Prepping a new etherbox / local server for culdesac
An update to the "classic" instructions here: https://networksofonesown.constantvzw.org/etherbox/manual.html#build-your-own-etherbox
We setup on a Pi 4 -- to evt switch to another model later...
## Download and copy the image to sd card
Based on "Raspberry Pi OS Lite" https://www.raspberrypi.com/software/operating-systems/
Raspberry Pi OS Lite
- Release date: September 22nd 2022
- System: 32-bit
- Kernel version: 5.15
- Debian version: 11 (bullseye)
```
xzcat 2022-09-22-raspios-bullseye-armhf-lite.img.xz | pv | sudo dd bs=4M of=/dev/mmcblk0
```
## Configure the new system
Before inserting the sd into the pi, configure things on your laptop.
* Enable ssh
* Enable the default (insecure) pi user with default password (undoing the changes described below)
* Enable a "fallback" IP address 192.168.1.23
```
cd /media/$USER/boot
touch ssh
echo -n "pi:" > userconf
echo 'raspberry' | openssl passwd -6 -stdin >> userconf
cd /media/$USER/rootfs/etc
sudo nano dhcpcd.conf
```
and change end of the file to uncomment 6 lines:
```
# It is possible to fall back to a static IP if DHCP fails:
# define static profile
profile static_eth0
static ip_address=192.168.1.23/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
# fallback to static profile on eth0
interface eth0
fallback static_eth0
```
### additional notes to this step
FOLLOWING THE NEW SECURITY PROTOCOLS
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
> There are also mechanisms to preconfigure an image without using Imager. To set up a user on first boot and bypass the wizard completely, create a file called userconf or userconf.txt in the boot partition of the SD card; this is the part of the SD card which can be seen when it is mounted in a Windows or MacOS computer.
This file should contain a single line of text, consisting of username:encrypted- password – so your desired username, followed immediately by a colon, followed immediately by an encrypted representation of the password you want to use.
> To generate the encrypted password, the easiest way is to use OpenSSL on a Raspberry Pi that is already running – open a terminal window and enter
echo 'mypassword' | openssl passwd -6 -stdin
This will produce what looks like a string of random characters, which is actually an encrypted version of the supplied password.
## Set the hostname (etherbox)
```
ssh pi@192.168.1.23
```
It may be necessary to:
ssh-keygen -f "/home/$USER/.ssh/known_hosts" -R "192.168.1.23"
sudo nano /etc/hostname
etherbox
also change in /etc/hosts ?!
## Setup Hostspot
same as before until...
Failed to start hostapd.service: Unit hostapd.service is masked.
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo apt update
sudo apt upgrade
## Apache + etc
Same as before (NB: include folder should be INSIDE www unlike what docs say /home/pi/www/include)
## Install Etherpad
Change: Using node from apt
sudo apt install nodejs npm git
etherpad db settings
"dbType" : "mysql",
"dbSettings" : {
"user": "etherpaduser",
"host": "localhost",
"port": 3306,
"password": "etherpadpass",
"database": "etherpad",
"charset": "utf8mb4"
},
## Etherdump
sudo apt install python3-pip
mkdir /home/pi/software && cd /home/pi/software
git clone https://gitlab.constantvzw.org/aa/etherdump.git
cd etherdump
sudo pip3 install -e .
# sudo seems important!
tweak settings
{
"apiurl": "http://etherbox.local:9001/api/1.2.9/",
"localapiurl": "http://localhost:9001/api/1.2.9/",
"apikey": "c27326972521f99f87c3d805230c9079f4f8707e0385905c47659c19f1b8aa27"
}
## TINC
[Unit]
Description=Tinc net %i
Documentation=info:tinc
Documentation=man:tinc(8) man:tinc.conf(5)
Documentation=http://tinc-vpn.org/docs/
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service
[Service]
Type=simple
WorkingDirectory=/usr/local/etc/tinc/%i
ExecStart=/usr/local/sbin/tincd -n %i -D
ExecReload=/usr/local/sbin/tincd -n %i -kHUP
TimeoutStopSec=5
Restart=always
RestartSec=60
[Install]
WantedBy=tinc.service
PICTURES