diff --git a/README.md b/README.md index 8962146..afdd088 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ https://vincentserpoul.github.io/post/alpine-linux-rpi0/ 2. extract image: tar -xzvf ~/Downloads/alpine-rpi-3.12.0-armhf.tar.gz -C /run/media/**** --no-same-owner 3. edit cmdline.txt 4. create usercfg.txt - 5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero} ) [70MB] + 5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, pinentry, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero fsverity-utils} ) [70MB] 6. connect UART TX/RX/GND to pin 8/10/6 green/white/black 7. boot rpi 8. mount second partition to folder /media/mmcblk0p2 @@ -86,20 +86,32 @@ apk add cryptsetup fallocate -l 10MB PRIVATE [minimal 20MB] cryptsetup -v luksFormat PRIVATE [takes some seconds] --use secure passphrase -cryptsetup -v luksOpen PRIVATE private_file +cryptsetup -v luksOpen /mnt/mmcblk0p2/PRIVATE private_file mkfs -t ext4 /dev/mapper/private_file mkdir /mnt/private_file +ln -s /mnt/private_file/user/.gnupg /home/user/.gnupg +ln -s /mnt/private_file/root/.gnupg /root/.gnupg mount /dev/mapper/private_file /mnt/private_file --Umount and close file +killall gpg-agent umount /mnt/private_file cryptsetup luksClose private_file -mkidr /mnt/private_file/.gnupg -chown user:user /mnt/private_file/.gnupg -ln -s /mnt/private_file/.gnupg .gnupg +mkdir /mnt/private_file/user/.gnupg +chmod 750 /mnt/private_file/user +chown user:user /mnt/private_file/user/.gnupg + edit /etc/mdev.conf for usb tokens [ToDo] killall gpg-agent +#mount encrypted container +cryptsetup -v luksOpen /media/mmcblk0p2/PRIVATE private_file +mount /dev/mapper/private_file /mnt/private_file +--Umount and close file +killall gpg-agent +umount /mnt/private_file +cryptsetup luksClose private_file + ##kernel update [inProgress] related: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11980 @@ -128,9 +140,31 @@ mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments apk add linux-rpi ## generic image upgrade +[offline] extract original image to first partion restore cmdline and usercfg.txt -delete from overlay the cache folder +[root] delete from overlay partition the cache folder +in case of a folder (delete from overlay the /usr) +in case of an image +rm persist.img && dd if=/dev/zero of=persist.img bs=1024 count=0 seek=2097152 +mkfs.ext4 persist.img +[online] +recreate .work folder under /media/persist +recreate usr folder under /media/persist +mkdir /mnt/private_file +check mountpoint for /usr | mount /usr +fix the repository +fix the network interface +apk update +apk upgrade +'re-add' installed packages [e.g. 00-preparation] +remount /media/mmcblk0p1 rewritable +mount -o rw,remount /media/mmcblk0p1/ +cp apk to /media/mmcblk0p1/apk/armhf + +-lsblk +-mkinitfs +reboot without lbu commit ##generic minor update (to install it into ram) apk update @@ -141,28 +175,47 @@ lbu commit #create a overlay for /usr otherwise space is missing https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing] apk add python2 #obsolete -apk add build-base #binary is build vor rpi3 +apk add build-base #binary is build for rpi3 // ToDo sudo modprobe fbtft_device name=adafruit18_green gpios=reset:27,dc:25,cs:8,led:24 height=128 width=128 rotate=180 fps=30 bgr=1 speed=40000000 debug=$((1<<5)) vi /etc/modprobe.d/fbtft.conf options fbtft_device name=fb_st7735r gpios=reset:27,dc:25,led:18 speed=16000000 bgr=1 custom=1 width=128 height=128 +## python approach +pip install --user RPi.GPIO +pip install --user spidev + + +##modern kernel approach +wget https://github.com/juj/fbcp-ili9341/archive/refs/heads/master.zip +cmake -DWAVESHARE_ST7735S_HAT=ON -DSPI_BUS_CLOCK_DIVISOR=6 +apk add raspberrypi-dev + + ## nitrokey - apk add py-pip build-base python3-dev [240Mb] + apk add py-pip build-base python3-dev py3-wheel [240Mb] apk add libffi-dev [7Mb] - apk add openssl-dev -//needs gcc python3-dev libffdi-dev + apk add openssl-dev rust cargo [337Mb] + #pip install --user setuptools_rust + apk add gcc musl-dev python3-dev libffi-dev openssl-dev cargo + apk add py3-pep517 py3-cryptography +//see https://cryptography.io/en/latest/installation/ reboot lbu inc /home lbu inc /root - pip3 install --user wheel - pip3 install --user pynitrokey [takes about 35min] - + pip3 install --user wheel + pip3 install --user pynitrokey [takes about 35min, can fail due missing space left on device, but cbor fails nevertheless] + #fix $PATH to /root/.local/bin in /etc/profile #need mdev/udev rules to grant access for user #libudev-zero is a replacement, which is needed for pcscd + ## ToDo #tmux + #camera to scan QR code + #predefine common action scheme + #general reconsideration of usefulness ### links https://github.com/hashbang/airgap +https://riseup.net/de/security/message-security/openpgp/gpg-best-practices diff --git a/cmdline.txt b/cmdline.txt new file mode 100644 index 0000000..a2000de --- /dev/null +++ b/cmdline.txt @@ -0,0 +1 @@ +modules=loop,overlay,squashfs,sd-mod,usb-storage quiet dwc_otg.lpm_enable=0 console=tty1 console=ttyAMA0,115200 diff --git a/dietpi-wifi.txt b/dietpi-wifi.txt new file mode 100644 index 0000000..82fa96c --- /dev/null +++ b/dietpi-wifi.txt @@ -0,0 +1,95 @@ +#--------------------------------------------------------------- +# Entry 0 +# - WiFi SSID: required, case sensitive +aWIFI_SSID[0]='WLAN-GG3HL4 2.4GHz' +# - WiFi key: If no key/open, leave this blank +aWIFI_KEY[0]='08487085501687788364' +# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below) +aWIFI_KEYMGR[0]='WPA-PSK' +# - WPA-EAP options: Only fill if WPA-EAP is set above +aWIFI_PROTO[0]='' +aWIFI_PAIRWISE[0]='' +aWIFI_AUTH_ALG[0]='' +aWIFI_EAP[0]='' +aWIFI_IDENTITY[0]='' +aWIFI_PASSWORD[0]='' +aWIFI_PHASE1[0]='' +aWIFI_PHASE2[0]='' +# - Path to the certificate file, e.g.: /boot/mycert.cer +aWIFI_CERT[0]='' +#--------------------------------------------------------------- +# Entry 1 +# - WiFi SSID: required, case sensitive +aWIFI_SSID[1]='' +# - WiFi key: If no key/open, leave this blank +aWIFI_KEY[1]='' +# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below) +aWIFI_KEYMGR[1]='WPA-PSK' +# - WPA-EAP options: Only fill if WPA-EAP is set above +aWIFI_PROTO[1]='' +aWIFI_PAIRWISE[1]='' +aWIFI_AUTH_ALG[1]='' +aWIFI_EAP[1]='' +aWIFI_IDENTITY[1]='' +aWIFI_PASSWORD[1]='' +aWIFI_PHASE1[1]='' +aWIFI_PHASE2[1]='' +# - Path to the certificate file, e.g.: /boot/mycert.cer +aWIFI_CERT[1]='' +#--------------------------------------------------------------- +# Entry 2 +# - WiFi SSID: required, case sensitive +aWIFI_SSID[2]='' +# - WiFi key: If no key/open, leave this blank +aWIFI_KEY[2]='' +# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below) +aWIFI_KEYMGR[2]='WPA-PSK' +# - WPA-EAP options: Only fill if WPA-EAP is set above +aWIFI_PROTO[2]='' +aWIFI_PAIRWISE[2]='' +aWIFI_AUTH_ALG[2]='' +aWIFI_EAP[2]='' +aWIFI_IDENTITY[2]='' +aWIFI_PASSWORD[2]='' +aWIFI_PHASE1[2]='' +aWIFI_PHASE2[2]='' +# - Path to the certificate file, e.g.: /boot/mycert.cer +aWIFI_CERT[2]='' +#--------------------------------------------------------------- +# Entry 3 +# - WiFi SSID: required, case sensitive +aWIFI_SSID[3]='' +# - WiFi key: If no key/open, leave this blank +aWIFI_KEY[3]='' +# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below) +aWIFI_KEYMGR[3]='WPA-PSK' +# - WPA-EAP options: Only fill if WPA-EAP is set above +aWIFI_PROTO[3]='' +aWIFI_PAIRWISE[3]='' +aWIFI_AUTH_ALG[3]='' +aWIFI_EAP[3]='' +aWIFI_IDENTITY[3]='' +aWIFI_PASSWORD[3]='' +aWIFI_PHASE1[3]='' +aWIFI_PHASE2[3]='' +# - Path to the certificate file, e.g.: /boot/mycert.cer +aWIFI_CERT[3]='' +#--------------------------------------------------------------- +# Entry 4 +# - WiFi SSID: required, case sensitive +aWIFI_SSID[4]='' +# - WiFi key: If no key/open, leave this blank +aWIFI_KEY[4]='' +# - Key type: NONE (no key/open) | WPA-PSK | WEP | WPA-EAP (then use settings below) +aWIFI_KEYMGR[4]='WPA-PSK' +# - WPA-EAP options: Only fill if WPA-EAP is set above +aWIFI_PROTO[4]='' +aWIFI_PAIRWISE[4]='' +aWIFI_AUTH_ALG[4]='' +aWIFI_EAP[4]='' +aWIFI_IDENTITY[4]='' +aWIFI_PASSWORD[4]='' +aWIFI_PHASE1[4]='' +aWIFI_PHASE2[4]='' +# - Path to the certificate file, e.g.: /boot/mycert.cer +aWIFI_CERT[4]='' diff --git a/dietpi.txt b/dietpi.txt new file mode 100644 index 0000000..ea8d654 --- /dev/null +++ b/dietpi.txt @@ -0,0 +1,287 @@ +# IMPORTANT: +# - This is intended for advanced users, unless you know what you are doing, do not edit this file. Please use the DietPi programs instead. +# - Do not remove uncommented lines, as the items are scraped by DietPi programs, on demand. + +#------------------------------------------------------------------------------------------------------ +##### DietPi-Automation settings, applied on first boot of DietPi only, ONCE! ##### +#------------------------------------------------------------------------------------------------------ +# By setting this to "1" you accept the DietPi GPLv2 license and skip the related interactive dialog. +# - Full license text: /boot/dietpi-LICENSE.txt +# - This setting is ignored (and assumed to be affirmative) if AUTO_SETUP_AUTOMATED=1 +AUTO_SETUP_ACCEPT_LICENSE=1 + +##### Language/Regional Options ##### +# Locale: eg: "en_GB.UTF-8" / "de_DE.UTF-8" | One entry and UTF-8 ONLY! +AUTO_SETUP_LOCALE=C.UTF-8 + +# Keyboard Layout eg: "gb" / "us" / "de" / "fr" +AUTO_SETUP_KEYBOARD_LAYOUT=de + +# Timezone eg: "Europe/London" / "America/New_York" | Full list (TZ*): https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +AUTO_SETUP_TIMEZONE=Europe/Berlin + +##### Network Options ##### +# Enable Ethernet or WiFi adapter: 1=enable | 0=disable +# - If both Ethernet and WiFi are enabled, WiFi will take priority and Ethernet will be disabled. +# - If using WiFi, please edit dietpi-wifi.txt to pre-enter credentials. +AUTO_SETUP_NET_ETHERNET_ENABLED=0 +AUTO_SETUP_NET_WIFI_ENABLED=1 + +# Force ethernet speeds: 0=automatic speed | 10 = 10Mbit | 100 = 100Mbit etc +# - This is mainly aimed at PINE A64 which may have an HW issue that causes unstable 1Gbit link. +AUTO_SETUP_NET_ETH_FORCE_SPEED=0 + +# WiFi country code: 2 uppercase character value (e.g. GB US DE JP): https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 +AUTO_SETUP_NET_WIFI_COUNTRY_CODE=DE + +# Enter your static network details below, if applicable. +AUTO_SETUP_NET_USESTATIC=0 +AUTO_SETUP_NET_STATIC_IP=192.168.0.100 +AUTO_SETUP_NET_STATIC_MASK=255.255.255.0 +AUTO_SETUP_NET_STATIC_GATEWAY=192.168.0.1 +AUTO_SETUP_NET_STATIC_DNS=9.9.9.9 149.112.112.112 + +# Set to "1" to convert DHCP leased network settings into static settings automatically on first boot. +AUTO_SETUP_DHCP_TO_STATIC=0 + +# Hostname +AUTO_SETUP_NET_HOSTNAME=DietPi-gnupg-root + +##### Misc Options ##### +# Swap space size to generate: 0 => disable | 1 => auto | 2 and up => size in MiB +AUTO_SETUP_SWAPFILE_SIZE=1571 +# Swap space location: "zram" => swap space on /dev/zram0 (auto-size = 50% of RAM size) | /path/to/file => swap file at location (auto-size = 2 GiB minus RAM size) +AUTO_SETUP_SWAPFILE_LOCATION=/var/swap + +# Set to "1" to disable HDMI output (and GPU/VPU where supported) for supported devices: RPi, Odroid C1, Odroid C2 +AUTO_SETUP_HEADLESS=1 + +# Unmask (enable) systemd-logind service (including dbus), which is masked by default on DietPi +AUTO_UNMASK_LOGIND=0 + +# Custom Script (pre-networking and pre-DietPi install) +# - Allows you to automatically execute a custom script before network is up on first boot. +# - Copy your script to /boot/Automation_Custom_PreScript.sh and it will be executed automatically. +# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_prescript.log + +# Custom Script (post-networking and post-DietPi install) +# - Allows you to automatically execute a custom script at the end of DietPi install. +# - Option 0 = Copy your script to /boot/Automation_Custom_Script.sh and it will be executed automatically. +# - Option 1 = Host your script online, then use e.g. AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://myweb.com/myscript.sh and it will be downloaded and executed automatically. +# - Executed script log: /var/tmp/dietpi/logs/dietpi-automation_custom_script.log +AUTO_SETUP_CUSTOM_SCRIPT_EXEC=0 + +# Restore a DietPi-Backup on first boot: 0 => disable | 1 => interactive restore (show list of found backups) | 2 => non-interactive restore (restore first found backup) +# - Simply attach the drive/disk/stick with contains the backup. All attached drives will be mounted temporarily and searched automatically. +AUTO_SETUP_BACKUP_RESTORE=0 + +##### Software Options ##### +# SSH server choice: 0=none/custom | -1=Dropbear | -2=OpenSSH +AUTO_SETUP_SSH_SERVER_INDEX=-1 + +# File server choice: 0=none/custom | -1=ProFTP | -2=Samba +AUTO_SETUP_FILE_SERVER_INDEX=0 + +# Logging mode choice: 0=none/custom | -1=RAMlog 1h clear | -2=RAMlog 1h save clear | -3=rsyslog + logrotate +AUTO_SETUP_LOGGING_INDEX=-1 +# RAMlog max tmpfs size (MB). 50MB should be fine for single use. 200MB+ for heavy webserver and access log etc. +AUTO_SETUP_RAMLOG_MAXSIZE=50 + +# Webserver preference: 0=Apache2 | -1=Nginx | -2=Lighttpd +# - This defines the webserver to install (only) when another selected software requires one. +# - It won't be installed if no other software requires a webserver and a manual webserver stack selection will override it. +AUTO_SETUP_WEB_SERVER_INDEX=-2 + +# Desktop preference: 0=LXDE | -1=Xfce | -2=MATE | -3=LXQt | -4=GNUstep +# - This defines the desktop to install (only) when another selected software requires one. +# - It won't be installed if no other software requires a desktop and a manual desktop selection will override it. +AUTO_SETUP_DESKTOP_INDEX=0 + +# Browser preference: 0=None | -1=Firefox | -2=Chromium +# - This defines the browser to install (only) when a desktop is installed. +# - It won't be installed if no desktop is installed and a manual browser selection will override it. +AUTO_SETUP_BROWSER_INDEX=-1 + +# DietPi-Autostart: 0=Console | 7=Console autologin | 1=Kodi | 2=Desktop autologin | 16=Desktop | 4=OpenTyrian | 5=DietPi-Cloudshell | 6=Amiberry fast boot | 8=Amiberry standard boot | 9=DDX-Rebirth | 10=CAVA Spectrum | 11=Chromium kiosk | 14=Custom autostart service +# - This will be effective on 2nd boot, after firstrun update and installs have been done. +# - Related software titles must be installed either on firstrun installs or via AUTO_SETUP_AUTOMATED=1 + AUTO_SETUP_INSTALL_SOFTWARE_ID (see below). +AUTO_SETUP_AUTOSTART_TARGET_INDEX=0 +# Autologin user name +# - This user must exist before firstrun installs, otherwise it will be reverted to root. +# - Applies to all autostart options but: 0, 6, 14 and 16 +AUTO_SETUP_AUTOSTART_LOGIN_USER=root + +##### Non-interactive Firstrun Setup ##### +# On first login, run update, initial setup and software installs without any user input +# - Setting this to "1" is required for below settings to take effect +# - It is HIGHLY recommended to also set CONFIG_BOOT_WAIT_FOR_NETWORK=2, to force infinite wait for network connection during boot and prevent connection timeout errors. +# - Setting this to "1" indicates that you accept the DietPi GPLv2 license, available at /boot/dietpi-LICENSE.txt, superseding any setting of AUTO_SETUP_ACCEPT_LICENSE. +AUTO_SETUP_AUTOMATED=1 + +# Global Password to be applied for the system +# - Affects "root" and "dietpi" users login passwords and is used by dietpi-software as default for software installs which require a password. +# - On first dietpi-software execution, the password is removed from this file and instead encrypted and saved to rootfs. +# - WARN: We cannot guarantee that all software options can handle special characters like \"$. +AUTO_SETUP_GLOBAL_PASSWORD=dietpi + +# Software to automatically install +# - List of available software IDs: https://github.com/MichaIng/DietPi/wiki/DietPi-Software-list +# - Add as many entries as you wish, one each line. +# - DietPi will automatically install all pre-reqs (e.g. ALSA/X11 for desktops etc) +# - E.g. the following (without the leading "#") will install the LXDE desktop automatically on first boot: +#AUTO_SETUP_INSTALL_SOFTWARE_ID=23 + +#------------------------------------------------------------------------------------------------------ +##### Misc DietPi program settings ##### +#------------------------------------------------------------------------------------------------------ +# DietPi-Survey: 1=opt in | 0=opt out | -1=ask on first call +# - https://dietpi.com/docs/dietpi_tools/#miscellaneous (see tab 'DietPi Survey') +SURVEY_OPTED_IN=0 + +#------------------------------------------------------------------------------------------------------ +##### DietPi-Config settings ##### +#------------------------------------------------------------------------------------------------------ +# CPU Governor: schedutil | ondemand | interactive | conservative | powersave | performance +CONFIG_CPU_GOVERNOR=ondemand +# Ondemand Sampling Rate | Min value: 10000 microseconds (10ms) +CONFIG_CPU_ONDEMAND_SAMPLE_RATE=25000 +# Ondemand Sampling Down Factor: Samling Rate * Down Factor / 1000 = ms (40 = 1000ms when sampling rate is 25000) +CONFIG_CPU_ONDEMAND_SAMPLE_DOWNFACTOR=40 +# Throttle Up Percentage: Percentage of average CPU usage during samling rate at which CPU will be throttled up/down +CONFIG_CPU_USAGE_THROTTLE_UP=50 + +# CPU Frequency Limits: Disabled=disabled +# - Intel CPUs use a percentage value (%) from 0-100, eg: 55 +# - All other devices must use a specific MHz value, eg: 1600 +# - Has no effect on RPi, please set "arm_freq" and "arm_freq_min" in config.txt instead. +CONFIG_CPU_MAX_FREQ=Disabled +CONFIG_CPU_MIN_FREQ=Disabled + +# Disable Intel-based turbo/boost stepping. This flag should not be required, setting <100% MAX frequency should disable Turbo on Intel CPUs. +CONFIG_CPU_DISABLE_TURBO=0 + +# System-wide proxy settings +# - Do not modify, you must use dietpi-config > "Network Options: Adapters" to apply +CONFIG_PROXY_ADDRESS=MyProxyServer.com +CONFIG_PROXY_PORT=8080 +CONFIG_PROXY_USERNAME= +CONFIG_PROXY_PASSWORD= + +# Delay boot until network is established: 0=disabled | 1=10 second wait max (default) | 2=infinite wait +CONFIG_BOOT_WAIT_FOR_NETWORK=1 + +# Connection timeout in seconds, before G_CHECK_URL assumes the URL is dead. Increase if you have a "flaky" connection or slow DNS resolver. +# - Set this to "0" to allow unlimited time, however this is not recommended to avoid unlimited hanging background scripts, e.g. daily DietPi update check. +# - A negative or non-integer value will result in the default of 10 seconds. +CONFIG_G_CHECK_URL_TIMEOUT=10 +# Connection attempts with above timeout each, before G_CHECK_URL is giving up and prompts an error. +# - Any value below "1" or a non-integer value will result in the default of 2 attempts. +CONFIG_G_CHECK_URL_ATTEMPTS=2 +# General connection and DNS testing +# - IP to ping when checking network connectivity. Default: 9.9.9.9 (Quad9 DNS IP) +CONFIG_CHECK_CONNECTION_IP=9.9.9.9 +# - Domain to ping when checking DNS resolver. Default: dns9.quad9.net (Quad9 DNS domain) +CONFIG_CHECK_DNS_DOMAIN=dns9.quad9.net + +# Daily check for DietPi updates: 0=disable | 1=enable +# - Checks are done by downloading a file of only 7 bytes. +CONFIG_CHECK_DIETPI_UPDATES=1 + +# Daily check for APT package updates: 0=disable | 1=check only | 2=check and upgrade automatically +# - Upgrade logs can be found at: /var/tmp/dietpi/logs/dietpi-update_apt.log +CONFIG_CHECK_APT_UPDATES=1 + +# Network time sync: 0=disabled | 1=boot only | 2=boot + daily | 3=boot + hourly | 4=Daemon + Drift +CONFIG_NTP_MODE=2 + +# Serial Console: Set to 0 if you do not require serial console. +CONFIG_SERIAL_CONSOLE_ENABLE=1 + +# Sound card +CONFIG_SOUNDCARD=none + +# LCD Panel addon +# - Do not modify, you must use dietpi-config to configure/set options +CONFIG_LCDPANEL=none + +# IPv6 +CONFIG_ENABLE_IPV6=1 + +# Prefer IPv4 with APT and wget, NB: This has no effect if IPv6 is disabled anyway! +CONFIG_PREFER_IPV4=1 + +# APT mirrors which are applied to /etc/apt/sources.list | Values here will also be applied during 1st run setup +# - Raspbian: https://www.raspbian.org/RaspbianMirrors +CONFIG_APT_RASPBIAN_MIRROR=http://raspbian.raspberrypi.org/raspbian/ +# - Debian: https://www.debian.org/mirror/official#list +CONFIG_APT_DEBIAN_MIRROR=https://deb.debian.org/debian/ + +# NTP mirror, applied to /etc/ntp.conf +# - For a full list, please see: https://www.ntppool.org/zone/@ +# - Please remove the initial integer and full stop from the value (removing "0."), eg: debian.pool.ntp.org +CONFIG_NTP_MIRROR=debian.pool.ntp.org + +#------------------------------------------------------------------------------------------------------ +##### DietPi-Software settings ##### +#------------------------------------------------------------------------------------------------------ +# Enter your EmonCMS.org write API key here. It will be applied automatically during EmonPi/Hub install. +# - E.g.: SOFTWARE_EMONHUB_APIKEY=b4dfmk2o203mmxx93a +SOFTWARE_EMONHUB_APIKEY= + +# VNC Server +SOFTWARE_VNCSERVER_WIDTH=1280 +SOFTWARE_VNCSERVER_HEIGHT=720 +SOFTWARE_VNCSERVER_DEPTH=16 +SOFTWARE_VNCSERVER_DISPLAY_INDEX=1 +SOFTWARE_VNCSERVER_SHARE_DESKTOP=0 + +# ownCloud/Nextcloud +# - Optional username for admin account, the default is 'admin', applied during install +SOFTWARE_OWNCLOUD_NEXTCLOUD_USERNAME=admin +# - Optional data directory, default is "/mnt/dietpi_userdata/owncloud_data" respectively "/mnt/dietpi_userdata/nextcloud_data", applied during install +# NB: This option is for advanced users. For full compatibility, please keep this options defaults, and, use dietpi-drive_manager to move the DietPi user data location. +SOFTWARE_OWNCLOUD_DATADIR=/mnt/dietpi_userdata/owncloud_data +SOFTWARE_NEXTCLOUD_DATADIR=/mnt/dietpi_userdata/nextcloud_data + +# WiFi Hotspot +SOFTWARE_WIFI_HOTSPOT_SSID=DietPi-HotSpot +# - Key requires a minimum of 8 characters +SOFTWARE_WIFI_HOTSPOT_KEY=dietpihotspot +SOFTWARE_WIFI_HOTSPOT_CHANNEL=3 + +# X.org +# - DPI 96(default) 120(+25%) 144(+50%) 168(+75%) 192(+100%) +SOFTWARE_XORG_DPI=96 + +# Chromium +SOFTWARE_CHROMIUM_RES_X=1280 +SOFTWARE_CHROMIUM_RES_Y=720 +SOFTWARE_CHROMIUM_AUTOSTART_URL=https://dietpi.com/ + +# Home Assistant +# - Optional Python build dependencies and modules, possibly required for certain HA components +# Space separated list (no quotation!), will be installed together with Home Assistant automatically, if present +SOFTWARE_HOMEASSISTANT_APT_DEPS= +# Add Python modules with version string at best, e.g.: firstModule==1.2.3 secondModule==4.5.6 +SOFTWARE_HOMEASSISTANT_PIP_DEPS= + +# K3s +# Command with flags to use for launching K3s in the service +# The value of this variable is copied directly into the INSTALL_K3S_EXEC environment variable before +# running the K3s installer. +# https://rancher.com/docs/k3s/latest/en/installation/install-options/#options-for-installation-with-script +# +# Optionally, you can add a configuration file named /boot/dietpi-k3s.yaml, +# which will copied into place during installation +# https://rancher.com/docs/k3s/latest/en/installation/install-options/#configuration-file +SOFTWARE_K3S_EXEC= + +#------------------------------------------------------------------------------------------------------ +##### Dev settings ##### +#------------------------------------------------------------------------------------------------------ +DEV_GITBRANCH=master +DEV_GITOWNER=MichaIng + +#------------------------------------------------------------------------------------------------------ +##### Settings, automatically added by dietpi-update ##### +#------------------------------------------------------------------------------------------------------ diff --git a/gpg-howto.md b/gpg-howto.md index 69f5f02..94e055e 100644 --- a/gpg-howto.md +++ b/gpg-howto.md @@ -1,6 +1,16 @@ +Best practices with gpg +Use a separate key for each identity, this means a own key for each email account, which should not be cross referenced. gpg2 --expert --full-gen-key (9) ECC and ECC -(1) Curve 25519) +(1) Curve 25519 //because of this: http://safecurves.cr.yp.to/index.html 3y -//because it is hard enough in real life with humans \ No newline at end of file +//because it is hard enough in real life with humans +//add the name/synonym and the first email + +gpg --edit-key name/synonym +adduid +list [the trust is not yet 'ultimate' but after a save it will be] +uid [n] //adjust primary uid +primary +save diff --git a/raspbian.txt b/raspbian.txt new file mode 100644 index 0000000..12d38a8 --- /dev/null +++ b/raspbian.txt @@ -0,0 +1,3 @@ +edit config.txt to activate serial console +enable_uart=1 +dtoverlay=i2c-rtc,ds3231 diff --git a/usercfg.txt b/usercfg.txt new file mode 100644 index 0000000..38bb81e --- /dev/null +++ b/usercfg.txt @@ -0,0 +1,6 @@ +gpu_mem=16 +dtparam=audio=off +dtoverlay=pi3-disable-bt +dtparam=i2c=on +dtoverlay=i2c-rtc,ds3231 +enable_uart=1