Checklist for setting up a Raspberry Pi

Raspi-Setup.md

Raspberry Pi (4) Basic Setup

This manual describes how to setup a Raspberry Pi with a little bit of sane default configs.

This is a revamped version of this gist, this time focusing on the setup of the Pi only.

Install and run Raspbian on an SSD

https://lillyoperations.com/how-to/how-to-install-raspberry-pi-os-on-a-ssd/

If you want to enable USB boot, then you have to update the bootloader first: https://pimylifeup.com/raspberry-pi-bootloader/

Basic Raspi configuration after first start

• run sudo raspi-config and do stuff like
  • set locale
  • set hostname
  • enable sshd (if not enabled already through Raspbian installation, e.g. via Raspberry Pi Imager)
  • expand filesystem
  • enable predictable network interface names

You may have to reboot after finishing with this tool.

Update system

sudo apt update
sudo apt upgrade
sudo apt install rpi-update
sudo rpi-update
sudo reboot

Ease of use stuff

• add to .bashrc:

alias l='ls -lAF --color=auto'
alias ll='ls -laF --color=auto'

• useful stuff: sudo apt install curl wget ca-certificates git dnsutils vim gnupg

Network Setup

via Network Manager (Debian bookworm)

As of Debian bookworm, network manager (nm) is used by default for network configuration.

• either via nmtui (Network Manager Text User Interface)
• or via nmcli (requires sudo or acting as root):
  • nmcli connection show shows existing connections
  • sudo nmcli con mod {UUID} connection.id {NAME} to rename the connection
  • nmcli con mod end0 ipv4.addresses 10.0.0.100/24
  • nmcli con mod end0 ipv4.gateway 10.0.0.1
  • nmcli con mod end0 ipv4.dns 10.0.0.1
  • ... whatever you wanna config additionally
• or via config file sudo vim /etc/NetworkManager/system-connections/end0.nmconnection

Example config file:

[connection]
id=end0
uuid=b1cd82d8-4a24-3a0c-9b19-f50c1057adec
type=ethernet
autoconnect-priority=0
interface-name=end0
timestamp=1719945942

[ethernet]

[ipv4]
method=manual
addresses={e.g. 10.0.0.100/24}
gateway={e.g. 10.0.0.1}
dns={e.g. 10.0.0.1}

[ipv6]
# addr-gen-mode 0 means EUI64-based (=MAC) SLAAC
addr-gen-mode=0
method=auto
dns={IPv6 of DNS, e.g. fd00:c0f:fee:1::1/64}
# ip6-privacy=0 to disable temporary addresses
ip6-privacy=0

[proxy]

After changing the network configuration, it makes sense to reboot: sudo reboot

via dhcpcd.conf (pre Debian bookworm)

• set static ipv4 address in /etc/dhcpcd.conf:

interface eth0
static ip_address=10.0.0.100/24
static routers=10.0.0.1
static domain_name_servers=10.0.0.1

• if necessary (e.g. for firewall exceptions) disable IPv6 privacy extensions in /etc/dhcpcd.conf: change slaac private to slaac hwaddr

Users, Passwords and Authentication

• optional: change password of default pi user: passwd
• create new user for regular usage: sudo adduser mynewuser
• set password: sudo passwd mynewuser
• check groups of pi user groups pi and add your new user to the same groups, except the pi group: sudo usermod mynewuser -a -G group1,group2,group3 (comma-separated, no whitespaces!)
• switch to new user
• remove pi user from sudo and adm group: sudo deluser pi sudo, sudo deluser pi adm
• remove from /etc/sudoers.d/ the file for the pi user or rename and edit it for your new user
• Send over your ssh pub key: (on your local machine)ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
• alternatively, if password authentication is already disabled:
  • (on pi machine) create .ssh dir with 700 permisisons in home folder: install -d -m 700 ~/.ssh
  • copy-paste your local machine's public key: vim ~/.ssh/authorized_keys, copy-paste, chmod 600 ~/.ssh/authorized_keys
  • test login via key authentication
• edit /etc/ssh/sshd_config, make sure the following is set:

  PermitRootLogin no
  PasswordAuthentication no
  

• restart now or later (to let the new ssh daemon settings become effective)

Dotfiles

If you have your personal dotfiles, then grab them now, e.g.:

git clone https://github.com/ronau/dotfiles

and configure them as necessary