-
Notifications
You must be signed in to change notification settings - Fork 0
/
tsOS-Base.Pifile
289 lines (230 loc) · 8.54 KB
/
tsOS-Base.Pifile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
# Set default ARCH
: ${ARCH:=arm64}
FROM https://downloads.raspberrypi.com/raspios_lite_${ARCH}/images/raspios_lite_${ARCH}-2024-07-04/2024-07-04-raspios-bookworm-${ARCH}-lite.img.xz
TO "tsOS-Base-${ARCH}.img"
PUMP 1000M
# Set os-release info
NAME="tsOS-Base"
VERSION_ID=`git describe --tags --always || true`
VERSION_CODENAME=bookworm
RUN tee /etc/os-release <<EOF
PRETTY_NAME="$NAME $VERSION_ID ($VERSION_CODENAME)"
NAME=$NAME
VERSION_ID=$VERSION_ID
VERSION="$VERSION_ID ($VERSION_CODENAME)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://trackit.systems/"
SUPPORT_URL="https://github.com/trackIT-Systems/tsOS-Base"
BUG_REPORT_URL="https://github.com/tRackIT-Systems/tsOS-Base/issues"
EOF
#################################################
### install software
# Update OS and sources
RUN apt-get update
# Install basic software
RUN apt-get install -y \
python3 python3-pip \
i2c-tools \
vim \
git \
mosh \
libusb-1.0-0-dev \
zsh
# Install networking tools
RUN apt-get install -y \
tcpdump \
hostapd \
dnsmasq \
bridge-utils \
iptables \
wireguard-tools
# Install dkms
RUN apt-get install -y dkms bc
# Install caddy
if [[ "$ARCH" == "armhf" ]]; then
RUN bash -c "curl -L https://github.com/caddyserver/caddy/releases/download/v2.7.5/caddy_2.7.5_linux_armv7.tar.gz | tar xz caddy"
else
RUN bash -c "curl -L https://github.com/caddyserver/caddy/releases/download/v2.7.5/caddy_2.7.5_linux_${ARCH}.tar.gz | tar xz caddy"
fi
RUN mv caddy /usr/bin/caddy
RUN groupadd --system caddy
RUN useradd --system \
--gid caddy \
--create-home \
--home-dir /var/lib/caddy \
--shell /usr/sbin/nologin \
--comment "Caddy web server" \
caddy
# Install filebrowser
if [[ "$ARCH" == "armhf" ]]; then
RUN bash -c "curl -L https://github.com/filebrowser/filebrowser/releases/download/v2.26.0/linux-armv7-filebrowser.tar.gz | tar xz filebrowser"
else
RUN bash -c "curl -L https://github.com/filebrowser/filebrowser/releases/download/v2.26.0/linux-${ARCH}-filebrowser.tar.gz | tar xz filebrowser"
fi
RUN mv filebrowser /usr/bin/filebrowser
# Install mosquitto
RUN apt-get install -y mosquitto mosquitto-clients
# Install sysdweb dependecies
RUN apt-get install -y python3-systemd python3-dbus libdbus-glib-1-dev
# Install GPS / NTP software
RUN apt-get install --no-install-recommends -y \
gpsd \
gpsd-clients \
chrony
RUN apt-get clean
#################################################
### custom files
# Install custom folders
INSTALL boot /boot
INSTALL etc /etc
INSTALL home /home
INSTALL var /var
INSTALL usr /usr
# Fix permissions for pi user
RUN chown -R pi:pi /home/pi/
# Mount boot writable for users
RUN sed -i 's/\(boot.*vfat.*defaults\)/\1,user,umask=000/g' /etc/fstab
#################################################
### basic configuration
# Fix permissions on host ssh files
RUN bash -c 'chown root:root /etc/ssh/ssh_host_*'
RUN bash -c 'chmod 600 /etc/ssh/ssh_host_*_key'
RUN bash -c 'chmod 644 /etc/ssh/ssh_host_*_key.pub'
RUN systemctl disable regenerate_ssh_host_keys
# Install user ssh files and fix permissions
INSTALL home/pi/.ssh /home/pi/.ssh
RUN chown pi:pi /home/pi
RUN chown pi:pi /home/pi/.ssh
RUN chown pi:pi /home/pi/.ssh/authorized_keys
RUN chmod 755 /home/pi
RUN chmod 700 /home/pi/.ssh
RUN chmod 644 /home/pi/.ssh/authorized_keys
# Install root ssh files and fix permissions
INSTALL home/pi/.ssh /root/.ssh
RUN chown root:root /root
RUN chown root:root /root/.ssh
RUN chown root:root /root/.ssh/authorized_keys
RUN chmod 755 /root
RUN chmod 700 /root/.ssh
RUN chmod 644 /root/.ssh/authorized_keys
# Set default password
RUN bash -c 'echo -n "pi:" > /boot/firmware/userconf.txt'
RUN bash -c 'echo "natur" | openssl passwd -6 -stdin >> /boot/firmware/userconf.txt'
RUN rm /etc/ssh/sshd_config.d/rename_user.conf
# Change default shell for pi user
RUN chsh -s /bin/zsh pi
# Allow basic connectivity (0 == success status code - enable)
RUN raspi-config nonint do_ssh 0
RUN raspi-config nonint do_i2c 0
RUN tee -a /boot/firmware/config.txt <<<dtoverlay=i2c-rtc,ds3231
# Set Europe/Berlin timezone
RUN ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# set git config for possible local commits
RUN git config --global user.email "pi@tsOS"
RUN git config --global user.name "tsOS User"
# enable hostname-config script and set default hostname
RUN systemctl enable hostname-config.service
# Enabling wait for time-sync.target (depending services will not start before the clock is synced)
RUN systemctl enable chrony-waitsync.service systemd-time-wait-sync-prepare.service systemd-time-wait-sync.service
# Reboot on kernel panic
RUN bash -c "echo kernel.panic=10 | tee -a /etc/sysctl.conf"
# List chrony
RUN tee -a /etc/sysdweb.conf <<EOF
[chrony]
title = Chrony | Time Synchronization
unit = chrony
EOF
# Install dependenies & enable WittyPi
RUN cp -R /home/pi/wittypi4/rtc-pcf85063-wittypi4 /usr/src/rtc-pcf85063-wittypi4-6.6.y
RUN bash -c 'for k in /lib/modules/6.6.*; do dkms install -k $(basename $k) rtc-pcf85063-wittypi4/6.6.y; done'
### compile overlays and enable hardware
RUN dtc -O dtb -o /boot/firmware/overlays/wittypi4.dtbo /home/pi/wittypi4/wittypi4-overlay.dts
RUN tee -a /boot/firmware/config.txt <<<dtoverlay=wittypi4
RUN tee -a /boot/firmware/config.txt <<<dtoverlay=gpio-shutdown,gpio_pin=4,debounce=0,active_low=0
RUN tee -a /boot/firmware/config.txt <<<dtoverlay=gpio-led,gpio=17,label=sysup,trigger=heartbeat
### install python daemon
RUN python3 -m pip install --break-system-packages -e /home/pi/wittypi4
RUN systemctl enable wittypid.service wittypid-watcher.path
RUN tee -a /etc/sysdweb.conf <<EOF
[wittypid]
title = WittyPi | Schedule Management
unit = wittypid
EOF
#################################################
### network configuration
# enable hostapd-config script (WiFi AP)
RUN systemctl enable hostapd-config.service
RUN systemctl enable hostapd.service
# Modify default network settings
RUN bash -c "echo net.ipv4.ip_forward=1 | tee -a /etc/sysctl.conf"
RUN bash -c "echo net.ipv4.icmp_echo_ignore_broadcasts=0 | tee -a /etc/sysctl.conf"
# enable wireguard
RUN ln -s /boot/firmware/wireguard.conf /etc/wireguard/wireguard.conf
RUN systemctl enable wg-quick@wireguard
RUN tee -a /etc/sysdweb.conf <<EOF
[wg-quick@wireguard]
title = Wireguard | Remote Access (/boot/firmware/wireguard.conf)
unit = wg-quick@wireguard
EOF
# disable resolv.conf altering
RUN chattr +i /etc/resolv.conf
#################################################
### services configuration
# install and enable enable sysdweb
RUN python3 -m pip install --break-system-packages -e /home/pi/sysdweb
RUN systemctl enable sysdweb
# Create symlinks for other webserver targets
RUN mkdir /data
RUN chown pi:pi /data
RUN ln -s /boot/firmware/ /data/boot
# enable caddy
RUN systemctl enable caddy
# enable filebrowser
RUN systemctl enable filebrowser
# enable mosquitto
RUN systemctl enable mosquitto.service
RUN tee -a /etc/sysdweb.conf <<EOF
[Mosquitto]
title = Mosquitto | MQTT Broker
unit = mosquitto
EOF
# Install pysmartsolar
RUN python3 -m pip install --break-system-packages -e /home/pi/pysmartsolar
# Install vedirect_dump
RUN python3 -m pip install --break-system-packages -e /home/pi/vedirect_dump
# Install and enable pymqttutil
RUN python3 -m pip install --break-system-packages -e /home/pi/pymqttutil
RUN python3 -m pip install --break-system-packages psutil
RUN systemctl enable mqttutil.service
RUN tee -a /etc/sysdweb.conf <<EOF
[mqttutil]
title = MQTTUtil | System Health State
unit = mqttutil
EOF
# Enable dmesgdump
RUN systemctl enable dmesgdump
# Install uhubctl (dependency) and enable huaweicheck
RUN bash -c 'cd /home/pi/uhubctl; make; make install'
RUN systemctl enable huaweicheck.timer
RUN systemctl enable brovi_startup.service
# Blacklist DVB-T driver
RUN tee -a /etc/modprobe.d/raspi-blacklist.conf <<<'blacklist dvb_usb_rtl28xxu'
# Configure hardware connectivity
RUN sed -i 's/dtparam=audio=on/#dtparam=audio=on/' /boot/firmware/config.txt
RUN raspi-config nonint do_serial_hw 0
RUN raspi-config nonint do_serial_cons 1
RUN systemctl disable serial-getty@ttyS0.service
# Disable freq scaling to fix miniuart issues, i.e., https://wiki.dragino.com/index.php?title=Getting_GPS_to_work_on_Raspberry_Pi_3_Model_B
RUN tee -a /boot/firmware/config.txt <<EOF
core_freq=250
force_turbo=1
EOF
# Enable UART0 on GPIO header in RPi5
RUN tee -a /boot/firmware/config.txt <<<dtoverlay=uart0-pi5
# Enable gpsd
RUN systemctl enable gpsd
# Install docs folder (if HTML available)
if [ -d docs/_site22/ ]; then INSTALL docs/_site /data/docs; fi
# Enable i2s
RUN sed -i 's/#dtparam=i2s=on/dtparam=i2s=on/' /boot/firmware/config.txt