Raspi-Mobile: Difference between revisions

From Coolscript
Jump to navigation Jump to search
(Created page with "=Intro= Raspi-Mobile is designed to run as a '''Mobile Device''' together with your '''Tablet''' or '''Laptop''', prepared for conditions such as in a Train, Flight, Hotel and...")
 
No edit summary
Line 1: Line 1:
=Intro=
Raspi-Mobile is designed to run as a '''Mobile Device''' together with your '''Tablet''' or '''Laptop''', prepared for conditions such as in a Train, Flight, Hotel and so on.<br>
The project has its focus to run as a '''Streaming Server''' next to common features like '''Wireless''' and '''Internet-Routing''' support.<br>
<br>Two major Raspberry/Linux issues are solved:<br>
*'''True automatic mounting of USB flush drives'''
**Plugin any USB sticks, supporting the filesystems ntfs, vfat and exfat
*'''Graceful shutdown'''
**This solves the issue of preventing disk damages in case of losing electricity power.
**No need to login or connecting a keyboard and monitor to shutdown, just plugin the '''shutdown usb device''' to initiate a graceful shutdown


=Features=
=Disk=
*Support Raspberry3 or Raspberry4. The project was developed with Raspberry4 on Debian Buster
 
*Slim image file download, the image size is less than 2GB
*Expand the filesystem after fresh installation
*Easy to setup
raspi-config - Advanced - Expand Filesystem
*Automatic mounting and un-mounting [https://en.wikipedia.org/wiki/USB_flash_drive USB flash drives]
 
**Supported file systems: ntfs,ext32 and vfat
Delete docs to get more disk space
*Graceful shutdown using a special prepared USB flash drive labeled with '''RASPI-CLEAN-SHUTDOWN'''
sudo rm -rf /usr/share/doc/
*Wireless support, the device has a mangement web to customize WiFi settings like SID and password
sudo rm -rf /usr/share/man/
*Routing support together with ethernet connectivity, all interfaces are using DHCP
sudo rm -rf /usr/share/locale/
*Support OpenVPN
 
*Support of common protocols for streaming:
=APT=
**SMB/CIFS
 
**WebDav
apt-get update
**SFTP
apt-get upgrade
**HTTP
 
*View packages
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n
*Remove and clean
apt-get remove libraspberrypi-doc --purge
apt-get clean
apt-get purge
apt autoremove
 
*Install additional packages needed for this project
apt-get install mc autofs iptraf samba samba-common nftables apache2 locate tcpdump ncdu
apt-get install hostapd wireless-tools dnsmasq iw bridge-utils
 
 
=Apapter=
*Turn on WiFi and leave Bluetooth off
root@raspberrypi:~# rfkill unblock 0
root@raspberrypi:~# rfkill block 1
 
root@raspberrypi:~# rfkill
ID TYPE      DEVICE      SOFT      HARD
  0 wlan      phy0  unblocked unblocked
  1 bluetooth hci0    blocked unblocked
 
=sysctl=
*/etc/sysctl.conf
net.ipv4.ip_forward=1
*Activate
sysctl -p
 
 
=User/Group=
addgroup sambagrp
usermod -a -G sambagrp pi
 
=Samba=
*Set a password for the pi user
smbpasswd -a pi
 
*/etc/samba/smb.conf
[global]
  workgroup = WORKGROUP
  server string = %h server (Linux)
  #interfaces = eth0
  bind interfaces only = yes
  log file = /var/log/samba/log.%m
  panic action = /usr/share/samba/panic-action %d
  server role = standalone server
  obey pam restrictions = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
  pam password change = Yes
  map to guest = Bad User
  #log level = 4 #To be used for debugging purposes
  local master = no
  disable netbios = yes
[automnt]
  comment = automnt
  path = /automnt
  valid users = @sambagrp
  browsable = yes
  writable = yes
  read only = no
  create mask = 0660
 
*Enable and start smbd, disable nmbd
systemctl enable smbd
systemctl restart smbd
systemctl stop nmbd
systemctl disable nmbd
systemctl mask nmbd
 
=AUTOFS/UDEV=
*Add config file for our usb sticks
touch /etc/auto.rbusb
*Add to the end of auto.master
echo '/automnt /etc/auto.rbusb --timeout=5 --ghost' >> /etc/auto.master
*Restart
systemctl restart autofs
*Get autofs helper script
wget https://coolgeo.org:/download/scripts/autofs-config.pl -O /usr/local/bin/autofs-config.pl
chmod u+x /usr/local/bin/autofs-config.pl
*Add udev rule
echo 'ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd*", ATTRS{vendor}=="*", RUN+="/usr/bin/perl /usr/local/bin/autofs-config.pl"' > /etc/udev/rules.d/90-local.rules
*Reload udev
udevadm control --reload-rules && udevadm trigger
*TEST USB
 
=Apache2/WebDAV=
 
DavLockDB /var/www/DavLock
<Directory "/automnt/">
  Options +Indexes
  Order allow,deny
  Allow from all
  Require all granted
</Directory>
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /automnt
    Alias /automnt /automnt
    <Directory /automnt>
    DAV On
    </Directory>
    <Directory "/automnt">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
    </Directory>
</VirtualHost>
*Enable WebDAV Mod
a2enmod dav_fs
*Restart
systemctl restart apache2
*Add the PI user to WebDAV
htpasswd -c /etc/apache2/.htpasswd pi
 
=HOSTS=
*/etc/hosts
192.168.5.1    raspi raspberry raspberrypi raspap
 
 
=INIT=
*/etc/systemd/system/rbinit.service
[Unit]
Description=RaspiMobile Init Script
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/rbinit
[Install]
WantedBy=multi-user.target
 
*/usr/sbin/rbinit
#!/bin/bash
#Workaround for Ipdads
/sbin/ip addr add 192.168.5.1/24 dev eth0:0
/sbin/nft -f /etc/nftables.conf
 
*Apply the new init script
chmod 755 /usr/sbin/rbinit
systemctl enable rbinit.service
systemctl start rbinit
 
=NFT=
*/etc/nftables.conf
 
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
        chain input {
                type filter hook input priority 0; policy accept;
        }
        chain forward {
                type filter hook forward priority 0; policy accept;
        }
        chain output {
                type filter hook output priority 0; policy accept;
        }
}
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority -100; policy accept;
        }
        chain INPUT {
                type nat hook input priority 100; policy accept;
        }
        chain POSTROUTING {
                type nat hook postrouting priority 100; policy accept;
                oif "eth0" masquerade comment "masq for eth0"
                oif "wlan0" masquerade comment "masq for wlan0"
        }
        chain OUTPUT {
                type nat hook output priority -100; policy accept;
        }
}
*Apply
systemctl enable nftables
systemctl start nftables
 
 
=DHCPCD=
/etc/dhcpcd.conf
 
hostname
clientid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
require dhcp_server_identifier
slaac private
nohook lookup-hostname
#wlan0 configuration
interface wlan0
static ip_address=192.168.4.1/24
static routers=192.168.4.1
gateway
 
*Apply changes
systemctl daemon-reload
systemctl restart dhcpcd.service
 
 
 
=DNSMASQ=
 
*/etc/dnsmasq.d/090_wlan0.conf
---------------------------------------------------------
#Raspi-Mobile wlan0 configuration
interface=wlan0
dhcp-range=192.168.4.50,192.168.4.255,255.255.255.0,30d
---------------------------------------------------------
 
*Apply
systemctl enable dnsmasq
systemctl restart dnsmasq
 
 
=HOSTAPD=
 
*/etc/hostapd/hostapd.conf
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
auth_algs=1
wpa_key_mgmt=WPA-PSK
beacon_int=100
ssid=raspi-mobile
channel=1
hw_mode=g
ieee80211n=0
wpa_passphrase=raspberry
interface=wlan0
wpa=2
wpa_pairwise=CCMP
country_code=DE
ignore_broadcast_ssid=0
 
 
*Apply
systemctl unmask hostapd
systemctl enable hostapd
systemctl restart hostapd


=Easy Installation=
*Get the 2GB image [https://coolscript.org/download/images/raspi-mobile.img here]
*Write the image to a '''Micro SD Card''' with the size of equal or better greater than 2GB
**To write the Image you may use tools like [https://sourceforge.net/projects/win32diskimager/ DiskImager]
*Insert the Micro SD Card to your Raspberry and start it
**If the Micro SD Card is greater then 2GB then login and run '''raspi-config''', goto '''advanced''' and then '''expand filesystem''', finish and reboot
*Installation finished
=Default Username and Password=
*Username '''pi'''
*Password '''raspberry'''
=Hostname and Aliases=
Available ONLY when connected through WiFi
*Hostname '''raspberrypi'''
*Aliases
**raspi
**raspberry
*IP (alias to eth0, works even if eth0 is disconnected)
**192.168.5.1


=SSH=
=Disable syslog=
ssh pi@raspi
*Save disk space and avoid corruptions on the sd card
  ssh pi@192.168.5.1
  systemctl stop syslog.socket rsyslog.service
*Become root
  systemctl disable syslog.socket rsyslog.service
  sudo -i


=Wireless default access=
=Features=
*WiFi SID
*Neofetch Banner
**Raspi-Mobile
apt-get install neofetch
*WiFi Passwd
bash -c $'echo "neofetch" >> /etc/profile.d/mymotd.sh && chmod +x /etc/profile.d/mymotd.sh'
**raspberry


*RaspAP Web-Interface
*RaspAP
  http://raspi:8080
  curl -sL https://install.raspap.com | bash
http://192.168.5.1:8080

Revision as of 21:02, 30 July 2021

Disk

  • Expand the filesystem after fresh installation
raspi-config - Advanced - Expand Filesystem

Delete docs to get more disk space 

sudo rm -rf /usr/share/doc/
sudo rm -rf /usr/share/man/
sudo rm -rf /usr/share/locale/

APT

apt-get update
apt-get upgrade
  • View packages
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n
  • Remove and clean
apt-get remove libraspberrypi-doc --purge
apt-get clean
apt-get purge
apt autoremove
  • Install additional packages needed for this project
apt-get install mc autofs iptraf samba samba-common nftables apache2 locate tcpdump ncdu
apt-get install hostapd wireless-tools dnsmasq iw bridge-utils


Apapter

  • Turn on WiFi and leave Bluetooth off
root@raspberrypi:~# rfkill unblock 0
root@raspberrypi:~# rfkill block 1

root@raspberrypi:~# rfkill
ID TYPE      DEVICE      SOFT      HARD
 0 wlan      phy0   unblocked unblocked
 1 bluetooth hci0     blocked unblocked

sysctl

  • /etc/sysctl.conf
net.ipv4.ip_forward=1
  • Activate
sysctl -p


User/Group

addgroup sambagrp
usermod -a -G sambagrp pi

Samba

  • Set a password for the pi user
smbpasswd -a pi
  • /etc/samba/smb.conf
[global]
 workgroup = WORKGROUP
 server string = %h server (Linux)
 #interfaces = eth0
 bind interfaces only = yes
 log file = /var/log/samba/log.%m
 panic action = /usr/share/samba/panic-action %d
 server role = standalone server
 obey pam restrictions = Yes
 passwd program = /usr/bin/passwd %u
 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
 pam password change = Yes
 map to guest = Bad User
 #log level = 4 #To be used for debugging purposes
 local master = no
 disable netbios = yes

[automnt]
 comment = automnt
 path = /automnt
 valid users = @sambagrp
 browsable = yes
 writable = yes
 read only = no
 create mask = 0660
  • Enable and start smbd, disable nmbd
systemctl enable smbd 
systemctl restart smbd 
systemctl stop nmbd
systemctl disable nmbd
systemctl mask nmbd

AUTOFS/UDEV

  • Add config file for our usb sticks
touch /etc/auto.rbusb
  • Add to the end of auto.master
echo '/automnt /etc/auto.rbusb --timeout=5 --ghost' >> /etc/auto.master
  • Restart
systemctl restart autofs
  • Get autofs helper script
wget https://coolgeo.org:/download/scripts/autofs-config.pl -O /usr/local/bin/autofs-config.pl
chmod u+x /usr/local/bin/autofs-config.pl
  • Add udev rule
echo 'ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd*", ATTRS{vendor}=="*", RUN+="/usr/bin/perl /usr/local/bin/autofs-config.pl"' > /etc/udev/rules.d/90-local.rules
  • Reload udev
udevadm control --reload-rules && udevadm trigger
  • TEST USB

Apache2/WebDAV

DavLockDB /var/www/DavLock
<Directory "/automnt/">
 Options +Indexes
 Order allow,deny
 Allow from all
 Require all granted
</Directory>
<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /automnt
   Alias /automnt /automnt
   <Directory /automnt>
    DAV On
   </Directory>
   <Directory "/automnt">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
   </Directory>
</VirtualHost>
  • Enable WebDAV Mod
a2enmod dav_fs
  • Restart
systemctl restart apache2
  • Add the PI user to WebDAV
htpasswd -c /etc/apache2/.htpasswd pi

HOSTS

  • /etc/hosts
192.168.5.1     raspi raspberry raspberrypi raspap


INIT

  • /etc/systemd/system/rbinit.service
[Unit]
Description=RaspiMobile Init Script
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/rbinit

[Install]
WantedBy=multi-user.target
  • /usr/sbin/rbinit
#!/bin/bash
#Workaround for Ipdads
/sbin/ip addr add 192.168.5.1/24 dev eth0:0
/sbin/nft -f /etc/nftables.conf
  • Apply the new init script
chmod 755 /usr/sbin/rbinit
systemctl enable rbinit.service
systemctl start rbinit

NFT

  • /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
       chain input {
               type filter hook input priority 0; policy accept;
       }
       chain forward {
               type filter hook forward priority 0; policy accept;
       }
       chain output {
               type filter hook output priority 0; policy accept;
       }
}
table ip nat {
       chain PREROUTING {
               type nat hook prerouting priority -100; policy accept;
       }

       chain INPUT {
               type nat hook input priority 100; policy accept;
       }

       chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
               oif "eth0" masquerade comment "masq for eth0"
               oif "wlan0" masquerade comment "masq for wlan0"
       }

       chain OUTPUT {
               type nat hook output priority -100; policy accept;
       }
}
  • Apply
systemctl enable nftables
systemctl start nftables


DHCPCD

/etc/dhcpcd.conf 

hostname
clientid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
require dhcp_server_identifier
slaac private
nohook lookup-hostname

#wlan0 configuration
interface wlan0
static ip_address=192.168.4.1/24
static routers=192.168.4.1
gateway
  • Apply changes
systemctl daemon-reload
systemctl restart dhcpcd.service


DNSMASQ

  • /etc/dnsmasq.d/090_wlan0.conf
---------------------------------------------------------
#Raspi-Mobile wlan0 configuration
interface=wlan0
dhcp-range=192.168.4.50,192.168.4.255,255.255.255.0,30d 
---------------------------------------------------------
  • Apply
systemctl enable dnsmasq
systemctl restart dnsmasq


HOSTAPD

  • /etc/hostapd/hostapd.conf
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
auth_algs=1
wpa_key_mgmt=WPA-PSK
beacon_int=100
ssid=raspi-mobile
channel=1
hw_mode=g
ieee80211n=0
wpa_passphrase=raspberry
interface=wlan0
wpa=2
wpa_pairwise=CCMP
country_code=DE
ignore_broadcast_ssid=0


  • Apply
systemctl unmask hostapd
systemctl enable hostapd
systemctl restart hostapd


Disable syslog

  • Save disk space and avoid corruptions on the sd card
systemctl stop syslog.socket rsyslog.service
systemctl disable syslog.socket rsyslog.service

Features

  • Neofetch Banner
apt-get install neofetch
bash -c $'echo "neofetch" >> /etc/profile.d/mymotd.sh && chmod +x /etc/profile.d/mymotd.sh'
  • RaspAP
curl -sL https://install.raspap.com | bash
Retrieved from "https://coolscript.org/index.php?title=Raspi-Mobile&oldid=438"