PiFrame/piframe
PiFrame
/
piframe
3
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

Merge branch 'master' into piframefleet

This commit is contained in:
KemoNine 2020-08-03 21:16:38 +00:00
parent 05d6a33261 40260483fa
commit 66b31f45dc
22 changed files with 512 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/README.md
View File

@ -4,7 +4,6 @@ This folder contains a bunch of general information on how to get the base of a
## General Notes
* [WiFi](wifi.md)
* [HDMI](hdmi.md)
## Setup / Deployment
@ -12,22 +11,20 @@ This folder contains a bunch of general information on how to get the base of a
Items marked ```REQUIRED``` are assumed to be setup and working. You've been warned.
* [Base Firmware (REQUIRED)](base.md)
* [Finalize Arch Setup (REQUIRED)](finalize_setup.md)
* [Finalize Setup (REQUIRED)](finalize_setup.md)
* [Setup swap (REQUIRED)](swap.md)
* [journald Tweaks (make it less chatty and resource hungry)](journald.md)
* [Standard Raspberry Pi Toolchain Setup (REQUIRED)](rpi_tools.md)
* [CPU Governor](cpu_governor.md)
* [AUR Package Manager (REQUIRED)](aur_package_manager.md)
* [Additional Networking Setup (REQUIRED)](networking.md)
* [Automatic Updates (VERY SMART)](auto_updates.md)
* [Slideshow Prep (REQUIRED)](slideshow_prep.md)
* [Slideshow Setup (REQUIRED)](slideshow.md)
* [Email Notifications (REQUIRED)](email_notifications.md)
* [cron / Scheduler (REQUIRED)](cron.md)
* [Backups via restic](restic.md)
* [Additional Networking Setup (REQUIRED)](cockpit.md)
* [Web Dashboard / Landing Page](landing_page.md)
* [System Monitoring (REQUIRED)](monit.md)
* [Resource Monitoring](munin.md)
* [HDMI Scheduled On/Off](scheduled_display.md)
* [CPU Governor](cpu_governor.md)
* [Backups via restic](restic.md)
* [Web Based Administration](cockpit.md)
* [Web Dashboard / Landing Page](landing_page.md)
* [Web File Manager (Picture Sync)](filebrowser.md)
* [SyncThing (Picture Sync)](syncthing.md)
* [rclone (Picture Sync)](rclone.md)
* [HDMI Scheduled On/Off](scheduled_display.md)
* [Resource Monitoring](munin.md)

26
docs/aur_package_manager.md
View File

@ -1,26 +0,0 @@
# AUR Package Manager
This project uses some packages from the Arch Linux AUR repos. As such, we are going to setup a package manager for those packages. Pacman doesn't support the AUR repos natively and this is the most accessible approach for installing AUR packages.
The commands below will setup the ```yay``` AUR package manager.
``` sh
pacman -S --needed base-devel go
useradd yay -s /usr/bin/nologin
mkdir /home/yay
chown yay: -R /home/yay
git clone https://aur.archlinux.org/yay.git /opt/yay
chown yay: -R /opt/yay/
cd /opt/yay
cat > /etc/sudoers.d/yay <<EOF
yay ALL=(ALL) NOPASSWD: ALL
EOF
chmod 600 /etc/sudoers.d/yay
sudo -sHu yay makepkg -si
cat >> ~/.bashrc <<EOF
alias yay="/usr/bin/sudo -sHu yay /usr/bin/yay"
EOF
source ~/.bashrc
```

25
docs/auto_updates.md Normal file
View File

@ -0,0 +1,25 @@
# Automatic Updates
The below will setup nightly automatic update and reboots for the PiFrame. This is a really smart choice as it will ensure security updates are applied in a timely fashion.
``` sh
apt install unattended-upgrades
nano -w /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Mail "user@domain.tld";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
nano -w /etc/apt/apt.conf.d/20auto-upgrades
unattended-upgrades --dry-run --debug
cat > /usr/local/bin/3rd_party_app_updates.sh <<EOF
#!/bin/bash
curl -fsSL https://filebrowser.org/get.sh | bash
restic self-update
curl https://rclone.org/install.sh | bash
EOF
chmod a+x /usr/local/bin/3rd_party_app_updates.sh
crontab -e
0 7 14 * * /usr/local/bin/3rd_party_app_updates.sh
```

117
docs/base.md
View File

@ -1,118 +1,7 @@
# Base Firmware Setup
The ```PiFrame``` uses Arch Linux at its core. This document will outline a way to setup a micro sd card with Arch Linux.
The ```PiFrame``` uses Ubuntu Linux at its core.
# Please Note
There are a lot of documents online on how to flash Ubuntu to an sd card for the Raspberry Pi 4.
We assume you're going to use the Raspberry Pi itself for setting up an Arch Linux environment. In order to do this properly and safely, you'll need 2 micro sd cards and a USB to micro sd card adapter.
# Setup an Ubuntu SD Card
The first step is to setup a basic Ubuntu boot environment for the Raspberry Pi, we will use this to boot strap (initialize) the Arch Linux micro sd card. This Ubuntu micro sd card can also be used to recover a broken Arch Linux system if necessary.
1. Download Ubuntu from their main [download site](https://ubuntu.com/download/raspberry-pi/thank-you?version=20.04&architecture=arm64+raspi) and flash it to the sd card. There are a lot of guides on how to do this online.
1. Boot the Ubuntu installation
1. Check the ip address with ```ip addr`` and ssh into the environment if desired. This step can be skipped if you have a keyboard/monitor setup.
1. Login to the Ubuntu envrionment
1. Open a terminal
1. Run ```sudo -sHu root``` to elevate your privileges
# Prep / install arch linux on micro sd card
## Inspiration and Further Reading
- [https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4#installation](https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4#installation)
- [https://github.com/phortx/Raspberry-Pi-Setup-Guide](https://github.com/phortx/Raspberry-Pi-Setup-Guide)
## Arch Linux Disk Setup
Run the following commands to prep the Arch Linux micro sd card. Please note the device nodes like ```/dev/sda``` may be different depending on the usb adapter used.
``` sh
parted /dev/sda
mklabel msdos
mkpart
p
[enter]
1
100M
mkpart
p
[enter]
100M
-1
set 1 boot on
set 1 lba on
q
mkfs.fat /dev/sda1
mkfs.btrfs /dev/sda2
```
## Arch Linux Bootstrap
Run the following commands to bootstrap (initialize) a fundamental Arch Linux installation.
``` sh
mkdir /mnt/arch
mount -o nodiratime,noatime,compress /dev/sda2 /mnt/arch
mkdir /mnt/arch/boot
mount /dev/sda1 /mnt/arch/boot
cd /mnt/arch
wget http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-4-latest.tar.gz
tar -xpf ArchLinuxARM-rpi-4-latest.tar.gz
rm ArchLinuxARM-rpi-4-latest.tar.gz
```
## Tweak Bootstrapped System
The following commands will tweak the base Arch Linux distro to facilitate the needs of a photo frame as well as tune some of the debugging that's present in the default setup.
``` sh
cat > /mnt/arch/boot/config.txt <<EOF
# KmN: Borrowed some stuff from majaro
# See /boot/overlays/README for all available options
gpu_mem=512
dtoverlay=miniuart-bt
initramfs initramfs-linux.img followkernel
disable_overscan=1
#enable vc4
dtoverlay=vc4-fkms-v3d
max_framebuffers=1
# Make sure hdmi low power mode is set for when the feature is implemented on the Pi4
hdmi_blanking=1
# you may need to add hdmi settings specific to your lcd display panel
# for example, the below settings are for a 2560x1600 50Hz panel
# see https://www.raspberrypi.org/documentation/configuration/config-txt/video.md
# for additional details
#hdmi_cvt=2560 1600 50 5 0 0 1
#hdmi_group=2
#hdmi_mode=88
EOF
nano -w /mnt/arch/boot/cmdline.txt
root=/dev/mmcblk0p2 rootflags=nodiratime,noatime,compress rw rootwait
remove kgdboc=ttyAMA0,115200
parted /dev/sda
set 1 boot on
set 1 lba on
set 2 lba on
q
```
## Boot Arch Linux
That should do it for the bootstrapping process. You can now shutdown the Ubuntu environment via ```systemctl poweroff```, swap the micro sd cards and boot into the Arch Linux environment.
You should not need the Ubuntu micro sd card at this point unless you need to recover or fix a broken Arch Linux installation.
**Please Note: You'll want the most recent LTS 64bit server version of Ubuntu for your PiFrame**

7
docs/cockpit.md
View File

@ -2,17 +2,12 @@
The below commands will setup ```cockpit``` so you can manage your PiFrame from a web browser. This is wholly optional but can be useful when ssh/serial terminal access aren't available.
If you don't want the admin UI you still should install ```NetworkManager``` and ```firewalld``` as the rest of the documentation assumes these are installed.
``` sh
# Remote management on http://ip:9090
pacman -S cockpit cockpit-pcp packagekit udisks2 networkmanager firewalld
systemctl enable --now firewalld
apt install cockpit exfat-utils udisks2-btrfs
firewall-cmd --zone=public --permanent --add-port=9090/tcp
firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --reload
systemctl enable --now NetworkManager
systemctl enable --now cockpit.socket
```

10
docs/cpu_governor.md
View File

@ -4,8 +4,12 @@ The below commands setup a CPU governor. This is to help reduce power consumptio
``` sh
pacman -S cpupower
sed -i "s/#governor='ondemand'/governor='powersave'/g" /etc/default/cpupower
systemctl enable --now cpupower
sudo -sHu root /bin/bash
apt install cpufrequtils
cat > /etc/default/cpufrequtils <<EOF
ENABLE="true"
GOVERNOR="ondemand"
EOF
systemctl restart cpufrequtils
```

23
docs/cron.md
View File

@ -1,23 +0,0 @@
# cron/Scheduler
The below commands will setup a cron daemon (scheduler) for running things like backups, statistic gathering and more via a schedule. While technically not required, we *strongly* recommend using cron for backups so you get the output via e-mail (or similar). This is also required if you want to monitor resource utilization via ```munin```.
## Important Notes
* This assumes you have setup ```msmtp``` for email notifications
## Setup
``` sh
pacman -S cronie
mkdir /etc/systemd/system/cronie.service.d
cat > /etc/systemd/system/cronie.service.d/override.conf <<EOF
[Service]
ExecStart=
ExecStart=/usr/bin/crond -n -m '/usr/bin/msmtp -t'
EOF
systemctl daemon-reload
systemctl enable --now cronie
```

2
docs/email_notifications.md
View File

@ -12,7 +12,7 @@ This is optional but strongly recommended to setup.
``` sh
pacman -S msmtp msmtp-mta
apt install msmtp msmtp-mta
cat > /etc/aliases <<EOF
# Example aliases file

18
docs/filebrowser.md
View File

@ -13,18 +13,18 @@ The below will setup ```filebrowser``` as a file manager for your photos on the
``` sh
curl -fsSL https://filebrowser.org/get.sh | bash
mkdir /home/feh/filebrowser
filebrowser -c /home/feh/filebrowser/pictures.config \
mkdir /home/fim/filebrowser
filebrowser -d /home/fim/filebrowser/pictures.db \
config init
filebrowser -c /home/feh/filebrowser/pictures.config \
filebrowser -d /home/fim/filebrowser/pictures.db \
config set --address 0.0.0.0
filebrowser -c /home/feh/filebrowser/pictures.config \
filebrowser -d /home/fim/filebrowser/pictures.db \
config set --port 9191
filebrowser -c /home/feh/filebrowser/pictures.config \
filebrowser -d /home/fim/filebrowser/pictures.db \
config set --branding.name "PiFrame - Pictures"
filebrowser -c /home/feh/filebrowser/pictures.config \
filebrowser -d /home/fim/filebrowser/pictures.db \
users add admin apassword
chown feh: -R /home/feh/filebrowser
chown fim: -R /home/fim/filebrowser
firewall-cmd --zone=public --permanent --add-port=9191/tcp
firewall-cmd --reload
cat > /etc/systemd/system/filebrowser-pictures.service <<EOF
@ -33,9 +33,9 @@ Description=Filebrowser - Pictures
After=network.target
[Service]
User=feh
User=fim
PrivateTmp=true
ExecStart=/usr/local/bin/filebrowser -c /home/feh/filebrowser/pictures.config -d /home/feh/filebrowser/pictures.db -r /tank/pictures --img-processors 1 --disable-thumbnails
ExecStart=/usr/local/bin/filebrowser -d /home/fim/filebrowser/pictures.db -r /tank/pictures --img-processors 1 --disable-thumbnails
[Install]
WantedBy=multi-user.target

78
docs/finalize_setup.md
View File

@ -1,57 +1,57 @@
# Arch Linux Finalization
# Setup Finalization
By default Arch Linux has very little software installed and even less configuration complete.
The following commands will finalize the fundamental Arch Linux setup and perform some mild tuning.
The following will walk through finalizing setup of the base environment.
``` sh
# login as root with password root
# Wait for cloud initi to spew to LCD (this will take a minute, it's prepping the initial config and deploying it, including the default user account)
# Initialize pacman
pacman-key --init
pacman-key --populate archlinuxarm
# Login as ubuntu / ubuntu and follow the prompts
# Update system to latest software
pacman -Syy
pacman -Su
# Install btrfs-progs
pacman -S btrfs-progs
# Reboot
sudo -sHu root /bin/bash
# Disable cloud-init as it's unnecessary for the purposes of this project
touch /etc/cloud/cloud-init.disabled
nano -w /boot/firmware/cmdline.txt
remove console=tty1
systemctl reboot
# Remove arch linux on arm default user
userdel -r alarm
# Login
# Set root password
passwd
sudo -sHu root /bin/bash
# Turn on colorized pacman output
sed -i 's/#Color/Color/' /etc/pacman.conf # Add color to pacman
# Cleanup timezone
dpkg-reconfigure tzdata
# Install fundamental tools
pacman -S openssh tmux nano vim htop iotop nload python python-pip wget curl git bash-completion p7zip exfat-utils man-db man-pages btrfs-progs sudo
# Full system update
apt update && apt upgrade
systemctl reboot
# Tweak sshd to allow root login
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
systemctl enable --now sshd
systemctl restart sshd
# Login
# Finalize localiztation settings
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
timedatectl set-local-rtc 0
timedatectl set-ntp true
echo LANG=en_US.UTF-8 > /etc/locale.conf
sed -i "s/#en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen
locale-gen
sudo -sHu root /bin/bash
# Useful packages
apt install build-essential cmake nano tmux vim htop iotop nload git net-tools
# Raspberry Pi tools
apt install linux-tools-raspi
mkdir /opt/raspberry-pi
cd /opt/raspberry-pi
git clone https://github.com/raspberrypi/userland.git
cd userland
./buildme --aarch64
cat > /etc/profile.d/rpi-tools.sh <<EOF
#!/bin/bash
export PATH="$PATH:/opt/vc/bin"
EOF
cat > /etc/ld.so.conf.d/00-vmcs.conf <<EOF
/opt/vc/lib
EOF
ldconfig
# Finalize basic network config
nano -w /etc/hostname
nano -w /etc/hosts
# Turn off kernel audit logging
nano -w /boot/cmdline.txt
add audit=0 at end of cmdline
hostnamectl set-hostname piframe
# Reboot system for all changes to take effect
systemctl reboot

28
docs/journald.md
View File

@ -1,28 +0,0 @@
# journald
The below commands will adjust some ```journald``` settings so it is less chatty and uses fewer resources.
``` sh
mkdir /etc/systemd/journald.conf.d/
cat > /etc/systemd/journald.conf.d/00-wall.conf <<EOF
[Journal]
ForwardToWall=no
EOF
cat > /etc/systemd/journald.conf.d/00-journal-size.conf <<EOF
[Journal]
SystemMaxUse=256M
EOF
cat > /etc/systemd/journald.conf.d/00-audit.conf <<EOF
[Journal]
Audit=no
EOF
cat > /etc/systemd/journald.conf.d/00-console.conf <<EOF
[Journal]
ForwardToConsole=no
TTYPath=
EOF
systemctl mask systemd-journald-audit.socket
systemctl restart systemd-journald
```

7
docs/landing_page.md
View File

@ -16,11 +16,8 @@ The below commands will setup a basic web server and a landing page for your PiF
# web server w/ useful links
########################################
pacman -S lighttpd
mkdir /etc/lighttpd/conf.d
echo "include \"/etc/lighttpd/conf.d/*.conf\"" >> /etc/lighttpd/lighttpd.conf
mkdir /srv/http
cat > /srv/http/index.html <<EOF
apt install lighttpd
cat > /var/www/html/index.html <<EOF
<html>
<head>

19
docs/monit.md
View File

@ -4,32 +4,31 @@ The below commands will setup ```monit``` to track key elements of the PiFrame h
``` sh
pacman -S monit
mkdir /etc/monit.d
nano -w /etc/monitrc
include /etc/monit.d/*
apt install monit
nano -w /etc/monit/monitrc
set httpd port 2812 and
use address 0.0.0.0
allow admin:monit
set mailserver domain.tld port 587
username "piframe@domain.tld" password "apassword"
using tls
cat > /etc/monit.d/rootfs <<EOF
cat > /etc/monit/conf.d/rootfs <<EOF
check filesystem rootfs with path /
if space usage > 80% then alert
EOF
cat > /etc/monit.d/tankfs <<EOF
cat > /etc/monit/conf.d/tankfs <<EOF
check filesystem tankfs with path /tank
if space usage > 80% then alert
EOF
cat > /etc/monit.d/feh <<EOF
check process feh matching /usr/bin/feh
start program = "/usr/bin/systemctl start greetd"
stop program = "/usr/bin/systemctl stop greetd"
cat > /etc/monit/conf.d/fim <<EOF
check process fim matching /usr/bin/fim
start program = "/usr/bin/systemctl start fim"
stop program = "/usr/bin/systemctl stop fim"
if does not exist then alert
if does not exist for 2 cycles then restart
EOF
systemctl enable --now monit
systemctl restart monit
firewall-cmd --zone=public --permanent --add-port=2812/tcp
firewall-cmd --reload

239
docs/munin.md
View File

@ -1,94 +1,145 @@
# Resource Monitoring
The below commands will setup ```munin``` for monitoring resource utilization on your PiFrame. This is wholly optional but can provide insights if your PiFrame is exhibiting odd behavior.
## Important Notes
* This setup will deploy a *dedicated instance* of ```lighttpd``` to handle access to the ```munin``` data. Given how lean ```lighttpd``` is on resources, this saves many hassles with virtual hosts and the like.
* This setup uses cgi to generate ```munin``` graphs. The Raspberry Pi cpu can take awhile to generate graphs. Please be patient. This approach was chosen to keep ```munin``` from consuming resource generating graphs every time it collects statistics. This also helps prevent excessive disk writes to the micro sd card extending its life.
## Setup
``` sh
pacman -S munin perl-cgi-fast
nano -w /etc/munin/munin.conf
graph_strategy cgi
html_strategy cron
[piframe]
address 127.0.0.1
use_node_name yes
chown munin: /var/lib/munin/cgi-tmp
chown munin: -R /usr/share/munin/www
munin-node-configure --shell # activate useful plugins
sudo -sHu munin munin-cron # prime munin data
systemctl enable --now munin-node
crontab /etc/munin/munin-cron-entry -u munin
cat > /etc/lighttpd/lighttpd-munin.conf <<EOF
# Apply the following tweaks to the /etc/munin/munin.conf file ahead of running lighttpd for munin
## Use cgi rendering for graph and html
#graph_strategy cgi
#html_strategy cron
server.username = "munin"
server.groupname = "munin"
server.document-root = "/srv/http"
server.port = 2813
server.errorlog = "/var/log/munin/lighttpd-error.log"
dir-listing.activate = "disable"
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_rewrite",
"mod_redirect",
"mod_cgi",
"mod_fastcgi",
)
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )
url.redirect += ( "^/*$" => "/munin/" )
\$HTTP["url"] =~ "/munin-cgi/munin-cgi-graph" {
alias.url += ( "/munin-cgi/munin-cgi-graph" => "/usr/share/munin/cgi/munin-cgi-graph" )
cgi.assign = ( "" => "" )
}
#alias.url += ( "/munin/static" => "/etc/munin/static" )
alias.url += ( "/munin" => "/usr/share/munin/www" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
EOF
cat > /etc/systemd/system/lighttpd-munin.service <<EOF
[Unit]
Description=Lighttpd Web Server (munin)
After=syslog.target network.target
[Service]
PrivateTmp=true
ExecStart=/usr/bin/lighttpd-angel -D -f /etc/lighttpd/lighttpd-munin.conf
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now lighttpd-munin
firewall-cmd --zone=public --permanent --add-port=2813/tcp
firewall-cmd --reload
```
# Resource Monitoring
The below commands will setup ```munin``` for monitoring resource utilization on your PiFrame. This is wholly optional but can provide insights if your PiFrame is exhibiting odd behavior.
## Important Notes
* This setup will deploy a *dedicated instance* of ```lighttpd``` to handle access to the ```munin``` data. Given how lean ```lighttpd``` is on resources, this saves many hassles with virtual hosts and the like.
* This setup uses cgi to generate ```munin``` graphs. The Raspberry Pi cpu can take awhile to generate graphs. Please be patient. This approach was chosen to keep ```munin``` from consuming resource generating graphs every time it collects statistics. This also helps prevent excessive disk writes to the micro sd card extending its life.
## Setup
``` sh
apt install munin
nano -w /etc/munin/munin.conf
graph_strategy cgi
html_strategy cron
[piframe]
address 127.0.0.1
use_node_name yes
touch /var/log/munin/munin-cgi-graph.log
chown munin: /var/log/munin/munin-cgi-graph.log
munin-node-configure --shell # activate useful plugins
sudo -sHu munin munin-cron # prime munin data
systemctl enable --now munin-node
systemctl restart munin-node
cat > /etc/lighttpd/lighttpd-munin.conf <<EOF
# Apply the following tweaks to the /etc/munin/munin.conf file ahead of running lighttpd for munin
## Use cgi rendering for graph and html
#graph_strategy cgi
#html_strategy cron
server.username = "munin"
server.groupname = "munin"
server.document-root = "/var/www/html"
server.port = 2813
server.errorlog = "/dev/stdout"
accesslog.filename = "/dev/stdout"
dir-listing.activate = "disable"
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_rewrite",
"mod_redirect",
"mod_cgi",
"mod_fastcgi",
"mod_auth",
"mod_authn_file",
)
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/munin.auth"
auth.require = ( "/" =>
(
"method" => "basic",
"realm" => "Munin",
"require" => "valid-user"
)
)
server.pid-file = "/run/lighttpd-munin.pid"
server.follow-symlink = "enable"
index-file.names = ( "index.html", "index.htm" )
url.redirect += ( "^/*$" => "/munin/" )
\$HTTP["url"] =~ "/munin-cgi/munin-cgi-graph" {
alias.url += ( "/munin-cgi/munin-cgi-graph" => "/usr/lib/munin/cgi/munin-cgi-graph" )
cgi.assign = ( "" => "" )
}
alias.url += ( "/munin/static" => "/etc/munin/static" )
alias.url += ( "/munin" => "/var/cache/munin/www" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
EOF
cat > /etc/systemd/system/lighttpd-munin.service <<EOF
[Unit]
Description=Lighttpd Web Server (munin)
After=syslog.target network.target
[Service]
PrivateTmp=true
ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd-munin.conf
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
[Install]
WantedBy=multi-user.target
EOF
cat > /root/lighttpd-auth.pl <<EOF
#!/usr/bin/perl
print "User: ";
\$user = <>;
chomp \$user;
print "Realm: ";
\$realm = <>;
chomp \$realm;
use Term::ReadKey;
{
ReadMode('noecho');
print "Password: ";
\$password = ReadLine(0);
chomp \$password;
print "\\nPassword again: ";
\$password2 = ReadLine(0);
chomp \$password2;
ReadMode('normal');
print "\\n";
if(\$password ne \$password2)
{
print "Passwords don't match\\n";
redo;
}
}
print "\$user:\$realm:";
open(MD5, "|md5sum | cut -b -32") or die;
print MD5 "\$user:\$realm:\$password";
close(MD5);
EOF
chmod a+x /root/lighttpd-auth.pl
apt install libterm-readkey-perl
/root/lighttpd-auth.pl
echo "above_output" >> /etc/lighttpd/munin.auth
systemctl daemon-reload
systemctl enable --now lighttpd-munin
firewall-cmd --zone=public --permanent --add-port=2813/tcp
firewall-cmd --reload
```

32
docs/networking.md Normal file
View File

@ -0,0 +1,32 @@
# Networking Setup
The below commands will setup ```NetworkManager``` and ```firewalld``` for the networking infrastructure. These tools are a bit easier to work with via the web (See the Cockpit docs) and NetworkManager is commonly found when working with Raspberry Pi Documentation. We have kept ufw for the time being as a lot of Ubuntu meta packages assume it to be present.
``` sh
apt install network-manager firewalld
rm /etc/netplan/50-cloud-init.yaml
systemctl disable systemd-networkd.service
systemctl mask systemd-networkd.service
systemctl stop systemd-networkd.service
cat > /etc/netplan/50-cloud-init.yaml <<EOF
network:
version: 2
renderer: NetworkManager
EOF
netplan generate
ufw disable
systemctl disable ufw
firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --reload
systemctl enable --now NetworkManager
systemctl restart NetworkManager
systemctl enable --now firewalld
# Setup Ethernet
# Setup by the above netplan tweaks
# Setup Wifi (optional)
nmtui
```

12
docs/restic.md
View File

@ -16,7 +16,11 @@ The below commands will setup a **local** backup of your photo frame using ```re
# restic backups
########################################
pacman -S restic
wget https://github.com/restic/restic/releases/download/v0.9.6/restic_0.9.6_linux_arm64.bz2
bunzip2 restic_0.9.6_linux_arm64.bz2
mv restic_0.9.6_linux_arm64 /usr/local/bin/restic
chmod a+x /usr/local/bin/restic
restic self-update
btrfs subvolume create /tank/backup
restic init -r /tank/backup
cat > /root/restic_backup.sh <<EOF
@ -28,7 +32,7 @@ ZONE=root
export RESTIC_REPOSITORY=/tank/backup/
export RESTIC_PASSWORD=testing1234
/usr/bin/restic backup -v -q \
/usr/local/bin/restic backup -v -q \
--tag $MACHINE --tag $ZONE \
/ \
--exclude /run \
@ -43,7 +47,7 @@ export RESTIC_PASSWORD=testing1234
--exclude /mnt \
--exclude /root/.cache \
/usr/bin/restic forget -v \
/usr/local/bin/restic forget -v \
--tag $MACHINE --tag $ZONE \
--keep-daily=7 \
--keep-weekly=4 \
@ -51,7 +55,7 @@ export RESTIC_PASSWORD=testing1234
--keep-yearly 1
# This can take a very, very long time
/usr/bin/restic prune && /usr/bin/restic check
/usr/local/bin/restic prune && /usr/local/bin/restic check
EOF
chmod a+x /root/restic_backup.sh
crontab -e

16
docs/rpi_tools.md
View File

@ -1,16 +0,0 @@
# Raspberry Pi Standard Tools Setup
The below commands will setup and expose the standard Raspberry Pi tools from ```raspbian```. Some of these tools are necessary for additional features like HDMI display on/off support.
``` sh
# Standard tools included by arch linux on arm
sed -i "s/appendpath '\/usr\/bin'/appendpath '\/usr\/bin'\nappendpath '\/opt\/vc\/bin'/g" /etc/profile
source /etc/profile
# raspi-config that's commonly used by tutorials and guides online
pacman -S libnewt
wget https://raw.github.com/chattama/raspi-config-archlinux/archlinux/raspi-config -O /usr/local/bin/raspi-config
chmod a+x /usr/local/bin/raspi-config
```

233
docs/slideshow.md
View File

@ -1,46 +1,221 @@
# Slideshow
The below commands will setup ```feh``` as a slideshow on your display.
The below commands will setup ```fim``` as a slideshow on your display.
## Important Notes
* ```feh``` will crash if there are no photos for it to use as a slideshow
* You will likely want to tweak the ```feh``` command invocation below. These are great settings as a starting point but you'll probably want to make adjustments for your use case.
* This setup uses ```incron``` to restart ```feh``` when photos are deleted from the pictures folder. Without this piece ```feh``` will crash if a picture is removed from the pictures directory prior to ```feh``` rescaning the pictures directory.
* We default to ```DejaVuSansMono``` as the font for display of EXIF data and filename. This is an open font and looks great on most displays. Any ```fontconfig``` font can be used in its place. Adjust according to your preferences.
* ```fim``` will crash if there are no photos for it to use as a slideshow
* You will likely want to tweak the ```fim``` command invocation below. These are great settings as a starting point but you'll probably want to make adjustments for your use case.
* This setup uses ```incron``` to restart ```fim``` when photos are deleted from the pictures folder. Without this piece ```fim``` will crash if a picture is removed from the pictures directory prior to ```fim``` rescaning the pictures directory.
## Setup
``` sh
pacman -S feh imagemagick ttf-dejavu
# reload 86400 is to refresh the list of images daily -- tune for preferred number of seconds
# slideshow-delay is number of seconds (as a float) between images ; tune accordingly
useradd -s /usr/bin/nologin -m feh
chmod a+rx /tank/pictures
pacman -S acl
setfacl -m "u:feh:rX" /tank/pictures
setfacl -dm "u:feh:rX" /tank/pictures
pacman -S incron
cat > /etc/incron.d/feh <<EOF
/tank/pictures IN_DELETE systemctl restart greetd
useradd -m -G video -s /usr/sbin/nologin fim
apt install acl
setfacl -m "u:fim:rwX" /tank/pictures
setfacl -dm "u:fim:rwX" /tank/pictures
apt install fim imagemagick ttf-dejavu
cat > /home/fim/.fimrc <<EOF
# Tweak left of status bar to show filename and taken date/time only
_display_status_fmt="%N %?EXIF_DateTimeOriginal?[%:EXIF_DateTimeOriginal:]?";
# Tweak right of status bar to show image/total only
_info_fmt_str="%i/%l%P";
unbind " ";
unbind "!";
unbind """;
unbind "#";
unbind "$";
unbind "%";
unbind "&";
unbind "";
unbind "(";
unbind ")";
unbind "*";
unbind "+";
unbind ",";
unbind "-";
unbind ".";
unbind "/";
unbind "0";
unbind "1";
unbind "2";
unbind "3";
unbind "4";
unbind "5";
unbind "6";
unbind "7";
unbind "8";
unbind "9";
unbind ":";
unbind ";";
unbind "<";
unbind "=";
unbind ">";
unbind "?";
unbind "@";
unbind "A";
unbind "Any";
unbind "B";
unbind "BackSpace";
unbind "Backspace";
unbind "C";
unbind "C-a";
unbind "C-b";
unbind "C-c";
unbind "C-d";
unbind "C-e";
unbind "C-f";
unbind "C-g";
unbind "C-h";
unbind "C-i";
unbind "C-j";
unbind "C-k";
unbind "C-l";
unbind "C-m";
unbind "C-n";
unbind "C-o";
unbind "C-p";
unbind "C-q";
unbind "C-r";
unbind "C-s";
unbind "C-t";
unbind "C-u";
unbind "C-v";
unbind "C-w";
unbind "C-x";
unbind "C-y";
unbind "C-z";
unbind "D";
unbind "Del";
unbind "Down";
unbind "E";
unbind "End";
unbind "Enter";
unbind "Esc";
unbind "F";
unbind "G";
unbind "H";
unbind "Home";
unbind "I";
unbind "Ins";
unbind "J";
unbind "K";
unbind "L";
unbind "Left";
unbind "M";
unbind "N";
unbind "O";
unbind "P";
unbind "PageDown";
unbind "PageUp";
unbind "Q";
unbind "R";
unbind "Right";
unbind "S";
unbind "T";
unbind "Tab";
unbind "U";
unbind "Up";
unbind "V";
unbind "W";
unbind "X";
unbind "Y";
unbind "Z";
unbind "[";
unbind "\";
unbind "]";
unbind "^";
unbind "_";
unbind "";
unbind "a";
unbind "b";
unbind "c";
unbind "d";
unbind "e";
unbind "f";
unbind "g";
unbind "h";
unbind "i";
unbind "j";
unbind "k";
unbind "l";
unbind "m";
unbind "n";
unbind "o";
unbind "p";
unbind "q";
unbind "r";
unbind "s";
unbind "t";
unbind "u";
unbind "v";
unbind "w";
unbind "x";
unbind "y";
unbind "z";
unbind "{";
unbind "|";
unbind "}";
unbind "~";
EOF
systemctl enable --now incrond
cat > /usr/local/bin/feh-slideshow.sh <<EOF
cat > /usr/local/bin/fim-slideshow.sh <<EOF
#!/bin/bash
/usr/bin/feh --auto-zoom --borderless --fullscreen --hide-pointer --image-bg black --randomize --recursive \
--slideshow-delay 300 --reload 86400 \
--draw-tinted --draw-exif --draw-filename \
--fontpath /usr/share/fonts/TTF/ --font DejaVuSansMono/10 \
--verbose \
# options inspiration: https://www.raspberrypi.org/forums/viewtopic.php?t=196043
tput civis
/usr/bin/fim --verbose --no-commandline --no-history \
--device /dev/fb0 --vt 1 \
--execute-commands-early "clear" --final-commands "clear" \
--execute-commands 'while(1){display;sleep "300";next;}' \
--autozoom --random \
--cd-and-readdir --recursive \
/tank/pictures
EOF
chmod a+x /usr/local/bin/feh-slideshow.sh
cat >> /etc/greetd/config.toml <<EOF
[initial_session]
command = "/usr/bin/cage /usr/local/bin/feh-slideshow.sh"
user = "feh"
chmod a+x /usr/local/bin/fim-slideshow.sh
cat > /etc/systemd/system/fim.service <<EOF
[Unit]
Description=fim slideshow
After=getty.target
[Service]
User=fim
ExecStart=/usr/local/bin/fim-slideshow.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl restart greetd
systemctl daemon-reload
systemctl stop getty@tty1
systemctl disable getty@tty1
cat > /usr/local/bin/no-cursor-tty1.sh <<EOF
#!/bin/bash
/usr/bin/tput -T screen civis > /dev/tty1
EOF
chmod a+x /usr/local/bin/no-cursor-tty1.sh
cat > /etc/systemd/system/no-cursor-tty1.service <<EOF
[Unit]
Description=Disable tty1 cursor
After=getty.target
[Service]
User=root
ExecStart=/usr/local/bin/no-cursor-tty1.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now no-cursor-tty1
systemctl enable --now fim
apt install incron
cat > /etc/incron.d/fim-delete <<EOF
/tank/pictures IN_DELETE systemctl restart fim
EOF
cat > /etc/incron.d/fim-create <<EOF
/tank/pictures IN_CREATE systemctl restart fim
EOF
systemctl enable --now incron
systemctl restart incron
```

17
docs/slideshow_prep.md
View File

@ -4,13 +4,18 @@ The below commands will prep the system for storing photos as well as install fu
``` sh
# prep storage for pics
btrfs subvolume create /tank
sudo -sHu root /bin/bash
# Filesystem for pictures
apt install btrfs-progs
parted /dev/sda
mkfs.btrfs /dev/sda1
mkdir /tank
cat >> /etc/fstab <<EOF
/dev/sda1 /tank btrfs defaults,noatime,nodiratime,compress,ssd 0 1
EOF
mount /tank
btrfs subvolume create /tank/pictures
# load pictures via rclone/syncthing/scp/etc (semi-optional)
# basic window manager stuffs for making feh work properly
yay -S greetd cage xorg-server-xwayland
systemctl enable --now greetd
```

4
docs/swap.md
View File

@ -4,13 +4,13 @@ The below commands will setup 1Gb of swap space as a file on the root filesystem
``` sh
sudo -sHu root /bin/bash
mkdir /swap
chattr +C /swap
fallocate -l 1024M /swap/swap.1
chmod 600 /swap/swap.1
mkswap /swap/swap.1
swapon /swap/swap.1
echo 'vm.swappiness=1' > /etc/sysctl.d/99-sysctl.conf
echo 'vm.swappiness=1' > /etc/sysctl.d/99-swap.conf
echo "/swap/swap.1 none swap defaults 0 0" >> /etc/fstab
swapon -a

8
docs/syncthing.md
View File

@ -4,10 +4,12 @@ The below will setup ```syncthing``` and give some basics for setup. This is who
``` sh
pacman -S syncthing
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
apt update && apt install syncthing
touch /tank/pictures/.stfolder
chown feh: /tank/pictures/.stfolder
systemctl enable --now syncthing@feh.service # use feh user so perms are right for pics
chown fim: /tank/pictures/.stfolder
systemctl enable --now syncthing@fim.service # use feh user so perms are right for pics
ssh -L 8385:127.0.0.1:8384 user@piframe
http://localhost:8385
Change settings

13
docs/wifi.md
View File

@ -1,13 +0,0 @@
# WiFi
Below are some handy commands and notes regarding WiFi on the Raspberry Pi 4.
``` sh
# Wifi config using NetworkManager
nmtui
# Vanilla WiFi config (you probably don't want this if you're following our docs)
wifi-menu
```