- Put your SD card into your card reader.
- Run
python raspi-diskutil.py
and entery
to confirm the selected disk and image. - Put disk into the Pi.
- Connect Pi to Ethernet
- Connect power.
- Ensure that your Pi is connected to the network by seeing it listed via
python raspi-address-list.py
- Add your SSH key to the Raspberry Pi(s) on your network and set their hostnames via
bash raspi-ssh-config.sh
- Reserve the IP address currently assigned to your Pi's MAC address from previous step in your router's configuration.
The following commands are all executed while SSH'ed into your Pi:
- Set your password over SSH:
passwd
andsudo passwd root
- Turn off SSH password authentication:
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config; sudo /etc/init.d/ssh restart
- Expand root filesystem over SSH:
sudo raspi-config --expand-rootfs; sudo shutdown -r now
. Then re-SSH to the Pi. raspi-config
, Internationalisation Options, Change Locale: Set locale toen_US.UTF-8 UTF-8
, including default locale for system environmentraspi-config
, Internationalisation Options, Change Timezone: Set asAmerica/Los_Angeles
raspi-config
, Internationalisation Options, Keyboard Layoutraspi-config
, Enable Camera Support- Update system:
sudo apt-get update && sudo apt-get upgrade -y
- Install stuff:
sudo apt-get install -y ca-certificates screen nginx rpi-update
- Update the firmware:
sudo rpi-update; sudo shutdown -r now
- Given a Pi that has a hostname
raspberrypi-12345678
, set up WiFi via:scp raspi-wifi.sh raspberrypi-12345678:~ && ssh raspberrypi-12345678 "sudo ~/raspi-wifi.sh $ssid $passphrase"
(supply your SSID and passphrase in place of the variables) - Check for IP and MAC address associated with WiFi interface, and reserve the IP address currently assigned to your Pi's MAC address from previous step in your router's configuration.
- Shutdown, turn off, unplug from Ethernet, and then boot without Ethernet.
- Install auto-update monthly cronjob via
crontab -e
and add the following line:0 0 0 * * ( apt-get update && apt-get dist-upgrade -y && ( if command -v rpi-update; then sudo rpi-update; fi ) && /sbin/shutdown -r now ) > /dev/null 2>&1
sudo iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
sudo iptables -P INPUT DROP
By Weston Ruter. GPLv2 license.