From d2f8314c73b94ff868eb096e3ac55c6c1beaa8d1 Mon Sep 17 00:00:00 2001 From: pstruebi Date: Tue, 26 Aug 2025 09:54:39 +0200 Subject: [PATCH] initial commit --- .gitattributes | 1 + README.md | 49 +++++++++++++ copy_from_rpi.sh | 69 +++++++++++++++++++ private.pem | 28 ++++++++ .../2025-08-13-iot-system-lite.img.xz | 3 + ...rpi-2025-08-13.img_before_kernel_update.xz | 3 + ...5-08-13_before_kernel_update.img.xz.sha256 | 1 + v1/2_gold-img/rpi-2025-08-26.img.xz | 3 + v1/2_gold-img/rpi-2025-08-26.img.xz.sha256 | 1 + 9 files changed, 158 insertions(+) create mode 100644 .gitattributes create mode 100644 README.md create mode 100644 copy_from_rpi.sh create mode 100644 private.pem create mode 100644 v1/0_base-image/2025-08-13-iot-system-lite.img.xz create mode 100644 v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz create mode 100644 v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256 create mode 100644 v1/2_gold-img/rpi-2025-08-26.img.xz create mode 100644 v1/2_gold-img/rpi-2025-08-26.img.xz.sha256 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..05a0e94 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.xz filter=lfs diff=lfs merge=lfs -text diff --git a/README.md b/README.md new file mode 100644 index 0000000..8b73933 --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# how the gold image was created +- use base-image that was created with pi-gen_auracaster +sudo apt update && sudo apt upgrade -y + +git clone https://gitea.pstruebi.xyz/auracaster/bumble-auracast + + +sudo apt install -y pipewire wireplumber pipewire-audio-client-libraries rtkit cpufrequtils + +mkdir -p ~/.config/pipewire/pipewire.conf.d +cp ~/bumble-auracast/src/service/pipewire/99-lowlatency.conf ~/.config/pipewire/pipewire.conf.d/ + +sudo cpufreq-set -g performance +poetry config virtualenvs.in-project true + +sudo cp ~/bumble-auracast/src/service/aes67/90-pipewire-aes67-ptp.rules /etc/udev/rules.d/ +sudo udevadm control --log-priority=debug --reload-rules +sudo udevadm trigger + + +/etc/modprobe.d/usb-audio-lowlatency.conf +option snd_usb_audio nrpacks=1 + +sudo bash ~/bumble-auracast/src/auracast/server/provision_domain_hostname.sh castbox-summitwave local + +- password was changed to something secure - stored in bitwarden + +sudo tee /etc/ssh/sshd_config.d/10-disable-passwords.conf >/dev/null <<'EOF' +PubkeyAuthentication yes +PasswordAuthentication no +KbdInteractiveAuthentication no +ChallengeResponseAuthentication no +PermitRootLogin no +EOF + +sudo systemctl reload ssh +ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no pi@raspi.local + +# per-device Provisioning +For production, the devices need to be provisoned uniquely +- provision with rpi-sb-provisioner + - access the webinterface with ssh -L 3142:127.0.0.1:3142 pi@192.168.178.52 + - http://localhost:3142 +- install vpn with a unique configuration +- set the hostname +- if custom device without ui: + - set channel name etc. in bumble-auracast/src/auracast/.env +- start the application (script if custom device, server and frontend if ui version) +- activate overlayfs (?) diff --git a/copy_from_rpi.sh b/copy_from_rpi.sh new file mode 100644 index 0000000..e6e32a7 --- /dev/null +++ b/copy_from_rpi.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# copy_from_rpi.sh — usage: sudo ./copy_from_rpi.sh [outfile.img.xz] +set -euo pipefail + +usage() { + cat < [outfile.img.xz] + +Examples: + sudo bash ./copy_from_rpi.sh sdc + sudo bash ./copy_from_rpi.sh /dev/sdc rpi-backup.img.xz + +Tip: Identify your device with: + lsblk + +This script will: + - Unmount all partitions of the given disk (e.g. /dev/sdc1, /dev/sdc2) + - Temporarily set the disk read-only + - Clone the entire disk to a compressed xz image + - Restore the disk to read/write +EOF +} + +RAW_DEV_INPUT="${1:-}" +if [[ -z "${RAW_DEV_INPUT}" || "${RAW_DEV_INPUT}" == "-h" || "${RAW_DEV_INPUT}" == "--help" ]]; then + usage + exit 1 +fi + +# Normalize to /dev/sdX if needed +if [[ "${RAW_DEV_INPUT}" == /dev/* ]]; then + DEV="${RAW_DEV_INPUT}" +else + DEV="/dev/${RAW_DEV_INPUT}" +fi + +# Validate device exists and is a disk (not a partition) +if [[ ! -b "${DEV}" ]]; then + echo "Error: ${DEV} is not a block device." >&2 + exit 1 +fi + +DEV_TYPE=$(lsblk -dn -o TYPE "${DEV}") +if [[ "${DEV_TYPE}" != "disk" ]]; then + echo "Error: ${DEV} is not a disk (TYPE=${DEV_TYPE}). Pass the parent disk, e.g. sdc, not sdc1." >&2 + exit 1 +fi + +OUT="${2:-rpi-$(date +%F).img.xz}" + +echo "Source device: $DEV" +lsblk "$DEV" || true + +echo ">> Unmounting partitions…" +# Try to unmount any mounted partitions of the disk (e.g., /dev/sdc1, /dev/sdc2) +umount "${DEV}"?* || true + +echo ">> Setting read-only…" +blockdev --setro "$DEV" || true + +SIZE=$(lsblk -bdno SIZE "$DEV" 2>/dev/null || echo 0) +echo ">> Cloning $((SIZE/1024/1024)) MiB -> $OUT" +dd if="$DEV" bs=4M status=progress | xz -T0 -1 -c > "$OUT" + +echo ">> Restoring read/write…" +blockdev --setrw "$DEV" || true + +sha256sum "$OUT" > "$OUT".sha256 +echo "Done: $OUT (checksum in $OUT.sha256)" diff --git a/private.pem b/private.pem new file mode 100644 index 0000000..3a8b986 --- /dev/null +++ b/private.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDbHr8tEnQYh7Cx +OfZfWMI+MH3iYLumDD8Z1y62/AwXZhLasAoTxUJtyRezp681cO+oPOQBtQSG5qcj +U37QeW3uVLAQ3gthIyGPZJAIpdl95JcIv7/sMedfXrx93kUXcNoa2Et5MHMvbNoV +5ulYRkpYVo/Pr0pJ63YKhXGV33dkkfxm7b3Lh2pV4oNfjFH03pvZR2kjazp7oBCm +IVtTP1Rzt3yM0DnBn+rdEFoycw89vOG2Waz1RvFoDbWlZoCmxy6wAkpHVRPVKxFD +rlbIUY3fxdg90BgPu32uK18V4Fpmgxm3vRWzRZqsMoRg0gj3/vxt48D9TDls8bxx +UsCI8wDfAgMBAAECggEAEXI3Qn1vpOxY0yOMTDci8BSoUTfmeOgMth/95i/XPp2v +7p2Jj91q1pbmPjWhq52cV0bR2JjzDVKcCCIDvNGOQSWZBx7GxSso5uPY2/dog6+J +nva1bzbh9yPx2guycJVZqD2EdNe4tBP0oT3LYm3mSXZK6PxJ6+zFbz0EuCwcs3MO +cFdgyUPSu4TDOZcGAlUS1G4++p47IeBLaHpO0+k83FwpwFapgQdMOeq+Y4y1125F +FSqZxx6clMmP7ulZga8eEjTV+zLZ969nRxv2GS4ZyRSicJsMtOrBQQziEQWG5XT4 +WiroS7bqh0gJKZx0AyzmFByaZ6ek8mvWVmvV4vfC4QKBgQDuYKQQjlrJUk4GHxeF +dLt4TqGGNTkWFvZi+5ao6wF5dogdLL9Ror+94fE4Ci/xCYDSAkbt2k3GW0fuCHOt +GWyyWSzGC9KB/fSe0fKKas6NKlRX5MgLyYW9JjrtQaUZJl/oc6KftFEopAHkeDNe +xSEh+72p+QKnrrVZkcrixP6raQKBgQDrUaeGJ6few9NZUmZ+Ifw5vdCZMtJjL5tj +QHxnuccXDzByScWnq3HsW24CJ7e3dqhc2tjO6q2hBZpGwXwtL1Jzo7eUhN1GdOzo +ETgPOnjybFJrlU2mbOV638BogxrH01OsjKbZwV98B94uM+Xrd801jTJtjC8L//Bn +FGjxWbSpBwKBgA+CaipJmM6QdFMhor4kIi5pr0i0Hcq6I7288Mh8wdPNSn3bc3c0 +R5VrJe6newcLvz3quAKxuW22cq+iDSSuCsxv0OHx0vhyNYA/2K/40weMQYCWeg2K +RxFPc3YMV1mTjZnqLCKH8N/cC+N5jp4T5Vv4rRZqBSozy8jQG4s1lfxBAoGAe0jB +SsC16ziPHsnT1ps5iIrQoaKFpN9JOnuLcdBb5NHZYNcTjZ99xQW1ob1rO9wXouYp +FmbO5oCH7i/qPcYAHYOVZ2Mghow1nfN/ekL5IJDtsV18XAfLRk+5f0fInQ4zVUAv +HgB4ZQO+PFiGSZHvWfIKjGgYMeI58dc4j9Gem7sCgYAXO7J9GUqNcfERzmJTKr4K +84qTG4lvMMNKVruRuGY+sa+LPp+OIsvXdTpcn28w4Ma+VPcxlaDJtW1KbLmNIhpk +i+ziGfZGPv136WtrWYniLBmPwZXY8IhvPi4zVFXXJeyjcVLV/cFzCp/y5FqYYgaM +QaWbk4amWtTLQuqBZMpwYQ== +-----END PRIVATE KEY----- diff --git a/v1/0_base-image/2025-08-13-iot-system-lite.img.xz b/v1/0_base-image/2025-08-13-iot-system-lite.img.xz new file mode 100644 index 0000000..2c0e780 --- /dev/null +++ b/v1/0_base-image/2025-08-13-iot-system-lite.img.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e346ecf10630c15280a36ef4854da287b4c8e64565e750112bc13cc15dafed76 +size 778368732 diff --git a/v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz b/v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz new file mode 100644 index 0000000..ffbee3a --- /dev/null +++ b/v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6fd4cb7ad6e6b654d8f10c82a881eccd1988e39dad86b559b804174b2c15ca7b +size 1908405416 diff --git a/v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256 b/v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256 new file mode 100644 index 0000000..c175c01 --- /dev/null +++ b/v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256 @@ -0,0 +1 @@ +6fd4cb7ad6e6b654d8f10c82a881eccd1988e39dad86b559b804174b2c15ca7b rpi-2025-08-13.img.xz diff --git a/v1/2_gold-img/rpi-2025-08-26.img.xz b/v1/2_gold-img/rpi-2025-08-26.img.xz new file mode 100644 index 0000000..27c1cd3 --- /dev/null +++ b/v1/2_gold-img/rpi-2025-08-26.img.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d7f3fe7dfffcd920854bb964aac09c554eaa7ecd1c9c546151d829721f4420c2 +size 2132275476 diff --git a/v1/2_gold-img/rpi-2025-08-26.img.xz.sha256 b/v1/2_gold-img/rpi-2025-08-26.img.xz.sha256 new file mode 100644 index 0000000..a241054 --- /dev/null +++ b/v1/2_gold-img/rpi-2025-08-26.img.xz.sha256 @@ -0,0 +1 @@ +d7f3fe7dfffcd920854bb964aac09c554eaa7ecd1c9c546151d829721f4420c2 rpi-2025-08-26.img.xz