-
Notifications
You must be signed in to change notification settings - Fork 1
/
BatRack.Pifile
226 lines (181 loc) · 6.02 KB
/
BatRack.Pifile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
FROM Base.img
PUMP 400M
# Install custom folders
INSTALL boot /boot
INSTALL etc /etc
INSTALL home /home
INSTALL usr /usr
INSTALL var /var
# Fix permissions for pi user
RUN chown -R pi:pi /home/pi/
# Mount boot writable for users
RUN sed -i 's/\(boot.*vfat.*defaults\)/\1,user,umask=000/g' /etc/fstab
#################################################
### basic configuration
# Fix permissions on host ssh files
RUN bash -c 'chown root:root /etc/ssh/ssh_host_*'
RUN bash -c 'chmod 600 /etc/ssh/ssh_host_*_key'
RUN bash -c 'chmod 644 /etc/ssh/ssh_host_*_key.pub'
RUN systemctl disable regenerate_ssh_host_keys
# Install user ssh files and fix permissions
INSTALL home/pi/.ssh /home/pi/.ssh
RUN chown pi:pi /home/pi
RUN chown pi:pi /home/pi/.ssh
RUN chown pi:pi /home/pi/.ssh/id_ed25519
RUN chown pi:pi /home/pi/.ssh/id_ed25519.pub
RUN chown pi:pi /home/pi/.ssh/authorized_keys
RUN chmod 755 /home/pi
RUN chmod 700 /home/pi/.ssh
RUN chmod 600 /home/pi/.ssh/id_ed25519
RUN chmod 644 /home/pi/.ssh/id_ed25519.pub
RUN chmod 644 /home/pi/.ssh/authorized_keys
# Install root ssh files and fix permissions
INSTALL home/pi/.ssh /root/.ssh
RUN chown root:root /root
RUN chown root:root /root/.ssh
RUN chown root:root /root/.ssh/id_ed25519
RUN chown root:root /root/.ssh/id_ed25519.pub
RUN chown root:root /root/.ssh/authorized_keys
RUN chmod 755 /root
RUN chmod 700 /root/.ssh
RUN chmod 600 /root/.ssh/id_ed25519
RUN chmod 644 /root/.ssh/id_ed25519.pub
RUN chmod 644 /root/.ssh/authorized_keys
# Set default password
RUN bash -c 'echo "pi:natur" | chpasswd'
# Allow basic connectivity (0 == success status code - enable)
RUN raspi-config nonint do_ssh 0
RUN raspi-config nonint do_i2c 0
RUN tee -a /boot/config.txt <<<dtoverlay=i2c-rtc,ds3231
# Set Europe/Berlin timezone
RUN ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# set git config for possible local commits
RUN git config --global user.email "pi@BatRack"
RUN git config --global user.name "BatRack User"
# enable hostname-config script and set default hostname
RUN bash -c 'CMDLINE=$(cat /boot/cmdline.txt); echo "${CMDLINE} -- systemd.hostname=BatRack" > /boot/cmdline.txt'
RUN systemctl enable hostname-config.service
# Enabling wait for time-sync.target (depending services will not start before the clock is synced)
RUN systemctl enable systemd-time-wait-sync.service
# Reboot on kernel panic
RUN bash -c "echo kernel.panic=10 | tee -a /etc/sysctl.conf"
#################################################
### network configuration
# enable hostapd-config script (WiFi AP)
RUN systemctl enable hostapd-config.service
RUN systemctl enable hostapd.service
# enable wifi-config script
RUN systemctl enable [email protected]
# Modify default network settings
RUN bash -c "echo net.ipv4.ip_forward=1 | tee -a /etc/sysctl.conf"
RUN bash -c "echo net.ipv4.icmp_echo_ignore_broadcasts=0 | tee -a /etc/sysctl.conf"
# enable wireguard
RUN ln -s /boot/wireguard.conf /etc/wireguard/wireguard.conf
RUN systemctl enable wg-quick@wireguard
RUN tee -a /etc/sysdweb.conf <<EOF
[wg-quick@wireguard]
title = Wireguard (/boot/wireguard.conf)
unit = wg-quick@wireguard
EOF
#################################################
### services configuration
# install and enable enable sysdweb
RUN python3 -m pip install -e /home/pi/sysdweb
RUN systemctl enable sysdweb
# Create symlinks for other webserver targets
RUN mkdir /data
RUN chown pi:pi /data
RUN ln -s . /data/sysdweb
RUN ln -s . /data/radiotracking
RUN ln -s /boot/ /data/boot
# enable caddy
RUN systemctl enable caddy
RUN tee -a /etc/sysdweb.conf <<EOF
[caddy]
title = Caddy Web Server
unit = caddy
EOF
# enable mosquitto
RUN systemctl enable mosquitto.service
RUN tee -a /etc/sysdweb.conf <<EOF
[Mosquitto]
title = Mosquitto MQTT Broker
unit = mosquitto
EOF
# List timesyncd
RUN tee -a /etc/sysdweb.conf <<EOF
[timesyncd]
title = Network Time Synchronization
unit = systemd-timesyncd
EOF
# Install and enable pymqttutil
RUN python3 -m pip install -e /home/pi/pymqttutil
RUN python3 -m pip install psutil
RUN systemctl enable mqttutil.service
RUN tee -a /etc/sysdweb.conf <<EOF
[mqttutil]
title = MQTTUtil
unit = mqttutil
EOF
# Install uhubctl (dependency) and enable huaweicheck
RUN bash -c 'cd /home/pi/uhubctl; make; make install'
RUN systemctl enable huaweicheck.timer
RUN tee -a /etc/sysdweb.conf <<EOF
[huaweicheck]
title = Huawei Check
unit = huaweicheck
EOF
# Blacklist DVB-T driver
RUN tee -a /etc/modprobe.d/raspi-blacklist.conf <<<'blacklist dvb_usb_rtl28xxu'
# Install radiotracking
RUN python3 -m pip install -e /home/pi/pyradiotracking
RUN systemctl enable radiotracking.service
RUN tee -a /etc/sysdweb.conf <<EOF
[radiotracking]
title = RadioTracking
unit = radiotracking
EOF
#################################################
### BatRack configuration
# update sources für RPI_Cam_Web installer
RUN apt-get update
# Enable camera interaction
RUN raspi-config nonint do_camera 0
# patch install file to omit sudo
RUN sed -i "s/sudo //g" /home/pi/RPi_Cam_Web_Interface/install.sh
# Install RPi_Cam_Web_Interface software (restore rc.local afterwards)
RUN cp /etc/rc.local /etc/rc.local.bak
RUN /home/pi/RPi_Cam_Web_Interface/install.sh q
RUN cp /etc/rc.local.bak /etc/rc.local
# Prepare raspimjpeg folders
RUN mkdir -p /dev/shm/mjpeg
RUN chown www-data:www-data /dev/shm/mjpeg
RUN chmod 777 /dev/shm/mjpeg
# change apache port
RUN sed -i "s/80/81/" /etc/apache2/ports.conf
RUN systemctl enable apache2
# create bookmark and forward apache through caddy
RUN ln -s . /data/rpicam
# Enable services and add to sysdweb
RUN systemctl enable raspimjpeg.service
RUN tee -a /etc/sysdweb.conf <<EOF
[raspimjpeg]
title = RaspiMJPEG
unit = raspimjpeg
EOF
RUN systemctl enable raspiwebcam.service
RUN tee -a /etc/sysdweb.conf <<EOF
[raspiwebcam]
title = RPi Cam Web Interface
unit = raspiwebcam
EOF
# Install BatRack dependenies
RUN apt-get install -y python3-numpy python3-pyaudio
RUN python3 -m pip install -e /home/pi/BatRack
# Enable BatRack
RUN systemctl enable BatRack.service
RUN tee -a /etc/sysdweb.conf <<EOF
[BatRack]
title = BatRack
unit = BatRack
EOF