!!! Raspberry Pi setup

Bought a Raspberry Pi 4 model B with 2 GB memory.

{{{
- on GUI disable wifi, and set boot to cli
- apt install iotop vim apache2 libapache2-mod-jk docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3
- a2enmod proxy_http
- a2enmod ssl
- a2enmod rewrite
- /etc/dhcpcd.conf :  static IP naar 192.168.2.99 (192.168.2.3 wil niet, kan router al niet pingen)
- create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> werkt nog niet goed, de uptimerobot IPs komen niet
- echo "syntax on" > ~/.vimrc
- mysql:
	create user 'piwigo_user'@'%' identified by "piwigopswd";
	create database piwigo;
	grant all privileges on piwigo.* to piwigo_user@'%';
- vim /etc/mysql/mariadb.conf.d/50-server.cnf => bind-address to 0.0.0.0
- go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.399 piwigo_user piwigopswd .....
- copy all restored album folders to /appl/piwigo/config/www/gallery/galleries
- do the "Tools => Database synchronization with files" on the UI
- docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 2080:80 -p 2443:443 -e "IPv6=False" -e "TZ=Europe/Amsterdam" -e "ServerIP=192.168.2.99" -e "VIRTUAL_HOST=www.computerhok.nl:2080" -e "WEBPASSWORD=<see keepass>" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" --restart=unless-stopped --cap-add=NET_ADMIN pihole/pihole:latest
- go to http://192.168.2.99:2080/admin/
- tweak the /etc/knockd.conf
- systemctl disable avahi-daemon.service
- systemctl disable avahi-daemon.sock
- remove wpa-supplicant and wireless-tools from /etc/networking
- systemctl disable wpa_supplicant
}}}

!! knockd fails on startup

It fails because eth0 is not yet up. Boot sequence is broken, see also https://www.raspberrypi.org/forums/viewtopic.php?t=187225

Add 3 lines at the end of /lib/systemd/system/knockd.service:

{{{
[Unit]
Description=Port-Knock Daemon
After=network-online.target
Documentation=man:knockd(1)

[Service]
EnvironmentFile=-/etc/default/knockd
ExecStart=/usr/sbin/knockd $KNOCKD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
SuccessExitStatus=0 2 15
ProtectSystem=full
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN

[Install]
WantedBy=multi-user.target
Alias=knockd.service
}}}

And install the service as indicated by the above link.  \\
systemctl disable knockd.service  \\
systemctl enable knockd.service

network-wait-online-service:
{{{
[Unit]
Description=Wait for Network to be Online
Documentation=man:systemd.service(5) man:systemd.special(7)
Conflicts=shutdown.target
After=network.target
Before=network-online.target

[Service]
Type=oneshot
ExecStart= \
    /bin/bash -c 'ifconfig eth0;sleep 20;ifconfig eth0'
TimeoutStartSec=1min 30s

[Install]
WantedBy=network-online.target
}}}

!! Backup

For now I run the following script from my MacOS (and upload to stack after that).

{{{
#!/bin/sh
#
#
ssh pi@apollo sudo tar cf - /appl/piwigo/config/www/gallery/galleries > /Users/metskem/Downloads/backup-apollo-fotos.tar
ssh pi@apollo sudo tar czf - --exclude=/var/jspwiki/logs --exclude=/usr/local/tomcat/logs --exclude=/usr/local/tomcat/work --exclude=/usr/local/tomcat/temp /home/pi /etc /var/jspwiki > /Users/metskem/Downloads/backup-apollo-rest.tar
}}}
Then manually upload this backup file to [https://metskem.stackstorage.com/]

!! CA cert trust

For dhmb to trust computerhok-https...

{{{
mkdir /usr/share/ca-certificates/local
vi computerhok-ca.crt.  #. copy the contents in here
dpkg-reconfigure ca-certificates.  # interactive, should show 1 new cert
}}}