Notes on my Raspberry Pi server config
This describes how I installed and configured my Raspberry Pi model B (512MB).
The Pi is mainly used as SSH jump host, IRC client, Git server, backup fileserver, etc. It doesn't need stellar performance, it just has to be cheap, low in power usage, and secure.
Raspbian on encrypted root
Raspbian (Wheezy) is installed on an encrypted root filesystem (everything except
/boot and swap), located on an 16GB SanDisk Extreme SDHC class 10 memory card. Unfortunately, this cannot be done directly from the Raspbian installer and takes some more effort.
Then I mostly followed this guide: Using an Encrypted Root Partition with Raspbian
Note that after every kernel update (e.g., by updating the
raspberrypi-bootloader package or by running
rpi-update), we have to run
mkinitramfs -o /boot/initramfs.gz <version> where
<version> is the new kernel version (
mkinitramfs defaults to the running kernel).
This is my first Raspberry Pi and I never did anything else with it, so I cannot speak for the performance degradation due to the encrypted filesystem. All I can say is performance is adequate for my needs.
(Note: It might be a good idea to take a complete snapshot of the memory card every now and then, since this all can take a while.)
Attached encrypted USB disk
Attached is a 3TB USB2 disk (with external power supply, since the Pi's USB ports will not power a spinning disk). The filesystem is encrypted (again, with a cipher and key size the Pi's version of cryptsetup can handle) and automatically opened on boot.
Create a keyfile for opening the disk and store it on the encrypted root filesystem:
sudo cryptsetup luksAddKey /dev/sdc1 /root/elements.key
Add this line to
/dev/mapper/elements /data ext4 noatime,defaults 0 2
Add this line to
elements UUID=1d2c3454-13b2-432c-96b8-xxxxxxxxxxxxx /root/elements.key luks
Build packages from Wheezy backports
For some packages, I need (or want) versions that are not available in current Wheezy, but are in Wheezy Backports. This repository is not ported to Raspbian and it is recommended to build packages from external sources yourself, either on the Pi itself, or on a faster machine by cross building.
The easiest way to build a package from Wheezy backports on the Pi is as follows. Add the source repository to
deb-src http://ftp.debian.org/debian/ wheezy-backports main
And add the backports public key:
gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553 gpg -a --export 8B48AD6246925553 | sudo apt-key add -
Let's say we need package
$VERSION (an easy way to see what's available in which release is to go to
http://packages.debian.org/$PACKAGE). First install the build dependencies:
apt-get build-dep "$PACKAGE=$VERSION"
Then get the package source and compile it:
apt-get source "$PACKAGE=$VERSION" cd $PACKAGE* dpkg-buildpackage
Install the package:
dpkg -i $PACKAGE*.deb
(If any of the dependencies are also unavailable in Raspbian, you might have to recursively repeat this process a number of times.)
Building Haskell packages from source
I used the above approach to build git-annex from Wheezy backports, but this initially failed due to insufficient memory on the Pi. This can be worked around by instructing GHC to use less optimizations and separate the compile and link phases. Change the
$(CABAL) build line in the
Makefileto the following before running
$(CABAL) build --ghc-options="-O0 -c" && $(CABAL) build --ghc-options="-O0 -optl -O0"
Entropy for the random number generator
One of the things I use the Pi for is as an IRC client using irssi and irssi-otr. Generating a key for OTR can take a very long time since the Pi has almost no sources of entropy for
Fortunately, it has a hardware random number generator. Then it still took me a very long time, so it might also help to temporarily attach a USB mouse and move it around a bit.
For my own reference, this is a random list of some packages I usually install on a new machine:
screen subversion git git-annex bash-completion denyhosts apticron ufw emacs emacs-goodies-el