quay:wiki

User Tools

Site Tools

Trace:
pi:raspbian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pi:raspbian [2016-04-09 19:37] – service management gabrielpi:raspbian [2020-05-19 09:39] (current) – [Raspbian] updating overview gabriel
Line 1: Line 1:
-This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian.  This is config is based on Raspian Jessie Lite released on 2016-03-18 by the Raspberry Pi Foundation which can be found [[https://www.raspberrypi.org/downloads/raspbian/|here]].+====== Raspbian ======
  
-  * Add OpenSSH authorized_keys for root user +Documentation for my local Raspberry Pi 3 B+ config.  These notes are based on Raspian Buster Lite released on 2020-02-13 by the Raspberry Pi Foundation, which can be found [[https://www.raspberrypi.org/downloads/raspbian/|here]]. 
-  * Remove all key types except rsa and ed25519 from sshd_config + 
-  * Remove all default keys and regenerate +===== Before first boot ===== 
-    * ''rm *key*'' + 
-    * ''ssh-keygen -q -N "" -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key'' +By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. To disable this option do the following on the SD card image before first boot. 
-    * ''ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key'' + 
-    * ''service ssh restart'' +  * Remove custom init script and quiet from ''/boot/cmdline.txt'' before first power on. 
-    * Make ''vi'' the default editor: ''update-alternatives --set editor /usr/bin/vim.tiny'' +  Remove ''/etc/init.d/resize2fs_once'' script. 
-    * Set static IP address for host by editing ''/etc/dhcpcd.conf'':+ 
 +===== After first boot ===== 
 + 
 +The following steps should be completed after first boot to configure the Pi for remote management. 
 + 
 +==== Set vim as the default editor ==== 
 + 
 +<code> 
 +apt install vim 
 +update-alternatives --set editor /usr/bin/vim.basic 
 +</code> 
 + 
 +==== Disble IPv6 ==== 
 + 
 +Add the following to ''/etc/sysctl.d/local.conf'': 
 + 
 +<code> 
 +# disable IPv6 
 +net.ipv6.conf.all.disable_ipv6=1 
 +</code> 
 + 
 +==== Configure static IP address ==== 
 + 
 +Edit ''/etc/dhcpcd.conf'' and add the following:
  
 <code> <code>
-See dhcpcd.conf(5) for details.+Static eth0 configuration
 interface eth0 interface eth0
-static ip_address=$IP/$MASK +static ip_address=10.77.3.6/24 
-static routers=$ROUTER+static routers=10.77.3.1 
 +static domain_name_servers=10.77.3.4 10.77.3.5
 </code> </code>
  
-  * Set ''resolvconf'' for a static configuration by editing /etc/resolvconf.conf:+Add our local domain to the default search path configured by ''resolvconf''.
  
 <code> <code>
-# Configuration for resolvconf(8) +echo "search in.quay.net" >> /etc/resolv.conf.tail 
-# See resolvconf.conf(5) for details+</code>
  
-resolv_conf=/etc/resolv.conf +==== Configure OpenSSHD on boot====
-# If you run a local name server, you should uncomment the below line and +
-# configure your subscribers configuration files below. +
-search_domains=in.quay.net +
-# BUG WORKAROUND: space separated lists of DNS servers are not currently working +
-name_servers=$NS1 +
-name_servers_append=$NS2+
  
-# Mirror the Debian package defaults for the below resolvers +Set to run on boot
-# so that resolvconf integrates seemlessly. + 
-dnsmasq_resolv=/var/run/dnsmasq/resolv.conf +<code> 
-pdnsd_conf=/etc/pdnsd.conf +systemctl enable ssh 
-unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf+systemctl start ssh
 </code> </code>
  
-  * Remove pi default user +==== User configuration ==== 
-  Remove pi group + 
-  Add new default user and group +The following user modifications are made. 
-    Add sudoers entry for user + 
-    * Set password +=== local user === 
-  * Update ntp config''apt-get install ntpdate'' and sync time + 
-    ''time.chu.nrc.ca'' +Add local user: 
-    * ''ntp1.torix.ca'' + 
-    * ''tick.umanitoba.ca'' +<code> 
-    ''time.nrc.ca'' +groupadd -g 1778 gabriel 
-    * ''ntp2.torix.ca'' +useradd -u 1778 -c "Gabriel O'Brien" -g 1778 -m -G sudo gabriel 
-    * ''tock.utoronto.ca'' +passwd gabriel 
-    * ''ntp3.torix.ca'' +</code> 
-    * ''tick.usask.ca'' + 
-    * ''time.nist.gov'' +=== pi === 
-  * Set timezone to Toronto''sudo ln -fs /usr/share/zoneinfo/America/Toronto /etc/localtime'' + 
-  * Remove MOTD text ''> /etc/motd'' +Disable pi user: 
-  Install git and needrestart+ 
 +<code> 
 +usermod -s /usr/sbin/nologin -p '*pi 
 +</code> 
 + 
 +=== root === 
 + 
 +Now set root password. 
 + 
 +=== ansible === 
 + 
 +Add ansible user: 
 + 
 +<code> 
 +groupadd -g 1111 ansible 
 +useradd -u 1111 -c "Ansible control user" -g 1111 -m ansible 
 +usermod -p '*' ansible 
 +</code> 
 + 
 +Configure the following sudo rule for ansible: 
 + 
 +<code> 
 +# Ansible control user 
 +ansible ALL=(ALL) NOPASSWD:ALL 
 +</code> 
 + 
 +Copy SSH keys for Ansible user. 
 + 
 +==== Sudoers config ==== 
 + 
 +Set ''timestamp_timeout=NN'' to more useful timeout value. 
 + 
 +==== Grow root partition ==== 
 + 
 +Use ''parted'' and ''resize2fs'' to manually set root filesystem size. 
 + 
 +<code> 
 +# grow partition 
 +parted 
 +print 
 +unit GiB 
 +resizepart 2 42.25 
 + 
 +# resize filesystem 
 +resize2fs /dev/mmcblk0p2 
 +</code> 
 + 
 +==== raspi-config ==== 
 + 
 +Run the ''raspi-config'' tool and set the following options: 
 + 
 +  * **2 Network Options** -> Hostname -> Set hostname 
 +  * **4 Localization** 
 +    * **I1 Change Locale** -> en_CA.UTF-8 UTF-8 -> disable en_GB.UTF-8 UTF-8 -> Set default locale to C.UTF-8 
 +  * **4 Localization Options** 
 +    * **I2 Timezone** -> America -> Toronto 
 +  * **4 Localization Options** 
 +    * **I3 Change Keyboard Layout** -> Generic 104-key PC -> Other -> English (US) -> English (US) -> The default for the keyboard layout -> No compose key 
 +  * **4 Localization Options** 
 +    * **I4 Change WLAN Country** -> CA Canada 
 +  * **7 Advanced Options** 
 +    * **A3 Memory Split** -> 16 
 + 
 +==== Additional hardware configuration via config.txt ==== 
 + 
 +These settings involve manual configuration of ''/boot/config.txt'' to disable certain drivers.  See [[https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README|boot overlays README]] for more information. 
 + 
 +=== Disable unneeded networking === 
 + 
 +<code> 
 +# disable WiFi 
 +dtoverlay=disable-wifi 
 + 
 +# disable Bluetooth 
 +dtoverlay=disable-bt 
 +</code> 
 + 
 +Disable modem service per boot overlays doc: 
 + 
 +<code> 
 +systemctl disable hciuart 
 +</code> 
 + 
 +=== Disable audio driver === 
 + 
 +Comment out the audio driver: 
 + 
 +<code> 
 +# Enable audio (loads snd_bcm2835) 
 +#dtparam=audio=on 
 +</code> 
 + 
 +==== Configure OpenSSH server ==== 
 + 
 +Disable all keys except ed25519. 
 + 
 +<code> 
 +cat "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config 
 +rm -fv /etc/ssh/*key* 
 +dpkg-reconfigure openssh-server 
 +</code> 
 + 
 +==== Packages ==== 
 + 
 +<code> 
 +vim 
 +ntp 
 +isc-dhcp-server 
 +bind9 
 +dnsutils 
 +whois 
 +fping 
 +git 
 +tmux 
 +mksh 
 +zsh 
 +</code> 
 + 
 + 
 +==== Services ==== 
 + 
 +Service modification 
 + 
 +<code> 
 +systemctl disable apt-daily-upgrade.timer 
 +systemctl disable apt-daily.timer 
 +</code>
  
-===== Service management under systemd =====+===== See also =====
  
-  * Add service to systemd init process''systemctl enable $SERVICE'' +  * [[quay:dns|Local DNS configuration]] 
-  * List all services''service --status-all''+  * [[quay:ntp|Local time service]] 
 +  * [[quay:dhcp|Local DHCP service]]
pi/raspbian.txt · Last modified: 2020-05-19 09:39 by gabriel