pi:raspbian
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
pi:raspbian [2016-04-09 21:41] – watchdog script gabriel | pi:raspbian [2020-05-18 21:31] – adding tmux and alternative shells gabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian. | + | ====== Raspbian ====== |
+ | |||
+ | This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian. | ||
+ | |||
+ | ===== Before first boot ===== | ||
+ | |||
+ | By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. To disable this option do the following on the SD card image before first boot. | ||
+ | |||
+ | * Remove custom init script and quiet from ''/ | ||
+ | * Remove ''/ | ||
+ | |||
+ | ===== After first boot ===== | ||
+ | |||
+ | The following steps should be completed after first boot to configure the Pi for remote management. | ||
+ | |||
+ | ==== Set vim as the default editor ==== | ||
+ | |||
+ | < | ||
+ | apt install vim | ||
+ | update-alternatives --set editor / | ||
+ | </ | ||
+ | |||
+ | ==== Disble IPv6 ==== | ||
+ | |||
+ | Add the following to ''/ | ||
+ | |||
+ | < | ||
+ | # disable IPv6 | ||
+ | net.ipv6.conf.all.disable_ipv6=1 | ||
+ | </ | ||
+ | |||
+ | ==== Configure static IP address ==== | ||
+ | |||
+ | Edit ''/ | ||
+ | |||
+ | < | ||
+ | # Static eth0 configuration | ||
+ | interface eth0 | ||
+ | static ip_address=10.77.3.6/ | ||
+ | static routers=10.77.3.1 | ||
+ | static domain_name_servers=10.77.3.4 10.77.3.5 | ||
+ | </ | ||
+ | |||
+ | Add our local domain to the default search path configured by '' | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ==== Configure OpenSSHD on boot==== | ||
+ | |||
+ | Set to run on boot. | ||
+ | |||
+ | < | ||
+ | systemctl enable ssh | ||
+ | systemctl start ssh | ||
+ | </ | ||
+ | |||
+ | ==== User configuration ==== | ||
+ | |||
+ | The following user modifications are made. | ||
+ | |||
+ | === local user === | ||
+ | |||
+ | Add local user: | ||
+ | |||
+ | < | ||
+ | groupadd -g 1778 gabriel | ||
+ | useradd -u 1778 -c " | ||
+ | passwd gabriel | ||
+ | </ | ||
+ | |||
+ | === pi === | ||
+ | |||
+ | Disable pi user: | ||
+ | |||
+ | < | ||
+ | usermod -s / | ||
+ | </ | ||
+ | |||
+ | === root === | ||
+ | |||
+ | Now set root password. | ||
+ | |||
+ | === ansible === | ||
+ | |||
+ | Add ansible user: | ||
+ | |||
+ | < | ||
+ | groupadd -g 1111 ansible | ||
+ | useradd -u 1111 -c " | ||
+ | usermod -p ' | ||
+ | </ | ||
+ | |||
+ | Configure the following sudo rule for ansible: | ||
+ | |||
+ | < | ||
+ | # Ansible control user | ||
+ | ansible ALL=(ALL) NOPASSWD: | ||
+ | </ | ||
+ | |||
+ | Copy SSH keys for Ansible user. | ||
+ | |||
+ | ==== Sudoers config ==== | ||
+ | |||
+ | Set '' | ||
+ | |||
+ | ==== Grow root partition ==== | ||
+ | |||
+ | Use '' | ||
+ | |||
+ | < | ||
+ | # grow partition | ||
+ | parted | ||
+ | |||
+ | unit GiB | ||
+ | resizepart 2 42.25 | ||
+ | |||
+ | # resize filesystem | ||
+ | resize2fs / | ||
+ | </ | ||
+ | |||
+ | ==== raspi-config ==== | ||
+ | |||
+ | Run the '' | ||
+ | |||
+ | * **2 Network Options** -> Hostname -> Set hostname | ||
+ | * **4 Localization** | ||
+ | * **I1 Change Locale** -> en_CA.UTF-8 UTF-8 -> disable en_GB.UTF-8 UTF-8 -> Set default locale to C.UTF-8 | ||
+ | * **4 Localization Options** | ||
+ | * **I2 Timezone** -> America -> Toronto | ||
+ | * **4 Localization Options** | ||
+ | * **I3 Change Keyboard Layout** -> Generic 104-key PC -> Other -> English (US) -> English (US) -> The default for the keyboard layout -> No compose key | ||
+ | * **4 Localization Options** | ||
+ | * **I4 Change WLAN Country** -> CA Canada | ||
+ | * **7 Advanced Options** | ||
+ | * **A3 Memory Split** -> 16 | ||
+ | |||
+ | ==== Additional hardware configuration via config.txt ==== | ||
+ | |||
+ | These settings involve manual configuration of ''/ | ||
+ | |||
+ | === Disable unneeded networking === | ||
+ | |||
+ | < | ||
+ | # disable WiFi | ||
+ | dtoverlay=disable-wifi | ||
+ | |||
+ | # disable Bluetooth | ||
+ | dtoverlay=disable-bt | ||
+ | </ | ||
+ | |||
+ | Disable modem service per boot overlays doc: | ||
+ | |||
+ | < | ||
+ | systemctl disable hciuart | ||
+ | </ | ||
+ | |||
+ | === Disable audio driver === | ||
+ | |||
+ | Comment out the audio driver: | ||
+ | |||
+ | < | ||
+ | # Enable audio (loads snd_bcm2835) | ||
+ | # | ||
+ | </ | ||
+ | |||
+ | ==== Configure OpenSSH server ==== | ||
+ | |||
+ | Disable all keys except ed25519. | ||
+ | |||
+ | < | ||
+ | cat " | ||
+ | rm -fv / | ||
+ | dpkg-reconfigure openssh-server | ||
+ | </ | ||
+ | |||
+ | ==== Packages ==== | ||
+ | |||
+ | < | ||
+ | vim | ||
+ | ntp | ||
+ | isc-dhcp-server | ||
+ | bind9 | ||
+ | dnsutils | ||
+ | whois | ||
+ | fping | ||
+ | git | ||
+ | tmux | ||
+ | mksh | ||
+ | zsh | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Services ==== | ||
+ | |||
+ | Service modification | ||
+ | |||
+ | < | ||
+ | systemctl disable apt-daily-upgrade.timer | ||
+ | systemctl disable apt-daily.timer | ||
+ | </ | ||
+ | |||
+ | ===== See also ===== | ||
+ | |||
+ | * [[quay: | ||
+ | * [[quay: | ||
+ | * [[quay: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | //This section contains old instructions for Raspian 8 and will be deprecated in the future.// | ||
+ | |||
+ | ===== [Old] Raspian Jessie Lite instructions ===== | ||
* Add OpenSSH authorized_keys for root user | * Add OpenSSH authorized_keys for root user | ||
Line 58: | Line 271: | ||
* Install git and needrestart | * Install git and needrestart | ||
- | Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via ''/ | + | Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via ''/ |
< | < | ||
Line 78: | Line 291: | ||
</ | </ | ||
- | ===== Service management under systemd | + | ==== Service management under systemd ==== |
* Add service to systemd init process: '' | * Add service to systemd init process: '' | ||
* List all services: '' | * List all services: '' | ||
+ | |||
+ | ==== Disable WiFi completely ==== | ||
+ | |||
+ | Blacklist the driver by creating a file in ''/ | ||
+ | |||
+ | < | ||
+ | blacklist brcmfmac | ||
+ | blacklist brcmutil | ||
+ | </ |
pi/raspbian.txt · Last modified: 2020-05-19 09:39 by gabriel