Somehow I end up breaking my Raspberry Pi all of the time. Today it was the sudoers file that I modified using
nano instead of
visudo and voila - I cannot be root anymore. Another time I simply forgot my user’s password and apparently it’s impossible to login via ssh anymore (I don’t have spare physical screen and keyboard). So somehow it happens all of the time and I need to reimage SD card and setup everything from scratch. That’s the reason I’m writing this note - to future myself.
Prepare SD card
Download raspbian image
First thing to do is to visit official website and download latest Raspbian image.
Then, verify hashsum using
shasum -a 256 2019-07-10-raspbian-buster-lite.zip (under macOS).
Extract image from the archive
Run Unarchiver or 7zip and extract
Flush image to SD card
For that you need to know SD card disk number.
diskutil list diskutil unmountDisk /dev/disk2 sudo dd bs=1m if=~/Downloads/Installs/2019-07-10-raspbian-buster-lite.img of=/dev/rdisk2 conv=sync
Then, when it will be automounted, create empty file with name “ssh” in
/boot (that will be the only mounted device).
Now you can insert SD card to Raspberry Pi and turn it ON. I use network cable so I don’t need to care about WiFi setup. It’s much faster and much easier in my case.
ssh email@example.com sudo raspi-config
Go to “Advanced” and “Expand filesystem” - this is a first thing to do before downloading updates. Let’s use all 32GB of the SD card instead of 2.2GB of the image we flushed.
Then I install log2ram and modify the limits using
sudo vi /etc/log2ram.conf to have at least 200MB of log space available. This is done to preserve the SD card from frequent writes.
Now it’s a good idea to reboot to make use of log2ram.
I use some of the tricks described in security section. I mean changing the default user, using complex autogenerated password, restricting ssh access and things alike.
sudo adduser pihole sudo adduser pihole sudo
Now it should be possible to reconnect on SSH with
sudo deluser -remove-home pi sudo vi /etc/sudoers.d/010_pi-nopasswd
Editing sudoers is required to disallow passwordless
sudo for all users: just change
PASSWD for your new user and save the file.
Also you may want to add use to group “video” so you will be able to read RaspberryPi temperature with command
/opt/vc/bin/vcgencmd measure_temp. In order to do so, run
sudo usermod -aG video <username>.
What I also usually do is I configure
fail2ban in order to restrict ssh attempts with wrong password.
sudo apt install fail2ban sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo vi /etc/fail2ban/jail.local
As for the last command - modifying the config - it’s just enough to find
[ssh] section and set
enabled = true and
maxretry = 6.
It will be a good idea to install all possible updates
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get clean
Now when the base system is ready, we can install Pi-Hole using commands that you can find in official GitHub repository.
curl -sSL https://install.pi-hole.net | bash
After going through configuration steps, everything what is left to do is to setup static DNS in your router.
I’d like to state that Pi-Hole by itself is not enough for your privacy and security, but it’s a good start.
In order to install kanboard on raspberry pi, first install php with friends
sudo apt-get install php php-gd php-mbstring php-xml php-sqlite3
and git if it’s not installed
sudo apt-get install git.
After this, extract fresh Kanboard in the
cd /var/www/html/ sudo git clone https://github.com/kanboard/kanboard.git cd kanboard sudo git checkout v1.2.12 cd .. sudo chown -R www-data:www-data kanboard/data service apache2 restart
For kanboard I usually also install kanboard tdg plugin as a task-management system.
cd kanboard/plugins sudo wget https://github.com/ribtoks/kanboard-tdg-import/releases/download/v0.0.4/TdgImport-0.0.4.zip sudo unzip TdgImport-0.0.4.zip -d TdgImport
sudo service apache2 restart
and navigate to
http://ip-of-rpi/kanboard/, login with
admin:admin to kanboard and configure users and projects.