Setup Raspberry Pi Environment (Raspbian)

setup_raspberry_pi_environment.md

Major Tools

foo@bar:~$ sudo -- sh -c "timedatectl set-timezone Australia/Sydney && date" && \
sudo -- sh -c "apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y" && \
sudo -- sh -c "apt-get install -y vim-nox && wget --output-document=/etc/vim/vimrc.local https://git.io/JvpS2" && \
sudo -- sh -c "apt-get install -y curl direnv exa git lnav mosh tig tree vifm watchman" && \
sudo -- sh -c "apt-get install -y python3-pip python3-testresources python3-pywatchman"

Install Zsh, Oh My Zsh and p10k

foo@bar:~$ sudo -- sh -c "apt-get install -y curl fzf gawk git python3-pygments sqlite3 ssh-askpass wget zsh" && \
chsh --shell `which zsh` && \
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended

Then, set ZSH_THEME="powerlevel10k/powerlevel10k" in ~/.zshrc.

Install Tailscale

foo@bar:~$ curl -fsSL https://tailscale.com/install.sh | sh && \
sudo -- sh -c "tailscale up"

Install Docker

foo@bar:~$ curl -fsSL https://get.docker.com -o get-docker.sh
foo@bar:~$ sudo sh get-docker.sh

Create a user

foo@bar:~$ sudo adduser grammy-jiang
...
foo@bar:~$ sudo usermod --append --groups sudo grammy-jiang
...

Then switch to the created user.

foo@bar:~$ su --login grammy-jiang
...

SSH

SSH Client

foo@bar:~$ [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 700 ~/.ssh && \
touch ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && \
touch ~/.ssh/id_rsa.pub && chmod 644 ~/.ssh/id_rsa.pub

foo@bar:~$ [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 700 ~/.ssh && \
touch ~/.ssh/authorized_keys && chmod 644 ~/.ssh/authorized_keys && \
curl -fsSL https://git.io/JfUqi >> ~/.ssh/authorized_keys

tmux/tmux: tmux source code

foo@bar:~$ sudo apt install -y tmux && \
git clone https://github.com/gpakosz/.tmux.git ~/projects/tmux-config && \
ln -s -f ~/projects/tmux-config/.tmux.conf && \
ln -s -f ~/projects/tmux-config/.tmux.conf.local

Zsh

• zsh configuration

pyenv/pyenv: Simple Python version management

• Install pyenv and python 3.8.2

Vim

• vimrc for a user

Vifm

foo@bar:~$ echo "
command! FZFlocate :set noquickview | :execute 'goto' fnameescape(term('locate $HOME | fzf --height 10 2>/dev/tty'))
command! FZFfind :set noquickview | :execute 'goto' fnameescape(term('find | fzf --height 10 2>/dev/tty'))

nnoremap <c-g> :FZFlocate<cr>
nnoremap <c-f> :FZFfind<cr>" | tee -a ~/.vifm/vifmrc > /dev/null

• Vifm - Cheatsheet

Munin

• Munin Usage

SSHD Configuration

...
PermitRootLogin prohibit-password
...
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
...
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
...
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

Then restart sshd service:

foo@bar:~$ sudo systemctl reload ssh

knockd(1): port-knock server - Linux man page

Install knockd first:

foo@bar:~$ sudo apt install -y knockd
...

Knock Server

Then backup the default configuration:

foo@bar:~$ sudo cp /etc/default/knockd /etc/default/knockd.bak
foo@bar:~$ sudo cp /etc/knockd.conf /etc/knockd.conf.bak

Download /etc/default/knockd from here:

foo@bar:~$ sudo wget --output-document=/etc/default/knockd https://gist.githubusercontent.com/grammy-jiang/1149ccade81fe73d3c42be303ba1eaa1/raw
...

Download /etc/knockd.conf from here:

foo@bar:~$ sudo wget --output-document=/etc/knockd.conf https://gist.githubusercontent.com/grammy-jiang/be984e674ea557a2c124b46eb1f342a0/raw
...

Start knockd.service:

foo@bar:~$ sudo service knockd start
...

Read the log messages from knockd:

foo@bar:~$ sudo journalctl --follow --unit knockd.service
...
foo@bar:~$ sudo lnav /var/log/syslog
...

Knock Client

Edit ~/.ssh/config:

Host raspbian.raspi
    ProxyCommand bash -c "knock %h <port_01> <port_02> <port_03>; sleep 2; nc %h %p"

Unattended upgrades service

Enlarge syslog size

Postfix

Previous gist:

• Raspberry Pi Image Write

Thanks

• security - SSH client: port knocking (execute command before connecting) - Ask Ubuntu

Swap

• operating systems - How to set up swap space? - Raspberry Pi Stack Exchange

unattended-upgrades

• Automatic Updates
• How to set up automatic updates on Ubuntu Server 18.04 – libre-software.net

Speedtest

• sivel/speedtest-cli: Command line interface for testing internet bandwidth using speedtest.net

  curl -Lo speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py && \
  chmod +x speedtest-cli && \
  ./speedtest --bytes --secure

• Bench.sh

  curl -Lso- bench.sh | bash

• n-st/nench: VPS benchmark script — based on the popular bench.sh, plus CPU and ioping tests, and dual-stack IPv4 and v6 speedtests by default

  (curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee nench.log

Others

• vimrc for a user

Reference

• How to Set or Change the Time Zone in Linux | Linuxize
• How to Become SuperUser or Root with su Command In Linux? – POFTUT
• How to integrate fzf for fuzzy finding - Vifm Wiki
• How to Add Swap Space on Ubuntu 18.04 | Linuxize
• Ubuntu 20.04: Connect to wifi from command line - LinuxConfig.org

• Setting up a Raspberry Pi headless - Raspberry Pi Documentation
• SSH (Secure Shell) - Raspberry Pi Documentation

sshpass

• sshpass(1) - Linux man page
• SSH password automation in Linux with sshpass | Enable Sysadmin
• sshpass: An Excellent Tool for Non-Interactive SSH Login - Never Use on Production Server
• sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script - nixCraft

With sshpass, for the default Raspberry Pi OS, the initial step can be like this:

foo@bar:~$ sshpass -p raspberry ssh -T pi@<rpi host> << EOF
sudo -- sh -c "timedatectl set-timezone Australia/Sydney && date"
sudo -- sh -c "apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y"
sudo -- sh -c "apt-get install -y vim-nox && wget --output-document=/etc/vim/vimrc.local https://git.io/JvpS2"
sudo -- sh -c "apt-get install -y git lnav mosh tig tree vifm"
sudo -- sh -c "apt-get install -y python3-pip python3-testresources"
EOF

foo@bar:~$ sshpass -p <password> ssh -T rpi2b-1.rpi << EOF
echo <password> | sudo -S -- sh -c "apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y"
EOF

Related:

• Install Sense HAT on Raspberry Pi 2 with Ubuntu 20.04

About podman on raspberry pi:

• install_podman.sh

Create SWAP Partition

foo@bar:~$ sudo fallocate -l 1G /swapfile && \
sudo chmod 600 /swapfile && \
sudo mkswap /swapfile && \
sudo swapon /swapfile && \
sudo swapon --show

Wifi

• Ubuntu 20.04: Connect to wifi from command line - LinuxConfig.org
• How to configure static IP address on Ubuntu 20.04 Focal Fossa Desktop/Server - LinuxConfig.org
• TCP/IP networking - Raspberry Pi Documentation
• Setting up a wireless LAN via the command line - Raspberry Pi Documentation
• How do I set up networking/WiFi/static IP address on Raspbian/Raspberry Pi OS? - Raspberry Pi Stack Exchange

Misc.

• aruhier/gnome-terminal-colors-solarized: Solarized Gnome Terminal colors, based on http://ethanschoonover.com/solarized
• romkatv/powerlevel10k: A Zsh theme
  Use Meslo Nerd Font as p10k suggests
• ryanoasis/nerd-fonts: Iconic font aggregator, collection, & patcher. 3,600+ icons, 50+ patched fonts: Hack, Source Code Pro, more. Glyph collections: Font Awesome, Material Design Icons, Octicons, & more

Google Chrome

• Linux Software Repositories – Google

Chinese Input Method

• rime/home: Rime::Home is home to Rime users and developers

Raspberry Pi Kernel Building

• Kernel building - Raspberry Pi Documentation

1. Install dependencies:

foo@bar:~$ sudo -- sh -c "apt-get update && apt-get install -y git bc bison flex libssl-dev make libc6-dev libncurses5-dev && apt-get install -y crossbuild-essential-arm64"
...

2. Download kernel source code

foo@bar:~$ cd ~/CLionProjects && git clone --depth=1 https://github.com/raspberrypi/linux && cd -
Cloning into 'linux'...
remote: Enumerating objects: 70467, done.
remote: Counting objects: 100% (70467/70467), done.
remote: Compressing objects: 100% (67792/67792), done.
remote: Total 70467 (delta 5354), reused 13170 (delta 1857), pack-reused 0
Receiving objects: 100% (70467/70467), 187.57 MiB | 7.56 MiB/s, done.
Resolving deltas: 100% (5354/5354), done.
Updating files: 100% (66404/66404), done.

3. Generate config file (Raspberry Pi 4, 64 bit)

foo@bar:~$ cd linux && KERNEL=kernel8 && make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- bcm2711_defconfig
...

Watchman

Watchman exists to watch files and record when they change. It can also trigger actions (such as rebuilding assets) when matching files change.

• Watchman A file watching service | Watchman
• pywatchman · PyPI