Raspberry Pi: Difference between revisions

From WickyWiki
← Older edit
 
(34 intermediate revisions by the same user not shown)
Line 3: Line 3:
[[Category:201712]]
[[Category:201712]]


= Configure =
= See also =
 
* [[Raspberry Pi LAMP stack]]
* [[MediaWiki]]
* [[Raspberry Pi SOGo Groupware]]
* [[Raspberry Pi GPIO Shutdown Button]]
* [[Raspberry Pi system clone and/or resize]]
* [[Raspberry Pi monitor]]
* [[Raspberry Pi - Pi-Hole Network-wide ad blocking]]
* [[MySQL#Database_MariaDB_access_from_other_machine|MySQL remote]]
* [[Raspberry Pi Complete Reinstall]]
 
= Install =
 
This guide assumes a headless installation.
 
== Download and burn ==
 
Burn the image to an 4/8/16 Gb micro SD memory card from your PC. Make sure it is a supported card.
 
We can now use '''Raspberry Pi Imager''' on Windows and Linux, download here:
* https://www.raspberrypi.com/software/
 
Raspberry Pi Imager allows you to select, download and write the image. Additionally you can include some basic settings like username and password, SSH and wireless. Plain-text configuration on the boot-partition is no longer possible.
 
Pick "other" > "Raspberry Pi OS Lite" under other if you are going for a minimal footprint.
 
Images are also available here:
* https://www.raspberrypi.org/software/operating-systems/
 
Re-insert the sdcard after burning the image.
 
== Username and password ==
 
To configure a username and password on first boot you will need an encrypted password, create an encrypted password as follows:
 
<source>
openssl passwd -6 "Upd8ThisPassword!"
</source>
 
This then would return for example:
 
<source>
$6$1f1qHgfYupThXl3x$Ij66IKNarAx0TxjtIM4.245K.hUlfh73hCnE8Kf5xoHY6Wtf.6jMNZXpWcO9eOb7PNMqpysAcJsIkspmC2aEh0
</source>
 
Then create a file 'userconf.txt' in the FAT32 boot partition with this format:
 
  <yourusername>:<encrypted password>
 
== Enable SSH and WiFi ==
 
'''Bookworm version update''': configuring Wifi with 'wpa_supplicant.conf' doesn't seem to work anymore. Instead I ended up using a keyboard and monitor and the "nmtui" tool. The tool "raspi-config" might work as well.
 
<source>
sudo nmtui
</source>
 
More info here:
* https://raspberrypi.stackexchange.com/questions/145593/how-do-i-set-up-networking-on-raspberry-pi-os-bookworm
 
== Disable Wifi and Bluetooth ==
 
If you don't use it you can disable it at boot by adding these lines to 'config.txt':
 
<source>
sudo nano /boot/firmware/config.txt
 
  # Disable Wifi and Bluetooth
  dtoverlay=disable-wifi
  dtoverlay=disable-bt
</source>
 
==  Boot your Raspberry Pi ==
 
Boot your Raspberry Pi and connect with ssh for further configuration.
 
Connect using a terminal or Putty (on windows).
 
<source lang=bash>
ssh pi@192.168.1.2
</source>


Here some pointers on configuring your device.
Usually there is some troubleshooting involved '''so don't give up'''. It often is very useful to have an HDMI cable and a monitor at the ready to see what is happening at boot.


== Configure tool ==
== Basic configuration ==


<syntaxhighlight lang=bash>
Set hostname, change password, expand filesystem:
 
<source lang=bash>
sudo raspi-config
sudo raspi-config
</syntaxhighlight>
system > change hostname
system > change password (idem-pihole-pw)
advanced > Expand filesystem
</source>
 
Install updates, reboot:
 
<source lang=bash>
sudo apt-get update -y
sudo apt-get upgrade -y
sudo reboot
</source>
 
Firmware update:
 
<source lang=bash>
sudo rpi-update
</source>
 
= Minimize and optimize =
 
Remove packages and disable services to make it smaller and faster. You can always add them again if you change your mind.
 
Source:
* https://silocitylabs.com/post/2019/06/13/ultra-minimal-raspbian-image-for-pi-zero-and-zero-w/
 
List used space per package:
 
<source lang=bash>
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -nr | more
</source>
 
Check running processes:
 
<source lang=bash>
sudo htop
</source>
 
Simple tool:
 
<source lang=bash>
sudo ztop
</source>
 
 
== Replace Openssh with dropbear ==
 
Note: this is a bit tricky, if something goes wrong you won't have ssh access.
 
<source lang=bash>
#install dropbear
sudo apt install dropbear
sudo nano /etc/default/dropbear
NO_START=0
DROPBEAR_PORT=22
 
#remove Openssh
sudo apt-get purge --yes --auto-remove openssh-server
 
#reboot
sudo reboot
 
#add sftp server
sudo apt install openssh-sftp-server
 
#test
sudo reboot
ssh pi@192.168.1.2
sftp://192.168.1.2/home/pi
</source>
 
== Remove packages ==


== Bash shell timout ==
<source lang=bash>
sudo apt-get purge --yes --auto-remove
  aptitude aptitude-common apt-listchanges apt-utils blends-tasks xserver-common x11-xfs-utils
  x11-xserver-utils xinit libsmbclient blt gvfs gvfs-backends gvfs-daemons gvfs-fuse idle
  idle-python2.7 idle3 libaudio2 libice6 liblightdm-gobject-1-0 libpulse0 libqt4-svg libqtgui4
  libsdl-image1.2 libsdl-mixer1.2 libsdl-ttf2.0-0 libsdl1.2debian libsm6 libsmpeg0
  libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 libxaw7 libxklavier16 libxmu6 libxss1 libxt6 libxtst6
  lightdm lightdm-gtk-greeter lxde lxde-core midori obconf openbox python-pygame python-tk python3-tk
  scratch tk8.5 wpagui x11-common x11-utils x11-xkb-utils xinit xserver-common xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev xserver-xorg-input-synaptics
  xserver-xorg-video-fbdev zenity xserver* x11-common x11-utils x11-xkb-utils x11-xserver-utils
  xarchiver xauth xkb-data console-setup xinit lightdm
  libx{composite,cb,cursor,damage,dmcp,ext,font,ft,i,inerama,kbfile,klavier,mu,pm,randr,render,res,t,xf86}*
  lxde* lx{input,menu-data,panel,polkit,randr,session,session-edit,shortcut,task,terminal}
  obconf openbox gtk* libgtk* alsa*  python-pygame python-tk python3-tk scratch tsconf
  desktop-file-utils cifs-utils samba-common smbclient scratch debian-reference-en dillo idle3
  python3-tk idle python-pygame python-tk lightdm gnome-themes-standard gnome-icon-theme
  raspberrypi-artwork gvfs-backends gvfs-fuse desktop-base lxpolkit zenity xdg-utils mupdf
  gtk2-engines alsa-utils lxde lxtask menu-xdg gksu midori xserver-xorg xinit
  xserver-xorg-video-fbdev libraspberrypi-dev libraspberrypi-doc dbus-x11 libx11-6 libx11-data
  libx11-xcb1 x11-common x11-utils lxde-icon-theme gconf-service gconf2-common udhcpd avahi-daemon
  gcc-arm-linux-gnueabihf geoip-database libgdbm* libperl* make patch perl perl-modules-* cups*
  rsync bluez bluez-firmware pi-bluetooth scratch debian-reference-en dillo idle3 python3-tk idle
  python-pygame python-tk lightdm gnome-themes-standard gnome-icon-theme raspberrypi-artwork
  gvfs-backends gvfs-fuse desktop-base lxpolkit zenity xdg-utils mupdf gtk2-engines alsa-utils
  lxde lxtask menu-xdg gksu midori xserver-xorg xinit xserver-xorg-video-fbdev libraspberrypi-dev
  libraspberrypi-doc dbus-x11 libx11-6 libx11-data libx11-xcb1 x11-common x11-utils
  lxde-icon-theme gconf-service gconf2-common firmware-atheros samba-common plymouth


Automatic logout of a user bash session after a period of inactivity.
sudo apt-get autoremove --purge
</source>


<syntaxhighlight lang=bash>
Remove files
sudo nano /etc/profile
</syntaxhighlight>


<blockquote>
<source lang=bash>
<syntaxhighlight lang=bash>
sudo -i
...
find /usr/share/doc -depth -type f ! -name copyright | xargs rm
# set a 25 min (1500 sec) timeout policy for bash shell
find /usr/share/doc -depth -type f ! -name copyright | xargs rm -f
TMOUT=1500
find /usr/share/doc -empty | xargs rmdir
readonly TMOUT
rm -rf /usr/share/man/* /usr/share/groff/* /usr/share/info/*
export TMOUT
rm -rf /usr/share/lintian/* /usr/share/linda/* /var/cache/man/*
...
rm -rf /usr/share/locale/*
</syntaxhighlight>
rm -f /var/log/{auth,boot,bootstrap,daemon,kern}.log
</blockquote>
rm -f /var/log/{debug,dmesg,messages,syslog}
#logout root
exit
</source>


== HDMI mode in config.txt ==
Other settings:


At boot the file 'config.txt' is used to apply several non-default settings. This file is on your FAT boot partition which is usually available as /boot after the Pi is up and running.
<source lang=bash>
#disable MOTD for faster ssh connect
sudo cat /dev/null > /etc/motd


More info on config.txt:
#disable HDMI, add line of text
* https://www.raspberrypi.org/documentation/configuration/config-txt/README.md
sudo nano /etc/rc.local


If you don't provide specific settings for 'hdmi_group' and 'hdmi_mode' a mode will be negotiated with the de HDMI display device. If this doesn't work out for you, you can change config.txt to get what you want, here are some examples:
  /usr/bin/tvservice -o


<syntaxhighlight lang=bash>
#modify /boot/config.txt
sudo nano /boot/config.txt
sudo nano /boot/config.txt
</syntaxhighlight>


<blockquote>
# disable stuff
<syntaxhighlight lang=bash>
dtparam=audio=off
...
dtoverlay=disable-bt
#VGA
hdmi_group=1
hdmi_mode=1


#1024x768
# Red PWR LED off
hdmi_group=2
dtparam=pwr_led_trigger=none
hdmi_mode=16
dtparam=pwr_led_activelow=off


#720p 60Hz
# Green ACT LED
hdmi_group=1
#dtparam=act_led_trigger=none
hdmi_mode=4
#dtparam=act_led_activelow=off


#1080p 60Hz
# disable the splash screen
hdmi_group=1
disable_splash=1
hdmi_mode=16
...
# Set the bootloader delay to 0 seconds, the default is 1
</syntaxhighlight>
boot_delay=0
</blockquote>
</source>


More info on HDMI:
Reboot:
* https://www.raspberrypi.org/documentation/configuration/config-txt/video.md


= SSH Remote control =
<source lang=bash>
sudo reboot
</source>


You can use remote shell to control your Raspberry Pi without directly connected mouse, keyboard and screen.
== Disable some services ==


<syntaxhighlight lang=bash>
<source lang=bash>
ssh pi@192.168.1.2
sudo -i
</syntaxhighlight>


== Ssh copy local file to remote machine ==
#disable swap
sudo dphys-swapfile swapoff
systemctl disable dphys-swapfile.service
#other stuff:
systemctl disable apt-daily.service
systemctl disable apt-daily.timer
systemctl disable nfs-client.target
systemctl disable remote-fs.target
systemctl disable apt-daily-upgrade.timer
systemctl disable nfs-config.service


<syntaxhighlight lang=bash>
exit
scp /path/to/local/file.zip pi@192.168.1.2:/home/pi/Downloads/file.zip
</source>
</syntaxhighlight>


And back:
== Bash shell timout ==


<syntaxhighlight lang=bash>
Automatic logout of a user bash session after a period of inactivity.
scp pi@192.168.1.2:/home/pi/Downloads/file.zip /path/to/local/file.zip
</syntaxhighlight>


Nautilus ssh access, in the address-bar type:
<source lang=bash>
sudo nano /etc/profile
</source>


<blockquote>
<blockquote>
<nowiki>
<source lang=bash>
ssh://pi@192.168.1.2
...
</nowiki>
# set a 25 min (1500 sec) timeout policy for bash shell
TMOUT=1500
readonly TMOUT
export TMOUT
...
</source>
</blockquote>
</blockquote>


Ssh root access is not allowed by default but could be convenient for use with Nautilus
= Access with ssh and sftp examples =
Note: better set this back to 'no' when you are done
 
You can use remote shell to control your Raspberry Pi without directly connected mouse, keyboard and screen.
 
Logon with ssh:
 
<source lang=bash>
ssh pi@192.168.1.2
</source>


<syntaxhighlight lang=bash>
Sftp copy local file to remote machine:
sudo nano /etc/ssh/sshd_config
</syntaxhighlight>


<blockquote>
<source lang=bash>
<syntaxhighlight lang=bash>
scp /path/to/local/file.zip pi@192.168.1.2:/home/pi/Downloads/file.zip
PermitRootLogin yes
</source>
</syntaxhighlight>
</blockquote>


You can now access the machine as root with Nautilus, in the address-bar type:
And back:


<blockquote>
<source lang=bash>
<nowiki>
scp pi@192.168.1.2:/home/pi/Downloads/file.zip /path/to/local/file.zip
ssh://root@192.168.1.2/
</source>
</nowiki>
</blockquote>


== Allow ssh scripting without a password request, based on keys ==
== Allow ssh scripting without a password ==


You want the script to execute without it stopping to ask for a password.
You want a script to execute without it stopping to ask for a password.


* http://www.linuxproblem.org/art_9.html
* http://www.linuxproblem.org/art_9.html
Line 127: Line 322:
Root session:
Root session:


<syntaxhighlight lang=bash>
<source lang=bash>
sudo -i
sudo -i
</syntaxhighlight>
</source>


Generate keys, accept defaults:
Generate keys, accept defaults:


<syntaxhighlight lang=bash>
<source lang=bash>
ssh-keygen -t rsa
ssh-keygen -t rsa
</syntaxhighlight>
</source>


Create dir on remote:
Create dir on remote:


<syntaxhighlight lang=bash>
<source lang=bash>
ssh pi@192.168.1.2 mkdir -p .ssh
ssh pi@192.168.1.2 mkdir -p .ssh
</syntaxhighlight>
</source>


Add pub key to pi@192.168.1.2 authorized_keys:
Add pub key to pi@192.168.1.2 authorized_keys:


<syntaxhighlight lang=bash>
<source lang=bash>
cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys'
</syntaxhighlight>
</source>


Should work now without password:
Should work now without password:


<syntaxhighlight lang=bash>
<source lang=bash>
ssh pi@192.168.1.2
ssh pi@192.168.1.2
</syntaxhighlight>
</source>


Maybe needed, for some versions of ssh
Maybe needed, for some versions of ssh


<syntaxhighlight lang=bash>
<source lang=bash>
cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys2'
cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys2'
ssh pi@192.168.1.2 chmod 700 .ssh
ssh pi@192.168.1.2 chmod 700 .ssh
ssh pi@192.168.1.2 chmod 640 .ssh/authorized_keys2
ssh pi@192.168.1.2 chmod 640 .ssh/authorized_keys2
</syntaxhighlight>
</source>


== Nautilus file manager, manage files via ssh ==
== Nautilus file manager, manage files via ssh / sftp ==


Type as location:
For user "pi" and below IP address type as location:


ssh://192.168.1.2
  sftp://pi@192.168.1.2


Enter credentials (user pi and password), you can choose to remember these and you can also store this location as a bookmark in Nautilus for your convenience.
Enter credentials (user pi and password), you can choose to remember these and you can also store this location as a bookmark in Nautilus for your convenience.
Ssh root access is not allowed by default but could be convenient for use with Nautilus
Note: better set this back to 'no' when you are done
<source lang=bash>
sudo nano /etc/ssh/sshd_config
</source>
<blockquote>
<source lang=bash>
PermitRootLogin yes
</source>
</blockquote>
You can now access the machine as root with Nautilus.


== Require pi to enter password when sudo ==
== Require pi to enter password when sudo ==
Line 177: Line 387:
* https://raspberrypi.stackexchange.com/questions/57887/disable-sudo-for-user-pi-or-require-root-password
* https://raspberrypi.stackexchange.com/questions/57887/disable-sudo-for-user-pi-or-require-root-password


<syntaxhighlight lang=bash>
<source lang=bash>
ssh pi@192.168.1.2
ssh pi@192.168.1.2
sudo nano /etc/sudoers.d/010_pi-nopasswd
sudo nano /etc/sudoers.d/010_pi-nopasswd
</syntaxhighlight>
</source>


Change it from:
Change it from:


<blockquote>
<blockquote>
<syntaxhighlight lang=bash>
<source lang=bash>
pi ALL=(ALL) NOPASSWD: ALL
pi ALL=(ALL) NOPASSWD: ALL
</syntaxhighlight>
</source>
</blockquote>
</blockquote>


Line 193: Line 403:


<blockquote>
<blockquote>
<syntaxhighlight lang=bash>
<source lang=bash>
pi ALL=(ALL) ALL
pi ALL=(ALL) ALL
</syntaxhighlight>
</source>
</blockquote>
</blockquote>


== VNC ==
= None-headless access =


For mouse and screen people.
== HDMI mode in config.txt ==
* https://www.raspberrypi.org/documentation/remote-access/vnc/


Start the desktop:
At boot the file 'config.txt' is used to apply several non-default settings. This file is on your FAT boot partition which is usually available as /boot after the Pi is up and running.


<syntaxhighlight lang=bash>
More info on config.txt:
startx
* https://www.raspberrypi.org/documentation/configuration/config-txt/README.md
</syntaxhighlight>


Screen resolution
If you don't provide specific settings for 'hdmi_group' and 'hdmi_mode' a mode will be negotiated with the de HDMI display device. If this doesn't work out for you, you can change config.txt to get what you want, here are some examples:


The resolution is negotiated with the monitor, if none is available it defaults to 720x480. To change, this start config tool:
<source lang=bash>
sudo nano /boot/config.txt
</source>


<syntaxhighlight lang=bash>
<blockquote>
sudo raspi-config
<source lang=bash>
</syntaxhighlight>
...
#VGA
hdmi_group=1
hdmi_mode=1


Go to "Advanced" and "Resolution" and pick the right value for you. Restart the machine when prompted to apply the changes.
#1024x768
hdmi_group=2
hdmi_mode=16


== Database MySql /MariaDB remote access ==
#720p 60Hz
hdmi_group=1
hdmi_mode=4


See [[MySQL#Database_MariaDB_access_from_other_machine|MySQL remote]]
#1080p 60Hz
hdmi_group=1
hdmi_mode=16
...
</source>
</blockquote>


= Performance tuning =
More info on HDMI:
* https://www.raspberrypi.org/documentation/configuration/config-txt/video.md


== Memory ==
== VNC ==


=== GPU memory ===
For mouse and screen people.
* https://www.raspberrypi.org/documentation/remote-access/vnc/


* https://serverfault.com/questions/201075/what-tips-do-you-have-for-speeding-up-performance-of-a-mediawiki-installation
Start the desktop:


When you are not really using the video capabilities of the Raspberry Pi, the easiest way to obtain some extra memory is to lower the GPU memory, for example to 32 MB. Start config tool:
<source lang=bash>
startx
</source>


<syntaxhighlight lang=bash>
Screen resolution
sudo raspi-config
</syntaxhighlight>


Then go to 'Advanced' > 'Memory Split' and modify the value
The resolution is negotiated with the monitor, if none is available it defaults to 720x480. To change, this start config tool:
 
=== Overview of processes, CPU and memory usage: ===
 
<syntaxhighlight lang=bash>
sudo htop
</syntaxhighlight>
 
=== Disable swap ===
 
If you have enough free memory, maybe want to reduce writes to the sdcard you can disable the on-disk swap file:
 
<syntaxhighlight lang=bash>
sudo systemctl stop dphys-swapfile
sudo systemctl disable dphys-swapfile
</syntaxhighlight>


Other ways:
<source lang=bash>
 
<syntaxhighlight lang=bash>
sudo dphys-swapfile swapoff
</syntaxhighlight>
 
== Run headless (without desktop) by default ==
 
Start config tool:
<syntaxhighlight lang=bash>
sudo raspi-config
sudo raspi-config
</syntaxhighlight>
</source>


Configure these options:
Go to "Advanced" and "Resolution" and pick the right value for you. Restart the machine when prompted to apply the changes.
# Boot options - Desktop: select text console login
# Interfacing - VNC server: enable
 
If you now want to start the desktop:
# Set up a VNC client session to the machine
# Login via the text console
# Start the desktop:
<blockquote>
<syntaxhighlight lang=bash>
startx
</syntaxhighlight>
</blockquote>
 
== Bring Wifi down if Ethernet cable is connected ==
 
Create file:


<syntaxhighlight lang=bash>
= Firmware update =
nano /home/pi/Scripts/wlan0downifeth0.sh
</syntaxhighlight>


<blockquote>
'''Only do this if there is a specific reason!''' This brings your bootloader to the latest version but it might be unstable for you. Nowadays the bootloader is upgraded along with 'apt upgrade' to the latest accepted and stable version.
<syntaxhighlight lang=bash>
#!/bin/bash
if [[ -n $( ip a show eth0 up ) ]] ; then
  echo "wlan0 down"
  ifconfig wlan0 down
fi
</syntaxhighlight>
</blockquote>


Make executable:
Check version:


<syntaxhighlight lang=bash>
<source lang=bash>
chmod +x /home/pi/Scripts/wlan0downifeth0.sh
sudo rpi-eeprom-update
</syntaxhighlight>
</source>


Modify crontab, check every hour:
  BOOTLOADER: up-to-date
  CURRENT: Thu Sep  '''3 12:11:43 UTC 2020 (1599135103)'''
  LATEST: Thu Sep  '''3 12:11:43 UTC 2020 (1599135103)'''


<syntaxhighlight lang=bash>
  VL805_FW: Using bootloader EEPROM
sudo nano /etc/crontab
  VL805: up-to-date
</syntaxhighlight>
  CURRENT: '''000138a1'''
  LATEST: '''000138a1'''


<blockquote>
Update:
<syntaxhighlight lang=bash>
#every hh:45 if eth0 up then wlan0 down
45 * * * * root /home/pi/Scripts/wlan0downifeth0.sh
</syntaxhighlight>
</blockquote>


To bring wifi up:
<source lang=bash>
sudo rpi-update
</source>


<syntaxhighlight lang=bash>
Or:
sudo ifconfig wlan0 up
</syntaxhighlight>


To check the wifi status (returns nothing if down):
<source lang=bash>
sudo apt install rpi-eeprom
#reboot
sudo shutdown -r 0
exit
</source>


<syntaxhighlight lang=bash>
= Tips and tricks =
ip a show wlan0 up
</syntaxhighlight>


== Remove software packages ==
== Nano text editor settings ==


Slim down Raspberry Pi default installation by removing some packages
Source:
* https://linuxhint.com/configure_nano_text_editor_nanorc/


* https://blog.samat.org/2015/02/05/slimming-an-existing-raspbian-install/
For me the modify key (M) is Alt, it could be different for you.


Remove packages with:
* Alt-M: toggle mouse
** Double-click to set the start marker, single click to set the end marker
** Note that it will be harder to copy from a terminal
* Alt-#: toggle line numbers
* Alt-$: toggle wrapping
* Alt-U: undo
* Ctrl-G: Help
* Ctrl-K: Cut
* Ctrl-U: Paste
* Ctrl-W: Search
* Alt-Q/W: previous/next


<syntaxhighlight lang=bash>
Default settings can be made in your profile:
apt-get -y remove --purge <package1> <package2>
</syntaxhighlight>


Education related packages:
<source lang=bash>
nano ~/.nanorc


<syntaxhighlight lang=bash>
  set linenumbers
idle idle3
  set mouse
python3-pygame python-pygame python-tk python3-tk python-serial python3-serial python-picamera
  set softwrap
python3-picamera python3-pygame python-pygame python-tk python3-tk python3-numpy python3-pifacecommon
  set tabsize 4
python3-pifacedigitalio python3-pifacedigital-scratch-handler python-debian-reference-en python-pifacedigitalio
</source>
dillo x2x scratch nuscratch timidity smartsim pistore sonic-pi pifacecommon oracle-java8-jdk wolfram-engine
minecraft-pi python-minecraftpi penguinspuzzle
</syntaxhighlight>


Remove other packages:
= Snippets =
<syntaxhighlight lang=bash>
sudo apt-get purge libreoffice*
sudo apt-get purge chromium-browser
sudo apt-get purge cups-common
sudo apt-get purge xpdf gcalculator
#replacment browser (if you want)
sudo apt-get install midori
</syntaxhighlight>


Remove unreferenced packages:
== Clear failure notification ==
<syntaxhighlight lang=bash>
<!-- log backup monitor redirect stdout -->
apt-get -y autoremove
I added a function to report backup-errors, it does not clear automatically. Clearing this textfile can only be done as admin. We can use the 'tee' command in combination with 'echo' to make this easy.
</syntaxhighlight>


Remove all packages marked 'rc':
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs dpkg --purge
cat /var/log/wjv/fail.log
echo "" | sudo tee /var/log/wjv/fail.log
cat /var/log/wjv/fail.log
</syntaxhighlight>
</syntaxhighlight>
= See also =
* [[Raspberry Pi LAMP stack]]
* [[MediaWiki]]
* [[Raspberry Pi SOGo Groupware]]
* [[Raspberry Pi GPIO Shutdown Button]]
* [[Raspberry Pi system clone and/or resize]]
* [[Raspberry Pi monitor]]
* [[Raspberry Pi - Pi-Hole Network-wide ad blocking]]

Latest revision as of 20:02, 1 September 2025


See also

Install

This guide assumes a headless installation.

Download and burn

Burn the image to an 4/8/16 Gb micro SD memory card from your PC. Make sure it is a supported card.

We can now use Raspberry Pi Imager on Windows and Linux, download here:

Raspberry Pi Imager allows you to select, download and write the image. Additionally you can include some basic settings like username and password, SSH and wireless. Plain-text configuration on the boot-partition is no longer possible.

Pick "other" > "Raspberry Pi OS Lite" under other if you are going for a minimal footprint.

Images are also available here:

Re-insert the sdcard after burning the image.

Username and password

To configure a username and password on first boot you will need an encrypted password, create an encrypted password as follows: 

openssl passwd -6 "Upd8ThisPassword!"

This then would return for example: 

$6$1f1qHgfYupThXl3x$Ij66IKNarAx0TxjtIM4.245K.hUlfh73hCnE8Kf5xoHY6Wtf.6jMNZXpWcO9eOb7PNMqpysAcJsIkspmC2aEh0

Then create a file 'userconf.txt' in the FAT32 boot partition with this format: 

 <yourusername>:<encrypted password>

Enable SSH and WiFi

Bookworm version update: configuring Wifi with 'wpa_supplicant.conf' doesn't seem to work anymore. Instead I ended up using a keyboard and monitor and the "nmtui" tool. The tool "raspi-config" might work as well. 

sudo nmtui

More info here:

Disable Wifi and Bluetooth

If you don't use it you can disable it at boot by adding these lines to 'config.txt': 

sudo nano /boot/firmware/config.txt

  # Disable Wifi and Bluetooth
  dtoverlay=disable-wifi
  dtoverlay=disable-bt

Boot your Raspberry Pi

Boot your Raspberry Pi and connect with ssh for further configuration.

Connect using a terminal or Putty (on windows). 

ssh pi@192.168.1.2

Usually there is some troubleshooting involved so don't give up. It often is very useful to have an HDMI cable and a monitor at the ready to see what is happening at boot.

Basic configuration

Set hostname, change password, expand filesystem: 

sudo raspi-config
system > change hostname 
system > change password (idem-pihole-pw)
advanced > Expand filesystem

Install updates, reboot: 

sudo apt-get update -y
sudo apt-get upgrade -y
sudo reboot

Firmware update: 

sudo rpi-update

Minimize and optimize

Remove packages and disable services to make it smaller and faster. You can always add them again if you change your mind.

Source:

List used space per package: 

dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -nr | more

Check running processes: 

sudo htop

Simple tool: 

sudo ztop


Replace Openssh with dropbear

Note: this is a bit tricky, if something goes wrong you won't have ssh access. 

#install dropbear
sudo apt install dropbear
sudo nano /etc/default/dropbear
	NO_START=0
	DROPBEAR_PORT=22

#remove Openssh
sudo apt-get purge --yes --auto-remove openssh-server

#reboot
sudo reboot

#add sftp server
sudo apt install openssh-sftp-server

#test
sudo reboot
ssh pi@192.168.1.2
sftp://192.168.1.2/home/pi

Remove packages

sudo apt-get purge --yes --auto-remove 
  aptitude aptitude-common apt-listchanges apt-utils blends-tasks xserver-common x11-xfs-utils 
  x11-xserver-utils xinit libsmbclient blt gvfs gvfs-backends gvfs-daemons gvfs-fuse idle 
  idle-python2.7 idle3 libaudio2 libice6 liblightdm-gobject-1-0 libpulse0 libqt4-svg libqtgui4 
  libsdl-image1.2 libsdl-mixer1.2 libsdl-ttf2.0-0 libsdl1.2debian libsm6 libsmpeg0 
  libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 libxaw7 libxklavier16 libxmu6 libxss1 libxt6 libxtst6 
  lightdm lightdm-gtk-greeter lxde lxde-core midori obconf openbox python-pygame python-tk python3-tk 
  scratch tk8.5 wpagui x11-common x11-utils x11-xkb-utils xinit xserver-common xserver-xorg 
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev xserver-xorg-input-synaptics 
  xserver-xorg-video-fbdev zenity xserver* x11-common x11-utils x11-xkb-utils x11-xserver-utils 
  xarchiver xauth xkb-data console-setup xinit lightdm 
  libx{composite,cb,cursor,damage,dmcp,ext,font,ft,i,inerama,kbfile,klavier,mu,pm,randr,render,res,t,xf86}* 
  lxde* lx{input,menu-data,panel,polkit,randr,session,session-edit,shortcut,task,terminal} 
  obconf openbox gtk* libgtk* alsa*  python-pygame python-tk python3-tk scratch tsconf 
  desktop-file-utils cifs-utils samba-common smbclient scratch debian-reference-en dillo idle3 
  python3-tk idle python-pygame python-tk lightdm gnome-themes-standard gnome-icon-theme 
  raspberrypi-artwork gvfs-backends gvfs-fuse desktop-base lxpolkit zenity xdg-utils mupdf 
  gtk2-engines alsa-utils lxde lxtask menu-xdg gksu midori xserver-xorg xinit 
  xserver-xorg-video-fbdev libraspberrypi-dev libraspberrypi-doc dbus-x11 libx11-6 libx11-data 
  libx11-xcb1 x11-common x11-utils lxde-icon-theme gconf-service gconf2-common udhcpd avahi-daemon 
  gcc-arm-linux-gnueabihf geoip-database libgdbm* libperl* make patch perl perl-modules-* cups* 
  rsync bluez bluez-firmware pi-bluetooth scratch debian-reference-en dillo idle3 python3-tk idle 
  python-pygame python-tk lightdm gnome-themes-standard gnome-icon-theme raspberrypi-artwork 
  gvfs-backends gvfs-fuse desktop-base lxpolkit zenity xdg-utils mupdf gtk2-engines alsa-utils 
  lxde lxtask menu-xdg gksu midori xserver-xorg xinit xserver-xorg-video-fbdev libraspberrypi-dev 
  libraspberrypi-doc dbus-x11 libx11-6 libx11-data libx11-xcb1 x11-common x11-utils 
  lxde-icon-theme gconf-service gconf2-common firmware-atheros samba-common plymouth

sudo apt-get autoremove --purge

Remove files 

sudo -i
find /usr/share/doc -depth -type f ! -name copyright | xargs rm
find /usr/share/doc -depth -type f ! -name copyright | xargs rm -f
find /usr/share/doc -empty | xargs rmdir
rm -rf /usr/share/man/* /usr/share/groff/* /usr/share/info/*
rm -rf /usr/share/lintian/* /usr/share/linda/* /var/cache/man/*
rm -rf /usr/share/locale/*
rm -f /var/log/{auth,boot,bootstrap,daemon,kern}.log
rm -f /var/log/{debug,dmesg,messages,syslog}
#logout root
exit

Other settings: 

#disable MOTD for faster ssh connect
sudo cat /dev/null > /etc/motd

#disable HDMI, add line of text
sudo nano /etc/rc.local

  /usr/bin/tvservice -o

#modify /boot/config.txt
sudo nano /boot/config.txt

	# disable stuff
	dtparam=audio=off
	dtoverlay=disable-bt

	# Red PWR LED off
	dtparam=pwr_led_trigger=none
	dtparam=pwr_led_activelow=off

	# Green ACT LED
	#dtparam=act_led_trigger=none
	#dtparam=act_led_activelow=off

	# disable the splash screen
	disable_splash=1
	 
	# Set the bootloader delay to 0 seconds, the default is 1
	boot_delay=0

Reboot: 

sudo reboot

Disable some services

sudo -i

#disable swap
sudo dphys-swapfile swapoff
systemctl disable dphys-swapfile.service
#other stuff:
systemctl disable apt-daily.service
systemctl disable apt-daily.timer
systemctl disable nfs-client.target
systemctl disable remote-fs.target
systemctl disable apt-daily-upgrade.timer
systemctl disable nfs-config.service

exit

Bash shell timout

Automatic logout of a user bash session after a period of inactivity. 

sudo nano /etc/profile
...
# set a 25 min (1500 sec) timeout policy for bash shell 
TMOUT=1500
readonly TMOUT
export TMOUT
...

Access with ssh and sftp examples

You can use remote shell to control your Raspberry Pi without directly connected mouse, keyboard and screen.

Logon with ssh: 

ssh pi@192.168.1.2

Sftp copy local file to remote machine: 

scp /path/to/local/file.zip pi@192.168.1.2:/home/pi/Downloads/file.zip

And back: 

scp pi@192.168.1.2:/home/pi/Downloads/file.zip /path/to/local/file.zip

Allow ssh scripting without a password

You want a script to execute without it stopping to ask for a password.

Root session: 

sudo -i

Generate keys, accept defaults: 

ssh-keygen -t rsa

Create dir on remote: 

ssh pi@192.168.1.2 mkdir -p .ssh

Add pub key to pi@192.168.1.2 authorized_keys: 

cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys'

Should work now without password: 

ssh pi@192.168.1.2

Maybe needed, for some versions of ssh 

cat .ssh/id_rsa.pub | ssh pi@192.168.1.2 'cat >> .ssh/authorized_keys2'
ssh pi@192.168.1.2 chmod 700 .ssh
ssh pi@192.168.1.2 chmod 640 .ssh/authorized_keys2

Nautilus file manager, manage files via ssh / sftp

For user "pi" and below IP address type as location: 

 sftp://pi@192.168.1.2

Enter credentials (user pi and password), you can choose to remember these and you can also store this location as a bookmark in Nautilus for your convenience.

Ssh root access is not allowed by default but could be convenient for use with Nautilus Note: better set this back to 'no' when you are done 

sudo nano /etc/ssh/sshd_config
PermitRootLogin yes

You can now access the machine as root with Nautilus.

Require pi to enter password when sudo

By default the Raspbian pi user can sudo without the need to re-enter the password. If you don't like that make this change. 

ssh pi@192.168.1.2
sudo nano /etc/sudoers.d/010_pi-nopasswd

Change it from: 

pi ALL=(ALL) NOPASSWD: ALL

to 

pi ALL=(ALL) ALL

None-headless access

HDMI mode in config.txt

At boot the file 'config.txt' is used to apply several non-default settings. This file is on your FAT boot partition which is usually available as /boot after the Pi is up and running.

More info on config.txt:

If you don't provide specific settings for 'hdmi_group' and 'hdmi_mode' a mode will be negotiated with the de HDMI display device. If this doesn't work out for you, you can change config.txt to get what you want, here are some examples: 

sudo nano /boot/config.txt
...
#VGA
hdmi_group=1
hdmi_mode=1

#1024x768
hdmi_group=2
hdmi_mode=16

#720p 60Hz 	
hdmi_group=1
hdmi_mode=4

#1080p 60Hz
hdmi_group=1
hdmi_mode=16
...

More info on HDMI:

VNC

For mouse and screen people.

Start the desktop: 

startx

Screen resolution

The resolution is negotiated with the monitor, if none is available it defaults to 720x480. To change, this start config tool: 

sudo raspi-config

Go to "Advanced" and "Resolution" and pick the right value for you. Restart the machine when prompted to apply the changes.

Firmware update

Only do this if there is a specific reason! This brings your bootloader to the latest version but it might be unstable for you. Nowadays the bootloader is upgraded along with 'apt upgrade' to the latest accepted and stable version.

Check version: 

sudo rpi-eeprom-update
 BOOTLOADER: up-to-date
 CURRENT: Thu Sep  3 12:11:43 UTC 2020 (1599135103)
 LATEST: Thu Sep  3 12:11:43 UTC 2020 (1599135103)

 VL805_FW: Using bootloader EEPROM
 VL805: up-to-date
 CURRENT: 000138a1
 LATEST: 000138a1

Update: 

sudo rpi-update

Or: 

sudo apt install rpi-eeprom
#reboot
sudo shutdown -r 0
exit

Tips and tricks

Nano text editor settings

Source:

For me the modify key (M) is Alt, it could be different for you.

  • Alt-M: toggle mouse
    • Double-click to set the start marker, single click to set the end marker
    • Note that it will be harder to copy from a terminal
  • Alt-#: toggle line numbers
  • Alt-$: toggle wrapping
  • Alt-U: undo
  • Ctrl-G: Help
  • Ctrl-K: Cut
  • Ctrl-U: Paste
  • Ctrl-W: Search
  • Alt-Q/W: previous/next

Default settings can be made in your profile: 

nano ~/.nanorc

  set linenumbers
  set mouse
  set softwrap
  set tabsize 4

Snippets

Clear failure notification

I added a function to report backup-errors, it does not clear automatically. Clearing this textfile can only be done as admin. We can use the 'tee' command in combination with 'echo' to make this easy. 

cat /var/log/wjv/fail.log
echo "" | sudo tee /var/log/wjv/fail.log
cat /var/log/wjv/fail.log
Retrieved from "https://wjv.duckdns.org/mediawiki/index.php?title=Raspberry_Pi&oldid=3815"