#+title: My Raspberry Pi setup * Introduction This is setup with the newer Raspberry Pi OS. While you can make use of it as a reading resource, this document is meant to be used interactively through Org mode to set up a Raspberry Pi that’s connected to the local network (tho first few steps require plugging in the MicroSD card into the computer. This setup is meant to configure a Wi-Fi enabled Raspberry Pi as a backup and network printer/scanner server. My current equipment as of writing this consists of 1) Raspberry Pi 3B (v 1.2) 2) A cheap powerbank capable of simultaneous power I/O (as a makeshift UPS) - See [[https://raspi-ups.appspot.com/][here]] for a more sophisticated setup. There are also purpose-built RPi UPS modules which are probably more reliable. 3) A 1TB Seagate external hard drive with USB connectivity, containing an ext4 partition encrypted with LUKS. The aim is to build a resilient system that tries its best to not corrupt the backups. To achieve this, the external HDD is only mounted during the backup process. This part is achieved by a [[file:scripts/make-backup.bash][script]] that runs on the source system. RPi need not know of the backup software or have it installed for this to work. It is assumed that the RPi’s initial hostname is ~raspberrypi~, which is later changed to ~pi~ in this script. This literate program executes shell and Emacs Lisp scripts, and uses following software: - a POSIX shell, preferably GNU Bash - GNU Coreutils - ~mount(1)~, ~sed(1)~ - iputils (~ping(1)~) - OpenSSH client (~ssh(1)~, ~scp(1)~) - Raspberry Pi OS, Lite image - Borg backup software * Setup process ** Helpers These code blocks are called by others. #+name: ssid #+begin_src elisp (read-string "SSID for RPi network: ") #+end_src #+name: psk #+begin_src elisp (read-string "WPA-PSK passphrase for RPi network: ") #+end_src #+name: pubkey #+begin_src sh :results raw cat ~/.ssh/id_rsa.pub #+end_src #+name: timezone #+begin_src sh echo $TZ #+end_src #+name: user #+begin_src sh echo $USER #+end_src ** Prepare SD card 1) ~dd~ the OS image to the SD card. - This is pretty straight-forward. - But for some reason I couldn’t get USB boot working. 2) Mount the new partitions (rest assumes mounted under ~/media/$USER/{boot,rootfs}~. 3) Prepare for first boot: #+begin_src sh :var SSID=ssid PSK=psk # Enable ssh daemon. touch /media/$USER/boot/ssh # Enable wireless networking. cat > /media/$USER/boot/wpa_supplicant.conf <~ on it. 4) Insert the SD Card into the RPi. - Unmount: #+begin_src sh umount /media/$USER/boot umount /media/$USER/rootfs #+end_src ** Install stuff and prepare for configuration 1) Boot it up. - Check if accessible via mDNS: #+begin_src sh :results output ping -c 1 raspberrypi.local #+end_src 2) Copy over ssh pubkey #+begin_src sh :dir /ssh:pi@raspberrypi.local:~/ :var P=pubkey mkdir -p ~/.ssh echo "$P" >> ~/.ssh/authorized_keys #+end_src 3) Rudimentary setup 1) Make sure to enable SSH, before all #+begin_src sh :dir /ssh:pi@raspberrypi.local:~/ sudo systemctl enable ssh #+end_src 2) Change user password #+begin_src elisp :dir /ssh:pi@raspberrypi.local:~/ :results none (async-shell-command "sudo passwd pi") #+end_src 3) Change hostname #+begin_src sh :dir /ssh:pi@raspberrypi.local: # Will be active after reboot echo xanthippe | sudo tee /etc/hostname #+end_src 4) Install basic packages #+begin_src sh :dir /ssh:pi@raspberrypi.local: sudo apt-get update sudo apt-get upgrade -yqq sudo apt-get install -yqq \ hplip cups-bsd sane mercurial git \ libxml-perl libxml-rss-perl nginx \ udisks2 cryptsetup-bin borgbackup # post-install sudo adduser pi lpadmin sudo adduser pi lp sudo adduser pi saned sudo systemctl enable saned.socket sudo systemctl restart saned.socket #+end_src #+RESULTS: 5) Reboot. *Beware that the hostname changes after this*, the new one is ~xanthippe.local~. 6) Copy over configuration files. This overrites matching files under RPi’s ~/etc~ directory. #+begin_src sh tmp="/tmp/$(mktemp -u pi-etc-XXXXXXXX)" scp -rv etc pi@xanthippe.local:$tmp ssh pi@xanthippe.local cd $tmp \; sudo cp -vr \* /etc #+end_src 7) Restart system services 1) All but network: #+begin_src sh :dir /ssh:pi@xanthippe.local:~ :results output for unit in cups saned.socket nginx; do sudo systemctl restart $unit done #+end_src 2) Network: #+begin_src sh :dir /ssh:pi@xanthippe.local:~ :results output sudo nohup sh -c 'sleep 1; systemctl restart networking' & #+end_src - Check: #+begin_src sh :results output sleep 5 ping -c 3 pi.local #+end_src - Obviously this may fail a couple times if restarting network takes a long time for some reason... ** Configure system *** Set timezone We copy it over from this machine #+begin_src sh :dir /ssh:pi@xsanthippe.local:~ :results output :var _TZ=timezone sudo timedatectl --no-pager set-timezone $_TZ date #+end_src *** Set up the printer and scanner services - Plug in the relevant devices. - Preferably reboot the RPi. **** Printer - Visit [[https://pi.local:631/]] in your browser in order to set up the printer. - If you encounter any SSL errors, don’t mind them. - Follow the [[https://pi.local:631/admin][Administration]] link from the top navigation bar. - Click the _Add Printer_ button. - If it wants to redirect, allow it. - When prompted for password, enter the credential of the user ~pi~ of the RPi. - Select the local USB printer, and hit _Continue_. - In the form that appears after that, make sure to check _Share This Printer_ checkbox, and fill the other fields to your liking. - Hit _Continue_. - In the next screen, select appropriate printer model, and hit _Add Printer_. - You’ll be taken to the _Set Printer Options_ page. Review the settings and hit _Set Default Options_ button. - You should have ended up on the printer details page. At this point you should set up your computer’s printer settings to connect to ~pi.local~. - As I write this I’m using Linux Mint Ulyana 20 which automatically detects and configures the printer. **** Scanner - In order to configure scanner connection, first verify that the RPi does see and has configured the scanner: #+begin_src sh :dir /ssh:pi@xsanthippe.local:~ scanimage -L #+end_src - Append RPi’s FQDN to ~/etc/sane.d/net.conf~. #+begin_src sh :dir /sudo:: echo xsanthippe.local >> /etc/sane.d/net.conf #+end_src #+RESULTS: It might be necessary to insert a line containing ~net~ into ~/etc/sane.d/dll.conf~ in order to enable the net backend (see [[https://wiki.debian.org/SaneOverNetwork]]) - Add your user to the scanner group. #+begin_src sh :dir /sudo:: :var _USER=user :results output usermod -a -G scanner $_USER #+end_src - Add ~saned@xsanthippe.local~ to the ~lp~ group #+begin_src sh :dir /ssh:pi@xsanthippe.local sudo usermod -a -G lp saned #+end_src [[https://askubuntu.com/a/1144795][source]], IDK why exactly this works - Check if worked #+begin_src sh :results output scanimage -L #+end_src *** Backup server In order to be able to do backups with this configuration, set the ~BORG_REPO~ environment variable to something like #+begin_src sh export BORG_REPO=pi@xsanthippe.local:/mnt/Backups #+end_src on the backup source. Then, backups can be made with a command like #+begin_src sh borg create --stats --progress --compression lz4 ::{user}-{now} /igk/ #+end_src which is bound to the alias ~do-backup~ in [[https://github.com/cadadr/configuration][my config]].