pi:raspbian
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pi:raspbian [2020-05-18 13:24] – raspi-config steps gabriel | pi:raspbian [2020-05-19 09:39] (current) – [Raspbian] updating overview gabriel | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Raspbian ====== | ====== Raspbian ====== | ||
- | This page documents | + | Documentation for my local Raspberry Pi 3 B+ config. |
- | * Disable auto resizing of root partition on boot | + | ===== Before first boot ===== |
- | * Disable quiet boot | + | |
- | * Configure static IP address | + | |
- | * Modify OpenSSH configuration | + | |
- | * Add user | + | |
- | ===== Disable automatic resizing of root partition | + | By default Raspbian attempts to grow the root partition |
- | By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. | + | |
- | To disable this option do the following. | + | * Remove |
- | + | ||
- | | + | |
- | * Remove / | + | |
===== After first boot ===== | ===== After first boot ===== | ||
The following steps should be completed after first boot to configure the Pi for remote management. | The following steps should be completed after first boot to configure the Pi for remote management. | ||
+ | |||
+ | ==== Set vim as the default editor ==== | ||
+ | |||
+ | < | ||
+ | apt install vim | ||
+ | update-alternatives --set editor / | ||
+ | </ | ||
+ | |||
+ | ==== Disble IPv6 ==== | ||
+ | |||
+ | Add the following to ''/ | ||
+ | |||
+ | < | ||
+ | # disable IPv6 | ||
+ | net.ipv6.conf.all.disable_ipv6=1 | ||
+ | </ | ||
==== Configure static IP address ==== | ==== Configure static IP address ==== | ||
- | Edit / | + | Edit '' |
+ | |||
+ | < | ||
+ | # Static eth0 configuration | ||
+ | interface eth0 | ||
+ | static ip_address=10.77.3.6/ | ||
+ | static routers=10.77.3.1 | ||
+ | static domain_name_servers=10.77.3.4 10.77.3.5 | ||
+ | </ | ||
+ | |||
+ | Add our local domain to the default search path configured by '' | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ==== Configure OpenSSHD on boot==== | ||
- | ==== Set OpenSSH | + | Set to run on boot. |
< | < | ||
Line 34: | Line 59: | ||
==== User configuration ==== | ==== User configuration ==== | ||
- | Add local user | + | The following user modifications are made. |
+ | |||
+ | === local user === | ||
+ | |||
+ | Add local user: | ||
< | < | ||
Line 42: | Line 71: | ||
</ | </ | ||
- | Disable pi user | + | === pi === |
+ | |||
+ | Disable pi user: | ||
< | < | ||
Line 48: | Line 79: | ||
</ | </ | ||
- | Set root password | + | === root === |
+ | |||
+ | Now set root password. | ||
+ | |||
+ | === ansible === | ||
+ | |||
+ | Add ansible user: | ||
+ | |||
+ | < | ||
+ | groupadd -g 1111 ansible | ||
+ | useradd -u 1111 -c " | ||
+ | usermod -p ' | ||
+ | </ | ||
+ | |||
+ | Configure the following sudo rule for ansible: | ||
+ | |||
+ | < | ||
+ | # Ansible control user | ||
+ | ansible ALL=(ALL) NOPASSWD: | ||
+ | </ | ||
+ | |||
+ | Copy SSH keys for Ansible user. | ||
+ | |||
+ | ==== Sudoers config ==== | ||
+ | |||
+ | Set '' | ||
==== Grow root partition ==== | ==== Grow root partition ==== | ||
- | Use parted and resize2fs to manually set root filesystem size. | + | Use '' |
< | < | ||
Line 67: | Line 123: | ||
==== raspi-config ==== | ==== raspi-config ==== | ||
- | Run the raspi-config tool and set the following options. | + | Run the '' |
* **2 Network Options** -> Hostname -> Set hostname | * **2 Network Options** -> Hostname -> Set hostname | ||
Line 81: | Line 137: | ||
* **A3 Memory Split** -> 16 | * **A3 Memory Split** -> 16 | ||
- | ===== Old: Raspian Jessie Lite instructions ===== | + | ==== Additional hardware configuration via config.txt |
- | * Add OpenSSH authorized_keys for root user | + | These settings involve manual configuration of '' |
- | * Remove all key types except rsa and ed25519 from sshd_config | + | |
- | * Remove all default keys and regenerate | + | === Disable unneeded networking === |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * Make '' | + | |
- | * Set static IP address for host by editing ''/ | + | |
< | < | ||
- | # See dhcpcd.conf(5) for details. | + | # disable WiFi |
- | interface eth0 | + | dtoverlay=disable-wifi |
- | static ip_address=$IP/$MASK | + | |
- | static routers=$ROUTER | + | # disable Bluetooth |
+ | dtoverlay=disable-bt | ||
</ | </ | ||
- | * Set '' | + | Disable modem service per boot overlays doc: |
< | < | ||
- | # Configuration for resolvconf(8) | + | systemctl disable hciuart |
- | # See resolvconf.conf(5) for details | + | |
- | + | ||
- | resolv_conf=/ | + | |
- | # If you run a local name server, you should uncomment the below line and | + | |
- | # configure your subscribers configuration files below. | + | |
- | search_domains=in.quay.net | + | |
- | # BUG WORKAROUND: space separated lists of DNS servers are not currently working | + | |
- | name_servers=$NS1 | + | |
- | name_servers_append=$NS2 | + | |
- | + | ||
- | # Mirror the Debian package defaults for the below resolvers | + | |
- | # so that resolvconf integrates seemlessly. | + | |
- | dnsmasq_resolv=/ | + | |
- | pdnsd_conf=/ | + | |
- | unbound_conf=/ | + | |
</ | </ | ||
- | * Remove pi default user | + | === Disable audio driver === |
- | * Remove pi group | + | |
- | * Add new default user and group | + | |
- | * Add sudoers entry for user | + | |
- | * Set password | + | |
- | * Update ntp config; '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * '' | + | |
- | * Set timezone to Toronto: '' | + | |
- | * Remove MOTD text ''> | + | |
- | * Install git and needrestart | + | |
- | Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via ''/ | + | Comment out the audio driver: |
< | < | ||
- | #!/bin/bash | + | # Enable audio (loads snd_bcm2835) |
+ | # | ||
+ | </code> | ||
- | until fping -qc 3 8.8.8.8 > /dev/null 2>& | + | ==== Configure OpenSSH server ==== |
- | echo " | + | |
- | done | + | |
- | for daemon in isc-dhcp-server bind9; do | + | Disable all keys except ed25519. |
- | echo " | + | |
- | service $daemon restart | + | |
- | done | + | |
- | echo "Forcing restart of ntp" | + | < |
- | service ntp stop | + | cat "HostKey / |
- | ntpdate | + | rm -fv / |
- | service ntp start | + | dpkg-reconfigure openssh-server |
</ | </ | ||
- | ====== Service management under systemd ====== | + | ==== Packages |
- | * Add service to systemd init process: '' | + | < |
- | * List all services: '' | + | vim |
+ | ntp | ||
+ | isc-dhcp-server | ||
+ | bind9 | ||
+ | dnsutils | ||
+ | whois | ||
+ | fping | ||
+ | git | ||
+ | tmux | ||
+ | mksh | ||
+ | zsh | ||
+ | </ | ||
- | ====== Disable WiFi completely ====== | ||
- | Blacklist the driver by creating a file in ''/ | + | ==== Services ==== |
+ | |||
+ | Service modification | ||
< | < | ||
- | blacklist brcmfmac | + | systemctl disable apt-daily-upgrade.timer |
- | blacklist brcmutil | + | systemctl disable apt-daily.timer |
</ | </ | ||
+ | |||
+ | ===== See also ===== | ||
+ | |||
+ | * [[quay: | ||
+ | * [[quay: | ||
+ | * [[quay: |
pi/raspbian.1589822662.txt.gz · Last modified: 2020-05-18 13:24 by gabriel