User Tools

Site Tools


pi:raspbian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
pi:raspbian [2020-05-18 14:23] – adding section for config.txt hardware config gabrielpi:raspbian [2020-05-19 09:39] (current) – [Raspbian] updating overview gabriel
Line 1: Line 1:
 ====== Raspbian ====== ====== Raspbian ======
  
-This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian.  This is config is based on Raspian Buster Lite released on 2020-02-13 by the Raspberry Pi Foundation which can be found [[https://www.raspberrypi.org/downloads/raspbian/|here]].+Documentation for my local Raspberry Pi 3 B+ config.  These notes are based on Raspian Buster Lite released on 2020-02-13 by the Raspberry Pi Foundationwhich can be found [[https://www.raspberrypi.org/downloads/raspbian/|here]].
  
-  * Disable auto resizing of root partition on boot +===== Before first boot =====
-  * Disable quiet boot +
-  * Configure static IP address +
-  * Modify OpenSSH configuration +
-  * Add user+
  
-===== Disable automatic resizing of root partition =====+By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. To disable this option do the following on the SD card image before first boot.
  
-By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. +  * Remove custom init script and quiet from ''/boot/cmdline.txt'' before first power on. 
-To disable this option do the following. +  * Remove ''/etc/init.d/resize2fs_once'' script.
- +
-  * Remove custom init script and quiet from /boot/cmdline.txt before first power on. +
-  * Remove /etc/init.d/resize script.+
  
 ===== After first boot ===== ===== After first boot =====
Line 30: Line 23:
 ==== Disble IPv6 ==== ==== Disble IPv6 ====
  
-Add the following to /etc/sysctl.d/local.conf:+Add the following to ''/etc/sysctl.d/local.conf'':
  
 <code> <code>
Line 39: Line 32:
 ==== Configure static IP address ==== ==== Configure static IP address ====
  
-Edit /etc/dhcpcd.conf and add the following:+Edit ''/etc/dhcpcd.conf'' and add the following:
  
 <code> <code>
Line 47: Line 40:
 static routers=10.77.3.1 static routers=10.77.3.1
 static domain_name_servers=10.77.3.4 10.77.3.5 static domain_name_servers=10.77.3.4 10.77.3.5
 +</code>
 +
 +Add our local domain to the default search path configured by ''resolvconf''.
 +
 +<code>
 +echo "search in.quay.net" >> /etc/resolv.conf.tail
 </code> </code>
  
Line 60: Line 59:
 ==== User configuration ==== ==== User configuration ====
  
-Add local user+The following user modifications are made. 
 + 
 +=== local user === 
 + 
 +Add local user:
  
 <code> <code>
Line 68: Line 71:
 </code> </code>
  
-Disable pi user+=== pi === 
 + 
 +Disable pi user:
  
 <code> <code>
Line 74: Line 79:
 </code> </code>
  
-Set root password+=== root === 
 + 
 +Now set root password
 + 
 +=== ansible === 
 + 
 +Add ansible user: 
 + 
 +<code> 
 +groupadd -g 1111 ansible 
 +useradd -u 1111 -c "Ansible control user" -g 1111 -m ansible 
 +usermod -p '*' ansible 
 +</code> 
 + 
 +Configure the following sudo rule for ansible: 
 + 
 +<code> 
 +# Ansible control user 
 +ansible ALL=(ALL) NOPASSWD:ALL 
 +</code> 
 + 
 +Copy SSH keys for Ansible user.
  
 ==== Sudoers config ==== ==== Sudoers config ====
  
-Set timestamp_timeout=NN to more useful timeout value.+Set ''timestamp_timeout=NN'' to more useful timeout value.
  
 ==== Grow root partition ==== ==== Grow root partition ====
  
-Use parted and resize2fs to manually set root filesystem size.+Use ''parted'' and ''resize2fs'' to manually set root filesystem size.
  
 <code> <code>
Line 97: Line 123:
 ==== raspi-config ==== ==== raspi-config ====
  
-Run the raspi-config tool and set the following options.+Run the ''raspi-config'' tool and set the following options:
  
   * **2 Network Options** -> Hostname -> Set hostname   * **2 Network Options** -> Hostname -> Set hostname
Line 113: Line 139:
 ==== Additional hardware configuration via config.txt ==== ==== Additional hardware configuration via config.txt ====
  
-These settings involve manual configuration of /boot/config.txt to disable certain drivers.  See [[https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README|boot overlays README]] for more information.+These settings involve manual configuration of ''/boot/config.txt'' to disable certain drivers.  See [[https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README|boot overlays README]] for more information.
  
 === Disable unneeded networking === === Disable unneeded networking ===
Line 146: Line 172:
 <code> <code>
 cat "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config cat "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
-cd /etc/ssh/ ** rm -f *key*+rm -fv /etc/ssh/*key*
 dpkg-reconfigure openssh-server dpkg-reconfigure openssh-server
 </code> </code>
  
- +==== Packages ====
- +
- +
-===== Old: Raspian Jessie Lite instructions ===== +
- +
-  * Add OpenSSH authorized_keys for root user +
-  * Remove all key types except rsa and ed25519 from sshd_config +
-  * Remove all default keys and regenerate +
-    * ''rm *key*'' +
-    * ''ssh-keygen -q -N "" -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key'' +
-    * ''ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key'' +
-    * ''service ssh restart'' +
-    * Make ''vi'' the default editor: ''update-alternatives --set editor /usr/bin/vim.tiny'' +
-    * Set static IP address for host by editing ''/etc/dhcpcd.conf'':+
  
 <code> <code>
-# See dhcpcd.conf(5) for details. +vim 
-interface eth0 +ntp 
-static ip_address=$IP/$MASK +isc-dhcp-server 
-static routers=$ROUTER+bind9 
 +dnsutils 
 +whois 
 +fping 
 +git 
 +tmux 
 +mksh 
 +zsh
 </code> </code>
  
-  * Set ''resolvconf'' for a static configuration by editing /etc/resolvconf.conf: 
  
-<code> +==== Services ====
-# Configuration for resolvconf(8) +
-# See resolvconf.conf(5) for details+
  
-resolv_conf=/etc/resolv.conf +Service modification
-# If you run a local name server, you should uncomment the below line and +
-# configure your subscribers configuration files below. +
-search_domains=in.quay.net +
-# BUG WORKAROUND: space separated lists of DNS servers are not currently working +
-name_servers=$NS1 +
-name_servers_append=$NS2 +
- +
-# Mirror the Debian package defaults for the below resolvers +
-# so that resolvconf integrates seemlessly. +
-dnsmasq_resolv=/var/run/dnsmasq/resolv.conf +
-pdnsd_conf=/etc/pdnsd.conf +
-unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf +
-</code> +
- +
-  * Remove pi default user +
-  * Remove pi group +
-  * Add new default user and group +
-    * Add sudoers entry for user +
-    * Set password +
-  * Update ntp config; ''apt-get install ntpdate'' and sync time +
-    * ''time.chu.nrc.ca'' +
-    * ''ntp1.torix.ca'' +
-    * ''tick.umanitoba.ca'' +
-    * ''time.nrc.ca'' +
-    * ''ntp2.torix.ca'' +
-    * ''tock.utoronto.ca'' +
-    * ''ntp3.torix.ca'' +
-    * ''tick.usask.ca'' +
-    * ''time.nist.gov'' +
-  * Set timezone to Toronto: ''sudo ln -fs /usr/share/zoneinfo/America/Toronto /etc/localtime'' +
-  * Remove MOTD text ''> /etc/motd'' +
-  * Install git and needrestart +
- +
-Raspbian appears to have issues with managing network dependencies during boot.  This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up.  It is run via ''/etc/rc.local'' as a background process and depends on fping.+
  
 <code> <code>
-#!/bin/bash +systemctl disable apt-daily-upgrade.timer 
- +systemctl disable apt-daily.timer
-until fping -qc 3 8.8.8.8 > /dev/null 2>&1; do +
-  echo "Waiting for network..." +
-done +
- +
-for daemon in isc-dhcp-server bind9; do +
-  echo "Forcing restart of $daemon" +
-  service $daemon restart +
-done +
- +
-echo "Forcing restart of ntp" +
-service ntp stop +
-ntpdate -s 0.ca.pool.ntp.org +
-service ntp start+
 </code> </code>
  
-====== Service management under systemd ======+===== See also =====
  
-  * Add service to systemd init process''systemctl enable $SERVICE'' +  * [[quay:dns|Local DNS configuration]] 
-  * List all services''service --status-all'' +  * [[quay:ntp|Local time service]] 
- +  * [[quay:dhcp|Local DHCP service]]
-====== Disable WiFi completely ====== +
- +
-Blacklist the driver by creating a file in ''/etc/modprobe.d'' called ''wlan-blacklist.conf'' with the following contents: +
- +
-<code> +
-blacklist brcmfmac +
-blacklist brcmutil +
-</code>+
pi/raspbian.1589826207.txt.gz · Last modified: 2020-05-18 14:23 by gabriel