Skip to content

Instantly share code, notes, and snippets.

@WoLfulus

WoLfulus/pi4-setup.md

Last active May 6, 2023 19:33
Show Gist options
  • Save WoLfulus/e6878e892df5c04f26d21bf8aa0c079b to your computer and use it in GitHub Desktop.
Save WoLfulus/e6878e892df5c04f26d21bf8aa0c079b to your computer and use it in GitHub Desktop.
Download ZIP
Raspberry Pi 4 Setup
Raw
pi4-setup.md

bootstrap

  • burn raspbian image to sdcard
  • remove and insert sdcard
    • touch /boot/ssd
  • repeat for all sdcards

network pin (optional)

  • grab both (eth and wlan) mac addresses from your raspberries
  • plan your network 
    • Device       | hostname   | MAC               | IP
--------------------------------------------------------------
RPI 1 (ETH)  | pi-node-01 | 00-00-00-00-00-01 | 192.168.15.11
RPI 1 (WLAN) | pi-node-01 | 00-00-00-00-00-02 | 192.168.15.21
--------------------------------------------------------------
RPI 2 (ETH)  | pi-node-02 | 00-00-00-00-00-03 | 192.168.15.12
RPI 2 (WLAN) | pi-node-02 | 00-00-00-00-00-04 | 192.168.15.22
--------------------------------------------------------------
RPI 3 (ETH)  | pi-node-03 | 00-00-00-00-00-05 | 192.168.15.13
RPI 3 (WLAN) | pi-node-03 | 00-00-00-00-00-06 | 192.168.15.23
--------------------------------------------------------------
RPI 4 (ETH)  | pi-node-04 | 00-00-00-00-00-07 | 192.168.15.14
RPI 4 (WLAN) | pi-node-04 | 00-00-00-00-00-08 | 192.168.15.24
--------------------------------------------------------------
RPI 5 (ETH)  | pi-node-05 | 00-00-00-00-00-09 | 192.168.15.15
RPI 5 (WLAN) | pi-node-05 | 00-00-00-00-00-0A | 192.168.15.25
--------------------------------------------------------------
RPI 6 (ETH)  | pi-node-06 | 00-00-00-00-00-0B | 192.168.15.16
RPI 6 (WLAN) | pi-node-06 | 00-00-00-00-00-0C | 192.168.15.26
--------------------------------------------------------------
RPI 7 (ETH)  | pi-node-07 | 00-00-00-00-00-0D | 192.168.15.17
RPI 7 (WLAN) | pi-node-07 | 00-00-00-00-00-0E | 192.168.15.27
--------------------------------------------------------------
RPI 8 (ETH)  | pi-node-08 | 00-00-00-00-00-0F | 192.168.15.18
RPI 8 (WLAN) | pi-node-08 | 00-00-00-00-00-10 | 192.168.15.28
--------------------------------------------------------------
  • for each network interface, assign the MAC with a fixed ip for both eth and wlan on your router

pi setup

system updates

  • login as pi with password raspberry
  • sudo apt-get update
  • sudo apt-get upgrade

update user password

  • sudo passwd
    • set a new password and take note

configure raspberry

  • sudo raspi-config
  • network options
    • hostname
      • fill
    • wireless lan
      • fill
  • advanced options
    • expand filesystem
    • memory split -> set to 16
  • localisation options
    • timezone
      • fill

allow temprary root login

  • sudo nano /etc/ssh/sshd_config
    • set PermitRootLogin to yes
  • sudo passwd root
    • set the new password
  • sudo reboot

rename default user and groups

  • login as root with the new password
  • usermod -l wolfulus pi
  • groupmod -n wolfulus pi
  • mv /home/pi /home/wolfulus
  • usermod -d /home/wolfulus wolfulus
  • history -c
  • logout

configure user access and disable root (ssh)

  • login as wolfulus with pi password
  • mkdir -p ~/.ssh
  • chmod 700 ~/.ssh
  • curl -L https://github.com/wolfulus.keys >> ~/.ssh/authorized_keys
  • chmod 644 ~/.ssh/authorized_keys
  • sudo nano /etc/ssh/sshd_config
    • comment PermitRootLogin yes line
    • set PubkeyAuthentication to yes
    • set RSAAuthentication to yes
    • set AuthorizedKeysFile to .ssh/authorized_keys
    • set PasswordAuthentication to no
    • set PermitEmptyPasswords to no
    • set PrintLastLog to no
    • set Banner to /var/banner

update motd

  • sudo apt-get install figlet
  • sudo bash -c "echo wolfulus.com | figlet >> /var/banner"
  • sudo nano /etc/update-motd.d/10-uname
    • update as needed, usually 
      #!/bin/sh
hostname | figlet
uname -snrvm
  • sudo service ssh restart
  • history -c

done

  • repeat for every machine

k3s setup

(for raspbian)

  • append cgroup_memory=1 cgroup_enable=memory to /boot/cmdline.txt

  • sudo iptables -F

  • sudo update-alternatives --set iptables /usr/sbin/iptables-legacy

  • sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

  • sudo reboot

server

  • login into master
  • curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644 --flannel-iface tailscale0
    • append --disable traefik --disable servicelb to be able to use nginx and/or any hostport ingress controller instead
    • append --disable local-storage to be able to change the location local-storage will create PVs
      • use helm to install local-path-provisioner
  • sudo chown wolfulus:wolfulus /etc/rancher/k3s/k3s.yaml
  • sudo cat /var/lib/rancher/k3s/server/node-token
    • take note

agents

  • login into the worker machine
  • curl -sfL https://get.k3s.io | K3S_URL=https://<SERVER-IP>:6443 K3S_TOKEN=<TOKEN> sh -s - --flannel-iface tailscale0
  • repeat for every worker machine

check

  • login into master
  • kubectl get nodes

inlets tailscale

  • just install tailscale on each node and have an agent (or server) running it too on a cloud provider instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment