Raspberry Pi setup#
Bought a Raspberry Pi 4 model B with 2 GB memory.
- on GUI disable wifi, and set boot to cli - apt install iotop vim apache2 libapache2-mod-jk docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3 - a2enmod proxy_http - a2enmod ssl - a2enmod rewrite - /etc/dhcpcd.conf : static IP naar 192.168.2.99 (192.168.2.3 wil niet, kan router al niet pingen) - create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> werkt nog niet goed, de uptimerobot IPs komen niet - echo "syntax on" > ~/.vimrc - mysql: create user 'piwigo_user'@'%' identified by "piwigopswd"; create database piwigo; grant all privileges on piwigo.* to piwigo_user@'%'; - vim /etc/mysql/mariadb.conf.d/50-server.cnf => bind-address to 0.0.0.0 - go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.399 piwigo_user piwigopswd ..... - copy all restored album folders to /appl/piwigo/config/www/gallery/galleries - do the "Tools => Database synchronization with files" on the UI - docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 2080:80 -p 2443:443 -e "IPv6=False" -e "TZ=Europe/Amsterdam" -e "ServerIP=192.168.2.99" -e "VIRTUAL_HOST=www.computerhok.nl:2080" -e "WEBPASSWORD=<see keepass>" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" --restart=unless-stopped --cap-add=NET_ADMIN pihole/pihole:latest - go to http://192.168.2.99:2080/admin/ - tweak the /etc/knockd.conf - systemctl disable avahi-daemon.service - systemctl disable avahi-daemon.sock - remove wpa-supplicant and wireless-tools from /etc/networking - systemctl disable wpa_supplicant
knockd fails on startup#
It fails because eth0 is not yet up. Boot sequence is broken, see also https://www.raspberrypi.org/forums/viewtopic.php?t=187225
Add 3 lines at the end of /lib/systemd/system/knockd.service:
[Unit] Description=Port-Knock Daemon After=network-online.target Documentation=man:knockd(1) [Service] EnvironmentFile=-/etc/default/knockd ExecStart=/usr/sbin/knockd $KNOCKD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed SuccessExitStatus=0 2 15 ProtectSystem=full CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN [Install] WantedBy=multi-user.target Alias=knockd.service
And install the service as indicated by the above link.
systemctl disable knockd.service
systemctl enable knockd.service
network-wait-online-service:
[Unit]
Description=Wait for Network to be Online
Documentation=man:systemd.service(5) man:systemd.special(7)
Conflicts=shutdown.target
After=network.target
Before=network-online.target
[Service]
Type=oneshot
ExecStart= \
/bin/bash -c 'ifconfig eth0;sleep 20;ifconfig eth0'
TimeoutStartSec=1min 30s
[Install]
WantedBy=network-online.target
Backup#
For now I run the following script from my MacOS (and upload to stack after that).
#!/bin/sh # # ssh pi@apollo sudo tar cf - /appl/piwigo/config/www/gallery/galleries > /Users/metskem/Downloads/backup-apollo-fotos.tar ssh pi@apollo sudo tar czf - --exclude=/var/jspwiki/logs --exclude=/usr/local/tomcat/logs --exclude=/usr/local/tomcat/work --exclude=/usr/local/tomcat/temp /home/pi /etc /var/jspwiki > /Users/metskem/Downloads/backup-apollo-rest.tarThen manually upload this backup file to https://metskem.stackstorage.com/
CA cert trust#
For dhmb to trust computerhok-https...
mkdir /usr/share/ca-certificates/local vi computerhok-ca.crt. #. copy the contents in here dpkg-reconfigure ca-certificates. # interactive, should show 1 new cert
Install more recent version of golang#
cd /tmp curl -LO https://golang.org/dl/go1.15.5.linux-arm64.tar.gz tar -xzf go1.15.5.linux-arm64.tar.gz mv go /usr/share/go-1.15.5 cd /usr/share rm go ln -s go-1.15.5 go cd /usr/bin rm go gofmt ln -s /usr/share/go/bin/go go ln -s /usr/share/go/bin/gofmt gofmt