=> 🏡 Home | Back to notes

Raspberry Pi

Last updated on 09 December 2022

I have a small fleet of Raspberry Pis [1] (mostly the Pi 4 Model B), which I use at home for various tasks.

=> 1

They are all firewalled off and are reachable via Tailscale [2]. A small number of the services they run are also exposed to the local network.

=> 2

What they run

As of the time of writing, services I run on the Pis include the following:

• Nextcloud
• Photoprism
• Home Assistant
• Jellyfin
• FreshRSS

Storage

I use large SSDs (e.g. this one [3]) for the Pis that require extra storage, such as for my photos. These are connected via USB3-SATA cables (such as these [4]).

=> 3 | 4

Encryption

For sensitive data, I encrypt the enclosing directories using Fscrypt [5]. Follow the instructions on the Arch Wiki.

=> 5

OS

I tend to use Manjaro Linux as an OS for the Pis.

Setup notes

To setup a new Pi I follow this rough guide:

1. Prepare a micro SD card with the chosen OS (e.g. using the official imager [6])

=> 6

1. Boot the Pi

1. Get the IP address (from your router or otherwise) of the Pi

1. SSH into the new OS (default user: root with no password)

1. Set-up in the usual way (e.g. create non-root user, harden in usual way)

1. Update all current packages pacman -Syyu

1. Install new packages (pacman -S vim tailscale docker ufw)

1. Bring up and enable services

1. Configure Tailscale (tailscale up)

1. Configure UFW (ufw allow in on tailscale0, ufw default deny, ufw enable)

1. Add non-root user to docker group (usermod -aG docker will)

1. Pull and run required Docker containers

Note: Make sure to use the arm64 version of any Docker images required.

=> Back to notes