Skip to content

Instantly share code, notes, and snippets.

@ruyadorno

ruyadorno/install-arch-linux-on-a-raspberrypi.md

Last active May 17, 2021 12:11
Show Gist options
  • Save ruyadorno/08a04f5fcb37204767ce0942c9df8f91 to your computer and use it in GitHub Desktop.
Save ruyadorno/08a04f5fcb37204767ce0942c9df8f91 to your computer and use it in GitHub Desktop.
Download ZIP
Install Arch Linux on a RaspberryPi
Raw
install-arch-linux-on-a-raspberrypi.md
  1. (optional) OSX + Virtualbox users need an extra step to format sd card: http://www.geekytidbits.com/mount-sd-card-virtualbox-from-mac-osx/
  2. Head to https://archlinuxarm.org/platforms/armv6/raspberry-pi (Raspberrypi Zero) for instructions on how to get ARMv6 dist of Arch Linux
  3. Plug SD card on Raspbery Pi and boot it up, it should be ready to go
  4. Login to Arch Linux root:
  • user: root
  • pass: root
  1. Create new user:
  • useradd -m -G wheel -s /bin/bash username
  • passwd username
  1. Remove defaul alarm user:
  • userdel alarm
  1. Define new password for root
  • passwd root
  1. Now may be a good point to configure internet
  • Wireless
  • Test if wireless is working: iw dev see if it outputs wlan0 info
  • May need to activate interface with ip link set wlan0 up
  • Test interface with ip link show wlan0
  • Find your wifi iw dev wlan0 scan | less
  • More info on: https://wiki.archlinux.org/index.php/Wireless_network_configuration
  • Setup connection with netctl
  • Disconnect interface from iw ip link set wlan0 down
  • Setup netctl file from example: cp /etc/netctl/examples/wireless-wpa-static /etc/netctl/
  • Get a 256-bit pre-shared key to save instead of plain text password: wpa_passphrase your_essid passphrase
  • Start wlan: netctl start wireless-wpa-static
  • Make it start on boot: netctl enable wireless-wpa-static
  • More info on netctl: https://wiki.archlinux.org/index.php/Netctl#Installation
  1. Replace default ssh port
  • vi /etc/ssh/sshd_config
  • Locate #Port 22 line and replace with whatever port
  1. Setup a stateful firewall
  • Start fresh: iptables-restore < /etc/iptables/empty.rules
  • Create chains:
iptables -N TCP
iptables -N UDP
  • Drop any FORWARD: iptables -P FORWARD DROP
  • iptables -P OUTPUT ACCEPT
  • Drop INPUT by default: iptables -P INPUT DROP
  • Allow established connections: iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  • iptables -A INPUT -i lo -j ACCEPT
  • iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
  • iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
  • Handle TCP/UDP
 iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
 iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
 iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
 iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
  • Reject other protocols: iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
  • Open SSH port: iptables -A TCP -p tcp --dport 22 -j ACCEPT
  • Start iptables: systemctl start iptables
  • Enable it: systemctl enable iptables
  • Complete guide is here: https://wiki.archlinux.org/index.php/Simple_stateful_firewall
  1. Install sudo
  • pacman -S sudo

Save this for future reference

More info on user namanagement: https://wiki.archlinux.org/index.php/users_and_groups#User_management

General setup recommendations: https://wiki.archlinux.org/index.php/general_recommendations

General system maintenance: https://wiki.archlinux.org/index.php/System_maintenance

Raspberry Pi Zero Headless Setup: https://davidmaitland.me/2015/12/raspberry-pi-zero-headless-setup/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment