Steps to configure a new Raspbian Lite image to work with my Pi-based embedded projects. This is a documentation of the entire process so that my goldfish brain could remember and reproduce it again in the future. All of these steps (are) will be automated in the setup.sh script soon:tm:.
Both Python 2 and 3 are included as part of Raspbian by default.
passwd
In /etc/default/keyboard
alter the XKBLAYOUT="gb"
to "us"
, then sudo reboot
.
In /etc/hosts
and /etc/hostname
change both occurences of raspberrypi
to the desired hostname ("embeddedpi" in our case), then sudo reboot
.
Restarting hostname services should work most of the time, except for the times it doesn't, so I'm just too tired to bother trying...
sudo adduser embedded
sudo adduser embedded sudo
... and verify with sudo su
as the new user.
Now either delete the pi
user or disable them access to SSH after it is enabled later.
sudo deluser pi
In /etc/sudoers.d/010_pi-nopasswd
change NOPASSWD
to PASSWD
and add another line embedded ALL=(ALL) PASSWD: ALL
.
Set up priority connection to a laptop's hotspot (in this case "embeddedlink" will be used for the hotspot's SSID) for easy remote terminal anywhere using wpa_passphrase
:
wpa_passphrase "embeddedlink" >> /etc/wpa_supplicant/wpa_supplicant.conf
Repeat for your current (home) network.
Edit /etc/wpa_supplicant/wpa_supplicant.conf
to:
- Remove original pre-shared keys (passwords)
- Add
priority=1
to theembeddedlink
network,priority=2
to the home network. - Add
id_str
entries if you will.
Force wpa_supplicant
to re-read the configuration:
wpa_cli -i wlan0 reconfigure
Verify the correct connection by checking inet_addr
field in ifconfig wlan0
.
...
sudo bash -c "echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf"
Standard update using apt-get
:
sudo bash -c "apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get clean"
Install python
, python3
, build-essential
, bzr
, cvs
, gawk
, gcc
, gdb
, gettext
, git
, git-core
, libssl-dev
, subversion
, unzip
, vim
and zip
:
sudo apt-get -y install python python3 build-essential bzr cvs gawk gcc gdb gettext git git-core libssl-dev subversion unzip vim zip
Most of these come pre-installed, apt-get
will then set them as manually installed instead.
Get a working firewall:
sudo apt-get -y install ufw
sudo ufw enable
Set up the firewall rules:
sudo ufw allow 22/tcp
#sudo ufw allow 80/tcp
#sudo ufw allow 80/udp
#sudo ufw allow 443/tcp
Enable the SSH itself:
sudo systemctl enable ssh
sudo systemctl start ssh
Then configure SSH policies. In /etc/ssh/sshd_config
add the AllowUsers embedded
entry:
sudo bash -c 'echo "AllowUsers embedded" >> /etc/ssh/sshd_config'