💾 Archived View for wilw.capsule.town › notes › raspberry-pi.gmi captured on 2024-05-12 at 15:35:52. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-04-19)

-=-=-=-=-=-=-

🏡 Home

Back to notes

Raspberry Pi

Last updated on 09 December 2022

I have a small fleet of Raspberry Pis [1] (mostly the Pi 4 Model B), which I use at home for various tasks.

1

They are all firewalled off and are reachable via Tailscale [2]. A small number of the services they run are also exposed to the local network.

2

What they run

As of the time of writing, services I run on the Pis include the following:

Storage

I use large SSDs (e.g. this one [3]) for the Pis that require extra storage, such as for my photos. These are connected via USB3-SATA cables (such as these [4]).

3

4

Encryption

For sensitive data, I encrypt the enclosing directories using Fscrypt [5]. Follow the instructions on the Arch Wiki.

5

OS

I tend to use Manjaro Linux as an OS for the Pis.

Setup notes

To setup a new Pi I follow this rough guide:

1. Prepare a micro SD card with the chosen OS (e.g. using the official imager [6])

6

1. Boot the Pi

1. Get the IP address (from your router or otherwise) of the Pi

1. SSH into the new OS (default user: `root` with no password)

1. Set-up in the usual way (e.g. create non-root user, harden in usual way)

1. Update all current packages `pacman -Syyu`

1. Install new packages (`pacman -S vim tailscale docker ufw`)

1. Bring up and enable services

1. Configure Tailscale (`tailscale up`)

1. Configure UFW (`ufw allow in on tailscale0`, `ufw default deny`, `ufw enable`)

1. Add non-root user to `docker` group (`usermod -aG docker will`)

1. Pull and run required Docker containers

Note: Make sure to use the `arm64` version of any Docker images required.

Back to notes