current state
This commit is contained in:
parent
22568654d7
commit
5dbbbc540c
79
README.md
79
README.md
@ -41,7 +41,7 @@ https://vincentserpoul.github.io/post/alpine-linux-rpi0/
|
||||
2. extract image: tar -xzvf ~/Downloads/alpine-rpi-3.12.0-armhf.tar.gz -C /run/media/**** --no-same-owner
|
||||
3. edit cmdline.txt
|
||||
4. create usercfg.txt
|
||||
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero} ) [70MB]
|
||||
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, pinentry, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero fsverity-utils} ) [70MB]
|
||||
6. connect UART TX/RX/GND to pin 8/10/6 green/white/black
|
||||
7. boot rpi
|
||||
8. mount second partition to folder /media/mmcblk0p2
|
||||
@ -86,20 +86,32 @@ apk add cryptsetup
|
||||
fallocate -l 10MB PRIVATE [minimal 20MB]
|
||||
cryptsetup -v luksFormat PRIVATE [takes some seconds]
|
||||
--use secure passphrase
|
||||
cryptsetup -v luksOpen PRIVATE private_file
|
||||
cryptsetup -v luksOpen /mnt/mmcblk0p2/PRIVATE private_file
|
||||
mkfs -t ext4 /dev/mapper/private_file
|
||||
mkdir /mnt/private_file
|
||||
ln -s /mnt/private_file/user/.gnupg /home/user/.gnupg
|
||||
ln -s /mnt/private_file/root/.gnupg /root/.gnupg
|
||||
mount /dev/mapper/private_file /mnt/private_file
|
||||
--Umount and close file
|
||||
killall gpg-agent
|
||||
umount /mnt/private_file
|
||||
cryptsetup luksClose private_file
|
||||
|
||||
mkidr /mnt/private_file/.gnupg
|
||||
chown user:user /mnt/private_file/.gnupg
|
||||
ln -s /mnt/private_file/.gnupg .gnupg
|
||||
mkdir /mnt/private_file/user/.gnupg
|
||||
chmod 750 /mnt/private_file/user
|
||||
chown user:user /mnt/private_file/user/.gnupg
|
||||
|
||||
edit /etc/mdev.conf for usb tokens [ToDo]
|
||||
killall gpg-agent
|
||||
|
||||
#mount encrypted container
|
||||
cryptsetup -v luksOpen /media/mmcblk0p2/PRIVATE private_file
|
||||
mount /dev/mapper/private_file /mnt/private_file
|
||||
--Umount and close file
|
||||
killall gpg-agent
|
||||
umount /mnt/private_file
|
||||
cryptsetup luksClose private_file
|
||||
|
||||
##kernel update [inProgress]
|
||||
related: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11980
|
||||
|
||||
@ -128,9 +140,31 @@ mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments
|
||||
apk add linux-rpi
|
||||
|
||||
## generic image upgrade
|
||||
[offline]
|
||||
extract original image to first partion
|
||||
restore cmdline and usercfg.txt
|
||||
delete from overlay the cache folder
|
||||
[root] delete from overlay partition the cache folder
|
||||
in case of a folder (delete from overlay the /usr)
|
||||
in case of an image
|
||||
rm persist.img && dd if=/dev/zero of=persist.img bs=1024 count=0 seek=2097152
|
||||
mkfs.ext4 persist.img
|
||||
[online]
|
||||
recreate .work folder under /media/persist
|
||||
recreate usr folder under /media/persist
|
||||
mkdir /mnt/private_file
|
||||
check mountpoint for /usr | mount /usr
|
||||
fix the repository
|
||||
fix the network interface
|
||||
apk update
|
||||
apk upgrade
|
||||
're-add' installed packages [e.g. 00-preparation]
|
||||
remount /media/mmcblk0p1 rewritable
|
||||
mount -o rw,remount /media/mmcblk0p1/
|
||||
cp apk to /media/mmcblk0p1/apk/armhf
|
||||
|
||||
-lsblk
|
||||
-mkinitfs
|
||||
reboot without lbu commit
|
||||
|
||||
##generic minor update (to install it into ram)
|
||||
apk update
|
||||
@ -141,28 +175,47 @@ lbu commit
|
||||
#create a overlay for /usr otherwise space is missing
|
||||
https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing]
|
||||
apk add python2 #obsolete
|
||||
apk add build-base #binary is build vor rpi3
|
||||
apk add build-base #binary is build for rpi3
|
||||
// ToDo
|
||||
sudo modprobe fbtft_device name=adafruit18_green gpios=reset:27,dc:25,cs:8,led:24 height=128 width=128 rotate=180 fps=30 bgr=1 speed=40000000 debug=$((1<<5))
|
||||
vi /etc/modprobe.d/fbtft.conf
|
||||
options fbtft_device name=fb_st7735r gpios=reset:27,dc:25,led:18 speed=16000000 bgr=1 custom=1 width=128 height=128
|
||||
|
||||
## python approach
|
||||
pip install --user RPi.GPIO
|
||||
pip install --user spidev
|
||||
|
||||
|
||||
##modern kernel approach
|
||||
wget https://github.com/juj/fbcp-ili9341/archive/refs/heads/master.zip
|
||||
cmake -DWAVESHARE_ST7735S_HAT=ON -DSPI_BUS_CLOCK_DIVISOR=6
|
||||
apk add raspberrypi-dev
|
||||
|
||||
|
||||
## nitrokey
|
||||
apk add py-pip build-base python3-dev [240Mb]
|
||||
apk add py-pip build-base python3-dev py3-wheel [240Mb]
|
||||
apk add libffi-dev [7Mb]
|
||||
apk add openssl-dev
|
||||
//needs gcc python3-dev libffdi-dev
|
||||
apk add openssl-dev rust cargo [337Mb]
|
||||
#pip install --user setuptools_rust
|
||||
apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
||||
apk add py3-pep517 py3-cryptography
|
||||
//see https://cryptography.io/en/latest/installation/
|
||||
reboot
|
||||
lbu inc /home
|
||||
lbu inc /root
|
||||
pip3 install --user wheel
|
||||
pip3 install --user pynitrokey [takes about 35min]
|
||||
|
||||
pip3 install --user wheel
|
||||
pip3 install --user pynitrokey [takes about 35min, can fail due missing space left on device, but cbor fails nevertheless]
|
||||
|
||||
#fix $PATH to /root/.local/bin in /etc/profile
|
||||
#need mdev/udev rules to grant access for user
|
||||
#libudev-zero is a replacement, which is needed for pcscd
|
||||
|
||||
## ToDo
|
||||
#tmux
|
||||
#camera to scan QR code
|
||||
#predefine common action scheme
|
||||
#general reconsideration of usefulness
|
||||
|
||||
### links
|
||||
https://github.com/hashbang/airgap
|
||||
https://riseup.net/de/security/message-security/openpgp/gpg-best-practices
|
||||
|
1
cmdline.txt
Normal file
1
cmdline.txt
Normal file
@ -0,0 +1 @@
|
||||
modules=loop,overlay,squashfs,sd-mod,usb-storage quiet dwc_otg.lpm_enable=0 console=tty1 console=ttyAMA0,115200
|
95
dietpi-wifi.txt
Normal file
95
dietpi-wifi.txt
Normal file
@ -0,0 +1,95 @@
|
||||
#---------------------------------------------------------------
|
||||
# Entry 0
|
||||
# - WiFi SSID: required, case sensitive
|
||||
aWIFI_SSID[0]='WLAN-GG3HL4 2.4GHz'
|
||||
# - WiFi key: If no key/open, leave this blank
|
||||
aWIFI_KEY[0]='08487085501687788364'
|
||||
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
|
||||
aWIFI_KEYMGR[0]='WPA-PSK'
|
||||
# - WPA-EAP options: Only fill if WPA-EAP is set above
|
||||
aWIFI_PROTO[0]=''
|
||||
aWIFI_PAIRWISE[0]=''
|
||||
aWIFI_AUTH_ALG[0]=''
|
||||
aWIFI_EAP[0]=''
|
||||
aWIFI_IDENTITY[0]=''
|
||||
aWIFI_PASSWORD[0]=''
|
||||
aWIFI_PHASE1[0]=''
|
||||
aWIFI_PHASE2[0]=''
|
||||
# - Path to the certificate file, e.g.: /boot/mycert.cer
|
||||
aWIFI_CERT[0]=''
|
||||
#---------------------------------------------------------------
|
||||
# Entry 1
|
||||
# - WiFi SSID: required, case sensitive
|
||||
aWIFI_SSID[1]=''
|
||||
# - WiFi key: If no key/open, leave this blank
|
||||
aWIFI_KEY[1]=''
|
||||
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
|
||||
aWIFI_KEYMGR[1]='WPA-PSK'
|
||||
# - WPA-EAP options: Only fill if WPA-EAP is set above
|
||||
aWIFI_PROTO[1]=''
|
||||
aWIFI_PAIRWISE[1]=''
|
||||
aWIFI_AUTH_ALG[1]=''
|
||||
aWIFI_EAP[1]=''
|
||||
aWIFI_IDENTITY[1]=''
|
||||
aWIFI_PASSWORD[1]=''
|
||||
aWIFI_PHASE1[1]=''
|
||||
aWIFI_PHASE2[1]=''
|
||||
# - Path to the certificate file, e.g.: /boot/mycert.cer
|
||||
aWIFI_CERT[1]=''
|
||||
#---------------------------------------------------------------
|
||||
# Entry 2
|
||||
# - WiFi SSID: required, case sensitive
|
||||
aWIFI_SSID[2]=''
|
||||
# - WiFi key: If no key/open, leave this blank
|
||||
aWIFI_KEY[2]=''
|
||||
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
|
||||
aWIFI_KEYMGR[2]='WPA-PSK'
|
||||
# - WPA-EAP options: Only fill if WPA-EAP is set above
|
||||
aWIFI_PROTO[2]=''
|
||||
aWIFI_PAIRWISE[2]=''
|
||||
aWIFI_AUTH_ALG[2]=''
|
||||
aWIFI_EAP[2]=''
|
||||
aWIFI_IDENTITY[2]=''
|
||||
aWIFI_PASSWORD[2]=''
|
||||
aWIFI_PHASE1[2]=''
|
||||
aWIFI_PHASE2[2]=''
|
||||
# - Path to the certificate file, e.g.: /boot/mycert.cer
|
||||
aWIFI_CERT[2]=''
|
||||
#---------------------------------------------------------------
|
||||
# Entry 3
|
||||
# - WiFi SSID: required, case sensitive
|
||||
aWIFI_SSID[3]=''
|
||||
# - WiFi key: If no key/open, leave this blank
|
||||
aWIFI_KEY[3]=''
|
||||
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
|
||||
aWIFI_KEYMGR[3]='WPA-PSK'
|
||||
# - WPA-EAP options: Only fill if WPA-EAP is set above
|
||||
aWIFI_PROTO[3]=''
|
||||
aWIFI_PAIRWISE[3]=''
|
||||
aWIFI_AUTH_ALG[3]=''
|
||||
aWIFI_EAP[3]=''
|
||||
aWIFI_IDENTITY[3]=''
|
||||
aWIFI_PASSWORD[3]=''
|
||||
aWIFI_PHASE1[3]=''
|
||||
aWIFI_PHASE2[3]=''
|
||||
# - Path to the certificate file, e.g.: /boot/mycert.cer
|
||||
aWIFI_CERT[3]=''
|
||||
#---------------------------------------------------------------
|
||||
# Entry 4
|
||||
# - WiFi SSID: required, case sensitive
|
||||
aWIFI_SSID[4]=''
|
||||
# - WiFi key: If no key/open, leave this blank
|
||||
aWIFI_KEY[4]=''
|
||||
# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below)
|
||||
aWIFI_KEYMGR[4]='WPA-PSK'
|
||||
# - WPA-EAP options: Only fill if WPA-EAP is set above
|
||||
aWIFI_PROTO[4]=''
|
||||
aWIFI_PAIRWISE[4]=''
|
||||
aWIFI_AUTH_ALG[4]=''
|
||||
aWIFI_EAP[4]=''
|
||||
aWIFI_IDENTITY[4]=''
|
||||
aWIFI_PASSWORD[4]=''
|
||||
aWIFI_PHASE1[4]=''
|
||||
aWIFI_PHASE2[4]=''
|
||||
# - Path to the certificate file, e.g.: /boot/mycert.cer
|
||||
aWIFI_CERT[4]=''
|
287
dietpi.txt
Normal file
287
dietpi.txt
Normal file
@ -0,0 +1,287 @@
|
||||
# IMPORTANT:
|
||||
# - This is intended for advanced users, unless you know what you are doing, do not edit this file. Please use the DietPi programs instead.
|
||||
# - Do not remove uncommented lines, as the items are scraped by DietPi programs, on demand.
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### DietPi-Automation settings, applied on first boot of DietPi only, ONCE! #####
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
# By setting this to "1" you accept the DietPi GPLv2 license and skip the related interactive dialog.
|
||||
# - Full license text: /boot/dietpi-LICENSE.txt
|
||||
# - This setting is ignored (and assumed to be affirmative) if AUTO_SETUP_AUTOMATED=1
|
||||
AUTO_SETUP_ACCEPT_LICENSE=1
|
||||
|
||||
##### Language/Regional Options #####
|
||||
# Locale: eg: "en_GB.UTF-8" / "de_DE.UTF-8" | One entry and UTF-8 ONLY!
|
||||
AUTO_SETUP_LOCALE=C.UTF-8
|
||||
|
||||
# Keyboard Layout eg: "gb" / "us" / "de" / "fr"
|
||||
AUTO_SETUP_KEYBOARD_LAYOUT=de
|
||||
|
||||
# Timezone eg: "Europe/London" / "America/New_York" | Full list (TZ*): https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
||||
AUTO_SETUP_TIMEZONE=Europe/Berlin
|
||||
|
||||
##### Network Options #####
|
||||
# Enable Ethernet or WiFi adapter: 1=enable | 0=disable
|
||||
# - If both Ethernet and WiFi are enabled, WiFi will take priority and Ethernet will be disabled.
|
||||
# - If using WiFi, please edit dietpi-wifi.txt to pre-enter credentials.
|
||||
AUTO_SETUP_NET_ETHERNET_ENABLED=0
|
||||
AUTO_SETUP_NET_WIFI_ENABLED=1
|
||||
|
||||
# Force ethernet speeds: 0=automatic speed | 10 = 10Mbit | 100 = 100Mbit etc
|
||||
# - This is mainly aimed at PINE A64 which may have an HW issue that causes unstable 1Gbit link.
|
||||
AUTO_SETUP_NET_ETH_FORCE_SPEED=0
|
||||
|
||||
# WiFi country code: 2 uppercase character value (e.g. GB US DE JP): https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
|
||||
AUTO_SETUP_NET_WIFI_COUNTRY_CODE=DE
|
||||
|
||||
# Enter your static network details below, if applicable.
|
||||
AUTO_SETUP_NET_USESTATIC=0
|
||||
AUTO_SETUP_NET_STATIC_IP=192.168.0.100
|
||||
AUTO_SETUP_NET_STATIC_MASK=255.255.255.0
|
||||
AUTO_SETUP_NET_STATIC_GATEWAY=192.168.0.1
|
||||
AUTO_SETUP_NET_STATIC_DNS=9.9.9.9 149.112.112.112
|
||||
|
||||
# Set to "1" to convert DHCP leased network settings into static settings automatically on first boot.
|
||||
AUTO_SETUP_DHCP_TO_STATIC=0
|
||||
|
||||
# Hostname
|
||||
AUTO_SETUP_NET_HOSTNAME=DietPi-gnupg-root
|
||||
|
||||
##### Misc Options #####
|
||||
# Swap space size to generate: 0 => disable | 1 => auto | 2 and up => size in MiB
|
||||
AUTO_SETUP_SWAPFILE_SIZE=1571
|
||||
# Swap space location: "zram" => swap space on /dev/zram0 (auto-size = 50% of RAM size) | /path/to/file => swap file at location (auto-size = 2 GiB minus RAM size)
|
||||
AUTO_SETUP_SWAPFILE_LOCATION=/var/swap
|
||||
|
||||
# Set to "1" to disable HDMI output (and GPU/VPU where supported) for supported devices: RPi, Odroid C1, Odroid C2
|
||||
AUTO_SETUP_HEADLESS=1
|
||||
|
||||
# Unmask (enable) systemd-logind service (including dbus), which is masked by default on DietPi
|
||||
AUTO_UNMASK_LOGIND=0
|
||||
|
||||
# Custom Script (pre-networking and pre-DietPi install)
|
||||
# - Allows you to automatically execute a custom script before network is up on first boot.
|
||||
# - Copy your script to /boot/Automation_Custom_PreScript.sh and it will be executed automatically.
|
||||
# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_prescript.log
|
||||
|
||||
# Custom Script (post-networking and post-DietPi install)
|
||||
# - Allows you to automatically execute a custom script at the end of DietPi install.
|
||||
# - Option 0 = Copy your script to /boot/Automation_Custom_Script.sh and it will be executed automatically.
|
||||
# - Option 1 = Host your script online, then use e.g. AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://myweb.com/myscript.sh and it will be downloaded and executed automatically.
|
||||
# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_script.log
|
||||
AUTO_SETUP_CUSTOM_SCRIPT_EXEC=0
|
||||
|
||||
# Restore a DietPi-Backup on first boot: 0 => disable | 1 => interactive restore (show list of found backups) | 2 => non-interactive restore (restore first found backup)
|
||||
# - Simply attach the drive/disk/stick with contains the backup. All attached drives will be mounted temporarily and searched automatically.
|
||||
AUTO_SETUP_BACKUP_RESTORE=0
|
||||
|
||||
##### Software Options #####
|
||||
# SSH server choice: 0=none/custom | -1=Dropbear | -2=OpenSSH
|
||||
AUTO_SETUP_SSH_SERVER_INDEX=-1
|
||||
|
||||
# File server choice: 0=none/custom | -1=ProFTP | -2=Samba
|
||||
AUTO_SETUP_FILE_SERVER_INDEX=0
|
||||
|
||||
# Logging mode choice: 0=none/custom | -1=RAMlog 1h clear | -2=RAMlog 1h save clear | -3=rsyslog + logrotate
|
||||
AUTO_SETUP_LOGGING_INDEX=-1
|
||||
# RAMlog max tmpfs size (MB). 50MB should be fine for single use. 200MB+ for heavy webserver and access log etc.
|
||||
AUTO_SETUP_RAMLOG_MAXSIZE=50
|
||||
|
||||
# Webserver preference: 0=Apache2 | -1=Nginx | -2=Lighttpd
|
||||
# - This defines the webserver to install (only) when another selected software requires one.
|
||||
# - It won't be installed if no other software requires a webserver and a manual webserver stack selection will override it.
|
||||
AUTO_SETUP_WEB_SERVER_INDEX=-2
|
||||
|
||||
# Desktop preference: 0=LXDE | -1=Xfce | -2=MATE | -3=LXQt | -4=GNUstep
|
||||
# - This defines the desktop to install (only) when another selected software requires one.
|
||||
# - It won't be installed if no other software requires a desktop and a manual desktop selection will override it.
|
||||
AUTO_SETUP_DESKTOP_INDEX=0
|
||||
|
||||
# Browser preference: 0=None | -1=Firefox | -2=Chromium
|
||||
# - This defines the browser to install (only) when a desktop is installed.
|
||||
# - It won't be installed if no desktop is installed and a manual browser selection will override it.
|
||||
AUTO_SETUP_BROWSER_INDEX=-1
|
||||
|
||||
# DietPi-Autostart: 0=Console | 7=Console autologin | 1=Kodi | 2=Desktop autologin | 16=Desktop | 4=OpenTyrian | 5=DietPi-Cloudshell | 6=Amiberry fast boot | 8=Amiberry standard boot | 9=DDX-Rebirth | 10=CAVA Spectrum | 11=Chromium kiosk | 14=Custom autostart service
|
||||
# - This will be effective on 2nd boot, after firstrun update and installs have been done.
|
||||
# - Related software titles must be installed either on firstrun installs or via AUTO_SETUP_AUTOMATED=1 + AUTO_SETUP_INSTALL_SOFTWARE_ID (see below).
|
||||
AUTO_SETUP_AUTOSTART_TARGET_INDEX=0
|
||||
# Autologin user name
|
||||
# - This user must exist before firstrun installs, otherwise it will be reverted to root.
|
||||
# - Applies to all autostart options but: 0, 6, 14 and 16
|
||||
AUTO_SETUP_AUTOSTART_LOGIN_USER=root
|
||||
|
||||
##### Non-interactive Firstrun Setup #####
|
||||
# On first login, run update, initial setup and software installs without any user input
|
||||
# - Setting this to "1" is required for below settings to take effect
|
||||
# - It is HIGHLY recommended to also set CONFIG_BOOT_WAIT_FOR_NETWORK=2, to force infinite wait for network connection during boot and prevent connection timeout errors.
|
||||
# - Setting this to "1" indicates that you accept the DietPi GPLv2 license, available at /boot/dietpi-LICENSE.txt, superseding any setting of AUTO_SETUP_ACCEPT_LICENSE.
|
||||
AUTO_SETUP_AUTOMATED=1
|
||||
|
||||
# Global Password to be applied for the system
|
||||
# - Affects "root" and "dietpi" users login passwords and is used by dietpi-software as default for software installs which require a password.
|
||||
# - On first dietpi-software execution, the password is removed from this file and instead encrypted and saved to rootfs.
|
||||
# - WARN: We cannot guarantee that all software options can handle special characters like \"$.
|
||||
AUTO_SETUP_GLOBAL_PASSWORD=dietpi
|
||||
|
||||
# Software to automatically install
|
||||
# - List of available software IDs: https://github.com/MichaIng/DietPi/wiki/DietPi-Software-list
|
||||
# - Add as many entries as you wish, one each line.
|
||||
# - DietPi will automatically install all pre-reqs (e.g. ALSA/X11 for desktops etc)
|
||||
# - E.g. the following (without the leading "#") will install the LXDE desktop automatically on first boot:
|
||||
#AUTO_SETUP_INSTALL_SOFTWARE_ID=23
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### Misc DietPi program settings #####
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
# DietPi-Survey: 1=opt in | 0=opt out | -1=ask on first call
|
||||
# - https://dietpi.com/docs/dietpi_tools/#miscellaneous (see tab 'DietPi Survey')
|
||||
SURVEY_OPTED_IN=0
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### DietPi-Config settings #####
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
# CPU Governor: schedutil | ondemand | interactive | conservative | powersave | performance
|
||||
CONFIG_CPU_GOVERNOR=ondemand
|
||||
# Ondemand Sampling Rate | Min value: 10000 microseconds (10ms)
|
||||
CONFIG_CPU_ONDEMAND_SAMPLE_RATE=25000
|
||||
# Ondemand Sampling Down Factor: Samling Rate * Down Factor / 1000 = ms (40 = 1000ms when sampling rate is 25000)
|
||||
CONFIG_CPU_ONDEMAND_SAMPLE_DOWNFACTOR=40
|
||||
# Throttle Up Percentage: Percentage of average CPU usage during samling rate at which CPU will be throttled up/down
|
||||
CONFIG_CPU_USAGE_THROTTLE_UP=50
|
||||
|
||||
# CPU Frequency Limits: Disabled=disabled
|
||||
# - Intel CPUs use a percentage value (%) from 0-100, eg: 55
|
||||
# - All other devices must use a specific MHz value, eg: 1600
|
||||
# - Has no effect on RPi, please set "arm_freq" and "arm_freq_min" in config.txt instead.
|
||||
CONFIG_CPU_MAX_FREQ=Disabled
|
||||
CONFIG_CPU_MIN_FREQ=Disabled
|
||||
|
||||
# Disable Intel-based turbo/boost stepping. This flag should not be required, setting <100% MAX frequency should disable Turbo on Intel CPUs.
|
||||
CONFIG_CPU_DISABLE_TURBO=0
|
||||
|
||||
# System-wide proxy settings
|
||||
# - Do not modify, you must use dietpi-config > "Network Options: Adapters" to apply
|
||||
CONFIG_PROXY_ADDRESS=MyProxyServer.com
|
||||
CONFIG_PROXY_PORT=8080
|
||||
CONFIG_PROXY_USERNAME=
|
||||
CONFIG_PROXY_PASSWORD=
|
||||
|
||||
# Delay boot until network is established: 0=disabled | 1=10 second wait max (default) | 2=infinite wait
|
||||
CONFIG_BOOT_WAIT_FOR_NETWORK=1
|
||||
|
||||
# Connection timeout in seconds, before G_CHECK_URL assumes the URL is dead. Increase if you have a "flaky" connection or slow DNS resolver.
|
||||
# - Set this to "0" to allow unlimited time, however this is not recommended to avoid unlimited hanging background scripts, e.g. daily DietPi update check.
|
||||
# - A negative or non-integer value will result in the default of 10 seconds.
|
||||
CONFIG_G_CHECK_URL_TIMEOUT=10
|
||||
# Connection attempts with above timeout each, before G_CHECK_URL is giving up and prompts an error.
|
||||
# - Any value below "1" or a non-integer value will result in the default of 2 attempts.
|
||||
CONFIG_G_CHECK_URL_ATTEMPTS=2
|
||||
# General connection and DNS testing
|
||||
# - IP to ping when checking network connectivity. Default: 9.9.9.9 (Quad9 DNS IP)
|
||||
CONFIG_CHECK_CONNECTION_IP=9.9.9.9
|
||||
# - Domain to ping when checking DNS resolver. Default: dns9.quad9.net (Quad9 DNS domain)
|
||||
CONFIG_CHECK_DNS_DOMAIN=dns9.quad9.net
|
||||
|
||||
# Daily check for DietPi updates: 0=disable | 1=enable
|
||||
# - Checks are done by downloading a file of only 7 bytes.
|
||||
CONFIG_CHECK_DIETPI_UPDATES=1
|
||||
|
||||
# Daily check for APT package updates: 0=disable | 1=check only | 2=check and upgrade automatically
|
||||
# - Upgrade logs can be found at: /var/tmp/dietpi/logs/dietpi-update_apt.log
|
||||
CONFIG_CHECK_APT_UPDATES=1
|
||||
|
||||
# Network time sync: 0=disabled | 1=boot only | 2=boot + daily | 3=boot + hourly | 4=Daemon + Drift
|
||||
CONFIG_NTP_MODE=2
|
||||
|
||||
# Serial Console: Set to 0 if you do not require serial console.
|
||||
CONFIG_SERIAL_CONSOLE_ENABLE=1
|
||||
|
||||
# Sound card
|
||||
CONFIG_SOUNDCARD=none
|
||||
|
||||
# LCD Panel addon
|
||||
# - Do not modify, you must use dietpi-config to configure/set options
|
||||
CONFIG_LCDPANEL=none
|
||||
|
||||
# IPv6
|
||||
CONFIG_ENABLE_IPV6=1
|
||||
|
||||
# Prefer IPv4 with APT and wget, NB: This has no effect if IPv6 is disabled anyway!
|
||||
CONFIG_PREFER_IPV4=1
|
||||
|
||||
# APT mirrors which are applied to /etc/apt/sources.list | Values here will also be applied during 1st run setup
|
||||
# - Raspbian: https://www.raspbian.org/RaspbianMirrors
|
||||
CONFIG_APT_RASPBIAN_MIRROR=http://raspbian.raspberrypi.org/raspbian/
|
||||
# - Debian: https://www.debian.org/mirror/official#list
|
||||
CONFIG_APT_DEBIAN_MIRROR=https://deb.debian.org/debian/
|
||||
|
||||
# NTP mirror, applied to /etc/ntp.conf
|
||||
# - For a full list, please see: https://www.ntppool.org/zone/@
|
||||
# - Please remove the initial integer and full stop from the value (removing "0."), eg: debian.pool.ntp.org
|
||||
CONFIG_NTP_MIRROR=debian.pool.ntp.org
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### DietPi-Software settings #####
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
# Enter your EmonCMS.org write API key here. It will be applied automatically during EmonPi/Hub install.
|
||||
# - E.g.: SOFTWARE_EMONHUB_APIKEY=b4dfmk2o203mmxx93a
|
||||
SOFTWARE_EMONHUB_APIKEY=
|
||||
|
||||
# VNC Server
|
||||
SOFTWARE_VNCSERVER_WIDTH=1280
|
||||
SOFTWARE_VNCSERVER_HEIGHT=720
|
||||
SOFTWARE_VNCSERVER_DEPTH=16
|
||||
SOFTWARE_VNCSERVER_DISPLAY_INDEX=1
|
||||
SOFTWARE_VNCSERVER_SHARE_DESKTOP=0
|
||||
|
||||
# ownCloud/Nextcloud
|
||||
# - Optional username for admin account, the default is 'admin', applied during install
|
||||
SOFTWARE_OWNCLOUD_NEXTCLOUD_USERNAME=admin
|
||||
# - Optional data directory, default is "/mnt/dietpi_userdata/owncloud_data" respectively "/mnt/dietpi_userdata/nextcloud_data", applied during install
|
||||
# NB: This option is for advanced users. For full compatibility, please keep this options defaults, and, use dietpi-drive_manager to move the DietPi user data location.
|
||||
SOFTWARE_OWNCLOUD_DATADIR=/mnt/dietpi_userdata/owncloud_data
|
||||
SOFTWARE_NEXTCLOUD_DATADIR=/mnt/dietpi_userdata/nextcloud_data
|
||||
|
||||
# WiFi Hotspot
|
||||
SOFTWARE_WIFI_HOTSPOT_SSID=DietPi-HotSpot
|
||||
# - Key requires a minimum of 8 characters
|
||||
SOFTWARE_WIFI_HOTSPOT_KEY=dietpihotspot
|
||||
SOFTWARE_WIFI_HOTSPOT_CHANNEL=3
|
||||
|
||||
# X.org
|
||||
# - DPI 96(default) 120(+25%) 144(+50%) 168(+75%) 192(+100%)
|
||||
SOFTWARE_XORG_DPI=96
|
||||
|
||||
# Chromium
|
||||
SOFTWARE_CHROMIUM_RES_X=1280
|
||||
SOFTWARE_CHROMIUM_RES_Y=720
|
||||
SOFTWARE_CHROMIUM_AUTOSTART_URL=https://dietpi.com/
|
||||
|
||||
# Home Assistant
|
||||
# - Optional Python build dependencies and modules, possibly required for certain HA components
|
||||
# Space separated list (no quotation!), will be installed together with Home Assistant automatically, if present
|
||||
SOFTWARE_HOMEASSISTANT_APT_DEPS=
|
||||
# Add Python modules with version string at best, e.g.: firstModule==1.2.3 secondModule==4.5.6
|
||||
SOFTWARE_HOMEASSISTANT_PIP_DEPS=
|
||||
|
||||
# K3s
|
||||
# Command with flags to use for launching K3s in the service
|
||||
# The value of this variable is copied directly into the INSTALL_K3S_EXEC environment variable before
|
||||
# running the K3s installer.
|
||||
# https://rancher.com/docs/k3s/latest/en/installation/install-options/#options-for-installation-with-script
|
||||
#
|
||||
# Optionally, you can add a configuration file named /boot/dietpi-k3s.yaml,
|
||||
# which will copied into place during installation
|
||||
# https://rancher.com/docs/k3s/latest/en/installation/install-options/#configuration-file
|
||||
SOFTWARE_K3S_EXEC=
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### Dev settings #####
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
DEV_GITBRANCH=master
|
||||
DEV_GITOWNER=MichaIng
|
||||
|
||||
#------------------------------------------------------------------------------------------------------
|
||||
##### Settings, automatically added by dietpi-update #####
|
||||
#------------------------------------------------------------------------------------------------------
|
14
gpg-howto.md
14
gpg-howto.md
@ -1,6 +1,16 @@
|
||||
Best practices with gpg
|
||||
Use a separate key for each identity, this means a own key for each email account, which should not be cross referenced.
|
||||
gpg2 --expert --full-gen-key
|
||||
(9) ECC and ECC
|
||||
(1) Curve 25519)
|
||||
(1) Curve 25519
|
||||
//because of this: http://safecurves.cr.yp.to/index.html
|
||||
3y
|
||||
//because it is hard enough in real life with humans
|
||||
//because it is hard enough in real life with humans
|
||||
//add the name/synonym and the first email
|
||||
|
||||
gpg --edit-key name/synonym
|
||||
adduid
|
||||
list [the trust is not yet 'ultimate' but after a save it will be]
|
||||
uid [n] //adjust primary uid
|
||||
primary
|
||||
save
|
||||
|
3
raspbian.txt
Normal file
3
raspbian.txt
Normal file
@ -0,0 +1,3 @@
|
||||
edit config.txt to activate serial console
|
||||
enable_uart=1
|
||||
dtoverlay=i2c-rtc,ds3231
|
6
usercfg.txt
Normal file
6
usercfg.txt
Normal file
@ -0,0 +1,6 @@
|
||||
gpu_mem=16
|
||||
dtparam=audio=off
|
||||
dtoverlay=pi3-disable-bt
|
||||
dtparam=i2c=on
|
||||
dtoverlay=i2c-rtc,ds3231
|
||||
enable_uart=1
|
Loading…
Reference in New Issue
Block a user