= Raspberry Pi mit HDD (von NULL an) einrichten = '''1. SD-Karte beschreiben:''' {{{ dd if=/home/hss/Downloads/2020-08-20-raspios-buster-armhf-lite.img of=/dev/mmcblk0 bs=1M }}} Anmerkung: Partition /dev/mmcblk0p1 dient als "BIOS" für den RasPi Daher kann der RasPi nicht ohne diese booten '''2. Die SD-Karte am Laptop mounten''', danach: In der ersten Partition: SSH automatisch starten {{{ touch /media/hss/boot/ssh }}} Timeout für USB-Laufwerke verlängern {{{ echo program_usb_timeout=1 | sudo tee -a /media/hss/boot/config.txt }}} von USB-Laufwerk booten {{{ echo program_usb_boot_mode=1 | sudo tee -a /media/hss/boot/config.txt }}} USB-Strombegrenzung aufheben {{{ echo max_usb_current=1 | sudo tee -a /media/hss/boot/config.txt }}} '''3. Netzwerk konfigurieren:''' Statische IP-Adresse: {{{ echo "interface eth0" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf echo "static ip_address=192.168.151.100/24" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf echo "static routers=192.168.151.1" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf echo "static domain_name_servers=1.0.0.1 1.1.1.1" | sudo tee -a /media/hss/rootfs/etc/dhcpcd.conf }}} '''4. SD-Karte auswerfen und im RasPi booten''' Nutzer "hss" anlegen und "pi" löschen {{{ adduser hss sed -i 's/:pi/:pi,hss/g' /etc/group cp /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_hss-nopasswd sed -i 's/pi/hss/g' /etc/sudoers.d/010_hss-nopasswd exit exit ssh -l hss 192.168.151.100 sudo -s deluser --remove-home pi }}} System-Upgrade {{{ apt-get update apt-get -y upgrade apt-get -y dist-upgrade }}} Hostnamen ändern Trick: {{{ $'\t' ein $'\t\t' zwei s usw. }}} {{{ sed -i 's/raspberrypi/pi3.lan.suhle.de pi3/g' /etc/hosts hostname -b pi3.lan.suhle.de raspi-config --> System Options --> Hostname --> pi3.lan.suhle.de echo " " | sudo tee -a /etc/hosts echo 192.168.150.200$'\t\t'nas.lan.suhle.de$'\t\t'nas | sudo tee -a /etc/hosts echo 192.168.150.222$'\t\t'tv.lan.suhle.de$'\t\t'tv | sudo tee -a /etc/hosts echo 192.168.150.252$'\t\t'fhem.lan.suhle.de$'\t\t'fhem | sudo tee -a /etc/hosts echo 192.168.150.253$'\t\t'fhem2.lan.suhle.de$'\t\t'fhem2 | sudo tee -a /etc/hosts echo 192.168.150.254$'\t\t'pi.lan.suhle.de$'\t\t'pi | sudo tee -a /etc/hosts echo 192.168.150.1$'\t\t'firewall.lan.suhle.de$'\t\t'firewall | sudo tee -a /etc/hosts echo 192.168.150.2$'\t\t'fritz2.lan.suhle.de$'\t\t'fritz2 | sudo tee -a /etc/hosts echo 192.168.151.1$'\t\t'fritz.lan.suhle.de$'\t\t'fritz | sudo tee -a /etc/hosts echo 192.168.151.100$'\t\t'pi3.lan.suhle.de$'\t\t'pi3 | sudo tee -a /etc/hosts echo 192.168.151.100$'\t\t'www.lan.suhle.de$'\t\t'www | sudo tee -a /etc/hosts echo 192.168.151.100$'\t\t'wiki.lan.suhle.de$'\t\t'wiki | sudo tee -a /etc/hosts }}} '''5. RasPi-System auf die USB-HDD bringen und nutzen''' * Raspberry Pi herunterfahren * SD-Karte entnehmen und in das Laptop stecken * USB-HDD am Laptop anschließen Partition /dev/mmcblk0p1 mounten (/media/hss/boot) {{{ cp /media/hss/boot/cmdline.txt /media/hss/boot/cmdline.txt.orig }}} Mit Hilfe von '''blkid''' die PARTUUID der HDD-Partition herausfinden: {{{ /dev/sdb1: UUID="87e21227-3ae5-4767-b332-cea4fdc05a1c" TYPE="ext4" PARTUUID="8b209fef-01" }}} Die PARTUUID der HDD muss in die '''/boot/cmdline.txt''' UND in die '''/rootfs/etc/fstab''' Zum Beispiel: {{{ root@hss-laptop:~# cat /media/hss/boot/cmdline.txt console=serial0,115200 console=tty1 root=PARTUUID=8b209fef-01 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait root@hss-laptop:~# cat /rootfs/etc/fstab proc /proc proc defaults 0 0 PARTUUID=6fa317b9-01 /boot vfat defaults 0 2 PARTUUID=8b209fef-01 / ext4 defaults,noatime 0 1 }}} Dateien auf die USB-HDD schieben: {{{ rsync -axv /media/hss/rootfs/* /media/hss/(sdb1) }}} '''6. SD-Karte und USB-HDD an den RasPi anschließen und booten''' '''7. Mount Point für Daten-Partition erstellen:''' {{{ mkdir /home/usb mount /dev/sda3 /home/usb chown root:users /home/usb chmod 775 /home/usb/ }}} In der /etc/fstab den Eintrag dafür erstellen! Zum Beispiel: {{{ PARTUUID=8b209fef-03 /home/usb ext4 defaults 0 0 }}} '''8. Software installieren''' {{{ apt-get update apt-get install mc vim dnsutils recode rsync -av /home/usb/snapshots_pi3/daily.0/localhost/home/hss/scripts /home/hss/ }}} '''9. ssh-Keys wiederherstellen''' {{{ mv /etc/ssh /etc/ssh.orig rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/ssh /etc/ rsync -av /home/usb/snapshots_pi3/daily.0/localhost/root/.ssh /root/ rsync -av /home/usb/snapshots_pi3/daily.0/localhost/home/hss/.ssh /home/hss/ }}} '''10. Apache, MySQL, PHP installieren''' {{{ apt-get install apache2 libapache2-mod-php php php-mysql mariadb-server libapache2-mod-wsgi mv /var/www/ /var/www.orig rsync -av /home/usb/snapshots_pi3/daily.0/localhost/var/www /var/ mv /etc/apache2/ /etc/apache2.orig rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/apache2 /etc/ rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/letsencrypt /etc/ # certbot/letsencrypt apt-get install snapd snap install core snap refresh core apt-get remove certbot snap install --classic certbot ln -s /snap/bin/certbot /usr/bin/certbot certbot --apache certbot renew --dry-run # phpmyadmin apt-get install phpmyadmin touch /usr/share/phpmyadmin/.htaccess echo "" > /usr/share/phpmyadmin/.htaccess echo $'\t'"" >> /usr/share/phpmyadmin/.htaccess echo $'\t\t'"Require ip 192.168.151.254" >> /usr/share/phpmyadmin/.htaccess echo $'\t\t'"Require all denied" >> /usr/share/phpmyadmin/.htaccess echo $'\t'"" >> /usr/share/phpmyadmin/.htaccess echo "" >> /usr/share/phpmyadmin/.htaccess }}} '''11. Crontab wiederherstellen''' {{{ mv /etc/crontab /etc/crontab.orig rsync -av /home/usb/snapshots_pi3/daily.0/localhost/etc/crontab /etc/ }}} '''12. Syslog-Überschwemmung stoppen''' {{{ echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or \ $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or $msg contains \ "Removed session" or $msg contains "Removed slice User Slice of" or $msg contains "Stopping User Slice of" or $msg contains \ ".scope: Succeeded.") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf systemctl restart rsyslog }}} '''13. Postfix installieren''' {{{ apt-get install postfix libsasl2-modules bsd-mailx # "Internet mit Smarthost" echo relayhost = smtp.1und1.de | sudo tee -a /etc/postfix/main.cf echo smtp_sasl_auth_enable = yes | sudo tee -a /etc/postfix/main.cf echo smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | sudo tee -a /etc/postfix/main.cf echo smtp_sasl_security_options = noanonymous | sudo tee -a /etc/postfix/main.cf echo sender_canonical_maps = hash:/etc/postfix/sender_canonical | sudo tee -a /etc/postfix/main.cf touch /etc/postfix/sasl_password echo smtp.1und1.de hss@suhle.de:GanzGeheimesPasswort | sudo tee -a /etc/postfix/sasl_password chmod 600 /etc/postfix/sasl_password postmap hash:/etc/postfix/sasl_password touch /etc/postfix/sender_canonical echo hss hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical echo root hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical echo www-data hss@suhle.de | sudo tee -a /etc/postfix/sender_canonical postmap /etc/postfix/sender_canonical echo hss@suhle.de > /root/.forward echo hss@suhle.de > /home/hss/.forward chown hss:hss /home/hss/.forward systemctl restart postfix.service echo "Dies ist ein Testmail" | mail -s "Testbetreff" hss@suhle.de }}} '''14. Unattended Upgrades einrichten''' {{{ apt-get install unattended-upgrades touch /etc/apt/apt.conf.d/52unattended-upgrades echo "Unattended-Upgrade::Origins-Pattern {" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades echo "\"origin=Raspbian,codename=${distro_codename},label=Raspbian\";" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades echo "\"origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation\";" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades echo "};" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades echo "Unattended-Upgrade::Automatic-Reboot True;" | sudo tee -a /etc/apt/apt.conf.d/52unattended-upgrades dpkg-reconfigure -plow unattended-upgrades }}}