• servers
• vector

vector

• RPi Model 4 (aarch64, 4-core, 4gb RAM)
• RPi OS Lite 64-bit (Bookworm)

• LAN MAC e4:5f:01:1c:c6:ea

• WLAN MAC e4:5f:01:1c:c6:eb

• located at home

Build notes

This is the most generic stuff to do for initial setup, before tweaking it to a specific use.

OS imaging

Using the Raspberry Pi Imager app, start with RPi OS Lite 64-bit, suitable for the RPi 3B+

It lets you make some customisations before flashing, which is really nice:

• Set hostname to vector

• Enable SSH
  • Password auth, make a new secure password and record it in 1Password
• Set username and password

  • furinkan // <the password you just created>

• No WLAN
• Set locale to Australia/Sydney, us keyboard
• Disable telemetry

Prepare DHCP server with static address for the LAN MAC address.

Put in the card and let it boot, should be fairly quick.

First login

1. Login as furinkan@vector and copy your SSH key there

   ssh-copy-id furinkan@vector

2. sudo up and copy your SSH key to root's account as well

   sudo -i
   ssh-keygen -t ed25519
   touch ~/.ssh/authorized_keys
   chmod 0600 ~/.ssh/authorized_keys
   cat ~furinkan/.ssh/authorized_keys >> ~/.ssh/authorized_keys

3. Login again directly as root

4. Set the hostname with domain as well now

   hostnamectl set-hostname vector.thighhighs.top

5. Install base packages

   apt update
   apt install -y vim git screen ack
   apt autoremove
   apt full-upgrade -y

6. More packages

   apt install wget curl net-tools jq make mlocate elinks nmap whois
   updatedb
   reboot

7. Edit /etc/pam.d/sshd and remove user_readenv=1, this will keep the logs tidy

8. Disable HashKnownHosts for SSH client

   echo -e "Host *\n    HashKnownHosts no" > /etc/ssh/ssh_config.d/20-disable-hashknownhosts.conf

9. Configure shell

   • Edit /root/.bashrc to enable colours

   • Set the default editor to vim.basic:

     update-alternatives --config editor

   • Add shell history timestamping

     cat <<EOF >> ~/.bashrc
     # Timestamped shell FTW
     export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S  '
     EOF

10. Configure vim

    cat <<EOF > ~/.vimrc
    set nocompatible
    syntax on
    set background=dark
    set hlsearch
    set modeline
    set scrolloff=3
    EOF

Disable wifi and bluetooth and other stuff

I'm using vector as a network appliance, so I don't need the radios: https://sleeplessbeastie.eu/2022/06/01/how-to-disable-onboard-wifi-and-bluetooth-on-raspberry-pi-4/

1. Add dtoverlays to your /boot/config.txt to disable the radios:

   cat <<EOF >> /boot/config.txt
   dtoverlay=disable-wifi
   dtoverlay=disable-bt
   EOF

2. Let's also disable sound

   sed -r -i 's,^dtparam=audio=on$,dtparam=audio=off,' /boot/config.txt

3. Disable bluetooth and modem services

   systemctl disable --now hciuart
   systemctl disable --now bluetooth.target
   systemctl disable --now bluetooth.service
   systemctl disable --now ModemManager.service

4. For some reason this isn't working on the RPi4? Whatever, nuke the software packages as well

   apt purge -y bluez bluez-firmware wpasupplicant
   rm -rfv /etc/wpa_supplicant
   apt autoremove -y

5. No keyboard means no hotkeys needed

   apt purge -y triggerhappy

6. Does this work to disable it??

   echo "blacklist hci_uart" > /etc/modprobe.d/blacklist-hciuart.conf
   echo "blacklist snd_bcm2835" > /etc/modprobe.d/blacklist-sndbcm2835.conf

7. Reboot

Tools config

1. Configure screen

   curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc

2. Configure top: z x c s 1.5 <Enter> e 0 1 W q

Save a copy

Now take an image of the system by putting the card in another system, after shrinking the filesystem

e2fsck -f /dev/mmcblk0p2
resize2fs /dev/mmcblk0p2 2G
dd bs=4M count=600 if=/dev/mmcblk0 | pv -br | gzip --fast > 2021-04-20_vector_img_pre_unifi.img.gz