diff options
| author | Aleksa Vučković <aleksav013@gmail.com> | 2022-03-06 12:59:06 +0100 |
|---|---|---|
| committer | Aleksa Vučković <aleksav013@gmail.com> | 2022-03-06 12:59:06 +0100 |
| commit | 5042fa8a5ad31ed363d788a7697c34eef58c8767 (patch) | |
| tree | cad4654084f91cb27d5a371342b90572c6f6bf46 | |
| parent | 84bd770546de26c56302a9d933df5d81d2f12ee0 (diff) | |
| -rw-r--r-- | files/boot/wpa_supplicant.conf | 9 | ||||
| -rw-r--r-- | pisetup | 81 |
2 files changed, 56 insertions, 34 deletions
diff --git a/files/boot/wpa_supplicant.conf b/files/boot/wpa_supplicant.conf new file mode 100644 index 0000000..a038b1b --- /dev/null +++ b/files/boot/wpa_supplicant.conf @@ -0,0 +1,9 @@ +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +country=<2_LETTER_COUNTRY_CODE> + +network={ + ssid="<WIFI_NAME>" + psk="<WIFI_PASSWORD>" + key_mgmt=WPA-PSK +} @@ -1,50 +1,66 @@ -# prepare os - -#unzip -p <arm64_lite>.img | dd of=/dev/mmcblk0 conv=fsync bs=4M status=progress -#mount /dev/mmcblk0#p1 /mnt -#cd /mnt -#touch ssh -#add those lines to config.txt +# flashing os to sd card +unzip -p <arm64_lite>.img | dd of=/dev/mmcblk0 bs=4M conv=fsync status=progress + +# enable sshd and wifi on first boot +mount /dev/mmcblk0#p1 /mnt/pi +touch /mnt/pi/boot +cp ./files/boot/wpa_supplicant.conf /mnt/pi +## edit /mnt/pi/config.txt disable_overscan=1 over_voltage=6 arm_freq=2147 gpu_freq=750 +# secure ssh +## copy ssh key +ssh-copy-id -i .ssh/id_rsa.pub pi@<RPI_LAN_ADDRESS> +## edit /etc/ssh/sshd_config +PermitRootLogin no +PasswordAuthentication no +## restart ssh service +service sshd restart + +# disable bluetooth +rfkill block bluetooth + +# clear password for all users +## edit /etc/shadow # update system apt update -apt dist-upgrade apt upgrade apt autoremove rpi-eeprom-update # install tools -apt install tmux neovim ranger neofetch +sudo apt install tmux neovim ranger neofetch -#ssh-copy-id -i .ssh/id_rsa.pub pi@192.168.0.22 -#passwd -#rfkill block bluetooth +# install required tools for gitea +sudo apt install git sqlite3 -# set ssh to accept only keys on localhost* -vim /etc/ssh/sshd_config -#add those lines -PermitRootLogin no -PasswordAuthentication no -service sshd restart +# git user +useradd --create-home git +# gitea +wget https://dl.gitea.io/gitea/1.15.10/gitea-1.15.10-linux-arm64 +chmod +x gitea-1.15.10-linux-arm64 # install pihole & pivpn curl -L https://install.pivpn.io | bash curl -sSL https://install.pi-hole.net | bash + #change pihole password pihole -a -p +# pivpn +pivpn -d + # 80 -> 8080 lighttp sed -i "s/80/8080/" /etc/lighttpd/lighttpd.conf service lighttpd restart -# installing -apt install nginx certbot python3-certbot-nginx ufw fail2ban prosody coturn +# nginx & certbot +sudo apt install nginx certbot python3-certbot-nginx # move default index page to /var/www/html/default mkdir /var/www/html/default @@ -57,23 +73,23 @@ limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req zone=one; # ufw & fail2ban -pivpn -d -vim /etc/default/ufw "disable ipv6" -ufw allow from 192.168.0.0/24 -ufw allow from 10.8.0.0/24 -ufw allow 80/tcp -ufw allow 443/tcp -ufw allow XMPP -ufw enable +sudo apt install ufw fail2ban +sudo nvim /etc/default/ufw "disable ipv6" +sudo ufw allow from 192.168.0.0/24 +sudo ufw allow from 10.8.0.0/24 +sudo ufw allow to any app "SSH" +sudo ufw allow to any app "WWW Full" +sudo ufw allow to any app "XMPP" +sudo ufw enable # certbot -certbot -d gajba.cf --nginx -certbot certonly -d chat.gajba.cf --nginx +certbot -d gajba.cf -d chat.gajba.cf -d git.gajba.cf --nginx -# ovpns +# ovpn pivpn add -n aleksa # prosody +sudo apt install prosody coturn admins = { "aleksa@gajba.cf" } VirtualHost "gajba.cf" service prosody restart @@ -85,6 +101,3 @@ sudo prosodyctl adduser aleksa@gajba.cf # that's it reboot - -# testing -for i in {nginx,ufw,fail2ban,prosody}; do service $i status | grep Active; done |