Nifty hardware, here's some stuff to do with it.

= Alternative hardware =

Maybe you want something different? There's many manufacturers of single-board computers now. Here's one that'd be good for a VPN access router or something, the Nano Pi R4S: https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=284


= RPi builds =

This is using them for stuff like Pihole and Wireguard.

 * https://www.reddit.com/r/pihole/comments/c62np8/pihole_with_unbound_wireguard_vpn_server_on_a/
 * https://github.com/harrypnyce/raspbian10-buster/blob/master/README.md
 * https://www.raspberrypi-spy.co.uk/2019/10/pi-hole-oled-status-screen/
 * https://www.reddit.com/r/pihole/comments/bnihyz/guide_how_to_install_wireguard_on_a_raspberry_pi/

Monitoring is good too.

 * https://bestmonitoringtools.com/how-to-install-zabbix-on-raspberry-pi-raspbian/

= Apt Cacher NG =

Package cache, great for RPi because one of the upstream repos is horrible and slow.

 * https://wiki.debian.org/AptCacherNg
 * https://www.unix-ag.uni-kl.de/~bloch/acng/
 * https://help.ubuntu.com/community/Apt-Cacher-Server
 * https://fabianlee.org/2018/02/11/ubuntu-a-centralized-apt-package-cache-using-apt-cacher-ng/


= PXE utility server =

https://wiki.polaire.nl/doku.php?id=raspberry_pi_pxe_server


= Minimising =

Stuff you can do to make it boot faster and run leaner. These notes are from running Fedora, but they're somewhat general.

{{{
disable wifi in config.txt (https://raspberrypi.stackexchange.com/questions/43720/disable-wifi-wlan0-on-pi-3)
    dtoverlay=disable-wifi
    yum erase -y wpa_supplicant
disable selinux (https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html)
    selinux=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable firewalld
    systemctl disable firewalld --now
    dnf erase -y firewalld
disable auditd
    audit=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable sound (https://www.instructables.com/id/Disable-the-Built-in-Sound-Card-of-Raspberry-Pi/)
    modprobe.d blacklisting /etc/modprobe.d/raspi-blacklist.conf
    
disable fstrim (do it with an @reboot crontab)
    systemctl disable fstrim.service --now
    /usr/sbin/fstrim --fstab --verbose --quiet
remove lvm2
    yum erase -y lvm2
}}}


= Debian 11 Bullseye on Zero W =

https://raspi.debian.net/faq/

Loaded up the image, booted, fixed up the wifi config in `/etc/network/interfaces.d/wlan0` {{{
allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-ssid "Your Waifu is Trash"
    wpa-psk ABCDEFGHIJKL
}}}

Tweak `/boot/firmware/sysconf.txt` settings and reboot.

Should use `hostnamectl set-hostname makarov.thighhighs.top`

Actually it's much like [[furinkan/private/illustrious]], can also follow that.

'''THIS IS A ROOT-ONLY BUILD'''

{{{
apt install vim screen locales bash-completion

Fix the locales: dpkg-reconfigure locales

Disable console blanking, seems this is already done by default:
    cat /sys/module/kernel/parameters/consoleblank

Disable address privacy:
    echo -e "net.ipv6.conf.all.use_tempaddr = 0\nnet.ipv6.conf.default.use_tempaddr = 0" >> /etc/sysctl.d/local.conf
    service procps restart

echo "export EDITOR=vim" > /etc/profile.d/50-editor-vim.sh

timedatectl set-timezone Australia/Sydney

echo -e "Host *\n    HashKnownHosts no" > /etc/ssh/ssh_config.d/99-global.conf

apt install python3 python-is-python3
apt install wget curl net-tools ack jq make mlocate elinks nmap whois
updatedb

curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
curl -o ~/.config/procps/toprc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.toprc


apt install dphys-swapfile/testing

Edit /etc/dphys-swapfile and set CONF_SWAPFACTOR=2 or whatever, then systemctl restart dphys-swapfile

}}}


= Pihole HA =

Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them.

 * vector as primary and DHCP server
 * asval as secondary, maybe doing some DHCP too

Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this.

 * https://discourse.pi-hole.net/t/high-availability-ha-for-pi-hole-running-two-pi-holes/3138/3
 * Tools for scripted syncing: https://www.reddit.com/r/pihole/comments/eo2q1r/pihole_clustered_configuration/