Skip to content

Instantly share code, notes, and snippets.

@isac322

isac322/init-raspi-zero.bash

Last active January 30, 2020 16:22
Show Gist options
  • Save isac322/0c0a2afee68a3f4cedc6ed500f5243f2 to your computer and use it in GitHub Desktop.
Save isac322/0c0a2afee68a3f4cedc6ed500f5243f2 to your computer and use it in GitHub Desktop.
Download ZIP
Archlinux initialization script for Raspberry Pi zero
Raw
init-raspi-zero.bash
#!/usr/bin/env bash
set -ex
USER_NAME='bhyoo'
HOST_NAME='raspi-zero'
pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syu base base-devel git zsh vim --noconfirm
userdel -r alarm
useradd -m -G wheel,storage -s "$(command -v zsh)" -u 1000 ${USER_NAME}
echo "password for ${USER_NAME}"
passwd ${USER_NAME}
echo "password for root"
passwd root
sed /etc/sudoers -i -Ee 's/^\s*#\s*%wheel\s*ALL=\(ALL\)\s*ALL$/%wheel\tALL=(ALL)\tALL/'
echo "$HOST_NAME" >/etc/hostname
ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
# Select appropriate locale
locales=('en_US.UTF-8' 'ko_KR.UTF-8')
for locale in "${locales[@]}"; do
sed -Ei "s/#(${locale}.*)/\1/" /etc/locale.gen
done
echo 'LANG=ko_KR.UTF-8' >/etc/locale.conf
locale-gen
# setup shell & install yay
packages=(
'oh-my-zsh-git'
'zsh-history-search-multi-word-git'
'zsh-fast-syntax-highlighting-git'
'zsh-autosuggestions'
'zsh-completions'
'zsh-theme-powerlevel10k-git'
'alias-tips-git'
'ssh-audit'
'pkgfile'
'pygmentize' # for colorize plugin of oh-my-zsh
'r8152-dkms'
'linux-raspberrypi-headers'
)
su "${USER_NAME}" -c "mkdir /home/${USER_NAME}/yay"
cd /home/"${USER_NAME}"/yay
su "${USER_NAME}" -c 'git clone https://aur.archlinux.org/yay.git .'
su -P "${USER_NAME}" -c 'makepkg -cirs --noconfirm && yay -S '"${packages[*]}"' --noconfirm --removemake && cp /usr/share/oh-my-zsh/zshrc ~/.zshrc'
rm -rf /home/"${USER_NAME}"/yay
{
echo ''
echo 'source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh'
echo 'source /usr/share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh'
echo 'source /usr/share/zsh/plugins/history-search-multi-word/history-search-multi-word.plugin.zsh'
echo 'source /usr/share/zsh/plugins/alias-tips/alias-tips.plugin.zsh'
echo 'source /usr/share/zsh-theme-powerlevel10k/powerlevel10k.zsh-theme'
} >>/home/"${USER_NAME}"/.zshrc
plugins=(
'colored-man-pages'
'colorize'
'command-not-found'
'extract'
'sudo'
'tmux'
'vundle'
'docker'
'git'
'pip'
'python'
'virtualenv'
'archlinux'
'systemd'
)
perl -0777 -i -pe 's/^\s*plugins\s*=\s*\([^)]*\)$/plugins=('"${plugins[*]}"')/gm' /home/"${USER_NAME}"/.zshrc
# setup udisks2 & ufw (firewall)
pacman -Syu udisks2 ufw --noconfirm
systemctl enable udisks2.service ufw.service pkgfile-update.timer --now
ufw --force enable
ufw default deny
ufw limit ssh
ufw logging on
# setup sshd
function modify_sshd_config() {
local val="$1"
shift
local cfg_path='/etc/ssh/sshd_config'
local exprs=()
for key in "$@"; do
if grep -qE "^\s*#\s*${key}\s+${val}\s*$" "$cfg_path"; then
exprs+=(-e "s/^\s*#\s*${key}\s+.+$/${key} ${val}/")
else
exprs+=(-e "s/^\s*#\s*${key}\s+(.+)$/${key} ${val}\t# \1/")
fi
done
sed -i -E "${exprs[@]}" "$cfg_path"
}
modify_sshd_config 'no' 'PermitEmptyPasswords' 'PermitRootLogin' 'PasswordAuthentication' 'Compression'
modify_sshd_config 'yes' 'PubkeyAuthentication' 'StrictModes'
modify_sshd_config '5' 'MaxAuthTries'
# install pacakges for maintainence
pacman -Syu htop tmux powertop lshw --noconfirm
# setup vim
# setup pi-hole
su "${USER_NAME}" -P -c "yay -S pi-hole-server php-sqlite nginx-mainline php-fpm --noconfirm --removemake"
systemctl disable systemd-resolved.service --now
sed -i -E -e 's/^\s*#\s*DBINTERVAL\s*=\s*.+$/DBINTERVAL=60.0/' /etc/pihole/pihole-FTL.conf
systemctl enable pihole-FTL.service --now
function join_by() {
local IFS="$1"
shift
echo "$*"
}
exceptions=(
'/srv/http/pihole'
'/run/pihole-ftl/pihole-FTL.port'
'/run/log/pihole/pihole.log'
'/run/log/pihole-ftl/pihole-FTL.log'
'/etc/pihole'
'/etc/hosts'
'/etc/hostname'
'/etc/dnsmasq.d/02-pihole-dhcp.conf'
'/etc/dnsmasq.d/03-pihole-wildcard.conf'
'/etc/dnsmasq.d/04-pihole-static-dhcp.conf'
'/proc/meminfo'
'/proc/cpuinfo'
'/sys/class/thermal/thermal_zone0/temp'
'/tmp'
)
sed -i -E -e 's/^\s*;\s*extension=(pdo_sqlite|sockets|sqlite3)\s*$/extension=\1/' /etc/php/php.ini
sed -i -E -e "s/^\s*;\s*open_basedir\s*=\s*.*$/open_basedir = ${$(join_by : "${exceptions[@]}")//\//\\/}/" /etc/php/php.ini
sed -i -E -e 's/^(\s*listen\s*=\s*.+)$/;\1\nlisten = 127.0.0.1:9000/' /etc/php/php-fpm.d/www.conf
# TODO: setup /etc/nginx/nginx.conf (https://wiki.archlinux.org/index.php/Pi-hole#Nginx_instead_of_Lighttpd)
mkdir /etc/nginx/conf.d
cp /usr/share/pihole/configs/nginx.example.conf /etc/nginx/conf.d/pihole.conf
systemctl enable nginx.service php-fpm.service --now
# TODO: setup hosts file (https://wiki.archlinux.org/index.php/Pi-hole#Update_hosts_file)
echo 'setup password for pi-hole'
pihole -a -p
@isac322
Copy link
Author

isac322 commented Nov 13, 2019

https://wiki.archlinux.org/index.php/Pi-hole#Optimise_for_solid_state_drives

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment