NOTE: DEPRECIATED IN FAVOR OF https://github.com/bcomnes/raspi-packer

Featuruing C4 Labs Zebra Bold Case

Intro readings:

• Raspi Quickstart Guide
• Arch Linux ARM: Raspberry Pi 2
• Arch Linux Installation Guide
• Arch Linux General Recommendations
• systemd basics

Arch is a difficult OS for beginners because it requires a fairly comprehensive understanding of how Linux systems are put together.

This repo provides sane base configuration through a minimal boostraping playbook and (soon) a collection of optional roles approrpirate for a raspi2 to serve different roles.

New SD cards need to be formatted a special way. Use sdformatter

• brew cask info sdformatter
• brew cask install sdformatter (requires sudo)

Select Overwrite Format. This takes about 10 mins for a 32Gb flash drive. Only need to do this once.

...Or at least way that I had to do it.

Requirements:

• 2 USB sticks
• A macbook pro with an SD card reader.
• A second laptop for reference
• Magnifying glass if you have a retina mac

Step 1

Download the arch install media. We are using it to live boot so that we can partition the SD card correctly.

• Archlinux Mirrors

The file will have a name like: archlinux-2015.06.01-dual.iso

Step 2

Follow the Arch Wiki instructions on getting this onto one of your USB drives.

• Arch USB Media Howto OS X

Step 3

Restart your computer, and hold down Option while it reboots. Select the USB stick to boot from.

Step 4

Run lsblk to list all your connected devices. Insert the SD card and run lsblk again. Notice what was added. This is the SD card. It should be something like /dev/sdb.

Step 5

Follow the partitioning instructions on the Arch ARM website:

• Rasberry Pi

Its unlikely you will be able to get the wifi or ethernet drivers working in the arch live boot. This requires the Internet to which your system does not have access too. Just download the Arch install archive to a second thumbdrive on a different computer, and move it over to the live boot and continue the directions.

Arch should now be read to go on the SD card and should boot fine.

Requirements:

• USB SD Card Reader

Use vagrant + virtual box + a 3rd party USB SD card reader. This way you can vagrant up a linux VM, mount the 3rd part USB SD card reader as a USB device and simply follow the standard directions. 3rd party SD card readers should be able to mount inside Guest Machines.

• install etckeeper and init it.
• Arch Wiki: Etckeeper

As root:

$ pacman -S etckeeper
$ cd /etc
$ etckeeper init
$ git add -A ; git commit -m 'Initial commit'
```to

Useful for keeping track of changes

## Ansible pitfalls

- Homebrew's ansible cant connect to a remote Arch system using `--ask-pass`.

```js
{'msg': 'FAILED: Incompatible ssh peer (no acceptable kex algorithm)', 'failed': True}

guess there is no specific version, you might have bigger issue with newer openssh and very old paramiko not having cyphers in common

openssh might not be as happy with older versions which ansible might tolerate -- @bcoca

• Ansible is is a python2 program. Use pip2 to install it. This method provides a paramiko that is able to connect to the newer Arch Openssh.

• Arch does not have a python in its default path. Arch installs python2 as python2 and python3 as python/python3. Ansible is dumb about this this and doesn't look for a python2: #how-do-i-handle-python-pathing-not-having-a-python-2-x-in-usr-bin-python-on-a-remote-machine Add to ansible your hosts file:

ansible_python_interpreter=/usr/bin/python2

• Ansible's hostname module doesn't work with arch. Its a bug. Float this patch: 8679.patch as of Ansible 1.9.1. Should be fixed in the next ansible release.

$ cd /usr/local/lib/python2.7/site-packages/ansible
$ wget https://github.com/ansible/ansible/pull/8679.patch
$ patch -p3 < 8679.patch

There has to be a better way to do this.

Edit vars.yml with the following values:

• root_pass: Generate a big long random password and then crypt it. Put the crypted value here. See #how-do-i-generate-crypted-passwords-for-the-user-module Read more about the password field for the user module.

$ pip2 install passlib
$ python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
# a prompt will ask you for a password and output a crypted copy

• timezone: Set the timezone of your system. TODO: Enable auto timezone based on GeoIP.

$ timedatectl list-timezones
# List the correct name of the available timezones

• hostname: sets the hostname of your device.
• admin_name: set the name of the primary 'admin' user. This is going to be the first user that gets sudo and manages the system.
• admin_pass: Set the password of the admin user. This needs to be crypted.
• admin_keys: a URL to the admins github public keys.

• Bootstrap python2 onto the system.
• Set timezone (Time is network syncted by default using Systemd-timesyncd)
• Set locale to en_US.UTF-8
• Set the hostname
• Create the primary admin account
• Install sudo (Arch Wiki: Sudo)
• Set up the wheel group
• Install admins github public keys (authorized_keys module)
• Install zeroconf networking and .local resolution via avahi
• Reconnect as the new admin user
• Change the root password
• disable root ssh access (ssh #Deny)
• disable password ssh logins (SSH_keys#Disabling_password_logins)

Ahh.. a sight to be seen

• System_maintenance
• Pacman#Upgrading_packages

# Full update everything \o/
$ pacman -Syu

# listing installed packages
$ pacman -Qqn

# Rebuild ramdisk
$ mkinitcpio -p linux

• 5minbootstrap
• phred/5minbootstrap
• My First 5 Minutes On A Server; Or, Essential Security for Linux Servers
• My First 5 Minutes on a Server (with Ansible)
• Ansible Docs
• Ansible Pacman Module
• Ansible Yaml Docs
• Ansible lineinfile module
• YAML ansible-examples.yml
• Arch Time Sync
• How to Read the Arch Wiki
• Arch Wiki RaspberryPi
• archpi.dabase.com
• phortx/Raspberry-Pi-Setup-Guide