|
Size: 3763
Comment: new pi zero w notes
|
Size: 11319
Comment: add notes about small external displays
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
<<TableOfContents>> = Alternative hardware = Maybe you want something different? There's many manufacturers of single-board computers now. Here's one that'd be good for a VPN access router or something, the Nano Pi R4S: https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=284 = Display hats = Here's one I bought from Aliexpress for about 20 bucks Aussie: http://www.lcdwiki.com/3.5inch_RPi_Display There's no one canonical supplier, but you can tell they're all the same product. Here's my notes, I downloaded their driver package (https://github.com/goodtft/LCD-show.git) then pulled it apart. It's not hard to get up and running, even avoiding the all-in-one script that probably smashes itself onto your system. {{{ # copy the devicetree file to two names in the overlays dir cp ./usr/tft35a-overlay.dtb /boot/overlays/ cp ./usr/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo # enable spi in raspi-config (or uncomment it in /boot/firmware/config.txt, dtparam=spi=on) # They wanna edit boot/config.txt # if hdmi display is not detected and composite is being output hdmi_force_hotplug=1 enable_uart=1 dtoverlay=tft35a:rotate=90 # forces a specific mode hdmi_group=2 hdmi_mode=1 hdmi_mode=87 hdmi_cvt 480 320 60 6 0 0 0 # force a HDMI mode rather than DVI hdmi_drive=2 # for the touchscreen cp -rf ./usr/99-calibration.conf-35-90 /etc/X11/xorg.conf.d/99-calibration.conf # compile and install fbcp mkdir -p ./usr/rpi-fbcp/build cd cmake .. make cd ../../../ install -v ./usr/rpi-fbcp/build/fbcp /usr/local/bin/fbcp # make the Xorg server pick up and load xf86-video-fbturbo driver installed in the system cp -rf ./usr/99-fbturbo.conf /usr/share/X11/xorg.conf.d/99-fbturbo.conf cp -rf ./usr/99-fbturbo-fbcp.conf /usr/share/X11/xorg.conf.d/99-fbturbo.conf # And now... run fbcp constantly in the background? Maybe this only does something after a reboot loads the fbturbo thing # Try this instead cp -v ./usr/99-fbturbo-fbcp.conf /etc/X11/xorg.conf.d/99-fbturbo.conf # change the end of /etc/rc.local to: sleep 7 fbcp & exit 0 It's not even clear that this matters, and I think it's because I'm on a non-graphical system - no framebuffer to deal with, no fbturbo driver either. Derp. # touchscreen config stuff apt install xserver-xorg-input-evdev apt localinstall xserver-xorg-input-evdev_1%3a2.10.6-2_arm64.deb # what does this even do?? cp -rf /usr/share/X11/xorg.conf.d/10-evdev.conf /usr/share/X11/xorg.conf.d/45-evdev.conf Try rebooting now? Aha there it is. It says nothing on the console but it does log to syslog: Jul 11 18:04:23 azusa fbcp[756]: Unable to open primary display }}} Removing it was easy too {{{ Remove fbcp from /etc/rc.local rm /etc/X11/xorg.conf.d/99-fbturbo.conf rm /usr/local/bin/fbcp comment out the stuff in /boot/firmware/config.txt rm /boot/overlays/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo disable SPI in raspi-config Reboot }}} = Smallish external displays = These are all sort of laptop-ish size which might be convenient for cyberdeck-style builds. * Arace 8" HD touch panel * 1280 x 800 * 5-point touch input * MIPI connection * About $70 AUD: https://arace.tech/products/display-8-hd * Arace 10" FHD touch panel * 1920 x 1200 * No touch? * MIPI connection * About $100 AUD: https://arace.tech/products/display-10-fhd * 5.5" 1080p IPS panel (touch?) * About $60 AUD: https://www.aliexpress.com/item/1005006117065145.html * Ubiquitous 480x320 status display * 3.5" panel, advertised for PC status dashboards * Power and signal over a USB-C cable, intended for Windows machines * Meant to be used with their own proprietary software, but surely is hackable * Might be a USB-attached GPU and display in one, so there's no HDMI or DP on the cable * Less than $10 AUD: https://www.aliexpress.com/item/1005005641370235.html * This one for $27 AUD? Says it supports linux, but they probably all do: https://www.aliexpress.com/item/1005004754031670.html * 256x64 pixel OLED panel * Small and probably bright * Likely best as an external notifications display * About $60 AUD: https://www.aliexpress.com/item/1005006861815214.html * Bar displays, nice and wide * About 8-9" sizing * Made for mounting in a PC, which is good for hacking * Black or white, 1920x480, USB-only, might not be suitable, too smart; about $70 AUD: https://www.aliexpress.com/item/1005005538830549.html * Black or white, 1920x480, HDMI and micro-B, about $60 AUD: https://www.aliexpress.com/item/1005005777270234.html * RPi and AIDA64 instructions on this one: https://www.aliexpress.com/item/1005005653159471.html * 3.5" 480x320 touchscreen designed to sit directly on an RPi * About $6 AUD: https://www.aliexpress.com/item/1005006849788696.html * I got one of these, the process I followed to get it working are the ones shown above * 7" 1024x600 touchscreen designed for an RPi, but via HDMI cable offboard * About $25 AUD: https://www.aliexpress.com/item/1005006849086577.html |
|
| Line 58: | Line 200: |
| Maybe use systemd for networking config: https://raspberrypi.stackexchange.com/questions/108592/use-systemd-networkd-for-general-networking Setup the filesystem to be read-only if you want it to be really bulletproof and appliance-y: https://medium.com/@andreas.schallwig/how-to-make-your-raspberry-pi-file-system-read-only-raspbian-stretch-80c0f7be7353 = General provisioning = 1. Download the latest image, like RPi OS buster-lite, write it to SD card with balenaEtcher 1. Boot as normal, let it do the firstboot thing 1. Rename it: https://wiki.debian.org/HowTo/ChangeHostname or use raspi-config tool 1. Wifi as needed in raspi-config 1. Set locale and default system locale in raspi-config 1. Enable ssh {{{ systemctl enable --now ssh }}} 1. Fully update {{{ apt update and full-upgrade apt install vim screen locales bash-completion lsof tcpdump netcat strace nmap reboot }}} 1. Change password for `pi` account 1. Install your ssh pubkeys 1. apt autoremove, autoclean 1. Empty motd, don't care about that on SSH login {{{ > /etc/motd }}} == Unifi controller references == * https://community.ubnt.com/t5/UniFi-Routing-Switching/Step-By-Step-Tutorial-Guide-Raspberry-Pi-with-UniFi-Controller/td-p/2470231 * Useful packages to install: {{{ apt install openjdk-8-jre-headless apt install haveged }}} |
|
| Line 60: | Line 238: |
As an extension/variant of the above, most of the trickiness is initial booting. |
|
| Line 79: | Line 259: |
| apt install vim screen locales | apt install vim screen locales bash-completion |
| Line 97: | Line 277: |
| apt install curl net-tools ack jq make mlocate elinks nmap whois | apt install wget curl net-tools ack jq make mlocate elinks nmap whois |
| Line 109: | Line 289: |
config.txt {{{ enable_uart=1 upstream_kernel=1 kernel=vmlinuz-5.10.0-5-rpi # For details on the initramfs directive, see # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=10532 initramfs initrd.img-5.10.0-5-rpi }}} = Pihole HA = Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them. * vector as primary and DHCP server * asval as secondary, maybe doing some DHCP too Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this. * https://discourse.pi-hole.net/t/high-availability-ha-for-pi-hole-running-two-pi-holes/3138/3 * Tools for scripted syncing: https://www.reddit.com/r/pihole/comments/eo2q1r/pihole_clustered_configuration/ |
Nifty hardware, here's some stuff to do with it.
Contents
Alternative hardware
Maybe you want something different? There's many manufacturers of single-board computers now. Here's one that'd be good for a VPN access router or something, the Nano Pi R4S: https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=284
Display hats
Here's one I bought from Aliexpress for about 20 bucks Aussie: http://www.lcdwiki.com/3.5inch_RPi_Display
There's no one canonical supplier, but you can tell they're all the same product.
Here's my notes, I downloaded their driver package (https://github.com/goodtft/LCD-show.git) then pulled it apart. It's not hard to get up and running, even avoiding the all-in-one script that probably smashes itself onto your system.
# copy the devicetree file to two names in the overlays dir cp ./usr/tft35a-overlay.dtb /boot/overlays/ cp ./usr/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo # enable spi in raspi-config (or uncomment it in /boot/firmware/config.txt, dtparam=spi=on) # They wanna edit boot/config.txt # if hdmi display is not detected and composite is being output hdmi_force_hotplug=1 enable_uart=1 dtoverlay=tft35a:rotate=90 # forces a specific mode hdmi_group=2 hdmi_mode=1 hdmi_mode=87 hdmi_cvt 480 320 60 6 0 0 0 # force a HDMI mode rather than DVI hdmi_drive=2 # for the touchscreen cp -rf ./usr/99-calibration.conf-35-90 /etc/X11/xorg.conf.d/99-calibration.conf # compile and install fbcp mkdir -p ./usr/rpi-fbcp/build cd cmake .. make cd ../../../ install -v ./usr/rpi-fbcp/build/fbcp /usr/local/bin/fbcp # make the Xorg server pick up and load xf86-video-fbturbo driver installed in the system cp -rf ./usr/99-fbturbo.conf /usr/share/X11/xorg.conf.d/99-fbturbo.conf cp -rf ./usr/99-fbturbo-fbcp.conf /usr/share/X11/xorg.conf.d/99-fbturbo.conf # And now... run fbcp constantly in the background? Maybe this only does something after a reboot loads the fbturbo thing # Try this instead cp -v ./usr/99-fbturbo-fbcp.conf /etc/X11/xorg.conf.d/99-fbturbo.conf # change the end of /etc/rc.local to: sleep 7 fbcp & exit 0 It's not even clear that this matters, and I think it's because I'm on a non-graphical system - no framebuffer to deal with, no fbturbo driver either. Derp. # touchscreen config stuff apt install xserver-xorg-input-evdev apt localinstall xserver-xorg-input-evdev_1%3a2.10.6-2_arm64.deb # what does this even do?? cp -rf /usr/share/X11/xorg.conf.d/10-evdev.conf /usr/share/X11/xorg.conf.d/45-evdev.conf Try rebooting now? Aha there it is. It says nothing on the console but it does log to syslog: Jul 11 18:04:23 azusa fbcp[756]: Unable to open primary display
Removing it was easy too
Remove fbcp from /etc/rc.local rm /etc/X11/xorg.conf.d/99-fbturbo.conf rm /usr/local/bin/fbcp comment out the stuff in /boot/firmware/config.txt rm /boot/overlays/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo disable SPI in raspi-config Reboot
Smallish external displays
These are all sort of laptop-ish size which might be convenient for cyberdeck-style builds.
- Arace 8" HD touch panel
- 1280 x 800
- 5-point touch input
- MIPI connection
About $70 AUD: https://arace.tech/products/display-8-hd
- Arace 10" FHD touch panel
- 1920 x 1200
- No touch?
- MIPI connection
About $100 AUD: https://arace.tech/products/display-10-fhd
- 5.5" 1080p IPS panel (touch?)
About $60 AUD: https://www.aliexpress.com/item/1005006117065145.html
- Ubiquitous 480x320 status display
- 3.5" panel, advertised for PC status dashboards
- Power and signal over a USB-C cable, intended for Windows machines
- Meant to be used with their own proprietary software, but surely is hackable
- Might be a USB-attached GPU and display in one, so there's no HDMI or DP on the cable
Less than $10 AUD: https://www.aliexpress.com/item/1005005641370235.html
This one for $27 AUD? Says it supports linux, but they probably all do: https://www.aliexpress.com/item/1005004754031670.html
- 256x64 pixel OLED panel
- Small and probably bright
- Likely best as an external notifications display
About $60 AUD: https://www.aliexpress.com/item/1005006861815214.html
- Bar displays, nice and wide
- About 8-9" sizing
- Made for mounting in a PC, which is good for hacking
Black or white, 1920x480, USB-only, might not be suitable, too smart; about $70 AUD: https://www.aliexpress.com/item/1005005538830549.html
Black or white, 1920x480, HDMI and micro-B, about $60 AUD: https://www.aliexpress.com/item/1005005777270234.html
RPi and AIDA64 instructions on this one: https://www.aliexpress.com/item/1005005653159471.html
- 3.5" 480x320 touchscreen designed to sit directly on an RPi
About $6 AUD: https://www.aliexpress.com/item/1005006849788696.html
- I got one of these, the process I followed to get it working are the ones shown above
- 7" 1024x600 touchscreen designed for an RPi, but via HDMI cable offboard
About $25 AUD: https://www.aliexpress.com/item/1005006849086577.html
RPi builds
This is using them for stuff like Pihole and Wireguard.
https://www.reddit.com/r/pihole/comments/c62np8/pihole_with_unbound_wireguard_vpn_server_on_a/
https://github.com/harrypnyce/raspbian10-buster/blob/master/README.md
https://www.raspberrypi-spy.co.uk/2019/10/pi-hole-oled-status-screen/
https://www.reddit.com/r/pihole/comments/bnihyz/guide_how_to_install_wireguard_on_a_raspberry_pi/
Monitoring is good too.
Apt Cacher NG
Package cache, great for RPi because one of the upstream repos is horrible and slow.
PXE utility server
https://wiki.polaire.nl/doku.php?id=raspberry_pi_pxe_server
Minimising
Stuff you can do to make it boot faster and run leaner. These notes are from running Fedora, but they're somewhat general.
disable wifi in config.txt (https://raspberrypi.stackexchange.com/questions/43720/disable-wifi-wlan0-on-pi-3)
dtoverlay=disable-wifi
yum erase -y wpa_supplicant
disable selinux (https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html)
selinux=0 on kernel comdline
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable firewalld
systemctl disable firewalld --now
dnf erase -y firewalld
disable auditd
audit=0 on kernel comdline
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable sound (https://www.instructables.com/id/Disable-the-Built-in-Sound-Card-of-Raspberry-Pi/)
modprobe.d blacklisting /etc/modprobe.d/raspi-blacklist.conf
disable fstrim (do it with an @reboot crontab)
systemctl disable fstrim.service --now
/usr/sbin/fstrim --fstab --verbose --quiet
remove lvm2
yum erase -y lvm2Maybe use systemd for networking config: https://raspberrypi.stackexchange.com/questions/108592/use-systemd-networkd-for-general-networking
Setup the filesystem to be read-only if you want it to be really bulletproof and appliance-y: https://medium.com/@andreas.schallwig/how-to-make-your-raspberry-pi-file-system-read-only-raspbian-stretch-80c0f7be7353
General provisioning
- Download the latest image, like RPi OS buster-lite, write it to SD card with balenaEtcher
- Boot as normal, let it do the firstboot thing
Rename it: https://wiki.debian.org/HowTo/ChangeHostname or use raspi-config tool
- Wifi as needed in raspi-config
- Set locale and default system locale in raspi-config
Enable ssh
systemctl enable --now ssh
Fully update
apt update and full-upgrade apt install vim screen locales bash-completion lsof tcpdump netcat strace nmap reboot
Change password for pi account
- Install your ssh pubkeys
- apt autoremove, autoclean
Empty motd, don't care about that on SSH login
> /etc/motd
Unifi controller references
Useful packages to install:
apt install openjdk-8-jre-headless apt install haveged
Debian 11 Bullseye on Zero W
As an extension/variant of the above, most of the trickiness is initial booting.
Loaded up the image, booted, fixed up the wifi config in /etc/network/interfaces.d/wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "Your Waifu is Trash"
wpa-psk ABCDEFGHIJKLTweak /boot/firmware/sysconf.txt settings and reboot.
Should use hostnamectl set-hostname makarov.thighhighs.top
Actually it's much like furinkan/private/illustrious, can also follow that.
THIS IS A ROOT-ONLY BUILD
apt install vim screen locales bash-completion
Fix the locales: dpkg-reconfigure locales
Disable console blanking, seems this is already done by default:
cat /sys/module/kernel/parameters/consoleblank
Disable address privacy:
echo -e "net.ipv6.conf.all.use_tempaddr = 0\nnet.ipv6.conf.default.use_tempaddr = 0" >> /etc/sysctl.d/local.conf
service procps restart
echo "export EDITOR=vim" > /etc/profile.d/50-editor-vim.sh
timedatectl set-timezone Australia/Sydney
echo -e "Host *\n HashKnownHosts no" > /etc/ssh/ssh_config.d/99-global.conf
apt install python3 python-is-python3
apt install wget curl net-tools ack jq make mlocate elinks nmap whois
updatedb
curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
curl -o ~/.config/procps/toprc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.toprc
apt install dphys-swapfile/testing
Edit /etc/dphys-swapfile and set CONF_SWAPFACTOR=2 or whatever, then systemctl restart dphys-swapfileconfig.txt
enable_uart=1 upstream_kernel=1 kernel=vmlinuz-5.10.0-5-rpi # For details on the initramfs directive, see # https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=10532 initramfs initrd.img-5.10.0-5-rpi
Pihole HA
Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them.
- vector as primary and DHCP server
- asval as secondary, maybe doing some DHCP too
Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this.