|
Size: 3938
Comment: add MAC address
|
Size: 4098
Comment: renamed from asval to azusa
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = asval = | ## page was renamed from servers/asval = azusa = |
| Line 3: | Line 4: |
| * RPi OS Lite 64-bit (Bookworm) on RPi Model 3B+ | * RPi Model 3B+ (aarch64, 4-core, 1gb RAM) * RPi OS Lite 64-bit (Bookworm) * LAN MAC `b8:27:eb:8c:f4:f8` |
| Line 8: | Line 11: |
| == hardware == | == Build notes == |
| Line 10: | Line 13: |
| {{{ ether b8:27:eb:8c:f4:f8 |
This is the most generic stuff to do for initial setup, before tweaking it to a specific use. === OS imaging === Using the Raspberry Pi Imager app, start with '''RPi OS Lite 64-bit''', suitable for the RPi 3B+ It lets you make some customisations before flashing, which is really nice: * Set hostname to azusa * Enable SSH * Password auth (I would use SSH keys but it didn't work right for me and I couldn't sudo later) * Set username and password * `pi // <something new>` * No WLAN * Set locale to Australia/Sydney, us keyboard * Disable telemetry Prepare DHCP server with static address for the LAN MAC address. Put in the card and let it boot, should be fairly quick. === First login === 1. Login as `pi@azusa` and copy your SSH key there 1. sudo up and copy your SSH key to root's account as well 1. Login again directly as root 1. Install base packages {{{ apt install -y vim git screen ack }}} 1. Edit `/etc/pam.d/sshd` and remove `user_readenv=1`, this will keep the logs tidy 1. Configure vim {{{ cat <<EOF > ~/.vimrc set nocompatible syntax on set background=dark set hlsearch set modeline set scrolloff=3 EOF }}} 1. Configure shell * Edit `/root/.bashrc` to enable colours * Set the default editor to vim.basic: {{{ update-alternatives --config editor |
| Line 15: | Line 58: |
| == network == | === Disable wifi and bluetooth on RPi === |
| Line 17: | Line 60: |
| /etc/dhcpcd.conf uses a static IPv4 address at the bottom? But still apparently comes up like it's DHCP. The IPv6 stuff works at least. {{{ slaac hwaddr |
I'm using azusa as a network appliance, so I don't need the radios: https://sleeplessbeastie.eu/2018/12/31/how-to-disable-onboard-wifi-and-bluetooth-on-raspberry-pi-3/ |
| Line 21: | Line 62: |
| interface eth0 static ip_address=192.168.1.24/24 static routers=192.168.1.1 static domain_name_servers=8.8.8.8 1.1.1.1 8.8.4.4 |
1. Add dtoverlays to your `/boot/config.txt` to disable the radios: {{{ cat <<EOF >> /boot/config.txt dtoverlay=disable-wifi dtoverlay=disable-bt EOF |
| Line 26: | Line 68: |
Who even set this up? I don't remember doing it... Edit: it was pihole |
1. Disable the hciuart daemon used for bluetooth modem access {{{ systemctl disable --now hciuart }}} 1. Reboot |
| Line 32: | Line 74: |
| == IPv6 == Autoconfigured, slaac hwaddr, not externally accessible == services == * Wireguard server to LAN for remote access * apt cache, will try running this setup for the crappy raspi repo: https://fabianlee.org/2018/02/11/ubuntu-a-centralized-apt-package-cache-using-apt-cacher-ng/ * Pihole DNS server == wireguard == * no notes on install * Proxy ARP enabled in sysctl.conf as per https://wiki.debian.org/BridgeNetworkConnectionsProxyArp {{{ net.ipv4.ip_forward=1 net.ipv4.conf.all.proxy_arp=1 }}} == Pihole == Straightforward basic install, no conflict with other installed services. * Pi-hole DNS (IPv4): 192.168.1.24 * Pi-hole DNS (IPv6): 2404:e80:42e3:0:ba27:ebff:fe8c:f4f8 Admin UI at https://pihole-backup.thighhighs.top/admin/ TLS works \o/ https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771/17 == Disable wifi and bluetooth on RPi == I'm using asval as a network appliance, so I don't need the radios. https://sleeplessbeastie.eu/2018/12/31/how-to-disable-onboard-wifi-and-bluetooth-on-raspberry-pi-3/ 1. Edit your /boot/config.txt and add: {{{ dtoverlay=disable-wifi dtoverlay=disable-bt }}} * The linked page above uses pi3-disable-foo, which are deprecated names 1. Disable hciuart daemon used for bluetooth modem access {{{ systemctl disable --now hciuart }}} == RTC module == |
=== Configure hardware RTC === |
| Line 86: | Line 79: |
| 1. Enable i2c with raspi-config, or do it yourself * Comment out any blacklist entries for i2c[-_]bcm2708 in /etc/modprobe.d/raspi-blacklist.conf * Add `i2c-dev` to /etc/modules * `dtparam=i2c_arm=on` in /boot/config.txt * Activate it now, `modprobe i2c-dev` 1. Install packages {{{ apt install python-smbus i2c-tools |
1. Enable i2c with `raspi-config`, it's in `Interface Options -> I2C -> Enable` * You can also do it yourself if you want: 1. Comment out any blacklist entries for `i2c[-_]bcm2708` in `/etc/modprobe.d/raspi-blacklist.conf` 1. Load the module at boot: {{{ echo i2c-dev >> /etc/modules |
| Line 94: | Line 85: |
| 1. Reboot now to detect it |
1. Uncomment/add `dtparam=i2c_arm=on` in `/boot/config.txt` 1. Activate it now: {{{ modprobe i2c-dev }}} 1. Reboot now, it can't hurt 1. Install i2c tools {{{ apt install -y i2c-tools }}} |
| Line 98: | Line 95: |
| 1. Enable the kernel driver for it, or something, by adding a devicetree overlay * Append to end of /boot/config.txt {{{ dtoverlay=i2c-rtc,ds3231 |
1. Enable the kernel driver for it, or something, by adding a devicetree overlay {{{ echo "dtoverlay=i2c-rtc,ds3231" >> /boot/config.txt |
| Line 102: | Line 98: |
| 1. Reboot again 1. Again detect the device on i2c bus: i2cdetect -y 1 * Should appear at 0x68, BUT with "UU" at the address |
1. Reboot again to load the device tree overlay that we just configured 1. Again detect the device on i2c bus: `i2cdetect -y 1` * Should appear at 0x68, BUT with "UU" at the address this time |
| Line 107: | Line 102: |
| systemctl disable fake-hwclock apt purge fake-hwclock |
systemctl disable fake-hwclock --now apt purge -y fake-hwclock |
| Line 110: | Line 105: |
1. In theory everything just works now thanks to a udev rule * https://www.raspberrypi.org/forums/viewtopic.php?t=209700 * /lib/udev/rules.d/85-hwclock.rules * KERNEL=="rtc0", RUN+="/sbin/hwclock --rtc=$root/$name --hctosys" * "Set the system time from RTC and set the kernel TZ to the local timezone when the kernel clock module is loaded" 1. Your NTP daemon will handle writing the system clock back to the HW clock periodically. chrony is great, or you can use the simple systemd-timesyncd: https://www.raspberrypi.org/forums/viewtopic.php?t=200385 * Purge chrony so that timesyncd will activate itself, and configure it in /etc/systemd/timesyncd.conf {{{ [Time] NTP=ntp.on.net ntp.ubuntu.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org |
1. In theory everything just works now thanks to a udev rule: https://www.raspberrypi.org/forums/viewtopic.php?t=209700 {{{ root@azusa:~# cat /lib/udev/rules.d/85-hwclock.rules # Set the System Time from the Hardware Clock and set the kernel's timezone # value to the local timezone when the kernel clock module is loaded. KERNEL=="rtc0", RUN+="/usr/lib/udev/hwclock-set $root/$name" |
| Line 122: | Line 111: |
| 1. Install chrony so it manages the hardware clock {{{ apt install -y chrony }}} It'll do the rest once it's installed and synced. Try some commands to see how it's fairing: {{{ chronyc sources chronyc tracking }}} |
azusa
- RPi Model 3B+ (aarch64, 4-core, 1gb RAM)
- RPi OS Lite 64-bit (Bookworm)
LAN MAC b8:27:eb:8c:f4:f8
- located at home
Contents
Build notes
This is the most generic stuff to do for initial setup, before tweaking it to a specific use.
OS imaging
Using the Raspberry Pi Imager app, start with RPi OS Lite 64-bit, suitable for the RPi 3B+
It lets you make some customisations before flashing, which is really nice:
- Set hostname to azusa
- Enable SSH
- Password auth (I would use SSH keys but it didn't work right for me and I couldn't sudo later)
- Set username and password
pi // <something new>
- No WLAN
- Set locale to Australia/Sydney, us keyboard
- Disable telemetry
Prepare DHCP server with static address for the LAN MAC address.
Put in the card and let it boot, should be fairly quick.
First login
Login as pi@azusa and copy your SSH key there
- sudo up and copy your SSH key to root's account as well
- Login again directly as root
Install base packages
apt install -y vim git screen ack
Edit /etc/pam.d/sshd and remove user_readenv=1, this will keep the logs tidy
Configure vim
cat <<EOF > ~/.vimrc set nocompatible syntax on set background=dark set hlsearch set modeline set scrolloff=3 EOF
- Configure shell
Edit /root/.bashrc to enable colours
Set the default editor to vim.basic:
update-alternatives --config editor
Disable wifi and bluetooth on RPi
I'm using azusa as a network appliance, so I don't need the radios: https://sleeplessbeastie.eu/2018/12/31/how-to-disable-onboard-wifi-and-bluetooth-on-raspberry-pi-3/
Add dtoverlays to your /boot/config.txt to disable the radios:
cat <<EOF >> /boot/config.txt dtoverlay=disable-wifi dtoverlay=disable-bt EOF
Disable the hciuart daemon used for bluetooth modem access
systemctl disable --now hciuart
- Reboot
Configure hardware RTC
I've installed the Jaycar XC-9044 RPi realtime clock RTC, it's apparently a good clock chip with a little battery (or something). Most models using this chip have a spot for a watch battery, but this one has a tiiiiny little thing soldered on the board. I hope it's decent.
- Physically install the module on the 3V3 plus I2C pins
Enable i2c with raspi-config, it's in Interface Options -> I2C -> Enable
- You can also do it yourself if you want:
Comment out any blacklist entries for i2c[-_]bcm2708 in /etc/modprobe.d/raspi-blacklist.conf
Load the module at boot:
echo i2c-dev >> /etc/modules
Uncomment/add dtparam=i2c_arm=on in /boot/config.txt
Activate it now:
modprobe i2c-dev
- You can also do it yourself if you want:
- Reboot now, it can't hurt
Install i2c tools
apt install -y i2c-tools
Detect the device on i2c bus: i2cdetect -y 1
- Should appear at 0x68
Enable the kernel driver for it, or something, by adding a devicetree overlay
echo "dtoverlay=i2c-rtc,ds3231" >> /boot/config.txt
- Reboot again to load the device tree overlay that we just configured
Again detect the device on i2c bus: i2cdetect -y 1
- Should appear at 0x68, BUT with "UU" at the address this time
Remove the fake hardware clock
systemctl disable fake-hwclock --now apt purge -y fake-hwclock
In theory everything just works now thanks to a udev rule: https://www.raspberrypi.org/forums/viewtopic.php?t=209700
root@azusa:~# cat /lib/udev/rules.d/85-hwclock.rules # Set the System Time from the Hardware Clock and set the kernel's timezone # value to the local timezone when the kernel clock module is loaded. KERNEL=="rtc0", RUN+="/usr/lib/udev/hwclock-set $root/$name"
Install chrony so it manages the hardware clock
apt install -y chrony
It'll do the rest once it's installed and synced. Try some commands to see how it's fairing:
chronyc sources chronyc tracking