This is an old revision of the document!
Table of Contents
Base Setup
OS installation
Download PI OS image and follow the image installation steps.
Enable ssh
In order to be able to remote ssh into the server edit the sshd configuration file. And set the following parameters:
# nano /etc/ssh/sshd_config --------------------------- # Authentication: LoginGraceTime 2m AllowUsers root pi PermitRootLogin yes StrictModes yes #MaxAuthTries 6 #MaxSessions 10 --------------------------- # systemctl restart ssh
Networking
/etc/hostname
# nano /etc/hostname -------------------- domoticz
/etc/hosts
# nano /etc/hosts -------------------- 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 127.0.1.1 domoticz
/etc/network/interfaces
# nano /etc/network/interfaces ------------------------------ auto lo eth0 iface lo inet loopback #iface eth0 inet manual iface eth0 inet static address 192.168.178.xx netmask 255.255.255.0 network 192.168.178.0 broadcast 192.168.178.255 gateway 192.168.178.1
resolv.conf
# nano /etc/resolv.conf ----------------------- nameserver 192.168.178.1 nameserver fdaa:66:67:a::1
Migrate Root Filesystem to F2FS
Adjust fstab
# nano /etc/fstab ----------------- proc /proc proc defaults 0 0 PARTUUID=5d3fca68-01 /boot/firmware vfat defaults 0 2 PARTUUID=5d3fca68-02 / f2fs defaults,noatime,nodiratime 0 1 tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=80m 0 0 tmpfs /var/tmp tmpfs defaults,noatime,nosuid,size=30m 0 0
Disable Wifi + Bluetooth
# nano /boot/config.txt ----------------------- [all] dtoverlay=disable-wifi dtoverlay=disable-bt
Disable Services
Let's disable services that are automatically started but we do not need:
systemctl stop NetworkManager systemctl disable NetworkManager systemctl mask NetworkManager systemctl stop serial-getty@ttyAMA0 systemctl disable serial-getty@ttyAMA0 systemctl mask serial-getty@ttyAMA0 systemctl mask avahi-daemon systemctl mask bluetooth.service systemctl mask alsa-state.service systemctl mask triggerhappy systemctl mask wpa_supplicant.service systemctl mask hciuart.service systemctl mask rpi-display-backlight
Set the Welcome Text
# nano /etc/motd ---------------- ______ _ _ | _ \ | | (_) | | | |___ _ __ ___ ___ | |_ _ ___ ____ | | | / _ \| '_ ` _ \ / _ \| __| |/ __|_ / | |/ / (_) | | | | | | (_) | |_| | (__ / / |___/ \___/|_| |_| |_|\___/ \__|_|\___/___|
Locale
For setting up locales see section Locale. On our Home server the configuration should be as follows:
# locale -a --------------- C C.utf8 en_GB.utf8 en_US.utf8 nl_NL.utf8 POSIX # cat /etc/default/locale -------------------------- # File generated by update-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en" LC_TIME="nl_NL.UTF-8" LC_NUMERIC="nl_NL.UTF-8" LC_MONETARY="nl_NL.UTF-8" LC_PAPER="nl_NL.UTF-8"
Apt-Get Update
When getting the following message: “key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details”. It is a warning message. A warning does not stop the procedure. You can continue upgrading your system even if you see this warning message during an update.If you don’t like seeing the warning message, you can take some manual steps to get rid of it. Import the key:
# apt-key list
--------------
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2012-04-01 [SC]
A0DA 38D0 D76E 8B5D 6388 7281 9165 938D 90FD DD2E
uid [ unknown] Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <mpthompson@gmail.com>
sub rsa2048 2012-04-01 [E]
/etc/apt/trusted.gpg.d/raspberrypi-archive-stable.gpg
-----------------------------------------------------
pub rsa2048 2012-06-17 [SC]
CF8A 1AF5 02A2 AA2D 763B AE7E 82B1 2992 7FA3 303E
uid [ unknown] Raspberry Pi Archive Signing Key
sub rsa2048 2012-06-17 [E]
The offending key is the first one (Mike Thompson). You should the last 8 characters (excluding the space) under the line after pub. So from the line “A0DA 38D0 D76E 8B5D 6388 7281 9165 938D 90FD DD2E”, I’ll take the last 8 characters “90FD DD2E”, remove the space and then use it to import the GPG key in its dedicated file under the /etc/apt/trusted.gpg.d directory:
sudo apt-key export 90FDDD2E | sudo gpg –dearmour -o /etc/apt/trusted.gpg.d/mikethompson.gpg
I created a new file mikethompson.gpg here The filename does not matter but it’s good for identification. If the command runs successfully, you won’t see any message. You can verify that by checking if the newly created gpg file exists or not.
Power Saving
- Disable the blinking cursor:Cursor blink off
- Configure PowerTop: Powertop
- Tune ASPM: ASPM on Linux
Install frequently used packages
# apt-get install sudo # apt-get install iputils-ping # apt-get install nano # apt-get install less