User Tools

Site Tools


pi:raspbian

This is an old revision of the document!


Raspbian

This page documents my local Raspberry Pi config for a Raspberry Pi 3 running Raspbian. This is config is based on Raspian Buster Lite released on 2020-02-13 by the Raspberry Pi Foundation which can be found here.

Disable automatic resizing of root partition

By default Raspbian attempts to grow the root partition of your system on first boot to fill your entire SD card. To disable this option do the following.

  • Remove custom init script and quiet from /boot/cmdline.txt before first power on.
  • Remove /etc/init.d/resize script.

After first boot

The following steps should be completed after first boot to configure the Pi for remote management.

Set vim as the default editor

apt install vim
update-alternatives --set editor /usr/bin/vim.basic

Disble IPv6

Add the following to /etc/sysctl.d/local.conf:

# disable IPv6
net.ipv6.conf.all.disable_ipv6=1

Configure static IP address

Edit /etc/dhcpcd.conf and add the following:

# Static eth0 configuration
interface eth0
static ip_address=10.77.3.6/24
static routers=10.77.3.1
static domain_name_servers=10.77.3.4 10.77.3.5

Add our local domain to the default search path configured by resolvconf.

echo "search in.quay.net" >> /etc/resolv.conf.tail

Configure OpenSSHD on boot

Set to run on boot.

systemctl enable ssh
systemctl start ssh

User configuration

Add local user:

groupadd -g 1778 gabriel
useradd -u 1778 -c "Gabriel O'Brien" -g 1778 -m -G sudo gabriel
passwd gabriel

Disable pi user:

usermod -s /usr/sbin/nologin -p '*' pi

Now set root password.

Sudoers config

Set timestamp_timeout=NN to more useful timeout value.

Grow root partition

Use parted and resize2fs to manually set root filesystem size.

# grow partition
parted
print
unit GiB
resizepart 2 42.25

# resize filesystem
resize2fs /dev/mmcblk0p2

raspi-config

Run the raspi-config tool and set the following options:

  • 2 Network Options → Hostname → Set hostname
  • 4 Localization
    • I1 Change Locale → en_CA.UTF-8 UTF-8 → disable en_GB.UTF-8 UTF-8 → Set default locale to C.UTF-8
  • 4 Localization Options
    • I2 Timezone → America → Toronto
  • 4 Localization Options
    • I3 Change Keyboard Layout → Generic 104-key PC → Other → English (US) → English (US) → The default for the keyboard layout → No compose key
  • 4 Localization Options
    • I4 Change WLAN Country → CA Canada
  • 7 Advanced Options
    • A3 Memory Split → 16

Additional hardware configuration via config.txt

These settings involve manual configuration of /boot/config.txt to disable certain drivers. See boot overlays README for more information.

Disable unneeded networking

# disable WiFi
dtoverlay=disable-wifi

# disable Bluetooth
dtoverlay=disable-bt

Disable modem service per boot overlays doc:

systemctl disable hciuart

Disable audio driver

Comment out the audio driver:

# Enable audio (loads snd_bcm2835)
#dtparam=audio=on

Configure OpenSSH server

Disable all keys except ed25519.

cat "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
cd /etc/ssh/ ** rm -f *key*
dpkg-reconfigure openssh-server

This section contains old instructions for Raspian 8 and will be deprecated in the future.

[Old] Raspian Jessie Lite instructions

  • Add OpenSSH authorized_keys for root user
  • Remove all key types except rsa and ed25519 from sshd_config
  • Remove all default keys and regenerate
    • rm *key*
    • ssh-keygen -q -N “” -t rsa -b 8192 -f /etc/ssh/ssh_host_rsa_key
    • ssh-keygen -q -N “” -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
    • service ssh restart
    • Make vi the default editor: update-alternatives –set editor /usr/bin/vim.tiny
    • Set static IP address for host by editing /etc/dhcpcd.conf:
# See dhcpcd.conf(5) for details.
interface eth0
static ip_address=$IP/$MASK
static routers=$ROUTER
  • Set resolvconf for a static configuration by editing /etc/resolvconf.conf:
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
search_domains=in.quay.net
# BUG WORKAROUND: space separated lists of DNS servers are not currently working
name_servers=$NS1
name_servers_append=$NS2

# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf
  • Remove pi default user
  • Remove pi group
  • Add new default user and group
    • Add sudoers entry for user
    • Set password
  • Update ntp config; apt-get install ntpdate and sync time
    • time.chu.nrc.ca
    • ntp1.torix.ca
    • tick.umanitoba.ca
    • time.nrc.ca
    • ntp2.torix.ca
    • tock.utoronto.ca
    • ntp3.torix.ca
    • tick.usask.ca
    • time.nist.gov
  • Set timezone to Toronto: sudo ln -fs /usr/share/zoneinfo/America/Toronto /etc/localtime
  • Remove MOTD text > /etc/motd
  • Install git and needrestart

Raspbian appears to have issues with managing network dependencies during boot. This script ensures that BIND, dhcpd, and NTP start up correctly after the network interface is properly set up. It is run via /etc/rc.local as a background process and depends on fping.

#!/bin/bash

until fping -qc 3 8.8.8.8 > /dev/null 2>&1; do
  echo "Waiting for network..."
done

for daemon in isc-dhcp-server bind9; do
  echo "Forcing restart of $daemon"
  service $daemon restart
done

echo "Forcing restart of ntp"
service ntp stop
ntpdate -s 0.ca.pool.ntp.org
service ntp start

Service management under systemd

  • Add service to systemd init process: systemctl enable $SERVICE
  • List all services: service –status-all

Disable WiFi completely

Blacklist the driver by creating a file in /etc/modprobe.d called wlan-blacklist.conf with the following contents:

blacklist brcmfmac
blacklist brcmutil
pi/raspbian.1589827253.txt.gz · Last modified: 2020-05-18 14:40 by gabriel