initial commit

2025-08-26 09:54:39 +02:00
commit d2f8314c73
9 changed files with 158 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
--- a/README.md
+++ b/README.md
@@ -0,0 +1,49 @@
 # how the gold image was created
 - use base-image that was created with pi-gen_auracaster
 sudo apt update && sudo apt upgrade -y
 git clone https://gitea.pstruebi.xyz/auracaster/bumble-auracast
 sudo apt install -y pipewire wireplumber pipewire-audio-client-libraries rtkit cpufrequtils
 mkdir -p ~/.config/pipewire/pipewire.conf.d
 cp ~/bumble-auracast/src/service/pipewire/99-lowlatency.conf ~/.config/pipewire/pipewire.conf.d/
 sudo cpufreq-set -g performance
 poetry config virtualenvs.in-project true
 sudo cp ~/bumble-auracast/src/service/aes67/90-pipewire-aes67-ptp.rules /etc/udev/rules.d/
 sudo udevadm control --log-priority=debug --reload-rules
 sudo udevadm trigger
 /etc/modprobe.d/usb-audio-lowlatency.conf
 option snd_usb_audio nrpacks=1
 sudo bash ~/bumble-auracast/src/auracast/server/provision_domain_hostname.sh castbox-summitwave local
 - password was changed to something secure - stored in bitwarden
 sudo tee /etc/ssh/sshd_config.d/10-disable-passwords.conf >/dev/null <<'EOF'
 PubkeyAuthentication yes
 PasswordAuthentication no
 KbdInteractiveAuthentication no
 ChallengeResponseAuthentication no
 PermitRootLogin no
 EOF
 sudo systemctl reload ssh
 ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no pi@raspi.local
 # per-device Provisioning 
 For production, the devices need to be provisoned uniquely
 - provision with rpi-sb-provisioner
    - access the webinterface with ssh -L 3142:127.0.0.1:3142 pi@192.168.178.52
    - http://localhost:3142
 - install vpn with a unique configuration
 - set the hostname
 - if custom device without ui:
    - set channel name etc. in bumble-auracast/src/auracast/.env
 - start the application (script if custom device, server and frontend if ui version)
 - activate overlayfs (?)
--- a/copy_from_rpi.sh
+++ b/copy_from_rpi.sh
@@ -0,0 +1,69 @@
 #!/bin/bash
 # copy_from_rpi.sh — usage: sudo ./copy_from_rpi.sh <sdX|/dev/sdX> [outfile.img.xz]
 set -euo pipefail
 usage() {
  cat <<EOF
 Usage: sudo bash ./copy_from_rpi.sh <sdX|/dev/sdX> [outfile.img.xz]
 Examples:
  sudo bash ./copy_from_rpi.sh sdc
  sudo bash ./copy_from_rpi.sh /dev/sdc rpi-backup.img.xz
 Tip: Identify your device with:
  lsblk
 This script will:
  - Unmount all partitions of the given disk (e.g. /dev/sdc1, /dev/sdc2)
  - Temporarily set the disk read-only
  - Clone the entire disk to a compressed xz image
  - Restore the disk to read/write
 EOF
 }
 RAW_DEV_INPUT="${1:-}"
 if [[ -z "${RAW_DEV_INPUT}" || "${RAW_DEV_INPUT}" == "-h" || "${RAW_DEV_INPUT}" == "--help" ]]; then
  usage
  exit 1
 fi
 # Normalize to /dev/sdX if needed
 if [[ "${RAW_DEV_INPUT}" == /dev/* ]]; then
  DEV="${RAW_DEV_INPUT}"
 else
  DEV="/dev/${RAW_DEV_INPUT}"
 fi
 # Validate device exists and is a disk (not a partition)
 if [[ ! -b "${DEV}" ]]; then
  echo "Error: ${DEV} is not a block device." >&2
  exit 1
 fi
 DEV_TYPE=$(lsblk -dn -o TYPE "${DEV}")
 if [[ "${DEV_TYPE}" != "disk" ]]; then
  echo "Error: ${DEV} is not a disk (TYPE=${DEV_TYPE}). Pass the parent disk, e.g. sdc, not sdc1." >&2
  exit 1
 fi
 OUT="${2:-rpi-$(date +%F).img.xz}"
 echo "Source device: $DEV"
 lsblk "$DEV" || true
 echo ">> Unmounting partitions…"
 # Try to unmount any mounted partitions of the disk (e.g., /dev/sdc1, /dev/sdc2)
 umount "${DEV}"?* || true
 echo ">> Setting read-only…"
 blockdev --setro "$DEV" || true
 SIZE=$(lsblk -bdno SIZE "$DEV" 2>/dev/null || echo 0)
 echo ">> Cloning $((SIZE/1024/1024)) MiB -> $OUT"
 dd if="$DEV" bs=4M status=progress | xz -T0 -1 -c > "$OUT"
 echo ">> Restoring read/write…"
 blockdev --setrw "$DEV" || true
 sha256sum "$OUT" > "$OUT".sha256
 echo "Done: $OUT  (checksum in $OUT.sha256)"
--- a/private.pem
+++ b/private.pem
@@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDbHr8tEnQYh7Cx
 OfZfWMI+MH3iYLumDD8Z1y62/AwXZhLasAoTxUJtyRezp681cO+oPOQBtQSG5qcj
 U37QeW3uVLAQ3gthIyGPZJAIpdl95JcIv7/sMedfXrx93kUXcNoa2Et5MHMvbNoV
 5ulYRkpYVo/Pr0pJ63YKhXGV33dkkfxm7b3Lh2pV4oNfjFH03pvZR2kjazp7oBCm
 IVtTP1Rzt3yM0DnBn+rdEFoycw89vOG2Waz1RvFoDbWlZoCmxy6wAkpHVRPVKxFD
 rlbIUY3fxdg90BgPu32uK18V4Fpmgxm3vRWzRZqsMoRg0gj3/vxt48D9TDls8bxx
 UsCI8wDfAgMBAAECggEAEXI3Qn1vpOxY0yOMTDci8BSoUTfmeOgMth/95i/XPp2v
 7p2Jj91q1pbmPjWhq52cV0bR2JjzDVKcCCIDvNGOQSWZBx7GxSso5uPY2/dog6+J
 nva1bzbh9yPx2guycJVZqD2EdNe4tBP0oT3LYm3mSXZK6PxJ6+zFbz0EuCwcs3MO
 cFdgyUPSu4TDOZcGAlUS1G4++p47IeBLaHpO0+k83FwpwFapgQdMOeq+Y4y1125F
 FSqZxx6clMmP7ulZga8eEjTV+zLZ969nRxv2GS4ZyRSicJsMtOrBQQziEQWG5XT4
 WiroS7bqh0gJKZx0AyzmFByaZ6ek8mvWVmvV4vfC4QKBgQDuYKQQjlrJUk4GHxeF
 dLt4TqGGNTkWFvZi+5ao6wF5dogdLL9Ror+94fE4Ci/xCYDSAkbt2k3GW0fuCHOt
 GWyyWSzGC9KB/fSe0fKKas6NKlRX5MgLyYW9JjrtQaUZJl/oc6KftFEopAHkeDNe
 xSEh+72p+QKnrrVZkcrixP6raQKBgQDrUaeGJ6few9NZUmZ+Ifw5vdCZMtJjL5tj
 QHxnuccXDzByScWnq3HsW24CJ7e3dqhc2tjO6q2hBZpGwXwtL1Jzo7eUhN1GdOzo
 ETgPOnjybFJrlU2mbOV638BogxrH01OsjKbZwV98B94uM+Xrd801jTJtjC8L//Bn
 FGjxWbSpBwKBgA+CaipJmM6QdFMhor4kIi5pr0i0Hcq6I7288Mh8wdPNSn3bc3c0
 R5VrJe6newcLvz3quAKxuW22cq+iDSSuCsxv0OHx0vhyNYA/2K/40weMQYCWeg2K
 RxFPc3YMV1mTjZnqLCKH8N/cC+N5jp4T5Vv4rRZqBSozy8jQG4s1lfxBAoGAe0jB
 SsC16ziPHsnT1ps5iIrQoaKFpN9JOnuLcdBb5NHZYNcTjZ99xQW1ob1rO9wXouYp
 FmbO5oCH7i/qPcYAHYOVZ2Mghow1nfN/ekL5IJDtsV18XAfLRk+5f0fInQ4zVUAv
 HgB4ZQO+PFiGSZHvWfIKjGgYMeI58dc4j9Gem7sCgYAXO7J9GUqNcfERzmJTKr4K
 84qTG4lvMMNKVruRuGY+sa+LPp+OIsvXdTpcn28w4Ma+VPcxlaDJtW1KbLmNIhpk
 i+ziGfZGPv136WtrWYniLBmPwZXY8IhvPi4zVFXXJeyjcVLV/cFzCp/y5FqYYgaM
 QaWbk4amWtTLQuqBZMpwYQ==
 -----END PRIVATE KEY-----
--- a/v1/0_base-image/2025-08-13-iot-system-lite.img.xz
+++ b/v1/0_base-image/2025-08-13-iot-system-lite.img.xz
--- a/v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz
+++ b/v1/1_intermediate/rpi-2025-08-13.img_before_kernel_update.xz
--- a/v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256
+++ b/v1/1_intermediate/rpi-2025-08-13_before_kernel_update.img.xz.sha256
@@ -0,0 +1 @@
 6fd4cb7ad6e6b654d8f10c82a881eccd1988e39dad86b559b804174b2c15ca7b  rpi-2025-08-13.img.xz
--- a/v1/2_gold-img/rpi-2025-08-26.img.xz
+++ b/v1/2_gold-img/rpi-2025-08-26.img.xz
--- a/v1/2_gold-img/rpi-2025-08-26.img.xz.sha256
+++ b/v1/2_gold-img/rpi-2025-08-26.img.xz.sha256
@@ -0,0 +1 @@
 d7f3fe7dfffcd920854bb964aac09c554eaa7ecd1c9c546151d829721f4420c2  rpi-2025-08-26.img.xz
		`@@ -0,0 +1 @@`
							`6fd4cb7ad6e6b654d8f10c82a881eccd1988e39dad86b559b804174b2c15ca7b rpi-2025-08-13.img.xz`
		`@@ -0,0 +1 @@`
							`d7f3fe7dfffcd920854bb964aac09c554eaa7ecd1c9c546151d829721f4420c2 rpi-2025-08-26.img.xz`