auracaster/castbox-provisioning
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb1b32ecaeb36846a1b06477cd999c0f37a86024
castbox-provisioning/README.md

86 lines
2.9 KiB
Markdown
Raw Blame History

# how the gold image was created
- use base-image that was created with pi-gen_auracaster
sudo apt update && sudo apt upgrade -y
git clone https://gitea.summitwave.work/auracaster/bumble-auracast
sudo apt install -y pipewire wireplumber pipewire-audio-client-libraries rtkit cpufrequtils
mkdir -p ~/.config/pipewire/pipewire.conf.d
cp ~/bumble-auracast/src/service/pipewire/99-lowlatency.conf ~/.config/pipewire/pipewire.conf.d/
sudo cpufreq-set -g performance
poetry config virtualenvs.in-project true
sudo cp ~/bumble-auracast/src/service/aes67/90-pipewire-aes67-ptp.rules /etc/udev/rules.d/
sudo udevadm control --log-priority=debug --reload-rules
sudo udevadm trigger
sudo bash ~/bumble-auracast/src/auracast/server/provision_domain_hostname.sh castbox-summitwave local
- password was changed to something secure - stored in bitwarden
sudo tee /etc/ssh/sshd_config.d/10-disable-passwords.conf >/dev/null <<'EOF'
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
EOF
sudo systemctl reload ssh
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no pi@raspi.local
sudo apt-get install \
python3-dev python3.11-dev \
libsamplerate0-dev \
build-essential cmake pkg-config
sudo apt install i2c-tools
sudo tee /etc/security/limits.d/99-realtime.conf >/dev/null <<'EOF'
caster - rtprio 99
caster - memlock unlimited
EOF
# per-device Provisioning
For production, the devices need to be provisoned uniquely
- provision with rpi-sb-provisioner - tested with 2.0.5, 2.0.4 did not work
- access the webinterface with ssh -L 3142:127.0.0.1:3142 pi@192.168.178.52
- http://localhost:3142
- after initial provisioning using ssh:
- install vpn with a unique configuration under /etc/wireguard/wg0.conf
- wg-quick up wg0
- enable wg0 service
- set the hostname
- if custom device without ui:
- set channel name etc. in bumble-auracast/src/auracast/.env
- execute the update service scripts
- start the application (script if custom device, server and frontend if ui version)
- set mac add of secondary eth port in /etc/systemd/network/10-eth1-mac.link
- activate overlayfs (?) -probably not because we need persistent storage for stream states
## Secure-boot CM4: unlock secure USB mass-storage
git clone https://github.com/raspberrypi/usbboot
bash gen-secure-msd-sig.sh
bash rpi-boot-secure.sh
# Step by step instructions to provision one device
- bridge flash jumper
- connect cm rpi board
- connect usb to rpi4 USE A USB2 PORT!
- connect the outer network port to switch (BUT WITHOUT POE) with rpi4 and laptop in same network
- access the webinterface with ssh -L 3141:127.0.0.1:3142 pi@192.168.178.52
- run provision.py from rpi4 (to ensure ssh key)
```
poetry run python src/provision.py 10.11.0.59 --name <device_name>
```
Give it a new <device_name> and input in the manufacturing/devices.ods
- flash radio firmware
- hci uart repo
Reference in New Issue View Git Blame Copy Permalink