Skip to content
This repository has been archived by the owner on Feb 20, 2024. It is now read-only.

Latest commit

 

History

History
281 lines (234 loc) · 8.47 KB

Setup.org

File metadata and controls

281 lines (234 loc) · 8.47 KB
Raw

My Raspberry Pi setup

Introduction

This is setup with the newer Raspberry Pi OS. While you can make use of it as a reading resource, this document is meant to be used interactively through Org mode to set up a Raspberry Pi that’s connected to the local network (tho first few steps require plugging in the MicroSD card into the computer.

This setup is meant to configure a Wi-Fi enabled Raspberry Pi as a backup and network printer/scanner server. My current equipment as of writing this consists of

  1. Raspberry Pi 3B (v 1.2)
  2. A cheap powerbank capable of simultaneous power I/O (as a makeshift UPS)
    • See here for a more sophisticated setup. There are also purpose-built RPi UPS modules which are probably more reliable.
  3. A 1TB Seagate external hard drive with USB connectivity, containing an ext4 partition encrypted with LUKS.

The aim is to build a resilient system that tries its best to not corrupt the backups. To achieve this, the external HDD is only mounted during the backup process. This part is achieved by a script that runs on the source system. RPi need not know of the backup software or have it installed for this to work.

It is assumed that the RPi’s initial hostname is raspberrypi, which is later changed to pi in this script.

This literate program executes shell and Emacs Lisp scripts, and uses following software:

  • a POSIX shell, preferably GNU Bash
  • GNU Coreutils
  • mount(1), sed(1)
  • iputils (ping(1))
  • OpenSSH client (ssh(1), scp(1))
  • Raspberry Pi OS, Lite image
  • Borg backup software

Setup process

Helpers

These code blocks are called by others.

(read-string "SSID for RPi network: ")
(read-string "WPA-PSK passphrase for RPi network: ")
cat ~/.ssh/id_rsa.pub
echo $TZ
echo $USER

Prepare SD card

  1. dd the OS image to the SD card.
    • This is pretty straight-forward.
    • But for some reason I couldn’t get USB boot working.
  2. Mount the new partitions (rest assumes mounted under /media/$USER/{boot,rootfs}.
  3. Prepare for first boot: 
    # Enable ssh daemon.
touch /media/$USER/boot/ssh
# Enable wireless networking.
cat > /media/$USER/boot/wpa_supplicant.conf <<EOF
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=TR

network={
    ssid="$SSID"
    scan_ssid=1
    key_mgmt=WPA-PSK
    psk="$PSK"
}
EOF

    Enable Avahi for local DNS:

    sed -i 's/^#\(allow-interfaces=eth0\)$/\1,wlan0/' \
  /media/g/rootfs/etc/avahi/avahi-daemon.conf
    • Because we put wpa-supplicant.conf under /boot, the OS will copy it to the right place and also rfkill unblock the relevant interface. (sauce).
      • In order to do it manually, boot the thing up with a monitor and a keyboard, and run rfkill unblock <interface> on it.
  4. Insert the SD Card into the RPi.
    • Unmount: 
      umount /media/$USER/boot
umount /media/$USER/rootfs

Install stuff and prepare for configuration

  1. Boot it up.
    • Check if accessible via mDNS: 
      ping -c 1 raspberrypi.local
  2. Copy over ssh pubkey 
    mkdir -p ~/.ssh
echo "$P" >> ~/.ssh/authorized_keys
  3. Rudimentary setup
    1. Make sure to enable SSH, before all 
      sudo systemctl enable ssh
    2. Change user password 
      (async-shell-command "sudo passwd pi")
    3. Change hostname 
      # Will be active after reboot
echo xanthippe | sudo tee /etc/hostname
  4. Install basic packages 
    sudo apt-get update
sudo apt-get upgrade -yqq
sudo apt-get install -yqq           \
  hplip cups-bsd sane mercurial git \
  libxml-perl libxml-rss-perl nginx \
  udisks2 cryptsetup-bin borgbackup

# post-install
sudo adduser pi lpadmin
sudo adduser pi lp
sudo adduser pi saned

sudo systemctl enable saned.socket
sudo systemctl restart saned.socket
  5. Reboot. Beware that the hostname changes after this, the new one is xanthippe.local.
  6. Copy over configuration files. This overrites matching files under RPi’s /etc directory. 
    tmp="/tmp/$(mktemp -u pi-etc-XXXXXXXX)"
scp -rv etc [email protected]:$tmp
ssh [email protected] cd $tmp \; sudo cp -vr \* /etc
  7. Restart system services
    1. All but network: 
      for unit in cups saned.socket nginx; do
  sudo systemctl restart $unit
done
    2. Network: 
      sudo nohup sh -c 'sleep 1; systemctl restart networking' &
      • Check: 
        sleep 5
ping -c 3 pi.local
        • Obviously this may fail a couple times if restarting network takes a long time for some reason…

Configure system

Set timezone

We copy it over from this machine

sudo timedatectl --no-pager set-timezone $_TZ
date

Set up the printer and scanner services

  • Plug in the relevant devices.
  • Preferably reboot the RPi.

Printer

  • Visit https://pi.local:631/ in your browser in order to set up the printer.
    • If you encounter any SSL errors, don’t mind them.
    • Follow the Administration link from the top navigation bar.
    • Click the Add Printer button.
    • If it wants to redirect, allow it.
    • When prompted for password, enter the credential of the user pi of the RPi.
    • Select the local USB printer, and hit Continue.
    • In the form that appears after that, make sure to check Share This Printer checkbox, and fill the other fields to your liking.
    • Hit Continue.
    • In the next screen, select appropriate printer model, and hit Add Printer.
    • You’ll be taken to the Set Printer Options page. Review the settings and hit Set Default Options button.
    • You should have ended up on the printer details page. At this point you should set up your computer’s printer settings to connect to pi.local.
      • As I write this I’m using Linux Mint Ulyana 20 which automatically detects and configures the printer.

Scanner

  • In order to configure scanner connection, first verify that the RPi does see and has configured the scanner: 
    scanimage -L
    • Append RPi’s FQDN to /etc/sane.d/net.conf. 
      echo xsanthippe.local >> /etc/sane.d/net.conf

      It might be necessary to insert a line containing net into /etc/sane.d/dll.conf in order to enable the net backend (see https://wiki.debian.org/SaneOverNetwork)

    • Add your user to the scanner group. 
      usermod -a -G scanner $_USER
    • Add [email protected] to the lp group 
      sudo usermod -a -G lp saned

      source, IDK why exactly this works

    • Check if worked 
      scanimage -L

Backup server

In order to be able to do backups with this configuration, set the BORG_REPO environment variable to something like

export [email protected]:/mnt/Backups

on the backup source. Then, backups can be made with a command like

borg create --stats --progress --compression lz4 ::{user}-{now} /igk/

which is bound to the alias do-backup in my config.