Raspberry Pi 4 Ubuntu 20.04.1 LTS configuration and provisioning script

.gitignore

*.xz
*.zip
mnt/*

999_decompress_rpi_kernel

DPkg::Post-Invoke {"/bin/bash /boot/firmware/auto_decompress_kernel"; };

auto_decompress_kernel

#!/bin/bash -e

# set variables
BTPATH=/boot/firmware
CKPATH=$BTPATH/vmlinuz
DKPATH=$BTPATH/vmlinux

# check if compression needs to be done
if [ -e $BTPATH/check.md5 ]; then
  if md5sum --status --ignore-missing -c $BTPATH/check.md5; then
    echo -e "\e[32mFiles have not changed, decompression not needed\e[0m"
    exit 0
  else
    echo -e "\e[31mHash failed, kernel will be decompressed\e[0m"
  fi
fi

# backup the old decompressed kernel
mv $DKPATH $DKPATH.bak

if [ ! $? == 0 ]; then
  echo -e "\e[31mDECOMPRESSED KERNEL BACKUP FAILED!\e[0m"
  exit 1
else
  echo -e "\e[32mDecompressed kernel backup was successful\e[0m"
fi

# decompress the new kernel
echo "Decompressing kernel: "$CKPATH"..."

zcat $CKPATH > $DKPATH

if [ ! $? == 0 ]; then
  echo -e "\e[31mKERNEL FAILED TO DECOMPRESS!\e[0m"
  exit 1
else
  echo -e "\e[32mKernel decompressed succesfully\e[0m"
fi

# hash the new kernel for checking
md5sum $CKPATH $DKPATH > $BTPATH/check.md5

if [ ! $? == 0 ]; then
  echo -e "\e[31mMD5 GENERATION FAILED!\e[0m"
else
  echo -e "\e[32mMD5 generated succesfully\e[0m"
fi

exit 0

network-config

version: 2
ethernets:
  eth0:
    dhcp4: false
    optional: true
    addresses: [192.168.0.IPSUFFIX/24]
    gateway4: 192.168.0.1
    nameservers:
      search: [home]
      addresses: [8.8.8.8]

provision

#!/bin/bash -e

if [[ $EUID -ne 0 ]]; then
   echo "Error: This script must be run as root"
   exit 1
fi

if [ -z $1 ] || [ -z $2 ] || [ -z $3 ]; then
  echo "Usage: provision <device> <hostname> <ip-suffix>"
  exit 1
fi

DEV=$1
HOSTNAME=$2
IPSUFFIX=$3

IMAGE=${IMAGE:-ubuntu-20.04.1-preinstalled-server-arm64+raspi.img.xz}
PASSWORD=${PASSWORD:-p@ssw0rD}

PASSWORD_HASH=$(mkpasswd --method=SHA-512 --rounds=4096 "$PASSWORD")
SSH_AUTHORIZED_KEY=$(<~/.ssh/id_rsa.pub)

if [ -z "$SKIP_FLASH" ];
then
  echo "Writing image to /dev/$DEV"
  time xzcat $IMAGE | dd of=/dev/$DEV bs=1M
fi

sync

echo "Mounting /dev/$DEV"

BOOT_VOL=mnt/boot
ROOT_VOL=mnt/rootfs

mkdir -p $BOOT_VOL $ROOT_VOL
mount /dev/${DEV}1 $BOOT_VOL
mount /dev/${DEV}2 $ROOT_VOL

# copy user boot configuration
cp usercfg.txt $BOOT_VOL/

# decompress kernel
zcat $BOOT_VOL/vmlinuz > $BOOT_VOL/vmlinux

# add script to automatically decompress kernel on apt install/upgrade
cp auto_decompress_kernel $BOOT_VOL/
cp 999_decompress_rpi_kernel $ROOT_VOL/etc/apt/apt.conf.d/

# insert cgroup configurations
sed -i "s/rootwait/rootwait cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1/g" $BOOT_VOL/cmdline.txt

# user-data for cloud init
cp user-data $BOOT_VOL/
sed -i "s/HOSTNAME/${HOSTNAME}/g" $BOOT_VOL/user-data
sed -i "s|PASSWORD_HASH|${PASSWORD_HASH}|g" $BOOT_VOL/user-data
sed -i "s|SSH_AUTHORIZED_KEY|${SSH_AUTHORIZED_KEY}|g" $BOOT_VOL/user-data

# networking
cp network-config $BOOT_VOL/
sed -i "s/IPSUFFIX/${IPSUFFIX}/g" $BOOT_VOL/network-config

sync

sleep 2

echo "Unmounting /dev/$DEV"

umount $BOOT_VOL
umount $ROOT_VOL

exit 0

user-data

#cloud-config

hostname: HOSTNAME
manage_etc_hosts: true

groups:
  - k8s

users:
  - name: k8s
    gecos: Kubernetes
    passwd: "PASSWORD_HASH"
    lock_passwd: false
    primary_group: k8s
    groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, videom, k8s]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/bash
    ssh_authorized_keys:
      - "SSH_AUTHORIZED_KEY"

ssh_pwauth: false

package_update: true
package_upgrade: true

usercfg.txt

[pi4]
max_framebuffers=2
gpu_mem=16
boot_delay
dtoverlay=vc4-fkms-v3d
kernel=vmlinux
initramfs initrd.img followkernel