====== Raspbian ======
Documentation for my local Raspberry Pi 3 B+ config. These notes are based on Raspian Buster Lite released on 2020-02-13 by the Raspberry Pi Foundation, which can be found [[https://www.raspberrypi.org/downloads/raspbian/|here]].
===== Before first boot =====
By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. To disable this option do the following on the SD card image before first boot.
* Remove custom init script and quiet from ''/boot/cmdline.txt'' before first power on.
* Remove ''/etc/init.d/resize2fs_once'' script.
===== After first boot =====
The following steps should be completed after first boot to configure the Pi for remote management.
==== Set vim as the default editor ====
apt install vim
update-alternatives --set editor /usr/bin/vim.basic
==== Disble IPv6 ====
Add the following to ''/etc/sysctl.d/local.conf'':
# disable IPv6
net.ipv6.conf.all.disable_ipv6=1
==== Configure static IP address ====
Edit ''/etc/dhcpcd.conf'' and add the following:
# Static eth0 configuration
interface eth0
static ip_address=10.77.3.6/24
static routers=10.77.3.1
static domain_name_servers=10.77.3.4 10.77.3.5
Add our local domain to the default search path configured by ''resolvconf''.
echo "search in.quay.net" >> /etc/resolv.conf.tail
==== Configure OpenSSHD on boot====
Set to run on boot.
systemctl enable ssh
systemctl start ssh
==== User configuration ====
The following user modifications are made.
=== local user ===
Add local user:
groupadd -g 1778 gabriel
useradd -u 1778 -c "Gabriel O'Brien" -g 1778 -m -G sudo gabriel
passwd gabriel
=== pi ===
Disable pi user:
usermod -s /usr/sbin/nologin -p '*' pi
=== root ===
Now set root password.
=== ansible ===
Add ansible user:
groupadd -g 1111 ansible
useradd -u 1111 -c "Ansible control user" -g 1111 -m ansible
usermod -p '*' ansible
Configure the following sudo rule for ansible:
# Ansible control user
ansible ALL=(ALL) NOPASSWD:ALL
Copy SSH keys for Ansible user.
==== Sudoers config ====
Set ''timestamp_timeout=NN'' to more useful timeout value.
==== Grow root partition ====
Use ''parted'' and ''resize2fs'' to manually set root filesystem size.
# grow partition
parted
print
unit GiB
resizepart 2 42.25
# resize filesystem
resize2fs /dev/mmcblk0p2
==== raspi-config ====
Run the ''raspi-config'' tool and set the following options:
* **2 Network Options** -> Hostname -> Set hostname
* **4 Localization**
* **I1 Change Locale** -> en_CA.UTF-8 UTF-8 -> disable en_GB.UTF-8 UTF-8 -> Set default locale to C.UTF-8
* **4 Localization Options**
* **I2 Timezone** -> America -> Toronto
* **4 Localization Options**
* **I3 Change Keyboard Layout** -> Generic 104-key PC -> Other -> English (US) -> English (US) -> The default for the keyboard layout -> No compose key
* **4 Localization Options**
* **I4 Change WLAN Country** -> CA Canada
* **7 Advanced Options**
* **A3 Memory Split** -> 16
==== Additional hardware configuration via config.txt ====
These settings involve manual configuration of ''/boot/config.txt'' to disable certain drivers. See [[https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README|boot overlays README]] for more information.
=== Disable unneeded networking ===
# disable WiFi
dtoverlay=disable-wifi
# disable Bluetooth
dtoverlay=disable-bt
Disable modem service per boot overlays doc:
systemctl disable hciuart
=== Disable audio driver ===
Comment out the audio driver:
# Enable audio (loads snd_bcm2835)
#dtparam=audio=on
==== Configure OpenSSH server ====
Disable all keys except ed25519.
cat "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
rm -fv /etc/ssh/*key*
dpkg-reconfigure openssh-server
==== Packages ====
vim
ntp
isc-dhcp-server
bind9
dnsutils
whois
fping
git
tmux
mksh
zsh
==== Services ====
Service modification
systemctl disable apt-daily-upgrade.timer
systemctl disable apt-daily.timer
===== See also =====
* [[quay:dns|Local DNS configuration]]
* [[quay:ntp|Local time service]]
* [[quay:dhcp|Local DHCP service]]