Skip to content

Instantly share code, notes, and snippets.

@martycagas

martycagas/setup.md

Last active February 23, 2021 01:09
Show Gist options
  • Save martycagas/accedd054613dd3799316ff4ce25c725 to your computer and use it in GitHub Desktop.
Save martycagas/accedd054613dd3799316ff4ce25c725 to your computer and use it in GitHub Desktop.
Download ZIP
"Embedded" Raspberry Pi Setup
Raw
setup.md

"Embedded" Raspberry Pi Setup Steps

Steps to configure a new Raspbian Lite image to work with my Pi-based embedded projects. This is a documentation of the entire process so that my goldfish brain could remember and reproduce it again in the future. All of these steps (are) will be automated in the setup.sh script soon:tm:.

Both Python 2 and 3 are included as part of Raspbian by default.

1. Change password

passwd

2. Change keyboard layout

In /etc/default/keyboard alter the XKBLAYOUT="gb" to "us", then sudo reboot.

3. Configure hostname

In /etc/hosts and /etc/hostname change both occurences of raspberrypi to the desired hostname ("embeddedpi" in our case), then sudo reboot.

Restarting hostname services should work most of the time, except for the times it doesn't, so I'm just too tired to bother trying...

4. Make a second user

sudo adduser embedded
sudo adduser embedded sudo

... and verify with sudo su as the new user.

Now either delete the pi user or disable them access to SSH after it is enabled later.

sudo deluser pi

5. Make sudo require a password

In /etc/sudoers.d/010_pi-nopasswd change NOPASSWD to PASSWD and add another line embedded ALL=(ALL) PASSWD: ALL.

(Optional) 6. Connect to a wireless network

Set up priority connection to a laptop's hotspot (in this case "embeddedlink" will be used for the hotspot's SSID) for easy remote terminal anywhere using wpa_passphrase:

wpa_passphrase "embeddedlink" >> /etc/wpa_supplicant/wpa_supplicant.conf

Repeat for your current (home) network.

Edit /etc/wpa_supplicant/wpa_supplicant.conf to:

  1. Remove original pre-shared keys (passwords)
  2. Add priority=1 to the embeddedlink network, priority=2 to the home network.
  3. Add id_str entries if you will.

Force wpa_supplicant to re-read the configuration:

wpa_cli -i wlan0 reconfigure

Verify the correct connection by checking inet_addr field in ifconfig wlan0.

(Alternative) 6. connect via Ethernet

...

(Optional) 7. Disable IPv6

sudo bash -c "echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf"

8. Update everything

Standard update using apt-get:

sudo bash -c "apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get clean"

9. Install additional packages

Install python, python3, build-essential, bzr, cvs, gawk, gcc, gdb, gettext, git, git-core, libssl-dev, subversion, unzip, vim and zip:

sudo apt-get -y install python python3 build-essential bzr cvs gawk gcc gdb gettext git git-core libssl-dev subversion unzip vim zip

Most of these come pre-installed, apt-get will then set them as manually installed instead.

10. Set up UFW

Get a working firewall:

sudo apt-get -y install ufw
sudo ufw enable

Set up the firewall rules:

sudo ufw allow 22/tcp
#sudo ufw allow 80/tcp
#sudo ufw allow 80/udp
#sudo ufw allow 443/tcp

11. Configure SSH

Enable the SSH itself:

sudo systemctl enable ssh
sudo systemctl start ssh

Then configure SSH policies. In /etc/ssh/sshd_config add the AllowUsers embedded entry:

sudo bash -c 'echo "AllowUsers embedded" >> /etc/ssh/sshd_config'
Raw
setup.sh
#!/bin/bash
# :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment