X-Git-Url: https://zdv2.bktei.com/gitweb/EVA-2020-02.git/blobdiff_plain/7b09912bb5daa1e56c8c9cd98ff5fea4435d95eb..f792ba512e4937b6d9fdfbee0b04dd412a71858e:/doc/setup/README.org?ds=inline diff --git a/doc/setup/README.org b/doc/setup/README.org index fadd088..4eb8e2f 100644 --- a/doc/setup/README.org +++ b/doc/setup/README.org @@ -5,7 +5,7 @@ ** About This document created by [[http://baltakatei.com][Steven Baltakatei Sandoval]] on ~2020-10-07T18:39Z~ under a [[http://creativecommons.org/licenses/by-sa/4.0/][CC BY-SA 4.0]] license and last updated on -~2020-10-07T23:08Z~. +~2020-10-07T23:46Z~. This document contains information regarding setup of the ninfacyzga-01 hardware common to all operation modes. This includes: @@ -121,7 +121,6 @@ cat location.gpx.age | age -d -i key.txt > location.gpx The version of ~age~ used to perform the encryption - ** Operating Procedures *** Initial Startup **** Physical Setup @@ -161,7 +160,7 @@ Replace ~~ with your WiFi network's SSID. Replace ~~ with your WiFi network's passphrase. -***** Configure Remote SSH Login +***** Enable Remote SSH Login Configure SSH to permit remote administration via the command line interface. Raspberry Pi Foundation instructions [[https://www.raspberrypi.org/documentation/remote-access/ssh/README.md][here]]. @@ -169,6 +168,15 @@ In summary, remote SSH access may be enabled upon initial startup of a freshly installed image of Raspberry Pi OS by making sure an empty file named ~ssh~ is present on the ~boot~ partition. +***** Add SSH public key +If the use has an SSH public key, it may be added as a line in +~~/.ssh/authorized_keys~. + +Follow [[https://superuser.com/a/925859/][these]] directions to set permissions. + +: $ chmod 700 ~/.ssh +: $ chmod 644 ~/.ssh/authorized_keys + ***** Change default passphrase The default username is ~pi~ and the default passphrase is ~raspberry~. Change them to something unique. @@ -182,6 +190,21 @@ Update software with distribution repository. : $ sudo apt upgrade -y : $ sudo apt dist-upgrade -y +***** Update hostname +A unique hostname is required to uniquely identify the device on the +network. + +Start up the Raspberry Pi Software Configuration Tool by running: +: $ sudo raspi-config + +- Select `2 Network Options` +- Select `N1 Hostname` + +This document recommends a hostname beginning with the prefix: +: ninfacyzga-1- + +An example hostname would be ~ninfacyzga-1-2~. + ***** Install software ****** ~unattended-upgrades~ Make sure to install the ~unattended-upgrades~ package to make sure @@ -202,14 +225,15 @@ Install ~syncthing~ for log file transfer capability. : $ sudo apt install syncthing ****** ~git~ -Install ~git~ for downloading this repository to the device. +~git~ facilitates downloading files from this repository to the +device. It may be installed via: : $ sudo apt install git ****** ninfacyzga-01 git repository Create the directory ~/git-OC/~ . Within this directory, run the following commands to clone the ~ninfacyzga-01~ git repository: -: $ git clone https://gitlab.com/baltakatei/ninfacyzga-01.git +: $ git clone https://zdv2.bktei.com/gitweb/ninfacyzga-01.git : $ cd ninfacyzga-01 Check out the ~develop~ branch (if the latest changes are desired over @@ -217,17 +241,22 @@ those of the ~master~ branch). : $ git checkout --track origin/develop ****** ~age~ +~age~ is required for encrypting data at rest. + Place ~age~ binary (the one compiled for ARM CPU architecture for Linux) in ~$HOME/.local/bin~. A copy of binary may be found within the ~exec~ directory. +: $ mkdir ~/.local/bin +: $ cp exec/age ~/.local/bin/ + ***** Disable Swap File -Since standard Raspbian 10 (Buster) install involves copying -unencrypted file system image to SD card which is mounted by the -Raspberry Pi, system memory may be written to disk in the form of a -Swap file as described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that -location log data is ever written to disk, swap file functionality -must be disabled[fn:ideaheap_20130731_disableswap]. +Since standard Raspberry OS 10 install involves copying unencrypted +file system image to SD card which is mounted by the Raspberry Pi, +system memory may be written to disk in the form of a Swap file as +described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that location log data +is ever written to disk, swap file functionality must be +disabled[fn:ideaheap_20130731_disableswap]. Raspbian 10 uses dphys-swapfile to manage a swap file. It may be disabled persistently[fn:rpf_20190702_disableswappersist] by running