Raspberry Pi (4) Basic Setup

This manual describes how to setup a Raspberry Pi with a little bit of sane default configs.

This is a revamped version of this gist, this time focusing on the setup of the Pi only.

Install and run Raspbian on an SSD

https://lillyoperations.com/how-to/how-to-install-raspberry-pi-os-on-a-ssd/

If you want to enable USB boot, then you have to update the bootloader first: https://pimylifeup.com/raspberry-pi-bootloader/

Basic Raspi configuration after first start

run sudo raspi-config and do stuff like
- set locale
- set hostname
- enable sshd (if not enabled already through Raspbian installation, e.g. via Raspberry Pi Imager)
- expand filesystem
- enable predictable network interface names

You may have to reboot after finishing with this tool.

Update system

sudo apt update
sudo apt upgrade
sudo apt install rpi-update
sudo rpi-update
sudo reboot

Ease of use stuff

add to .bashrc:

alias l='ls -lAF --color=auto'
alias ll='ls -laF --color=auto'

useful stuff: sudo apt install curl wget ca-certificates git dnsutils vim gnupg

Network Setup

via Network Manager (Debian bookworm)

As of Debian bookworm, network manager (nm) is used by default for network configuration.

either via nmtui (Network Manager Text User Interface)
or via nmcli (requires sudo or acting as root):
- nmcli connection show shows existing connections
- sudo nmcli con mod {UUID} connection.id {NAME} to rename the connection
- nmcli con mod end0 ipv4.addresses 10.0.0.100/24
- nmcli con mod end0 ipv4.gateway 10.0.0.1
- nmcli con mod end0 ipv4.dns 10.0.0.1
- ... whatever you wanna config additionally
or via config file sudo vim /etc/NetworkManager/system-connections/end0.nmconnection

Example config file:

[connection]
id=end0
uuid=b1cd82d8-4a24-3a0c-9b19-f50c1057adec
type=ethernet
autoconnect-priority=0
interface-name=end0
timestamp=1719945942

[ethernet]

[ipv4]
method=manual
addresses={e.g. 10.0.0.100/24}
gateway={e.g. 10.0.0.1}
dns={e.g. 10.0.0.1}

[ipv6]
# addr-gen-mode 0 means EUI64-based (=MAC) SLAAC
addr-gen-mode=0
method=auto
dns={IPv6 of DNS, e.g. fd00:c0f:fee:1::1/64}
# ip6-privacy=0 to disable temporary addresses
ip6-privacy=0

[proxy]

After changing the network configuration, it makes sense to reboot: sudo reboot

via dhcpcd.conf (pre Debian bookworm)

set static ipv4 address in /etc/dhcpcd.conf:

interface eth0
static ip_address=10.0.0.100/24
static routers=10.0.0.1
static domain_name_servers=10.0.0.1

if necessary (e.g. for firewall exceptions) disable IPv6 privacy extensions in /etc/dhcpcd.conf: change slaac private to slaac hwaddr

Users, Passwords and Authentication

optional: change password of default pi user: passwd
create new user for regular usage: sudo adduser mynewuser
set password: sudo passwd mynewuser
check groups of pi user groups pi and add your new user to the same groups, except the pi group: sudo usermod mynewuser -a -G group1,group2,group3 (comma-separated, no whitespaces!)
switch to new user
remove pi user from sudo and adm group: sudo deluser pi sudo, sudo deluser pi adm
remove from /etc/sudoers.d/ the file for the pi user or rename and edit it for your new user
Send over your ssh pub key: (on your local machine)ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
alternatively, if password authentication is already disabled:
- (on pi machine) create .ssh dir with 700 permisisons in home folder: install -d -m 700 ~/.ssh
- copy-paste your local machine's public key: vim ~/.ssh/authorized_keys, copy-paste, chmod 600 ~/.ssh/authorized_keys
- test login via key authentication
edit /etc/ssh/sshd_config, make sure the following is set:
```
PermitRootLogin no
PasswordAuthentication no
```
restart now or later (to let the new ssh daemon settings become effective)

Dotfiles

If you have your personal dotfiles, then grab them now, e.g.:

git clone https://github.com/ronau/dotfiles

and configure them as necessary

ronau/Raspi-Setup.md