Commands to make a RPi3 read-only

RPi3_readonly.sh

# From https://hallard.me/raspberry-pi-read-only/
# DON'T APPLY IT BLINDLY! USE IT AS A GUIDE

apt-get install -y busybox-syslogd; dpkg --purge rsyslog
sed -i 's/rootwait/rootwait fastboot noswap ro/' /boot/cmdline.txt
rm -rf /var/lib/dhcp/ /var/run /var/spool /var/lock /etc/resolv.conf
ln -s /tmp /var/lib/dhcp
ln -s /tmp /var/run
ln -s /tmp /var/spool
ln -s /tmp /var/lock
touch /tmp/dhcpcd.resolv.conf; ln -s /tmp/dhcpcd.resolv.conf /etc/resolv.conf
sed -i 's#PIDFile=/run/dhcpcd.pid#PIDFile=/var/run/dhcpcd.pid#' /etc/systemd/system/dhcpcd5.service
# Missing from the ref link:
sed -i 's#PIDFile=/run/dhcpcd.pid#PIDFile=/var/run/dhcpcd.pid#' /lib/systemd/system/dhcpcd.service
rm /var/lib/systemd/random-seed
ln -s /tmp/random-seed /var/lib/systemd/random-seed
sed -i 's#ExecStart#ExecStartPre=/bin/echo "" >/tmp/random-seed\nExecStart#'  /lib/systemd/system/systemd-random-seed.service
systemctl daemon-reload
vi /etc/fstab
# Add ,ro to /boot and /
# Add tmpfs...
# cat /etc/fstab 
#   proc            /proc           proc    defaults          0       0
#   PARTUUID=b34808f3-01  /boot           vfat    defaults,ro          0       2
#   PARTUUID=b34808f3-02  /               ext4    defaults,noatime,ro  0       1
#   # a swapfile is not a swap partition, no line here
#   #   use  dphys-swapfile swap[on|off]  for that
#   tmpfs           /tmp            tmpfs   nosuid,nodev         0       0
#   tmpfs           /var/log        tmpfs   nosuid,nodev         0       0
#   tmpfs           /var/tmp        tmpfs   nosuid,nodev         0       0
reboot

To change stuffs:

mount -o remount,rw /
...
mount -o remount,ro /