-
Notifications
You must be signed in to change notification settings - Fork 0
/
Base.Pifile
151 lines (124 loc) · 4.29 KB
/
Base.Pifile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# This image is intended to provide a base layer for various
# Sensorboxes configurations.
FROM https://downloads.raspberrypi.org/raspios_lite_armhf/images/raspios_lite_armhf-2020-12-04/2020-12-02-raspios-buster-armhf-lite.zip
PUMP 800M
# Upgrade raspbian
RUN apt-get update
# Install basic software
RUN apt-get install -y \
python3 python3-pip \
i2c-tools \
vim \
git \
mosh \
libusb-1.0-0-dev
RUN pip3 install --upgrade pip
# Install networking tools
RUN apt-get install -y \
batctl \
tcpdump \
hostapd \
dnsmasq \
alfred \
bridge-utils
RUN pip3 install ping3
# Set default password
RUN bash -c 'echo "pi:natur" | chpasswd'
# Allow basic connectivity (0 == success status code - enable)
RUN raspi-config nonint do_serial 0
RUN raspi-config nonint do_ssh 0
# Install configuration files
INSTALL Base /
# Fix permissions on host ssh files
RUN bash -c 'chown root:root /etc/ssh/ssh_host_*'
RUN bash -c 'chmod 600 /etc/ssh/ssh_host_*_key'
RUN bash -c 'chmod 644 /etc/ssh/ssh_host_*_key.pub'
RUN systemctl disable regenerate_ssh_host_keys
# Install user ssh files and fix permissions
INSTALL Base/home/pi/.ssh /home/pi/.ssh
RUN chown pi:pi /home/pi
RUN chown pi:pi /home/pi/.ssh
RUN chown pi:pi /home/pi/.ssh/id_ed25519
RUN chown pi:pi /home/pi/.ssh/id_ed25519.pub
RUN chown pi:pi /home/pi/.ssh/authorized_keys
RUN chmod 755 /home/pi
RUN chmod 700 /home/pi/.ssh
RUN chmod 600 /home/pi/.ssh/id_ed25519
RUN chmod 644 /home/pi/.ssh/id_ed25519.pub
RUN chmod 644 /home/pi/.ssh/authorized_keys
# Install root ssh files and fix permissions
INSTALL Base/home/pi/.ssh /root/.ssh
RUN chown root:root /root
RUN chown root:root /root/.ssh
RUN chown root:root /root/.ssh/id_ed25519
RUN chown root:root /root/.ssh/id_ed25519.pub
RUN chown root:root /root/.ssh/authorized_keys
RUN chmod 755 /root
RUN chmod 700 /root/.ssh
RUN chmod 600 /root/.ssh/id_ed25519
RUN chmod 644 /root/.ssh/id_ed25519.pub
RUN chmod 644 /root/.ssh/authorized_keys
# Set Europe/Berlin timezone
RUN ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# add hdd mount to fstab
RUN bash -c 'echo "/dev/sda1 /data ext4 defaults,auto,nofail 0 0" >> /etc/fstab'
# set git config for possible local commits
RUN git config --global user.email "root@nature40-sensorbox"
RUN git config --global user.name "Nature 4.0 Sensorbox"
# Install uhubctl
RUN bash -c 'cd /home/pi/uhubctl; make; make install'
# Install wireguard (https://www.sigmdel.ca/michel/ha/wireguard/wireguard_02_en.html#installing_wg)
RUN apt-get install -y raspberrypi-kernel-headers
RUN tee -a /etc/apt/sources.list.d/testing.list <<EOF
deb http://archive.raspbian.org/raspbian testing main
EOF
RUN tee -a /etc/apt/preferences.d/limit-testing <<EOF
Package: *
Pin: release a=testing
Pin-Priority: 50
EOF
RUN apt-get update
RUN apt-get install -y wireguard
RUN bash -c "echo net.ipv4.ip_forward=1 | tee -a /etc/sysctl.conf"
RUN mkdir -p /etc/wireguard
# enable hostname-config script
RUN systemctl enable hostname-config.service
# enable wireguard-config
RUN ln -s /boot/wireguard.conf /etc/wireguard/nature40.conf
RUN systemctl enable wg-quick@nature40
# Install RTL8822BU drivers for all kernel version
RUN install-bu8822.sh
# Install and enable caddy
RUN curl -o /usr/bin/caddy "https://caddyserver.com/api/download?os=linux&arch=arm&arm=7"
RUN chmod +x /usr/bin/caddy
RUN groupadd --system caddy
RUN useradd --system \
--gid caddy \
--create-home \
--home-dir /var/lib/caddy \
--shell /usr/sbin/nologin \
--comment "Caddy web server" \
caddy
RUN systemctl enable caddy
# Install and enable sysdweb
RUN chown -R pi:pi /home/pi/
RUN pip3 install -e /home/pi/sysdweb
RUN systemctl enable sysdweb
# Create symlinks for other webserver targets
RUN mkdir /data
RUN chown pi:pi /data
RUN ln -s . /data/sysdweb
RUN ln -s /boot/ /data/boot
# Dump dmesg to disk
RUN systemctl enable dmesgdump
# enable mesh-config script
RUN systemctl enable adhoc-config.service
# Enable broadcast pings
RUN bash -c "echo net.ipv4.icmp_echo_ignore_broadcasts=0 | tee -a /etc/sysctl.conf"
# Enable batmobile timed execution
# RUN systemctl enable batmobile.timer
# RUN systemctl enable alfred.service
# RUN systemctl enable alfred-info.timer
# enable hostapd-config script
RUN systemctl enable hostapd-config.service
RUN systemctl enable hostapd.service