Skip to content

Instantly share code, notes, and snippets.

@fabricionaweb

fabricionaweb/rpi-arch.md

Last active January 19, 2021 21:30
Show Gist options
  • Save fabricionaweb/9c03f3245782752265dc7e5cd127efdb to your computer and use it in GitHub Desktop.
Save fabricionaweb/9c03f3245782752265dc7e5cd127efdb to your computer and use it in GitHub Desktop.
Download ZIP
Raspberry NAS
Raw
rpi-arch.md

Arch Linux ARM on Raspberry Pi 4

Format your sdcard to FAT on system's disk utils before start to remove every old linux systems.

Prepare sdcard (on linux)

  1. Get your disk with lsblk
  2. Umount all partitions sudo umount /dev/sdX?
    yes, with ? at end, just replace the X with your disk, should be like sudo umount /dev/sda?
  3. Open fdisk sudo fdisk /dev/sdX
  4. Clean the partitions o
  5. Create first partition n, p, enter, enter, +100M, t, c
  6. Create second partition n, p, enter, enter, enter
  7. Write and exit w
  8. Format the partitions you have created 
    sudo mkfs.vfat /dev/sdX1 
sudo mkfs.ext4 /dev/sdX2
  9. Mount the partitions 
    sudo mkdir -p /mnt/{boot,root} 
sudo mount /dev/sdx1 /mnt/boot/ 
sudo mount /dev/sdx2 /mnt/root/

Install Arch

  1. Get image and extract 
    wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-4-latest.tar.gz 
sudo tar zxvf ArchLinuxARM-rpi-4-latest.tar.gz -C /mnt/root
  2. Copy boot files sudo mv /mnt/root/boot/* /mnt/boot
  3. Sync and umount sync && sudo umount /mnt/boot /mnt/root

Put the card into raspberry pi you should have Arch working.
You're ready to connect throught ssh, the default user should be alarm and pass alarm (always check the officinal documentation).

Change default passwords

  1. Enter to root su (we dont have sudo yet) default passwourd should be root
  2. To change the alarm password passwd alarm
  3. To change the root password passwd root

Sudo

  1. Enter to root su
  2. Run the commands 
    pacman-key --init 
pacman-key --populate archlinuxarm 
pacman -S archlinuxarm-keyring
pacman -Syu
  3. Install sudo pacman -S sudo
  4. Create group rule echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/sudogroup
  5. Create the sudo group groupadd sudo
  6. Add user alarm to the group gpasswd -a alarm sudo
  7. Reboot

yay (AUR helper)

  1. Install some packages sudo pacman -S --needed base-devel git wget
  2. Clone repo git clone https://aur.archlinux.org/yay.git
  3. Go to directory and install cd yay && makepkg -si

Enable native exfat

  1. Enable on next boot sudo sh -c "echo exfat >> /etc/modules-load.d/raspberrypi.conf"
  2. Reboot

Security for SSH

I can't disable SSH password because I need to enter the password in kodi SFTP plugin.

The commands bellow are outside the raspberry pi. Should be run in your Linux/Mac terminal

  1. Go to ssh directory cd ~/.ssh/
  2. (optional) Generate a new private/pub key ssh-keygen -C "alarm@alarmpi" -a 100 -t ed25519 -o -f alarmpi
  3. (optional) Sometimes you need to fix the permissions sudo chmod 600 alarmpi*
  4. (optional) Add the to keychain ssh-add alarmpi
  5. Add the key to authorized_keys ssh-copy-id -i alarmpi.pub alarm@yourip

Mount external drive (fstab method)

  1. Create the directory mkdir -p /media
  2. Get the partition UUID from lsblk -f
  3. Edit the fstab sudo nano /etc/fstab 
    UUID=5F3C-2D27 /media exfat defaults,uid=1000,gid=1000,umask=002 0 2
    5F3C-2D27 is the partition's UUID you got from previous command

Install Docker

  1. Install yay -S docker
  2. Enable the service sudo systemctl enable docker
  3. Start the service sudo systemctl start docker

It is recommended to dont add user to docker group because the --privileged will grants root.
Since we will use Portainer, we might dont need it.

Install Portainer

  1. Run 
    sudo docker run --restart always -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:linux-arm
  2. Access http://your-raspberry-ip:9000, choose Docker and finish the setup
  3. Create the qBittorrent stack 
    version: "2"
services:
  qbittorrent:
    image: linuxserver/qbittorrent
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK_SET=002
      - TZ=Europe/London
      - WEBUI_PORT=8080
    volumes:
      - /media/Downloads:/downloads
      - /media/Config/qBittorrent:/config
    ports:
      - 6881:6881
      - 6881:6881/udp
      - 8080:8080
    restart: unless-stopped
  4. Access http://your-raspberry-ip:8080 login with admin and adminadmin, go to settings and change it

Install Samba

  1. Set the hostname sudo hostnamectl set-hostname raspberrypi
  2. Install yay -S samba
  3. Add your user to samba sudo smbpasswd -a alarm type the password
  4. Create the file sudo nano /etc/samba/smb.conf 
    [global]
fruit:model = RackMac
log file = /var/log/samba/%m.log
workgroup = WORKGROUP
server role = standalone server
hosts allow = 192.168.1.
map to guest = Bad User

[media]
path = /media
guest ok = yes
writable = yes
  5. Enable the service sudo systemctl enable smb nmb
  6. Enable the service sudo systemctl enable smb nmb

Disable DHCP (optional)

Lets use systemd for it source https://ostechnix.com/configure-static-dynamic-ip-address-arch-linux/

  1. Create or edit the profile: sudo nano /etc/systemd/network/eth0.network
  2. Add your network settings:
[Match]
Name=eth0

[Network]
DHCP=no
Address=192.168.1.11/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4
  1. Remove netctl just in case sudo pacman -Rns netctl
  2. Stop dhcp sudo systemctl stop dhcpcd
  3. Disable dhcp sudo systemctl disable dhcpcd
  4. Enable systemd-network sudo systemctl enable systemd-networkd
  5. Start systemd-network sudo systemctl start systemd-networkd
Raw
rpi-bian.md

Prepare sdcard (on linux)

  1. Use the official imager tool to create your SD Card
  2. Create a empty file called ssh on sdcard's boot partition touch /Volumes/booth/ssh
  3. Boot it

Change passwords

  1. Connect to [email protected] the default password is raspberry
  2. Change the password sudo passwd pi enter new one
  3. Update everything sudo apt update && sudo apt upgrade
  4. Update locales sudo locale-gen --purge en_US.UTF-8 && sudo sh -c "echo 'LANGUAGE=en_US.UTF-8\nLC_ALL=en_US.UTF-8' >> /etc/default/locale"
  5. Allow only pi to login over ssh sudo sh -c "echo 'AllowUsers pi' >> /etc/ssh/sshd_config"
  6. Reboot

SSH over key

The commands bellow are outside the raspberry pi. Should be run in your Mac terminal

  1. (optional) Generate a new private/pub key ssh-keygen -C "[email protected]" -a 100 -t ed25519 -o -f alarmpi
  2. Add the to keychain ssh-add ~/.ssh/alarmpi
  3. On your Mac run the command ssh-copy-id -i ~/.ssh/alarmpi.pub [email protected]

Enable native exfat

  1. Needs kernel > 5.7, can get from next branch until stable release
  2. Upgrade kernel sudo BRANCH=next rpi-update warning: that is not stable
  3. Enable on next boot sudo sh -c "echo exfat >> /etc/modules-load.d/modules.conf"
  4. Reboot

Mount external drive

  1. Get the drive ID lsblk -f
  2. Edit the fstab sudo nano /etc/fstab 
    UUID=5C1A-2620 /media exfat defaults,nofail,uid=1000,gid=100,umask=022 0 2

Disable DHCP (optional)

  1. Look for your interface ip link usually eth0
  2. Edit sudo nano /etc/dhcpcd.conf 
    interface eth0
static ip_address=192.168.1.25/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1 8.8.8.8

Samba

  1. Install sudo apt install samba
  2. Add pi to samba sudo smbpasswd -a pi
  3. Edit sudo nano /etc/samba/smb.conf and change/add those rules 
    [global]
# ...
fruit:model = RackMac
interfaces = 192.168.1.0/24 eth0
bind interfaces only = yes
guest account = nobody
security = user
encrypt passwords = yes
# ...
# (optional) Comment out printers and home share  

[media]
path = /media
browseable = yes
read only = no
guest ok = yes
  4. Restart samba sudo systemctl restart smbd

Docker

  1. Run curl -sSL https://get.docker.com | sh
  2. Give permissions sudo usermod -aG docker pi
  3. Reboot

Portainer

  1. docker run --restart always -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:linux-arm
  2. Open http://raspberrypi.local:9000

Firewall

  1. Install ufw (uncomplicated firewall) sudo apt install ufw
  2. Disable them sudo ufw disable
  3. Reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment