From HFML-FELIX Wiki
standard
[edit | edit source]pi
[edit | edit source]Don 't do these steps when installing not from the university campus! Get the pip installs first before proceeding to this
#enable ls -la with colors
printf "export LS_OPTIONS='--color=auto'\neval \"\`dircolors\`\"\nalias ls='ls $LS_OPTIONS'\nalias ll='ls $LS_OPTIONS -la'\nexport https_proxy=http://integrator:3128" >> ~/.bashrc
mkdir /home/pi/.config
echo "-h felixbroker" > /home/pi/.config/mosquitto_sub
echo "-h felixbroker" > /home/pi/.config/mosquitto_pub
sudo -i
root
[edit | edit source]
touch /boot/ssh
raspi-config --expand-rootfs
raspi-config nonint do_change_locale en_US.UTF-8
raspi-config nonint do_configure_keyboard "English (international AltGr dead keys)"
raspi-config nonint do_ssh 0
raspi-config nonint do_i2c 0
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
dpkg-reconfigure locales
echo "Europe/Amsterdam" > /etc/timezone
ln -fs /usr/share/zoneinfo/`cat /etc/timezone` /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
#enable ls -la with colors
printf "export LS_OPTIONS='--color=auto'\neval \"\`dircolors\`\"\nalias ls='ls $LS_OPTIONS'\nalias ll='ls $LS_OPTIONS -la'\nexport https_proxy=http://integrator:3128\nexport http_proxy=http://integrator:3128" >> ~/.bashrc
printf "export LS_OPTIONS='--color=auto'\neval \"\`dircolors\`\"\nalias ls='ls $LS_OPTIONS'\nalias ll='ls $LS_OPTIONS -la'\nexport https_proxy=http://integrator:3128\nexport http_proxy=http://integrator:3128" >> /etc/skel/.bashrc
. ~/.bashrc
#enable wget
printf "https_proxy = http://integrator:3128/\nhttp_proxy = http://integrator:3128/\nftp_proxy = http://integrator:3128/" > /etc/wgetrc
#enable updates
echo 'Acquire::http::Proxy "http://integrator:3128/";' > /etc/apt/apt.conf.d/proxy
apt-get update
apt install -y ntpdate
ntpdate isolator
apt upgrade -y
#install useful packages
echo "nslcd nslcd/ldap-uris string ldap://ldap2.science.ru.nl/" | debconf-set-selections
echo "nslcd nslcd/ldap-base string dc=science,dc=ru,dc=nl" | debconf-set-selections
echo "libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow" | debconf-set-selections
apt-get install -y libpam-ldapd screen mc links monit libnss-ldapd nfs-common dnsutils git ntp p7zip locate net-tools usbutils nmap python3 python3-pip python3-venv mosquitto-clients figlet
sed -i.bak -e "s/#startup_message/startup_message/" /etc/screenrc
sed -i -e "s/hardstatus off/hardstatus alwayslastline/" /etc/screenrc
sed -i.bak -e "s/hardstatus string \"%h%? users: %u%?\"/hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{=kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%'/" /etc/screenrc
# set hostname based on DNS
IP=`ifconfig eth0 | grep inet | head -n1 | awk '{print $2}' | cut -d: -f2`
NAME=`nslookup $IP | grep 'name =' | awk '{print $4}' | cut -d. -f1`
sed -i.bak -e "s/raspberrypi/$NAME/" /etc/hostname
sed -i.bak -e "s/raspberrypi/$NAME/" /etc/hosts
figlet -f big $NAME > /etc/motd
#time sync
sed -i.bak -e "s/pool\ 0.debian.pool.ntp.org\ iburst/server isolator/" /etc/ntp.conf
sed -i -e "s/pool\ 1.debian.pool.ntp.org\ iburst/server felixdisk/" /etc/ntp.conf
sed -i -e "s/pool\ 2.debian.pool.ntp.org\ iburst//" /etc/ntp.conf
sed -i -e "s/pool\ 3.debian.pool.ntp.org\ iburst//" /etc/ntp.conf
service ntp restart&
service nslcd restart
service nscd restart
#authentication etc.
printf "AllowGroups pi fftadmin rsync victor" >> /etc/ssh/sshd_config
printf "%%fftadmin ALL=(ALL:ALL) ALL\n" >> /etc/sudoers
sed -i.bak -e "s/session\toptional\tpam_systemd.so/#session\toptional\tpam_systemd.so/" /etc/pam.d/common-session
printf "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n" >> /etc/pam.d/common-session
sed -i.bak -e "/\"Primary\" block)/aauth [success=1 default=ignore] pam_succeed_if.so uid >= 1001 quiet" /etc/pam.d/common-auth
sed -i -e "s/minimum_uid=1000\ use_first_pass/minimum_uid=1001\ try_first_pass/" /etc/pam.d/common-auth
#rsync (password in/uit keepass)
addgroup --gid 900 rsync
adduser --uid 900 --gid 900 --disabled-password --gecos "" rsync
mkdir -p /home/rsync/.ssh
chown rsync:rsync /home/rsync/.ssh
chmod 700 /home/rsync/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU5CrXOd9rXUwU967RkgMfajV76paiMTsXJD+KCIjUFaHjSlYmDTTwkQLCPEZi1NqgsLtGNpVoGTdrOMxaG7q4DxdSYZj2rln5KZKh+pXtSkpcNETcwdoWJZi/IXnGzdQLTQM9fzeTjcQl+zU7mW9eMJET2b+7JFJzdBeU6RJg6MNldqkQ10F1vIlScMWsEgY/XMSWv3SDaIl5SgO1jJp+5sH2yrfxqG3FbvXI8gfGYRr4e5lPDUCX+GtvyjWdkL7juF7dnxRbe4y8NNtNbykF1tugsJdRjHvok2hziDFxJBP7tdKdLCyEQq1GREgLaycLX9+b9Tq9126VEK9i4yHn rsync@o-isolator" >> /home/rsync/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1PqnsBvNaqs2+hhcaDiCpiTHQExMG2WqP6Wjr1FO6HO/dvO1JG+p481Xfhp9e4zHuoDVz4hywdY2tOvseRphg6EOedTV+sD51G59i859O3RJdpxJyhUYqNEV9I1+TJ+KPxhi1XaYMPK1UF+lD30wao2H0pVSyo6jqA8EakW/h0I3gvzCA8IDlly3FGYK4T51+7XgttZtxb3jXFwr1FxA0bigPnRVO8J0cUJOlY5qMXg8E8mK28evLnVsczPVnxTE4i5jb9KSBVpjKk+Tk1JdzDwUflfj4bYocemaNkFHrbOCTq9vHjSNKAGsN7ZOmp0hJY/AlkSjqTP/7g/6qMADx root@o-isolator" >> /home/rsync/.ssh/authorized_keys
chown rsync:rsync /home/rsync/.ssh/authorized_keys
printf '#!/bin/sh\ndate >> $HOME/backuplog\necho $@ >> $HOME/backuplog\n/usr/bin/sudo /usr/bin/rsync "$@";\n' > /home/rsync/rsync-wrapper.sh
chmod +x /home/rsync/rsync-wrapper.sh
chown rsync:rsync /home/rsync/rsync-wrapper.sh
printf '#rsnapshot backup\nrsync ALL=NOPASSWD: /usr/bin/rsync\n' >> /etc/sudoers
#monit
printf 'set daemon 15 \nset logfile /var/log/monit.log \nset idfile /var/lib/monit/id \nset statefile /var/lib/monit/state\nset eventqueue\n\tbasedir /var/lib/monit/events \n\tslots 100 \n\tset httpd port 2812 and\n\tallow @fftadmin\n\tallow huppeldepup12345:ohneejegaatditnietechtgebruikentoch\tallow @feloperator\n\tallow localhost\n\tallow 192.168.14.0/24\n\ninclude /etc/monit/conf.d/*' > /etc/monit/monitrc
#sed -i.bak -e s/set\ daemon\ 120/set\ daemon\ 15/ /etc/monit/monitrc
#sed -i.bak -e "s|#\ set\ httpd\ port\ 2812\ and|set\ httpd\ port\ 2812\ and\ \n\tallow\ @fftadmin\n\tallow\ @feloperator\ readonly|" /etc/monit/monitrc
service monit restart&
# voorbereiden op software
chgrp fftadmin /opt
chmod 2775 /opt
#mqtt
mkdir /etc/skel/.config
echo "-h felixbroker" > /etc/skel/.config/mosquitto_sub
echo "-h felixbroker" > /etc/skel/.config/mosquitto_pub
mkdir /root/.config
echo "-h felixbroker" > /root/.config/mosquitto_sub
echo "-h felixbroker" > /root/.config/mosquitto_pub
optional
[edit | edit source]peewee (deprecated)
[edit | edit source]pip install peewee
pi3
[edit | edit source]
#pip install python-usbtmc pyusb ThorlabsPM100
pi6: snap7
[edit | edit source]1.4.0
[edit | edit source]
cd /opt/
wget -Osnap7-full-1.4.0.tar.gz http://sourceforge.net/projects/snap7/files/1.4.0/snap7-full-1.4.0.tar.gz/download
tar -zxf snap7-full-1.4.0.tar.gz && rm -rf snap7-full-1.4.0.tar.gz
cp snap7-full-1.4.0/release/Linux/ARMHF/Raspberry\ 2/libsnap7.so /usr/lib
1.4.2
[edit | edit source]
wget -Osnap7-full-1.4.2.7z http://sourceforge.net/projects/snap7/files/1.4.2/snap7-full-1.4.2.7z/download
7zr x snap7-full-1.4.2.7z && rm -rf snap7-full-1.4.2.7z
cd build/unix
make -f arm_v7_linux.mk install
all
[edit | edit source]
pip install python-snap7
ldconfig
pi7
[edit | edit source]
apt-get install chromium-browser
