2024-03-21
Table of contents:
- Update raspbian linux to latest version
- Change password, hostname, full xdm greeter
- Configure a static IP address
- Tune kernel settings
- Tune video settings
- Tune audio settings
- Tune wifi settings
- Tune eth settings
- Remove tv black borders
- Fix slow usb mouse
- Reduce power consumption
- Overclock
- Extend lifespan of mechanical HDD
- Extend lifespan of sdcard
- Extend your RAM by enabling ZRAM
- Setup a NAS (via NFS)
- Setup a remote desktop (via VNC)
- Setup a shared printer
- Setup the firewall
- SSH access and tunnels
- Save external syslog
- Enable bluetooth without WiFi
- Dedicated posts:
- Source a common
bashrc
for your users - Setup VeraCrypt volume manager
- Setup Deluge torrent manager
- Setup a DLNA media server
- Setup Kodi media center
- Setup a shared scanner
- Setup an UPS monitor
- Setup dnsmasq DNS server
- Setup a freeDNS account
- Setup a WebDav fileserver
- Setup fail2ban to protect services
- Setup a VPN to protect your privacy
- Setup monitoring with Munin
- Setup a good Screen config
- Setup RetroPie
- Source a common
- Tools
- Backup
- Miscellanea
Update raspbian linux to latest version:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apt-get update apt-get upgrade apt-get dist-upgrade apt-get clean apt-get autoremove rpi-update # update firmware & kernel apt-get purge bash-completion # speed up shell TAB-auto completion # --- os version update, eg: from jessie (deb8) to stretch (deb9) sed -i 's/jessie/stretch/g' /etc/apt/sources.list sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list # repeat the commands above, then check the current version: cat /etc/os-release |
Debian 10 upgrade: see rpi blog post notes and comments.
Change password, hostname, full xdm greeter:
1 2 3 4 | sudo raspi-config # Change User Password; Hostname # choose lightdm-gtk-greeter sudo update-alternatives --config lightdm-greeter |
Configure a static IP address (see also this and fallback method):
append the desired following blocks to /etc/dhcpcd.conf
:
1 2 3 4 5 6 7 8 9 10 11 12 13 | interface eth0 fallback mylan SSID my_wifi_ssid fallback mylan interface wlan0 fallback mylan profile mylan static ip_address=192.168.1.110/24 static routers=192.168.1.1 static domain_name_servers=84.200.69.80 37.235.1.174 84.200.70.40 37.235.1.177 |
Note: Do not use the directive inform 192.168.1.110
because it breaks the UPS monitor.
Optional do not wait for network at boot: run raspi-config
and select Boot > Wait for Network at Boot > No.
Tune kernel settings
- disable 64 bit kernel image, put in
/boot/config.txt
:
1 | arm_64bit=0 |
- Disable IPv6: append
ipv6.disable=1
to kernel parameters in/boot/cmdline.txt
or:
1 2 3 4 | # via sysctl: echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf # via modprobe: echo "blacklist ipv6" >> /etc/modprobe.d/local.conf |
- Set autoreboot on kernel panic: append
panic=5
to kernel parameters in/boot/cmdline.txt
or viasysctl
:
1 | echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf |
use
eth0
as first ethernet device name (wiki)- raspi-config > Advanced Options > Network Interface Names > disable predictable network i/f names
- append
net.ifnames=0
to/boot/cmdline.txt
better/visible boot messages: append
consoleblank=0 plymouth.enable=0
to kernel parameters in/boot/cmdline.txt
Remove tv black borders: set
disable_overscan=1
in the/boot/config.txt
.Fix slow usb mouse: append
usbhid.mousepoll=0
to kernel parameters in/boot/cmdline.txt
.
Tune video settings
Run raspi-config
and in the Advanced Options
section, if using a raspberry
pi 4 then enable both the GL driver and the Compositor otherwise turn them off.
Note: to ensure the loading of Pi4's VC4/GL driver make sure to uninstall Xorg frame buffer drivers:
1 2
apt install xserver-xorg-video-vesa apt purge xserver-xorg-video-fbdev xserver-xorg-video-fbturbo
Fix HDMI no signal
1 2 3 | # /boot/config.txt hdmi_force_hotplug=1 config_hdmi_boost=6 |
Fix Pi4's DRM mem error:
1
DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory
If you see the above error then use these
/boot/config.txt
settings:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
# force HD, and prevent 4K memory drain (optional) hdmi_group=1 hdmi_mode=16 [hdmi:0] hdmi_max_pixel_freq=200000000 [hdmi:1] hdmi_max_pixel_freq=200000000 [pi4] # Enable DRM VC4 V3D driver on top of the dispmanx display stack (default driver) dtoverlay=vc4-fkms-v3d # number of active displays 1-2 max_framebuffers=1 # disable any memory split #gpu_mem=256
and append
cma=384M
to/boot/cmdline.txt
.
Tune audio settings
1 2 | # add tsched=0 in /etc/pulse/default.pa on this line: load-module module-udev-detect tsched=0 |
1 2 3 4 | cd /usr/share/pulseaudio/alsa-mixer/paths tar -czvf ../paths.tgz . # backup perl -pi -0 -e 's/(\[[A-Za-z ]*(Mic Boost|Capture)\][A-Za-z._=\s-]+volume *= *)merge/\1zero/g;' *mic*.conf shutdown -r 0 |
- to have a much better audio quality you can buy an usb soundcard (eg. PCM2704 DAC)
1 2 3 4 5 6 | # /etc/modprobe.d/local-audio.conf # https://alsa.opensrc.org/MultipleCards#Reordering_the_driver_for_a_particular_card options snd_bcm2835 index=0 # get vendor and product IDs via "lsusb" (my PCM2704 has 08bb:27c4) options snd-usb-audio index=2,3,4 vid=0x08bb,0x1395,0x046d pid=0x27c4,0x0025,0x0836 |
1 2 3 4 5 | # set default card in pulseaudio (taken from raspi-config script) pulseaudio --check || pulseaudio -D export XDG_RUNTIME_DIR=/run/user/`id -g` pacmd list-sinks | grep -e index -e alsa.name # identify your card number pactl set-default-sink 3 |
Tune wifi settings
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | # disable roaming echo "options brcmfmac roamoff=1" >> /etc/modprobe.d/local.conf # set correct regional domain sed -i 's/REGDOMAIN=.*/REGDOMAIN=IT/' /etc/default/crda # auto turn off power management cd /etc/network/if-up.d/ echo -e '#!/bin/bash\n/sbin/iw dev wlan0 set power_save off' > local-wlan chmod 755 local-wlan # find an optimal MTU size via: # ping -c 2 -M do -s 1600 www.google.com # then save it with: echo "/sbin/ip link set dev wlan0 mtu 1400" >> local-wlan |
Turn off bluetooth if unused, see this section.
Tune eth settings
Disable eee
Energy Efficient Ethernet
support1
echo "dtparam=eee=off" >> /boot/config.txt
Force eth0 speed to 100Mbs full duplex:
create a
device tree file
cm4-disable-gigabit-ethernet.dts
:1 2 3 4 5 6 7 8 9 10 11 12
/dts-v1/; /plugin/; / { /* Change the phy max-speed to 100 Mbps */ fragment@0 { target = <&phy1>; __overlay__ { max-speed = <100>; }; }; };
compile and install:
1 2
sudo dtc -@ -Hepapr -I dts -O dtb -o /boot/overlays/cm4-disable-gigabit-ethernet.dtbo cm4-disable-gigabit-ethernet.dts echo "dtoverlay=cm4-disable-gigabit-ethernet" >> /boot/config.txt
Reduce power consumption:
turn off leds (RPIex, forum, lindevs) by putting in /boot/config.txt
under the [pi4]
tag:
1 2 3 4 5 6 7 8 9 10 11 12 | [pi4] # Disable the PWR LED dtparam=pwr_led_trigger=default-on dtparam=pwr_led_activelow=off # Disable the Activity LED dtparam=act_led_trigger=none dtparam=act_led_activelow=off # Disable ethernet port LEDs (0=ACT, 1=LNK) dtparam=eth_led0=4 dtparam=eth_led1=4 |
you can also disable them at runtime:
1 2 3 4 | # turn off power/act led echo 0 > /sys/class/leds/default-on/brightness echo 0 > /sys/class/leds/ACT/brightness echo 255 > /sys/class/leds/PWR/brightness |
1 2 | # disable HDMI output (and set boot to console via raspi-config) /usr/bin/tvservice -o # -p to re-enable |
set boot to console and reduce memory split:
1 2 | raspi-config # Boot Options > Desktop / CLI > Console raspi-config # Advanced Options > Memory Split > 16 |
turn off unsued wlan/bluetooth (see /boot/overlays/README
), put in /boot/config.txt
:
1 2 | dtoverlay=disable-wifi dtoverlay=disable-bt |
and turn off the bluetooth services:
1 2 | systemctl disable hciuart systemctl disable bluetooth |
Overclock RPI4:
Add these lines in /boot/config.txt
:
1 2 3 4 | arm_freq=2048 v3d_freq=750 over_voltage=6 hdmi_enable_4kp60=1 |
optionally set performance
cpu governor:
1 2 | # /etc/rc.local echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor |
Extend lifespan of mechanical HDD:
put in /etc/hdparm.conf
:
1 2 3 4 5 6 7 | /dev/sda { write_cache = on # -B -- disable Advanced Power Management apm = 254 # -S -- 1h timeout spindown_time = 242 } |
Extend lifespan of sdcard:
install my tmpfs-folders script and add a custom periodic cleaning of /var/log
files in root crontab
:
1 2 | # m h dom mon dow command 0 0 * * 3 /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null |
Extend your RAM by enabling ZRAM (compressed RAM):
put in /etc/rc.local
:
1 2 3 4 5 6 7 8 9 10 | if modprobe zram num_devices=1 ; then echo lz4 > /sys/block/zram0/comp_algorithm echo 384M > /sys/block/zram0/mem_limit echo 768M > /sys/block/zram0/disksize mkswap /dev/zram0 swapon -p 10 /dev/zram0 sysctl vm.swappiness=90 fi |
and optionally disable dphys-swapfile
swapfile service:
1 | systemctl disable dphys-swapfile |
Setup a NAS (via NFS):
Server side commands:
1 2 3 4 5 6 7 8 9 | apt-get install nfs-kernel-server systemctl enable rpcbind # it's disabled by default... systemctl restart nfs-kernel-server # add a share to /etc/exports echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports exportfs -ra # reload server |
and append these lines to /ect/rc.local
:
1 2 3 | # fix: nfs server doesn't start without rpcbind
systemctl start rpcbind
systemctl restart nfs-kernel-server
|
Client side commands:
1 2 | echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab mount /mnt/path |
Setup a remote desktop (via VNC):
You have three options:
- Install the modern TigerVNC server, see the dedicated post
- Use the lightdm TigerVNC service by enabling it in
/etc/lightdm/lightdm.conf
Install the old TightVNC:
1 2 3 4 5
apt-get install tightvncserver # set a password and run a LQ server on display 1: vncpasswd vncserver -geometry 1024x768 -depth 8 :1 vncviewer server_ip:1 # connect from another host
Setup a shared printer:
1 2 3 4 5 6 7 | apt-get install cups apt-get install hplip # HP printers drivers hp-setup -i # install printer + dl drivers elinks http://localhost:631 # Administration > Printers > Add printer # Server settings > Share printers connected to this system |
then turn the printer off and on again.
On Android you can install these apps: Let's print Droid, and Let's Print PDF.
Setup the firewall:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | apt-get install ufw ufw reset # reset to defaults ufw default deny incoming ufw default allow outgoing ufw allow from 192.168.1.0/24 # your intranet ufw allow from x.x.x.x # a trusted IP ufw limit 22/tcp # max 6 new connections every 30 seconds ufw limit 2200:2230/udp # mosh port range ufw allow 1810:1820/tcp # bittorent - data ufw allow 1810:1820/udp ufw allow 6881:6891/tcp # bittorent - tracker ufw allow 6881:6891/udp ufw allow 6771/udp # bittorent - local peer discovery ufw enable |
SSH access and tunnels:
Here is an example for creating some simple forward tunnels while connecting to a remote server:
1 2 3 4 5 6 7 | # deluge thin client & web ui, vnc, nginx ssh \ -L 58846:localhost:58846 \ -L 8112:localhost:8112 \ -L 5901:localhost:5901 \ -L 1234:localhost:1234 \ user@server_addr |
There are some great SSH clients as PuTTY for windows/linux and juiceSSH on Android.
Use mosh
(even with juiceSSH!) to reliably connect from unstable or high latency networks:
1 2 | apt-get install mosh # run this both on client and server mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server |
Read the dedicated post for an advanced tunnel usage.
Read the dedicated post to setup a SOCKS proxy with SSH.
Note: if sshd is slow to start at boot (systemd-analyze blame
) then install haveged
to have more entropy. Also apply this patch if it's killed by systemd on debian bullseye:
1 2 3 4 | mkdir -p /etc/systemd/system/haveged.service.d echo -e '[Service]\nSystemCallFilter=uname' > /etc/systemd/system/haveged.service.d/dietpi.conf systemctl daemon-reload systemctl restart haveged |
Save external syslog via rsyslog:
- enable tcp/udp ports, uncomment these lines in
/etc/rsyslog.conf
1 2 3 4 5 | module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") |
- filter and save remote logs by IP, create
/etc/rsyslog.d/router.conf
1 2 3 4 | $template routerlog, "/var/log/router.log" if $fromhost-ip startswith "192.168.1.1" then -?routerlog & stop |
- restart service
1 | systemctl restart rsyslog |
- configure the device (eg. a router) to use your raspi IP as the remote syslog server
Enable bluetooth without WiFi
- disable WiFi by blacklisting its modules, add in
/etc/modprobe.d/local-wifi.conf
:
1 2 | blacklist brcmfmac blacklist brcmutil |
- set
enable_uart=1
in/boot/config.txt
- ensure
/boot/cmdline.txt
contains this text in this exact order:
1 | console=serial0,115200 console=tty1 |
- enable services:
1 2 | systemctl enable hciuart systemctl enable bluetooth |
Dedicated posts:
- Source a common
bashrc
for your users - Setup VeraCrypt volume manager
- Setup Deluge torrent manager
- Setup a DLNA media server
- Setup Kodi media center
- Setup a shared scanner
- Setup an UPS monitor
- Setup dnsmasq DNS server
- Setup a freeDNS account
- Setup a WebDav fileserver
- Setup fail2ban to protect services
- Setup a VPN to protect your privacy
- Setup monitoring with Munin
- Setup a good Screen config
- Setup RetroPie
Tools:
1 2 3 | apt-get install rpi-chromium-mods # video acceleration on google chrome apt-get install remmina # very handy VNC/SSH GUI apt-get install omxplayer # accelerated cli media player |
Fast/light web browsers:
OMXplayer GUIs:
- gomx -- light Python+Tk via python-omxplayer-wrapper
1 2 3 4 5
sudo apt install libdbus-1-dev libglib2.0-dev pip install omxplayer-wrapper wget -O ~/bin/gomx https://github.com/vladcc/gomx/raw/master/gomx/gomx.py chmod 755 ~/bin/gomx sed -i 's/^PL_WIN_PAD = .*/PL_WIN_PAD = 0/' ~/bin/gomx # adjust padding
- tboplayer -- via pyomxplayer + youtube-dl + lyrics
raspi-keygen -- Patch for MPEG-2, VC-1 license (untested, use it at your own risk)
1 2
cd /boot && cp start.elf start.elf_backup && \ perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
latest mkvtoolnix for raspbian
Backup:
You can do a full/raw sdcard backup, a live/tar one, or an incremental one.
As an alternative to 7za
you can use xz
just like the gz
command (or use the -J
option of tar
).
Incremental backup commands
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | # --- backup ---------------------------------------- cd /tmp && mkdir -p p1 p2 sudo mount -o ro /dev/sdc1 p1 sudo mount -o ro /dev/sdc2 p2 cd bkup-folder sudo sfdisk -d /dev/sdc > ptable mkdir -p p1 p2 sudo ribs -b --no-p p1 /tmp/p1 sudo ribs -b p2 /tmp/p2 sudo umount /tmp/p? # --- restore --------------------------------------- cd bkup-folder cd /tmp && mkdir -p p1 p2 sfdisk /dev/sdc < ptable mkfs.vfat /dev/sdc1 mkfs.ext4 /dev/sdc2 sudo mount /dev/sdc1 p1 sudo mount /dev/sdc2 p2 sudo ribs -r p1 /tmp/p1 sudo ribs -r p2 /tmp/p2 cat ptable | grep label-id # view old partition ID # change to the new partition ID sfdisk -d /dev/sdc | grep label-id # update PARTUUID in p1/cmdline.txt # update PARTUUID in p2/etc/fstab sudo umount /tmp/p? |
Miscellanea:
turn TV/monitor on/off
1 2 3
cec-ctl -d/dev/cec0 --playback -S # initialize cec-ctl -d/dev/cec0 --to 0 --standby # turn OFF cec-ctl -d/dev/cec0 --to 0 --image-view-on # turn ON
Fix TV/monitor not detected unless powered on first:
1
sudo tvservice -d /boot/edid.dat
1 2 3
# /boot/config.txt hdmi_edid_file=1 hdmi_force_hotplug=1
Test if we are on a raspberry (/sys, /proc/cpuinfo):
1 2
cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2 grep Hardware /proc/cpuinfo # Hardware : BCM2708
To save space on new installs of ruby gems, put in
~/.gemrc
:1 2
install: --no-rdoc --no-ri --no-document update: --no-rdoc --no-ri --no-document
and to install a gem in the user
$HOME
use this command:1 2 3 4
gem install --user-install bundler # remember to update your PATH adding this line to ~/.bashrc export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH
If you have a logitech wireless keyboard (eg: K400+) then you can use solaar to query and configure it:
1 2 3 4 5 6
git clone https://github.com/pwr/Solaar.git cd Solaar/bin solaar show all solaar show 1 | grep Battery solaar config 1 fn-swap off # toggle function keys
If you have a keyboard without the
F#
keys (like the kano keybord) you can emulate them withxdotool
and then run it viaxbindkeys
:1 2 3 4
sudo apt-get install xdotool xbindkeys xbindkeys-config xdotool key ctrl+alt+F1 # emulate these key press xbindkeys-config # create and save your bindings xbindkeys # run daemon
or you can use
xmodmap
to remap existing keys:1 2 3
xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig nano ~/.Xmodmap # edit keys xmodmap ~/.Xmodmap # load changes (run this on X startup)
see
Xorg keyboard
references on the bottom.Autostart programs when loggin in LXDE: put your commands prefixed by
@
in~/.config/lxsession/LXDE-pi/autostart
Change video mode/resolution without rebooting -- see rpi forum post
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | # query available video modes tvservice -m CEA #Group CEA has 16 modes: # mode 4: 1280x720 @ 60Hz 16:9, clock:74MHz progressive # mode 19: 1280x720 @ 50Hz 16:9, clock:74MHz progressive # (prefer) mode 16: 1920x1080 @ 60Hz 16:9, clock:148MHz progressive # set custom video mode tvservice -e "CEA 4 HDMI" #fbset -depth 8 ; fbset -depth 16 fbset -g 1280 720 1280 720 16 xrefresh # set default video mode tvservice -p |
qpdfview
a PDF viewer better thanxpdf
(modern GUI, fast render, page preload and cache)
Notes:
- Raspberry Pi 3 provides 1.2A USB current by default (no need to set
max_usb_current=1
in/boot/config.txt
). Of course a 2.5A PSU is mandatory.
Tips:
- SenseHAT: blog post
- hplayer (mplayer)
- SSHfs
- read-only sdcard: adafruits post from raspi post
Sources:
- power consumption: pidramble, jeffgeerling
- ZRAM: kernel, raspberry pi 3 gist, with-raspberrypi blog, stoned.io
- NFS server in Raspbian: can't connect
- Reduce SDcard wearing: stackexchange post e ramlog pkg
- Xorg keyboard: keysym list, xmodmap tutorials by xahlee and archlinux wiki
- upgrade raspbian8 to 9
- Fix wifi poor performance + turn power management off + optimize