💾 Archived View for wilw.capsule.town › notes › raspberry-pi.gmi captured on 2024-05-26 at 14:58:04. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-04-19)
-=-=-=-=-=-=-
I have a small fleet of Raspberry Pis [1] (mostly the Pi 4 Model B), which I use at home for various tasks.
They are all firewalled off and are reachable via Tailscale [2]. A small number of the services they run are also exposed to the local network.
As of the time of writing, services I run on the Pis include the following:
I use large SSDs (e.g. this one [3]) for the Pis that require extra storage, such as for my photos. These are connected via USB3-SATA cables (such as these [4]).
For sensitive data, I encrypt the enclosing directories using Fscrypt [5]. Follow the instructions on the Arch Wiki.
I tend to use Manjaro Linux as an OS for the Pis.
To setup a new Pi I follow this rough guide:
1. Prepare a micro SD card with the chosen OS (e.g. using the official imager [6])
1. Boot the Pi
1. Get the IP address (from your router or otherwise) of the Pi
1. SSH into the new OS (default user: `root` with no password)
1. Set-up in the usual way (e.g. create non-root user, harden in usual way)
1. Update all current packages `pacman -Syyu`
1. Install new packages (`pacman -S vim tailscale docker ufw`)
1. Bring up and enable services
1. Configure Tailscale (`tailscale up`)
1. Configure UFW (`ufw allow in on tailscale0`, `ufw default deny`, `ufw enable`)
1. Add non-root user to `docker` group (`usermod -aG docker will`)
1. Pull and run required Docker containers
Note: Make sure to use the `arm64` version of any Docker images required.