Rpi-ting
Some Raspberry Pi security and minimum SD card writing
Kred to Torkel and his tremendous work with WOSPi. Take a look at: http://meteo.annoyingdesigns.com
Download and install Raspbian LITE image.
Copy the “LITE” to SD card with Win32DiskImager
Add an empty file with name “ssh” without extension. That gives you ssh access (headless boot).
If you need to login to a wireless network upon boot add i file called wpa_supplicant.conf
and with the following content
country=NO
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid=”steinsland.net”
scan_ssid=1
psk=”xxyy”
key_mgmt=WPA-PSK
}
Find your Raspberry IP “Advanced IP Scanner” is a good tool, and Connect with “Putty” user:pi PW: raspberry
sudo raspi-config
Expand file
Internationalisation options
At least set your timezone.
Boot options
Do not start the desktop GUI (B1)
Require the user to log in. (B1)
Advanced options
Enable the SSH server.
Require the user to log in.
exit
sudo reboot
Replase user pi with your own:
You should end up with two accounts
root and let us call it hes
Set a new strong root pw:
sudo passwd root
Add the new user
groups
give you a list similar to this:
pi adm dialout cdrom sudo audio video plugdev games users input netdev gpio i2c spi
Make a command and make use of your listing above:
First:
sudo adduser hes
Then:
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi hes -s /bin/bash
Now, deleting the pi user account
Logout
Login as the new user
sudo deluser -remove-home pi
Poff to pi….
Time for update
sudo apt update
sudo apt upgrade
Some Enter’s and a “q”
Som software of your choice..
sudo apt install coreutils zip mc
Or the most of the software:
sudo apt install coreutils zip mc sudo apache2 php libapache2-mod-php mysql-server php-mysql python-configobj python-cheetah python-imaging python-serial python-usb mysql-client python-mysqldb ftp python-dev python-pip imagemagick perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python -y
sudo pip install pyephem
OK, time to minimize access to SD card
sudo dphys-swapfile swapoff
sudo nano /etc/fstab
Insert those tree lines on top of the file:
tmpfs /var/tmp tmpfs nodev,nosuid,noatime,size=50M 0 0
tmpfs /tmp tmpfs defaults,noatime,nosuid 0 0
tmpfs /var/log tmpfs defaults,noatime,nosuid 0 0
check that ext4 filesystem have “noatime” parameter.
sudo /etc/init.d/rsyslog stop
sudo rm -Rf /tmp/*
sudo rm -Rf /var/log/*
sudo rm /var/tmp/*
sudo mount -a
sudo /etc/init.d/rsyslog start
After reboot your Apache web server will not start. That is because there is no temp folders left in the RAM-disk. We need to make those temp folders and restart Apache.
sudo nano setup-tmp-for-apache.sh
Add those tree lines:
#!/bin/bash
sudo mkdir /var/log/apache2
sudo /etc/init.d/apache2 restart
Make the script executable:
sudo chmod +x setup-tmp-for-apache.sh
Make it run at boot time:
sudo crontab -e
At the end, add:
@reboot /home/hes/setup-tmp-for-apache.sh
That’s it!
LAMP:
sudo apt-get install apache2 -y
sudo apt-get install php libapache2-mod-php -y
sudo apt-get install mysql-server php-mysql -y
sudo service apache2 restart
Preperation for weewx weathersoftware:
# required packages:
sudo apt-get install python-configobj
sudo apt-get install python-cheetah
sudo apt-get install python-imaging
# required if hardware is serial or USB:
sudo apt-get install python-serial
sudo apt-get install python-usb
# required if using MySQL:
sudo apt-get install mysql-client
sudo apt-get install python-mysqldb
# required if using FTP on Raspbian systems:
sudo apt-get install ftp
# optional for extended almanac information:
sudo apt-get install python-dev
sudo apt-get install python-pip
sudo pip install pyephem
Some weewx tip:
Setting up WeeWX with a Raspberry PI
Imagemagic is magic!
sudo apt-get install imagemagick
For Webmin:
Install dependencies:
su
apt install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python
Find latest version and note the number:
https://sourceforge.net/projects/webadmin/files/webmin/
Build the command, replace bold/italic number with latest version:
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.981_all.deb
dpkg -i webmin_1.981_all.deb
rm webmin_1.981_all.deb
Node Red:
One long command:
bash <(curl -sL https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/update-nodejs-and-nodered)
Mosquitto MQTT Broker:
sudo wget http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key
sudo apt–key add mosquitto–repo.gpg.key cd /etc/apt/sources.list.d/
sudo wget http://repo.mosquitto.org/debian/mosquitto-wheezy.list
sudo apt–get install mosquitto mosquitto–clients python–mosquitto
To start and stop:
sudo /etc/init.d/mosquitto stop
sudo /etc/init.d/mosquitto start
Now you need to enable mosquitto broker running in background. This is very important step as if you don’t do this, your broker will not be initiated.
sudo mosquitto -d
Now your mqtt broker is up and running
Test your MQTT Server
Testing your MQTT server is easy! If you had installed mosquitto client, this step would not be a problem for you
First open 2 new Putty sessions on your windows PC. Let’s call them Putty1 and Putty2 respectively. We will create and subscribe to a specific topic on Putty1 and we will subscribe and publish the message on Putty2. This should let us see this message on Putty1.
To create and subscribe the topic on Putty1 type and enter the following command
mosquitto_sub -t santronix_mqtt/topic
In this case santronix_mqtt/topic is the topic we have created but in your case you can use any. The same topic will be used to publish the message to broker.
If everything goes fine then there wouldn’t be any error message. Now go to Putty2 and try publishing the message to the same topic
mosquitto_pub -t santronix_mqtt/topic -m “Hello World!”
What it does is, it publishes the message “Hello World!” to topic santronix_mqtt/topic on our Pi’s broker. As soon as you type and press enter, you would see the same message appearing in Putty1.
Make it run at boot time:
sudo nano run_mosqitto_at_startup.sh
Add those tree lines:
#!/bin/bash
sudo /etc/init.d/mosquitto start
sudo mosquitto -d
Make the script executable:
sudo chmod +x mosqitto_at_startup.sh
Make it run at boot time:
sudo crontab -e
At the end, add:
@reboot /home/hes/mosqitto_at_startup.sh
That’s it!
Teamviewer
wget https://download.teamviewer.com/download/linux/teamviewer-host_armhf.deb
sudo dpkg -i teamviewer-host_armhf.deb
sudo apt-get update
sudo apt-get -f install
sudo reboot now
sudo teamviewer setup
teamviewer info (For ID-etc.)
Type “teamviewer help” for more details
If you Have a Display/Monitor and GUI Access
You can simply open the TeamViewer from the menu -> Internet -> TeamViewer or if it’s already running then you can see the little TeamViewer logo in the top taskbar.
Note down the ID and Password. Now you can connect to your Raspberry Pi from anywhere.
From the settings menu, you can also set up unattended access and set a permanent password to access it.
For Headless Access
Connect to your Raspberry Pi via SSH.
To find out the id, you can type “teamviewer info” or to setup headless access you can type “sudo teamviewer setup”.
Hardware Clock
sudo nano /boot/config.txt
Add to the end:
dtoverlay=i2c-rtc,ds3231
Save it and run sudo reboot to start again. Log in and run
sudo i2cdetect -y 1
to see the UU show up where 0x68 should be
Disable the “fake hwclock” which interferes with the ‘real’ hwclock
sudo apt-get -y remove fake-hwclock
sudo update-rc.d -f fake-hwclock remove
sudo systemctl disable fake-hwclock
Now with the fake-hw clock off, you can start the original ‘hardware clock’ script.
Run sudo nano /lib/udev/hwclock-set and comment out these three lines:
#if [ -e /run/systemd/system ] ; then
# exit 0
#fi
You can see, the date at first is invalid! You can set the correct time easily. First run date to verify the time is correct. Plug in Ethernet or WiFi to let the Pi sync the right time from the Internet. Once that’s done, run sudo hwclock -w to write the time, and another sudo hwclock -r to read the time
Once the time is set, make sure the coin cell battery is inserted so that the time is saved. You only have to set the time once
That’s it! Next time you boot the time will automatically be synced from the RTC module
OpenVPN
sudo apt install openvpn
1. generer fil fra router
2. kopier til /etc/openvpn (og kall den client.conf)
3. rediger client.conf – bak auth-user-pass skriv auth.txt
4. lag fil /etc/openvpn/auth.txt – skal inneholde brukernavn på første linje, passord på andre
Debian 10 preperation
Install debian
Make sudo function the normal way:
su
apt-get update
apt-get install sudo
exit
su –
visudo
Under sudo section add:
%user ALL=(ALL:ALL) ALL (where “user” is the user you would add ex. hes)