My Raspberry Pi Server Setup

thspinto

Thiago Pinto

Posted on January 1, 2022

My Raspberry Pi Server Setup

I've had a raspberry pi mainly sitting in a drawer for a while now. Haphazardly I dust off the SD card to set up the box with dynamic DNS and play with it as a personal server. It always went back to the drawer when I broke the SO with some crazy experiment.

As an SRE, I spend most of my time thinking about what flows are more burdensome to the team and how to automate the process to gain more time to do other important stuff. But with my RBP it was different. I'd never versioned the scripts I executed and never thought about creating proper automation for the box.

To avoid giving up on the Pi again, I started my journey differently this time. Every configuration running on the Pi must be replayable to fix it just by burning a new SO in the SD card and running the automation to set it up. This is what I have up to now.

Provisioning Raspbian

I started with the Rasbian Buster Lite image and burned it on the SD card. Assure you're pointing to the correct disk before running the commands below!

unzip -p 2020-02-13-raspbian-buster-lite.zip | sudo dd of=/dev/disk2 bs=4m
touch /Volumes/boot/ssh # to enable ssh
Enter fullscreen mode Exit fullscreen mode

Ansible automation

Ansible Ansible is an excellent tool for automating systems configurations. This setup starts with the default user and password.

Initialize

The initialize playbook adds my user and public keys to the RBP and disables password ssh logins.

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook initialize.yaml -i inventories/thspinto
Enter fullscreen mode Exit fullscreen mode

Notice that inventories/thspinto/all.yaml is unreadable. That's because its encrypted with Ansible Vault. I don't recommend versioning secrets in public repositories for most use cases, even if they are encrypted. In my case, I versioned it because I'll certainly lose the file otherwise. Also the only sensitive information I have is a token to alter my DNS registry. Since there is virtually no traffic in my domain, it's no big deal.

Basic setup

In the second phase, I did a little hardening and added docker. This is done by the setup playbook:

ansible-galaxy install -r requirements.yml
ansible-playbook --vault-password-file /path/to/my/vault-password-file setup.yaml -i inventories/thspinto
Enter fullscreen mode Exit fullscreen mode

Services

The last playbook spins up the services I want to run using docker-compose. I separated it from the rest because it is frequently changed and deployed.

ansible-playbook --vault-password-file /path/to/my/vault-password-file services.yaml -i inventories/thspinto
Enter fullscreen mode Exit fullscreen mode

Currently I run:

My Pi

Everything runs fine on model B with one 700MHz core and 512MB of ram. Checkout the raspberry-config repo for more details and updates. However I can't really do much with this hardware. That's why as next steps I'm considering buying more RBPs and setting up a clustered environment with k3s.

💖 💪 🙅 🚩
thspinto
Thiago Pinto

Posted on January 1, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

My Raspberry Pi Server Setup
ansible My Raspberry Pi Server Setup

January 1, 2022