Alternative hardware

Maybe you want something different? There's many manufacturers of single-board computers now. Here's one that'd be good for a VPN access router or something, the Nano Pi R4S: https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=284

RPi builds

This is using them for stuff like Pihole and Wireguard.

Monitoring is good too.

https://bestmonitoringtools.com/how-to-install-zabbix-on-raspberry-pi-raspbian/

Apt Cacher NG

Package cache, great for RPi because one of the upstream repos is horrible and slow.

PXE utility server

https://wiki.polaire.nl/doku.php?id=raspberry_pi_pxe_server

Minimising

Stuff you can do to make it boot faster and run leaner. These notes are from running Fedora, but they're somewhat general.

disable wifi in config.txt (https://raspberrypi.stackexchange.com/questions/43720/disable-wifi-wlan0-on-pi-3)
    dtoverlay=disable-wifi
    yum erase -y wpa_supplicant
disable selinux (https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html)
    selinux=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable firewalld
    systemctl disable firewalld --now
    dnf erase -y firewalld
disable auditd
    audit=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable sound (https://www.instructables.com/id/Disable-the-Built-in-Sound-Card-of-Raspberry-Pi/)
    modprobe.d blacklisting /etc/modprobe.d/raspi-blacklist.conf
    
disable fstrim (do it with an @reboot crontab)
    systemctl disable fstrim.service --now
    /usr/sbin/fstrim --fstab --verbose --quiet
remove lvm2
    yum erase -y lvm2

Debian 11 Bullseye on Zero W

https://raspi.debian.net/faq/

Loaded up the image, booted, fixed up the wifi config in /etc/network/interfaces.d/wlan0

allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-ssid "Your Waifu is Trash"
    wpa-psk ABCDEFGHIJKL

Tweak /boot/firmware/sysconf.txt settings and reboot.

Should use hostnamectl set-hostname makarov.thighhighs.top

Actually it's much like furinkan/private/illustrious, can also follow that.

THIS IS A ROOT-ONLY BUILD

apt install vim screen locales bash-completion

Fix the locales: dpkg-reconfigure locales

Disable console blanking, seems this is already done by default:
    cat /sys/module/kernel/parameters/consoleblank

Disable address privacy:
    echo -e "net.ipv6.conf.all.use_tempaddr = 0\nnet.ipv6.conf.default.use_tempaddr = 0" >> /etc/sysctl.d/local.conf
    service procps restart

echo "export EDITOR=vim" > /etc/profile.d/50-editor-vim.sh

timedatectl set-timezone Australia/Sydney

echo -e "Host *\n    HashKnownHosts no" > /etc/ssh/ssh_config.d/99-global.conf

apt install python3 python-is-python3
apt install wget curl net-tools ack jq make mlocate elinks nmap whois
updatedb

curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
curl -o ~/.config/procps/toprc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.toprc


apt install dphys-swapfile/testing

Edit /etc/dphys-swapfile and set CONF_SWAPFACTOR=2 or whatever, then systemctl restart dphys-swapfile

config.txt

enable_uart=1
upstream_kernel=1

kernel=vmlinuz-5.10.0-5-rpi
# For details on the initramfs directive, see
# https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=10532
initramfs initrd.img-5.10.0-5-rpi

Pihole HA

Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them.

vector as primary and DHCP server
asval as secondary, maybe doing some DHCP too

Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this.

-  ⇤ ← Revision 6 as of 2021-04-14 19:10:09 → 
  Size: 3784
  Editor: furinkan
  Comment: more tooling
+   ← Revision 9 as of 2021-07-06 11:12:12 → ⇥
  Size: 4960
  Editor: furinkan
  Comment: add config.txt for bullseye
-Deletions are marked like this.
+Additions are marked like this.
 Line 2:
+= Alternative hardware =

Maybe you want something different? There's many manufacturers of single-board computers now. Here's one that'd be good for a VPN access router or something, the Nano Pi R4S: https://www.friendlyarm.com/index.php?route=product/product&path=69&product_id=284
-Line 109:
+Line 114:
+config.txt
{{{
enable_uart=1
upstream_kernel=1

kernel=vmlinuz-5.10.0-5-rpi
# For details on the initramfs directive, see
# https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=10532
initramfs initrd.img-5.10.0-5-rpi
}}}

= Pihole HA =

Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them.

 * vector as primary and DHCP server
 * asval as secondary, maybe doing some DHCP too

Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this.

 * https://discourse.pi-hole.net/t/high-availability-ha-for-pi-hole-running-two-pi-holes/3138/3
 * Tools for scripted syncing: https://www.reddit.com/r/pihole/comments/eo2q1r/pihole_clustered_configuration/

Useful(?) links

Navigation