOT_PASSWORD="${MARIADB_ROOT_PASSWORD:-"${DEFAULT_MARIADB_ROOT_PASSWORD}"}"
	fi

	LANG=${DEFAULT_LANG:-fr_FR.UTF-8}
	OSFILE="$(for f in /etc/os-release /etc/lsb-release /etc/redhat-release; do [ -f "$f" ] && echo "$f" && break; done)"
	if [[ -z $OSFILE ]]; then echo "Cannot find OS release file. Stopping script" ; exit 1 ; fi
	OSCODE="$(. $OSFILE && echo "${UBUNTU_CODENAME:-${DEBIAN_CODENAME:-$VERSION_CODENAME}}")"
	OSFAMILY="$(. $OSFILE && echo "${ID}")"

	SUDO=""
	if [ "$(whoami)" != "root" ]; then
	SUDO=sudo
	fi

	set -e # Exit on any error.
	set -u # Error when a variable is not defined.
	set -x # Shows every command that is executed before running it, making the script way more verbose, but more transparent.
	set -o pipefail # Any command in a pipeline (like "bash \| cmd1 \| cmd2" and so on) that fails makes the whole pipeline fail.

	# Base
	${SUDO} apt update
	${SUDO} apt upgrade -y \
	locales-all \
	zip \
	git \
	unzip \
	wget \
	curl \
	net-tools \
	libnss3-tools \
	vim \
	htop



	export LC_CTYPE=$LANG \
	LC_MESSAGES=$LANG \
	LC_ALL=$LANG



	# Deb sury repository for PHP
	${SUDO} apt-get update
	${SUDO} apt-get -y install lsb-release ca-certificates curl
	if command -v add-apt-repository >/dev/null 2>&1
	then
	${SUDO} add-apt-repository ppa:ondrej/php
	else
	if [[ $OSFAMILY == 'ubuntu' ]]; then
	${SUDO} sh -c "echo \"\" > /etc/apt/sources.list.d/php.list"
	${SUDO} sh -c "echo \"deb https://ppa.launchpadcontent.net/ondrej/php/ubuntu $OSCODE main \" >> /etc/apt/sources.list.d/php.list"
	${SUDO} sh -c "echo \"deb-src https://ppa.launchpadcontent.net/ondrej/php/ubuntu $OSCODE main \" >> /etc/apt/sources.list.d/php.list"
	else
	${SUDO} curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
	${SUDO} dpkg -i /tmp/debsuryorg-archive-keyring.deb
	${SUDO} sh -c "echo \"deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $OSCODE main\" > /etc/apt/sources.list.d/php.list"
	fi
	fi
	${SUDO} apt-get update






	# PHP
	${SUDO} apt install -y \
	php${PHP_VERSION}-apcu \
	php${PHP_VERSION}-cli \
	php${PHP_VERSION}-curl \
	php${PHP_VERSION}-fpm \
	php${PHP_VERSION}-gd \
	php${PHP_VERSION}-intl \
	php${PHP_VERSION}-mbstring \
	php${PHP_VERSION}-mysql \
	php${PHP_VERSION}-pgsql \
	php${PHP_VERSION}-sqlite3 \
	php${PHP_VERSION}-xdebug \
	php${PHP_VERSION}-xml \
	php${PHP_VERSION}-zip
	# These extensions are built-in certain PHP versions, so failing is ok on these packages.
	${SUDO} apt install -y \
	php${PHP_VERSION}-json \
	php${PHP_VERSION}-opcache \
	\|\| true

	${SUDO} sed -i "s/www-data/$(whoami)/g" /etc/php/${PHP_VERSION}/fpm/pool.d/www.conf

	cat >> "${HOME}/custom-php-ini-file.ini"<< EOF
	allow_url_include = off
	assert.active = on
	date.timezone = UTC
	max_execution_time = 180
	memory_limit = 1024M
	phar.readonly = off
	post_max_size = 100M
	precision = 17
	realpath_cache_size = 4M
	realpath_cache_ttl = 3600
	serialize_precision = -1
	session.use_strict_mode = On
	short_open_tag = off
	upload_max_filesize = 100M
	zend.detect_unicode = Off

	[assert]
	zend_assertions = 1
	assert.exception = 1

	[apcu]
	apc.enable_cli = 1
	apc.enabled = 1
	apc.shm_size = 128M
	apc.ttl = 7200

	[errors]
	display_errors = On
	display_startup_errors = off
	error_reporting = E_ALL & ~E_DEPRECATED

	[opcache]
	opcache.enable = 1
	opcache.enable_cli = 1
	opcache.max_accelerated_files = 50000

	[xdebug]
	; Enable only if you need it, otherwise it will slow down your PHP setup
	xdebug.mode = off
	EOF

	${SUDO} cp $HOME/custom-php-ini-file.ini /etc/php/${PHP_VERSION}/fpm/conf.d/99-custom.ini
	${SUDO} cp $HOME/custom-php-ini-file.ini /etc/php/${PHP_VERSION}/cli/conf.d/99-custom.ini
	rm $HOME/custom-php-ini-file.ini





	# Symfony CLI for dev (and convenience sometimes)
	wget https://get.symfony.com/cli/installer -O - \| bash
	${SUDO} cp $HOME/.symfony5/bin/symfony /usr/local/bin/symfony





	# Database
	echo "installing mariadb"
	${SUDO} apt install -y mariadb-server mariadb-client
	echo "stopping mariadb"
	([[ $(ps --no-headers -o comm 1) == "systemd" ]] \
	&& ${SUDO} systemctl stop mariadb \
	\|\| echo "No global service to stop (maybe you're in a non-systemd-booted system?)") \|\| true
	echo "starting mariadb manually"
	${SUDO} mariadbd-safe --skip-grant-tables --skip-networking >/dev/null 2>&1 & disown
	echo "flushing privileges"
	mariadb -uroot -e "FLUSH PRIVILEGES ; ALTER USER 'root'@'localhost' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';"
	mysql -uroot -p"${MARIADB_ROOT_PASSWORD}" -e 'SELECT "it works!";'
	${SUDO} kill `${SUDO} cat /var/run/mysqld/mysqld.pid`
	([[ $(ps --no-headers -o comm 1) == "systemd" ]] \
	&& ${SUDO} systemctl start mariadb \
	\|\| echo "No global service to start (maybe you're in a non-systemd-booted system?)") \|\| true
	echo "${MARIADB_ROOT_PASSWORD}" > $HOME/.dbpwd





	# Nodejs
	export NVM_DIR="$HOME/.nvm"
	curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v$NVM_VERSION/install.sh \| bash
	[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
	[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion





	# Caddy, just in case
	${SUDO} apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
	curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \| ${SUDO} gpg --yes --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
	curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \| ${SUDO} tee /etc/apt/sources.list.d/caddy-stable.list
	${SUDO} apt update
	${SUDO} apt install -y caddy
	${SUDO} mkdir -p /var/www/




	echo "======="
	echo " Done! "
	echo "======="
No results found