Setup-Raspi-Mobile: Difference between revisions
		
		
		
		Jump to navigation
		Jump to search
		
| Line 276: | Line 276: | ||
|   systemctl disable syslog.socket rsyslog.service |   systemctl disable syslog.socket rsyslog.service | ||
| =Optional  | =Optional keepalive logging= | ||
| *This is just a logging script to see when then the device active | *This is just a logging script to see when then the device active | ||
|   root@raspberrypi:/# cat /home//pi/rbkeepalive.sh |   root@raspberrypi:/# cat /home//pi/rbkeepalive.sh | ||
Revision as of 20:52, 7 August 2021
Disk
- Expand the filesystem after fresh installation
raspi-config - Advanced - Expand Filesystem
Delete docs to get more disk space
sudo rm -rf /usr/share/doc/ sudo rm -rf /usr/share/man/ sudo rm -rf /usr/share/locale/
APT
apt-get update apt-get upgrade
- View packages
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n
- Remove and clean
apt-get remove libraspberrypi-doc --purge apt-get clean apt-get purge apt autoremove
- Install additional packages needed for this project
apt-get install mc autofs iptraf samba samba-common nftables apache2 locate tcpdump ncdu apt-get install hostapd wireless-tools dnsmasq iw bridge-utils cloud-utils lsof
Apapter
- Turn on WiFi and leave Bluetooth off
root@raspberrypi:~# rfkill unblock 0 root@raspberrypi:~# rfkill block 1
root@raspberrypi:~# rfkill ID TYPE DEVICE SOFT HARD 0 wlan phy0 unblocked unblocked 1 bluetooth hci0 blocked unblocked
sysctl
- /etc/sysctl.conf
net.ipv4.ip_forward=1
- Activate
sysctl -p
User/Group
addgroup sambagrp usermod -a -G sambagrp pi
Samba
- Set a password for the pi user
smbpasswd -a pi
- /etc/samba/smb.conf
[global] workgroup = WORKGROUP server string = %h server (Linux) #interfaces = eth0 bind interfaces only = yes log file = /var/log/samba/log.%m panic action = /usr/share/samba/panic-action %d server role = standalone server obey pam restrictions = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = Yes map to guest = Bad User #log level = 4 #To be used for debugging purposes local master = no disable netbios = yes [automnt] comment = automnt path = /automnt valid users = @sambagrp browsable = yes writable = yes read only = no create mask = 0660
- Enable and start smbd, disable nmbd
systemctl enable smbd systemctl restart smbd systemctl stop nmbd systemctl disable nmbd systemctl mask nmbd
AUTOFS/UDEV
- Add config file for our usb sticks
touch /etc/auto.rbusb
- Add to the end of auto.master
echo '/automnt /etc/auto.rbusb --timeout=5 --ghost' >> /etc/auto.master
- Restart
systemctl restart autofs
- Get autofs helper script
wget https://coolgeo.org:/download/scripts/autofs-config.pl -O /usr/local/bin/autofs-config.pl chmod u+x /usr/local/bin/autofs-config.pl
- Add udev rule
echo 'ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd*", ATTRS{vendor}=="*", RUN+="/usr/bin/perl /usr/local/bin/autofs-config.pl"' > /etc/udev/rules.d/90-local.rules
- Reload udev
udevadm control --reload-rules && udevadm trigger
- TEST USB
Apache2/WebDAV
DavLockDB /var/www/DavLock
<Directory "/automnt/">
 Options +Indexes
 Order allow,deny
 Allow from all
 Require all granted
</Directory>
<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /automnt
   Alias /automnt /automnt
   <Directory /automnt>
    DAV On
   </Directory>
   <Directory "/automnt">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
   </Directory>
</VirtualHost>
- Enable WebDAV Mod
a2enmod dav_fs
- Restart
systemctl restart apache2
- Add the PI user to WebDAV
htpasswd -c /etc/apache2/.htpasswd pi
HOSTS
- /etc/hosts
192.168.5.1 raspi raspberry raspberrypi raspap
INIT
- /etc/systemd/system/rbinit.service
[Unit] Description=RaspiMobile Init Script After=network.target [Service] Type=oneshot ExecStart=/usr/sbin/rbinit [Install] WantedBy=multi-user.target
- /usr/sbin/rbinit
#!/bin/bash #Workaround for Ipdads /sbin/ip addr add 192.168.5.1/24 dev eth0:0 /sbin/nft -f /etc/nftables.conf
- Apply the new init script
chmod 755 /usr/sbin/rbinit systemctl enable rbinit.service systemctl start rbinit
NFT
- /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
       chain input {
               type filter hook input priority 0; policy accept;
       }
       chain forward {
               type filter hook forward priority 0; policy accept;
       }
       chain output {
               type filter hook output priority 0; policy accept;
       }
}
table ip nat {
       chain PREROUTING {
               type nat hook prerouting priority -100; policy accept;
       }
       chain INPUT {
               type nat hook input priority 100; policy accept;
       }
       chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
               oif "eth0" masquerade comment "masq for eth0"
               oif "wlan0" masquerade comment "masq for wlan0"
       }
       chain OUTPUT {
               type nat hook output priority -100; policy accept;
       }
}
- Apply
systemctl enable nftables systemctl start nftables
DHCPCD
/etc/dhcpcd.conf
hostname clientid persistent option rapid_commit option domain_name_servers, domain_name, domain_search, host_name option classless_static_routes option ntp_servers require dhcp_server_identifier slaac private nohook lookup-hostname #wlan0 configuration interface wlan0 static ip_address=192.168.4.1/24 static routers=192.168.4.1 gateway
- Apply changes
systemctl daemon-reload systemctl restart dhcpcd.service
DNSMASQ
- /etc/dnsmasq.d/090_wlan0.conf
--------------------------------------------------------- #Raspi-Mobile wlan0 configuration interface=wlan0 dhcp-range=192.168.4.50,192.168.4.255,255.255.255.0,30d ---------------------------------------------------------
- Apply
systemctl enable dnsmasq systemctl restart dnsmasq
HOSTAPD
- /etc/hostapd/hostapd.conf
driver=nl80211 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 auth_algs=1 wpa_key_mgmt=WPA-PSK beacon_int=100 ssid=raspi-mobile channel=1 hw_mode=g ieee80211n=0 wpa_passphrase=raspberry interface=wlan0 wpa=2 wpa_pairwise=CCMP country_code=DE ignore_broadcast_ssid=0
- Apply
systemctl unmask hostapd systemctl enable hostapd systemctl restart hostapd
Disable syslog
- Save disk space and avoid corruptions on the sd card
systemctl stop syslog.socket rsyslog.service systemctl disable syslog.socket rsyslog.service
Optional keepalive logging
- This is just a logging script to see when then the device active
root@raspberrypi:/# cat /home//pi/rbkeepalive.sh #!/bin/bash backup_time=$(date +'%H:%M:%S') log_date=$(date +'%Y%m%d') backup_dir="/tmp/" alive_suffix="-alive.txt" echo "$backup_dir$log_date$alive_suffix Keepalive $backup_time" >> $backup_dir$log_date$alive_suffix
- Crontab, all 10 Minutes
root@raspberrypi:/# crontab -l | grep rbkeepalive.sh */10 * * * * /home/pi/rbkeepalive.sh
OnetTime Disk Expand
- /etc/systemd/system/rbexpanddisk.service
[Unit] Description=RaspiMobile one time disk expand After=network.target [Service] Type=oneshot ExecStart=/usr/sbin/rbexpand [Install] WantedBy=multi-user.target
- Enable the one time service
root@raspberrypi:~# systemctl enable rbexpanddisk
- /usr/sbin/rbexpand
#!/bin/bash #Script to expand the Raspi filesystem. The script checks for the file /tmp/raspi-mobile and will run if the file exists. #After the first run the script will disable its own service (rbexapnd.service) and delete /tmp/raspi-mobile PATH=/sbin:/usr/sbin/:/usr/local/sbin:/bin:/usr/local/bin:/usr/bin: declare LS="Raspi-Mobile:" #LS = LogSuffix declate TriggerFile="/tmp/raspi-mobile" if [ -f $TriggerFile ]; then systemctl enable syslog.socket rsyslog.service systemctl start syslog.socket rsyslog.service logger "$LS Start expanding disk" logger "$LS growpart /dev/mmcblk0 2" growpart /dev/mmcblk0 2 | logger logger "$LS resize2fs /dev/mmcblk0p2" resize2fs /dev/mmcblk0p2 | logger logger "$LS Disable rbexpand" systemctl disable rbexpand.service | logger rm $TriggerFile >/dev/null 2>&1 logger "$LS Disable syslog" systemctl stop syslog.socket rsyslog.service | logger systemctl disable syslog.socket rsyslog.service | logger else logger "$LS Expanding is disabled" fi
chmod u+x /usr/sbin/rbexpand systemctl daemon-reload systemctl enable rbexpanddisk touch /tmp/raspi-mobile
Features
- Neofetch Banner
apt-get install neofetch bash -c $'echo "neofetch" >> /etc/profile.d/mymotd.sh && chmod +x /etc/profile.d/mymotd.sh'
- RaspAP
curl -sL https://install.raspap.com | bash