Nifty hardware, here's some stuff to do with it.

RPi builds

This is using them for stuff like Pihole and Wireguard.

Monitoring is good too.

https://bestmonitoringtools.com/how-to-install-zabbix-on-raspberry-pi-raspbian/

Apt Cacher NG

Package cache, great for RPi because one of the upstream repos is horrible and slow.

PXE utility server

https://wiki.polaire.nl/doku.php?id=raspberry_pi_pxe_server

Minimising

Stuff you can do to make it boot faster and run leaner. These notes are from running Fedora, but they're somewhat general.

disable wifi in config.txt (https://raspberrypi.stackexchange.com/questions/43720/disable-wifi-wlan0-on-pi-3)
    dtoverlay=disable-wifi
    yum erase -y wpa_supplicant
disable selinux (https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html)
    selinux=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable firewalld
    systemctl disable firewalld --now
    dnf erase -y firewalld
disable auditd
    audit=0 on kernel comdline
    grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
disable sound (https://www.instructables.com/id/Disable-the-Built-in-Sound-Card-of-Raspberry-Pi/)
    modprobe.d blacklisting /etc/modprobe.d/raspi-blacklist.conf
    
disable fstrim (do it with an @reboot crontab)
    systemctl disable fstrim.service --now
    /usr/sbin/fstrim --fstab --verbose --quiet
remove lvm2
    yum erase -y lvm2

Debian 11 Bullseye on Zero W

https://raspi.debian.net/faq/

Loaded up the image, booted, fixed up the wifi config in /etc/network/interfaces.d/wlan0

allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-ssid "Your Waifu is Trash"
    wpa-psk ABCDEFGHIJKL

Tweak /boot/firmware/sysconf.txt settings and reboot.

Should use hostnamectl set-hostname makarov.thighhighs.top

Actually it's much like furinkan/private/illustrious, can also follow that.

THIS IS A ROOT-ONLY BUILD

apt install vim screen locales bash-completion

Fix the locales: dpkg-reconfigure locales

Disable console blanking, seems this is already done by default:
    cat /sys/module/kernel/parameters/consoleblank

Disable address privacy:
    echo -e "net.ipv6.conf.all.use_tempaddr = 0\nnet.ipv6.conf.default.use_tempaddr = 0" >> /etc/sysctl.d/local.conf
    service procps restart

echo "export EDITOR=vim" > /etc/profile.d/50-editor-vim.sh

timedatectl set-timezone Australia/Sydney

echo -e "Host *\n    HashKnownHosts no" > /etc/ssh/ssh_config.d/99-global.conf

apt install python3 python-is-python3
apt install wget curl net-tools ack jq make mlocate elinks nmap whois
updatedb

curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
curl -o ~/.config/procps/toprc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.toprc


apt install dphys-swapfile/testing

Edit /etc/dphys-swapfile and set CONF_SWAPFACTOR=2 or whatever, then systemctl restart dphys-swapfile

Pihole HA

Run a couple of nodes, to ensure that an update or failure won't kill your entire network. Upstream ISP DNS servers are remarkably handy in their reliability, except when you can't reach them.

vector as primary and DHCP server
asval as secondary, maybe doing some DHCP too

Apparently it's valid to just rsync your configs across the network, that should do it. I wonder how the sqlite DB deals with this.