current state

This commit is contained in:
coelner 2022-01-07 19:22:39 +01:00
parent 22568654d7
commit 5dbbbc540c
7 changed files with 470 additions and 15 deletions

View File

@ -41,7 +41,7 @@ https://vincentserpoul.github.io/post/alpine-linux-rpi0/
2. extract image: tar -xzvf ~/Downloads/alpine-rpi-3.12.0-armhf.tar.gz -C /run/media/**** --no-same-owner
3. edit cmdline.txt
4. create usercfg.txt
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero} ) [70MB]
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, pinentry, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero fsverity-utils} ) [70MB]
6. connect UART TX/RX/GND to pin 8/10/6 green/white/black
7. boot rpi
8. mount second partition to folder /media/mmcblk0p2
@ -86,20 +86,32 @@ apk add cryptsetup
fallocate -l 10MB PRIVATE [minimal 20MB]
cryptsetup -v luksFormat PRIVATE [takes some seconds]
--use secure passphrase
cryptsetup -v luksOpen PRIVATE private_file
cryptsetup -v luksOpen /mnt/mmcblk0p2/PRIVATE private_file
mkfs -t ext4 /dev/mapper/private_file
mkdir /mnt/private_file
ln -s /mnt/private_file/user/.gnupg /home/user/.gnupg
ln -s /mnt/private_file/root/.gnupg /root/.gnupg
mount /dev/mapper/private_file /mnt/private_file
--Umount and close file
killall gpg-agent
umount /mnt/private_file
cryptsetup luksClose private_file
mkidr /mnt/private_file/.gnupg
chown user:user /mnt/private_file/.gnupg
ln -s /mnt/private_file/.gnupg .gnupg
mkdir /mnt/private_file/user/.gnupg
chmod 750 /mnt/private_file/user
chown user:user /mnt/private_file/user/.gnupg
edit /etc/mdev.conf for usb tokens [ToDo]
killall gpg-agent
#mount encrypted container
cryptsetup -v luksOpen /media/mmcblk0p2/PRIVATE private_file
mount /dev/mapper/private_file /mnt/private_file
--Umount and close file
killall gpg-agent
umount /mnt/private_file
cryptsetup luksClose private_file
##kernel update [inProgress]
related: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11980
@ -128,9 +140,31 @@ mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments
apk add linux-rpi
## generic image upgrade
[offline]
extract original image to first partion
restore cmdline and usercfg.txt
delete from overlay the cache folder
[root] delete from overlay partition the cache folder
in case of a folder (delete from overlay the /usr)
in case of an image
rm persist.img && dd if=/dev/zero of=persist.img bs=1024 count=0 seek=2097152
mkfs.ext4 persist.img
[online]
recreate .work folder under /media/persist
recreate usr folder under /media/persist
mkdir /mnt/private_file
check mountpoint for /usr | mount /usr
fix the repository
fix the network interface
apk update
apk upgrade
're-add' installed packages [e.g. 00-preparation]
remount /media/mmcblk0p1 rewritable
mount -o rw,remount /media/mmcblk0p1/
cp apk to /media/mmcblk0p1/apk/armhf
-lsblk
-mkinitfs
reboot without lbu commit
##generic minor update (to install it into ram)
apk update
@ -141,28 +175,47 @@ lbu commit
#create a overlay for /usr otherwise space is missing
https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing]
apk add python2 #obsolete
apk add build-base #binary is build vor rpi3
apk add build-base #binary is build for rpi3
// ToDo
sudo modprobe fbtft_device name=adafruit18_green gpios=reset:27,dc:25,cs:8,led:24 height=128 width=128 rotate=180 fps=30 bgr=1 speed=40000000 debug=$((1<<5))
vi /etc/modprobe.d/fbtft.conf
options fbtft_device name=fb_st7735r gpios=reset:27,dc:25,led:18 speed=16000000 bgr=1 custom=1 width=128 height=128
## python approach
pip install --user RPi.GPIO
pip install --user spidev
##modern kernel approach
wget https://github.com/juj/fbcp-ili9341/archive/refs/heads/master.zip
cmake -DWAVESHARE_ST7735S_HAT=ON -DSPI_BUS_CLOCK_DIVISOR=6
apk add raspberrypi-dev
## nitrokey
apk add py-pip build-base python3-dev [240Mb]
apk add py-pip build-base python3-dev py3-wheel [240Mb]
apk add libffi-dev [7Mb]
apk add openssl-dev
//needs gcc python3-dev libffdi-dev
apk add openssl-dev rust cargo [337Mb]
#pip install --user setuptools_rust
apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo
apk add py3-pep517 py3-cryptography
//see https://cryptography.io/en/latest/installation/
reboot
lbu inc /home
lbu inc /root
pip3 install --user wheel
pip3 install --user pynitrokey [takes about 35min]
pip3 install --user wheel
pip3 install --user pynitrokey [takes about 35min, can fail due missing space left on device, but cbor fails nevertheless]
#fix $PATH to /root/.local/bin in /etc/profile
#need mdev/udev rules to grant access for user
#libudev-zero is a replacement, which is needed for pcscd
## ToDo
#tmux
#camera to scan QR code
#predefine common action scheme
#general reconsideration of usefulness
### links
https://github.com/hashbang/airgap
https://riseup.net/de/security/message-security/openpgp/gpg-best-practices

1
cmdline.txt Normal file
View File

@ -0,0 +1 @@
modules=loop,overlay,squashfs,sd-mod,usb-storage quiet dwc_otg.lpm_enable=0 console=tty1 console=ttyAMA0,115200

95
dietpi-wifi.txt Normal file
View File

@ -0,0 +1,95 @@
#---------------------------------------------------------------
# Entry 0
# - WiFi SSID: required, case sensitive
aWIFI_SSID[0]='WLAN-GG3HL4 2.4GHz'
# - WiFi key: If no key/open, leave this blank
aWIFI_KEY[0]='08487085501687788364'
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
aWIFI_KEYMGR[0]='WPA-PSK'
# - WPA-EAP options: Only fill if WPA-EAP is set above
aWIFI_PROTO[0]=''
aWIFI_PAIRWISE[0]=''
aWIFI_AUTH_ALG[0]=''
aWIFI_EAP[0]=''
aWIFI_IDENTITY[0]=''
aWIFI_PASSWORD[0]=''
aWIFI_PHASE1[0]=''
aWIFI_PHASE2[0]=''
# - Path to the certificate file, e.g.: /boot/mycert.cer
aWIFI_CERT[0]=''
#---------------------------------------------------------------
# Entry 1
# - WiFi SSID: required, case sensitive
aWIFI_SSID[1]=''
# - WiFi key: If no key/open, leave this blank
aWIFI_KEY[1]=''
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
aWIFI_KEYMGR[1]='WPA-PSK'
# - WPA-EAP options: Only fill if WPA-EAP is set above
aWIFI_PROTO[1]=''
aWIFI_PAIRWISE[1]=''
aWIFI_AUTH_ALG[1]=''
aWIFI_EAP[1]=''
aWIFI_IDENTITY[1]=''
aWIFI_PASSWORD[1]=''
aWIFI_PHASE1[1]=''
aWIFI_PHASE2[1]=''
# - Path to the certificate file, e.g.: /boot/mycert.cer
aWIFI_CERT[1]=''
#---------------------------------------------------------------
# Entry 2
# - WiFi SSID: required, case sensitive
aWIFI_SSID[2]=''
# - WiFi key: If no key/open, leave this blank
aWIFI_KEY[2]=''
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
aWIFI_KEYMGR[2]='WPA-PSK'
# - WPA-EAP options: Only fill if WPA-EAP is set above
aWIFI_PROTO[2]=''
aWIFI_PAIRWISE[2]=''
aWIFI_AUTH_ALG[2]=''
aWIFI_EAP[2]=''
aWIFI_IDENTITY[2]=''
aWIFI_PASSWORD[2]=''
aWIFI_PHASE1[2]=''
aWIFI_PHASE2[2]=''
# - Path to the certificate file, e.g.: /boot/mycert.cer
aWIFI_CERT[2]=''
#---------------------------------------------------------------
# Entry 3
# - WiFi SSID: required, case sensitive
aWIFI_SSID[3]=''
# - WiFi key: If no key/open, leave this blank
aWIFI_KEY[3]=''
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
aWIFI_KEYMGR[3]='WPA-PSK'
# - WPA-EAP options: Only fill if WPA-EAP is set above
aWIFI_PROTO[3]=''
aWIFI_PAIRWISE[3]=''
aWIFI_AUTH_ALG[3]=''
aWIFI_EAP[3]=''
aWIFI_IDENTITY[3]=''
aWIFI_PASSWORD[3]=''
aWIFI_PHASE1[3]=''
aWIFI_PHASE2[3]=''
# - Path to the certificate file, e.g.: /boot/mycert.cer
aWIFI_CERT[3]=''
#---------------------------------------------------------------
# Entry 4
# - WiFi SSID: required, case sensitive
aWIFI_SSID[4]=''
# - WiFi key: If no key/open, leave this blank
aWIFI_KEY[4]=''
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
aWIFI_KEYMGR[4]='WPA-PSK'
# - WPA-EAP options: Only fill if WPA-EAP is set above
aWIFI_PROTO[4]=''
aWIFI_PAIRWISE[4]=''
aWIFI_AUTH_ALG[4]=''
aWIFI_EAP[4]=''
aWIFI_IDENTITY[4]=''
aWIFI_PASSWORD[4]=''
aWIFI_PHASE1[4]=''
aWIFI_PHASE2[4]=''
# - Path to the certificate file, e.g.: /boot/mycert.cer
aWIFI_CERT[4]=''

287
dietpi.txt Normal file
View File

@ -0,0 +1,287 @@
# IMPORTANT:
# - This is intended for advanced users, unless you know what you are doing, do not edit this file. Please use the DietPi programs instead.
# - Do not remove uncommented lines, as the items are scraped by DietPi programs, on demand.
#------------------------------------------------------------------------------------------------------
##### DietPi-Automation settings, applied on first boot of DietPi only, ONCE! #####
#------------------------------------------------------------------------------------------------------
# By setting this to "1" you accept the DietPi GPLv2 license and skip the related interactive dialog.
# - Full license text: /boot/dietpi-LICENSE.txt
# - This setting is ignored (and assumed to be affirmative) if AUTO_SETUP_AUTOMATED=1
AUTO_SETUP_ACCEPT_LICENSE=1
##### Language/Regional Options #####
# Locale: eg: "en_GB.UTF-8" / "de_DE.UTF-8" | One entry and UTF-8 ONLY!
AUTO_SETUP_LOCALE=C.UTF-8
# Keyboard Layout eg: "gb" / "us" / "de" / "fr"
AUTO_SETUP_KEYBOARD_LAYOUT=de
# Timezone eg: "Europe/London" / "America/New_York" | Full list (TZ*): https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
AUTO_SETUP_TIMEZONE=Europe/Berlin
##### Network Options #####
# Enable Ethernet or WiFi adapter: 1=enable | 0=disable
# - If both Ethernet and WiFi are enabled, WiFi will take priority and Ethernet will be disabled.
# - If using WiFi, please edit dietpi-wifi.txt to pre-enter credentials.
AUTO_SETUP_NET_ETHERNET_ENABLED=0
AUTO_SETUP_NET_WIFI_ENABLED=1
# Force ethernet speeds: 0=automatic speed | 10 = 10Mbit | 100 = 100Mbit etc
# - This is mainly aimed at PINE A64 which may have an HW issue that causes unstable 1Gbit link.
AUTO_SETUP_NET_ETH_FORCE_SPEED=0
# WiFi country code: 2 uppercase character value (e.g. GB US DE JP): https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
AUTO_SETUP_NET_WIFI_COUNTRY_CODE=DE
# Enter your static network details below, if applicable.
AUTO_SETUP_NET_USESTATIC=0
AUTO_SETUP_NET_STATIC_IP=192.168.0.100
AUTO_SETUP_NET_STATIC_MASK=255.255.255.0
AUTO_SETUP_NET_STATIC_GATEWAY=192.168.0.1
AUTO_SETUP_NET_STATIC_DNS=9.9.9.9 149.112.112.112
# Set to "1" to convert DHCP leased network settings into static settings automatically on first boot.
AUTO_SETUP_DHCP_TO_STATIC=0
# Hostname
AUTO_SETUP_NET_HOSTNAME=DietPi-gnupg-root
##### Misc Options #####
# Swap space size to generate: 0 => disable | 1 => auto | 2 and up => size in MiB
AUTO_SETUP_SWAPFILE_SIZE=1571
# Swap space location: "zram" => swap space on /dev/zram0 (auto-size = 50% of RAM size) | /path/to/file => swap file at location (auto-size = 2 GiB minus RAM size)
AUTO_SETUP_SWAPFILE_LOCATION=/var/swap
# Set to "1" to disable HDMI output (and GPU/VPU where supported) for supported devices: RPi, Odroid C1, Odroid C2
AUTO_SETUP_HEADLESS=1
# Unmask (enable) systemd-logind service (including dbus), which is masked by default on DietPi
AUTO_UNMASK_LOGIND=0
# Custom Script (pre-networking and pre-DietPi install)
# - Allows you to automatically execute a custom script before network is up on first boot.
# - Copy your script to /boot/Automation_Custom_PreScript.sh and it will be executed automatically.
# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_prescript.log
# Custom Script (post-networking and post-DietPi install)
# - Allows you to automatically execute a custom script at the end of DietPi install.
# - Option 0 = Copy your script to /boot/Automation_Custom_Script.sh and it will be executed automatically.
# - Option 1 = Host your script online, then use e.g. AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://myweb.com/myscript.sh and it will be downloaded and executed automatically.
# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_script.log
AUTO_SETUP_CUSTOM_SCRIPT_EXEC=0
# Restore a DietPi-Backup on first boot: 0 => disable | 1 => interactive restore (show list of found backups) | 2 => non-interactive restore (restore first found backup)
# - Simply attach the drive/disk/stick with contains the backup. All attached drives will be mounted temporarily and searched automatically.
AUTO_SETUP_BACKUP_RESTORE=0
##### Software Options #####
# SSH server choice: 0=none/custom | -1=Dropbear | -2=OpenSSH
AUTO_SETUP_SSH_SERVER_INDEX=-1
# File server choice: 0=none/custom | -1=ProFTP | -2=Samba
AUTO_SETUP_FILE_SERVER_INDEX=0
# Logging mode choice: 0=none/custom | -1=RAMlog 1h clear | -2=RAMlog 1h save clear | -3=rsyslog + logrotate
AUTO_SETUP_LOGGING_INDEX=-1
# RAMlog max tmpfs size (MB). 50MB should be fine for single use. 200MB+ for heavy webserver and access log etc.
AUTO_SETUP_RAMLOG_MAXSIZE=50
# Webserver preference: 0=Apache2 | -1=Nginx | -2=Lighttpd
# - This defines the webserver to install (only) when another selected software requires one.
# - It won't be installed if no other software requires a webserver and a manual webserver stack selection will override it.
AUTO_SETUP_WEB_SERVER_INDEX=-2
# Desktop preference: 0=LXDE | -1=Xfce | -2=MATE | -3=LXQt | -4=GNUstep
# - This defines the desktop to install (only) when another selected software requires one.
# - It won't be installed if no other software requires a desktop and a manual desktop selection will override it.
AUTO_SETUP_DESKTOP_INDEX=0
# Browser preference: 0=None | -1=Firefox | -2=Chromium
# - This defines the browser to install (only) when a desktop is installed.
# - It won't be installed if no desktop is installed and a manual browser selection will override it.
AUTO_SETUP_BROWSER_INDEX=-1
# DietPi-Autostart: 0=Console | 7=Console autologin | 1=Kodi | 2=Desktop autologin | 16=Desktop | 4=OpenTyrian | 5=DietPi-Cloudshell | 6=Amiberry fast boot | 8=Amiberry standard boot | 9=DDX-Rebirth | 10=CAVA Spectrum | 11=Chromium kiosk | 14=Custom autostart service
# - This will be effective on 2nd boot, after firstrun update and installs have been done.
# - Related software titles must be installed either on firstrun installs or via AUTO_SETUP_AUTOMATED=1 + AUTO_SETUP_INSTALL_SOFTWARE_ID (see below).
AUTO_SETUP_AUTOSTART_TARGET_INDEX=0
# Autologin user name
# - This user must exist before firstrun installs, otherwise it will be reverted to root.
# - Applies to all autostart options but: 0, 6, 14 and 16
AUTO_SETUP_AUTOSTART_LOGIN_USER=root
##### Non-interactive Firstrun Setup #####
# On first login, run update, initial setup and software installs without any user input
# - Setting this to "1" is required for below settings to take effect
# - It is HIGHLY recommended to also set CONFIG_BOOT_WAIT_FOR_NETWORK=2, to force infinite wait for network connection during boot and prevent connection timeout errors.
# - Setting this to "1" indicates that you accept the DietPi GPLv2 license, available at /boot/dietpi-LICENSE.txt, superseding any setting of AUTO_SETUP_ACCEPT_LICENSE.
AUTO_SETUP_AUTOMATED=1
# Global Password to be applied for the system
# - Affects "root" and "dietpi" users login passwords and is used by dietpi-software as default for software installs which require a password.
# - On first dietpi-software execution, the password is removed from this file and instead encrypted and saved to rootfs.
# - WARN: We cannot guarantee that all software options can handle special characters like \"$.
AUTO_SETUP_GLOBAL_PASSWORD=dietpi
# Software to automatically install
# - List of available software IDs: https://github.com/MichaIng/DietPi/wiki/DietPi-Software-list
# - Add as many entries as you wish, one each line.
# - DietPi will automatically install all pre-reqs (e.g. ALSA/X11 for desktops etc)
# - E.g. the following (without the leading "#") will install the LXDE desktop automatically on first boot:
#AUTO_SETUP_INSTALL_SOFTWARE_ID=23
#------------------------------------------------------------------------------------------------------
##### Misc DietPi program settings #####
#------------------------------------------------------------------------------------------------------
# DietPi-Survey: 1=opt in | 0=opt out | -1=ask on first call
# - https://dietpi.com/docs/dietpi_tools/#miscellaneous (see tab 'DietPi Survey')
SURVEY_OPTED_IN=0
#------------------------------------------------------------------------------------------------------
##### DietPi-Config settings #####
#------------------------------------------------------------------------------------------------------
# CPU Governor: schedutil | ondemand | interactive | conservative | powersave | performance
CONFIG_CPU_GOVERNOR=ondemand
# Ondemand Sampling Rate | Min value: 10000 microseconds (10ms)
CONFIG_CPU_ONDEMAND_SAMPLE_RATE=25000
# Ondemand Sampling Down Factor: Samling Rate * Down Factor / 1000 = ms (40 = 1000ms when sampling rate is 25000)
CONFIG_CPU_ONDEMAND_SAMPLE_DOWNFACTOR=40
# Throttle Up Percentage: Percentage of average CPU usage during samling rate at which CPU will be throttled up/down
CONFIG_CPU_USAGE_THROTTLE_UP=50
# CPU Frequency Limits: Disabled=disabled
# - Intel CPUs use a percentage value (%) from 0-100, eg: 55
# - All other devices must use a specific MHz value, eg: 1600
# - Has no effect on RPi, please set "arm_freq" and "arm_freq_min" in config.txt instead.
CONFIG_CPU_MAX_FREQ=Disabled
CONFIG_CPU_MIN_FREQ=Disabled
# Disable Intel-based turbo/boost stepping. This flag should not be required, setting <100% MAX frequency should disable Turbo on Intel CPUs.
CONFIG_CPU_DISABLE_TURBO=0
# System-wide proxy settings
# - Do not modify, you must use dietpi-config > "Network Options: Adapters" to apply
CONFIG_PROXY_ADDRESS=MyProxyServer.com
CONFIG_PROXY_PORT=8080
CONFIG_PROXY_USERNAME=
CONFIG_PROXY_PASSWORD=
# Delay boot until network is established: 0=disabled | 1=10 second wait max (default) | 2=infinite wait
CONFIG_BOOT_WAIT_FOR_NETWORK=1
# Connection timeout in seconds, before G_CHECK_URL assumes the URL is dead. Increase if you have a "flaky" connection or slow DNS resolver.
# - Set this to "0" to allow unlimited time, however this is not recommended to avoid unlimited hanging background scripts, e.g. daily DietPi update check.
# - A negative or non-integer value will result in the default of 10 seconds.
CONFIG_G_CHECK_URL_TIMEOUT=10
# Connection attempts with above timeout each, before G_CHECK_URL is giving up and prompts an error.
# - Any value below "1" or a non-integer value will result in the default of 2 attempts.
CONFIG_G_CHECK_URL_ATTEMPTS=2
# General connection and DNS testing
# - IP to ping when checking network connectivity. Default: 9.9.9.9 (Quad9 DNS IP)
CONFIG_CHECK_CONNECTION_IP=9.9.9.9
# - Domain to ping when checking DNS resolver. Default: dns9.quad9.net (Quad9 DNS domain)
CONFIG_CHECK_DNS_DOMAIN=dns9.quad9.net
# Daily check for DietPi updates: 0=disable | 1=enable
# - Checks are done by downloading a file of only 7 bytes.
CONFIG_CHECK_DIETPI_UPDATES=1
# Daily check for APT package updates: 0=disable | 1=check only | 2=check and upgrade automatically
# - Upgrade logs can be found at: /var/tmp/dietpi/logs/dietpi-update_apt.log
CONFIG_CHECK_APT_UPDATES=1
# Network time sync: 0=disabled | 1=boot only | 2=boot + daily | 3=boot + hourly | 4=Daemon + Drift
CONFIG_NTP_MODE=2
# Serial Console: Set to 0 if you do not require serial console.
CONFIG_SERIAL_CONSOLE_ENABLE=1
# Sound card
CONFIG_SOUNDCARD=none
# LCD Panel addon
# - Do not modify, you must use dietpi-config to configure/set options
CONFIG_LCDPANEL=none
# IPv6
CONFIG_ENABLE_IPV6=1
# Prefer IPv4 with APT and wget, NB: This has no effect if IPv6 is disabled anyway!
CONFIG_PREFER_IPV4=1
# APT mirrors which are applied to /etc/apt/sources.list | Values here will also be applied during 1st run setup
# - Raspbian: https://www.raspbian.org/RaspbianMirrors
CONFIG_APT_RASPBIAN_MIRROR=http://raspbian.raspberrypi.org/raspbian/
# - Debian: https://www.debian.org/mirror/official#list
CONFIG_APT_DEBIAN_MIRROR=https://deb.debian.org/debian/
# NTP mirror, applied to /etc/ntp.conf
# - For a full list, please see: https://www.ntppool.org/zone/@
# - Please remove the initial integer and full stop from the value (removing "0."), eg: debian.pool.ntp.org
CONFIG_NTP_MIRROR=debian.pool.ntp.org
#------------------------------------------------------------------------------------------------------
##### DietPi-Software settings #####
#------------------------------------------------------------------------------------------------------
# Enter your EmonCMS.org write API key here. It will be applied automatically during EmonPi/Hub install.
# - E.g.: SOFTWARE_EMONHUB_APIKEY=b4dfmk2o203mmxx93a
SOFTWARE_EMONHUB_APIKEY=
# VNC Server
SOFTWARE_VNCSERVER_WIDTH=1280
SOFTWARE_VNCSERVER_HEIGHT=720
SOFTWARE_VNCSERVER_DEPTH=16
SOFTWARE_VNCSERVER_DISPLAY_INDEX=1
SOFTWARE_VNCSERVER_SHARE_DESKTOP=0
# ownCloud/Nextcloud
# - Optional username for admin account, the default is 'admin', applied during install
SOFTWARE_OWNCLOUD_NEXTCLOUD_USERNAME=admin
# - Optional data directory, default is "/mnt/dietpi_userdata/owncloud_data" respectively "/mnt/dietpi_userdata/nextcloud_data", applied during install
# NB: This option is for advanced users. For full compatibility, please keep this options defaults, and, use dietpi-drive_manager to move the DietPi user data location.
SOFTWARE_OWNCLOUD_DATADIR=/mnt/dietpi_userdata/owncloud_data
SOFTWARE_NEXTCLOUD_DATADIR=/mnt/dietpi_userdata/nextcloud_data
# WiFi Hotspot
SOFTWARE_WIFI_HOTSPOT_SSID=DietPi-HotSpot
# - Key requires a minimum of 8 characters
SOFTWARE_WIFI_HOTSPOT_KEY=dietpihotspot
SOFTWARE_WIFI_HOTSPOT_CHANNEL=3
# X.org
# - DPI 96(default) 120(+25%) 144(+50%) 168(+75%) 192(+100%)
SOFTWARE_XORG_DPI=96
# Chromium
SOFTWARE_CHROMIUM_RES_X=1280
SOFTWARE_CHROMIUM_RES_Y=720
SOFTWARE_CHROMIUM_AUTOSTART_URL=https://dietpi.com/
# Home Assistant
# - Optional Python build dependencies and modules, possibly required for certain HA components
# Space separated list (no quotation!), will be installed together with Home Assistant automatically, if present
SOFTWARE_HOMEASSISTANT_APT_DEPS=
# Add Python modules with version string at best, e.g.: firstModule==1.2.3 secondModule==4.5.6
SOFTWARE_HOMEASSISTANT_PIP_DEPS=
# K3s
# Command with flags to use for launching K3s in the service
# The value of this variable is copied directly into the INSTALL_K3S_EXEC environment variable before
# running the K3s installer.
# https://rancher.com/docs/k3s/latest/en/installation/install-options/#options-for-installation-with-script
#
# Optionally, you can add a configuration file named /boot/dietpi-k3s.yaml,
# which will copied into place during installation
# https://rancher.com/docs/k3s/latest/en/installation/install-options/#configuration-file
SOFTWARE_K3S_EXEC=
#------------------------------------------------------------------------------------------------------
##### Dev settings #####
#------------------------------------------------------------------------------------------------------
DEV_GITBRANCH=master
DEV_GITOWNER=MichaIng
#------------------------------------------------------------------------------------------------------
##### Settings, automatically added by dietpi-update #####
#------------------------------------------------------------------------------------------------------

View File

@ -1,6 +1,16 @@
Best practices with gpg
Use a separate key for each identity, this means a own key for each email account, which should not be cross referenced.
gpg2 --expert --full-gen-key
(9) ECC and ECC
(1) Curve 25519)
(1) Curve 25519
//because of this: http://safecurves.cr.yp.to/index.html
3y
//because it is hard enough in real life with humans
//because it is hard enough in real life with humans
//add the name/synonym and the first email
gpg --edit-key name/synonym
adduid
list [the trust is not yet 'ultimate' but after a save it will be]
uid [n] //adjust primary uid
primary
save

3
raspbian.txt Normal file
View File

@ -0,0 +1,3 @@
edit config.txt to activate serial console
enable_uart=1
dtoverlay=i2c-rtc,ds3231

6
usercfg.txt Normal file
View File

@ -0,0 +1,6 @@
gpu_mem=16
dtparam=audio=off
dtoverlay=pi3-disable-bt
dtparam=i2c=on
dtoverlay=i2c-rtc,ds3231
enable_uart=1