** About
This document created by [[http://baltakatei.com][Steven Baltakatei Sandoval]] on
~2020-10-07T18:39Z~ under a [[http://creativecommons.org/licenses/by-sa/4.0/][CC BY-SA 4.0]] license and last updated on
-~2020-10-07T23:11Z~.
+~2020-10-07T23:46Z~.
This document contains information regarding setup of the
ninfacyzga-01 hardware common to all operation modes. This includes:
The version of ~age~ used to perform the encryption
-
** Operating Procedures
*** Initial Startup
**** Physical Setup
Replace ~<Password for your wireless LAN>~ with your WiFi network's
passphrase.
-***** Configure Remote SSH Login
+***** Enable Remote SSH Login
Configure SSH to permit remote administration via the command line
interface. Raspberry Pi Foundation instructions [[https://www.raspberrypi.org/documentation/remote-access/ssh/README.md][here]].
freshly installed image of Raspberry Pi OS by making sure an empty
file named ~ssh~ is present on the ~boot~ partition.
+***** Add SSH public key
+If the use has an SSH public key, it may be added as a line in
+~~/.ssh/authorized_keys~.
+
+Follow [[https://superuser.com/a/925859/][these]] directions to set permissions.
+
+: $ chmod 700 ~/.ssh
+: $ chmod 644 ~/.ssh/authorized_keys
+
***** Change default passphrase
The default username is ~pi~ and the default passphrase is
~raspberry~. Change them to something unique.
: $ sudo apt upgrade -y
: $ sudo apt dist-upgrade -y
+***** Update hostname
+A unique hostname is required to uniquely identify the device on the
+network.
+
+Start up the Raspberry Pi Software Configuration Tool by running:
+: $ sudo raspi-config
+
+- Select `2 Network Options`
+- Select `N1 Hostname`
+
+This document recommends a hostname beginning with the prefix:
+: ninfacyzga-1-
+
+An example hostname would be ~ninfacyzga-1-2~.
+
***** Install software
****** ~unattended-upgrades~
Make sure to install the ~unattended-upgrades~ package to make sure
: $ sudo apt install syncthing
****** ~git~
-Install ~git~ for downloading this repository to the device.
+~git~ facilitates downloading files from this repository to the
+device. It may be installed via:
: $ sudo apt install git
: $ git checkout --track origin/develop
****** ~age~
+~age~ is required for encrypting data at rest.
+
Place ~age~ binary (the one compiled for ARM CPU architecture for
Linux) in ~$HOME/.local/bin~. A copy of binary may be found within the
~exec~ directory.
+: $ mkdir ~/.local/bin
+: $ cp exec/age ~/.local/bin/
+
***** Disable Swap File
-Since standard Raspbian 10 (Buster) install involves copying
-unencrypted file system image to SD card which is mounted by the
-Raspberry Pi, system memory may be written to disk in the form of a
-Swap file as described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that
-location log data is ever written to disk, swap file functionality
-must be disabled[fn:ideaheap_20130731_disableswap].
+Since standard Raspberry OS 10 install involves copying unencrypted
+file system image to SD card which is mounted by the Raspberry Pi,
+system memory may be written to disk in the form of a Swap file as
+described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that location log data
+is ever written to disk, swap file functionality must be
+disabled[fn:ideaheap_20130731_disableswap].
Raspbian 10 uses dphys-swapfile to manage a swap file. It may be
disabled persistently[fn:rpf_20190702_disableswappersist] by running
projects / EVA-2020-02.git / commitdiff