|
Size: 5981
Comment: build notes
|
Size: 6960
Comment: do the steps for ubuntu
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
I'm using their Ubuntu image here, it's "focal" (20.04 LTS). == Initial image and packages == |
|
| Line 10: | Line 14: |
| * Login as rock, sudo to root | |
| Line 20: | Line 25: |
| apt install -y vim screen locales bash-completion lsof tcpdump netcat strace nmap dpkg-reconfigure locales |
apt install -y vim screen locales bash-completion lsof tcpdump netcat strace nmap less bsdmainutils whiptail #dpkg-reconfigure locales |
| Line 25: | Line 30: |
| * Delete the entries from your known_hosts then SSH again as rock@host, accepting new keys == Network config == |
|
| Line 27: | Line 35: |
| # Already disabled in sysctl, this is a nifty site for testing: http://ip.bieringer.net/ | # It's enabled by default on Ubuntu focal sed -r -i 's/tempaddr = 2/tempaddr = 0/' /etc/sysctl.d/10-ipv6-privacy.conf systemctl restart procps # This is a nifty site for testing: http://ip.bieringer.net/ |
| Line 29: | Line 41: |
| sysctl -a | grep tempaddr | |
| Line 34: | Line 45: |
| * WIP | |
| Line 65: | Line 77: |
Here's a config from illustrious: |
* Use networkd instead of network-manager, remove unneeded packages {{{ apt purge network-manager networkmanager-patch apt autoremove }}} This'll do: |
| Line 69: | Line 85: |
| ethernets: eno1: critical: true dhcp-identifier: mac dhcp4: true dhcp4-overrides: use-dns: no dhcp6: true dhcp6-overrides: use-dns: no ipv6-privacy: false addresses: - "2404:e80:42e3:0:111:111:111:111/64" nameservers: addresses: - 192.168.1.20 - 192.168.1.24 - fe80::e65f:1ff:fe1c:c6ea - fe80::ba27:ebff:fe8c:f4f8 search: - thighhighs.top. version: 2 }}} |
version: 2 renderer: networkd ethernets: eth0: critical: true dhcp-identifier: mac dhcp4: false dhcp6: true dhcp6-overrides: use-dns: false ipv6-privacy: false addresses: - "192.168.1.26/24" # 26 for the .26 IPv4, ca6c == 51820, the default Wireguard port - "2404:e80:42e3:0:26:0:0:ca6c/64" routes: - to: 0.0.0.0/0 via: 192.168.1.1 on-link: true nameservers: addresses: - 192.168.1.20 - 192.168.1.24 - fe80::e65f:1ff:fe1c:c6ea - fe80::ba27:ebff:fe8c:f4f8 search: - thighhighs.top. }}} == Disable wifi == I don't need it and it slows down boot. {{{ systemctl disable wpa_supplicant.service --now }}} |
I grabbed a couple of these, one with NAND flash and one without. Both have Wifi/BT/POE support, and I bought the POE hats because that's a damn good idea.
https://shop.allnetchina.cn/collections/frontpage/products/rock-pi-s?variant=29067635458150
Setup
I'm using their Ubuntu image here, it's "focal" (20.04 LTS).
Initial image and packages
- Image the SD card and boot it as normal, get a console either with adb or SSH
- Default SSH creds are rock//rock, there's no root password set but you can sudo up
- SSH is enabled by default
- Login as rock, sudo to root
Set hostname: hostnamectl set-hostname wag1.thighhighs.top
Regenerate SSH host keys
rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server # As an alternative, though this will generate DSA keys as well ssh-keygen -A
Packages
apt update apt install -y vim screen locales bash-completion lsof tcpdump netcat strace nmap less bsdmainutils whiptail #dpkg-reconfigure locales apt full-upgrade reboot
- Delete the entries from your known_hosts then SSH again as rock@host, accepting new keys
Network config
Disable IPv6 privacy addresses
# It's enabled by default on Ubuntu focal sed -r -i 's/tempaddr = 2/tempaddr = 0/' /etc/sysctl.d/10-ipv6-privacy.conf systemctl restart procps # This is a nifty site for testing: http://ip.bieringer.net/ # Look at EUI64_SCOPE and see if it's random/privacy/global. Global is what we want for servers (probably).
Set editor
echo "export EDITOR=vim" > /etc/profile.d/editor-vim.sh
- WIP
Set timezone
timedatectl set-timezone Australia/Sydney
Disable HashKnownHosts in /etc/ssh/ssh_config
More packages
apt install wget curl net-tools ack jq make mlocate elinks nmap whois updatedb reboot
- Fix up your SSH keys
- Generate new root password
- ssh-copy-id your key to the rock user
- manually copy that to root
Lock the rock user with usermod -L rock
Configure screen: curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
- Configure top yourself
Faff with networking
We'd like static IP but dynamic IPv6
apt install netplan.io
Criteria is:
- Get NTP servers from DHCP if possible
- Static IPv4 addressing
- Global static IPv6 addresses (I guess)
- Add a locally-defined static IPv6 address, that other hosts can refer to via DNS etc
- DNS resolvers can come from DHCP or be manually defined
Use networkd instead of network-manager, remove unneeded packages
apt purge network-manager networkmanager-patch apt autoremove
This'll do:
network:
version: 2
renderer: networkd
ethernets:
eth0:
critical: true
dhcp-identifier: mac
dhcp4: false
dhcp6: true
dhcp6-overrides:
use-dns: false
ipv6-privacy: false
addresses:
- "192.168.1.26/24"
# 26 for the .26 IPv4, ca6c == 51820, the default Wireguard port
- "2404:e80:42e3:0:26:0:0:ca6c/64"
routes:
- to: 0.0.0.0/0
via: 192.168.1.1
on-link: true
nameservers:
addresses:
- 192.168.1.20
- 192.168.1.24
- fe80::e65f:1ff:fe1c:c6ea
- fe80::ba27:ebff:fe8c:f4f8
search:
- thighhighs.top.
Disable wifi
I don't need it and it slows down boot.
systemctl disable wpa_supplicant.service --now
OS
I installed their provided image of Debian buster, balena Etcher'd straight onto a spare SD card and inserted. Used adb shell to get initial connectivity to set it up and inspect things.
The root filesystem is all of ~500 MiB, which is great for compactness and speed. It auto-grows on first boot by the looks of it.
[ 11.091476] EXT4-fs (mmcblk0p2): resizing filesystem from 199161 to 7835148 blocks [ 11.518063] EXT4-fs (mmcblk0p2): resized filesystem to 7835148
Disk usage
root@rockpis:/# df -hl Filesystem Size Used Avail Use% Mounted on udev 210M 0 210M 0% /dev tmpfs 43M 296K 43M 1% /run /dev/mmcblk0p2 30G 511M 28G 2% / tmpfs 213M 0 213M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 213M 0 213M 0% /sys/fs/cgroup
Block devices
- mmcblk0 is the SD card
- mmcblk1 is the onboard NAND flash
root@rockpis:/# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT mmcblk0 179:0 0 30G 0 disk ├─mmcblk0p1 179:1 0 112M 0 part └─mmcblk0p2 179:2 0 29.9G 0 part / mmcblk1 179:32 0 3.6G 0 disk └─mmcblk1p1 179:33 0 3.6G 0 part
CPU
root@rockpis:/# lscpu Architecture: aarch64 Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 Vendor ID: ARM Model: 2 Model name: Cortex-A35 Stepping: r0p2 CPU max MHz: 1296.0000 CPU min MHz: 408.0000 BogoMIPS: 48.00 Flags: fp asimd aes pmull sha1 sha2 crc32
Network interfaces
root@rockpis:/# ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 4e:43:df:6b:85:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 752 (752.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 26
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 2 bytes 106 (106.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 106 (106.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
p2p0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 1a:77:e9:6d:75:84 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether e6:a6:66:59:15:ed txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0