Jorge Boucas

raspberry pi

Mar 9, 2019

This tutorial will guide you through the setup of your Raspberry Pi in headless mode as a Time Capsule and AirPlay audio receiver. Afterwards we will use Docker to setup an etherpad server with group and user level pad authentication as well as a Nextcloud server along with WebRTC for secure audio/video call conferencing.

Materials

Total: 167.37 EUR

Starting your Raspberry Pi for the first time

Download the “Raspbian Stretch Lite” image from the Raspbian downloads page here and follow raspberrypi.org instructions on how to burn the image.

Shortly, after downloading the zip file(newest/this tutorial) use balenaEtcher to burn the Raspbian image to your micro sd card.

On your Mac, remove the micro sd card and insert it back in again. For making sure you will be able to connect over ssh to your raspberry pi you will need to

cd /Volumes/boot
touch ssh

As we will use the raspberry pi without a screen we decrease the amount of memory available for graphics

cd /Volumes/boot
echo gpu_mem=16 >> config.txt

If you wish to connect to your raspberry pi over wifi you need to set this up now by editing the /boot/wpa_supplicant.conf file with your wifi and country 2 letter code (here DE for Germany):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DE

network={
	ssid="my_network_name"
	psk="my_network_password"
}

If you do not want store your password in plain text you can use wpa_passphrase utility to generate an hashed password:

wpa_passphrase my_network_name my_network_password

Insert the micro sd card into your raspberry pi. Connect the ethernet cable and power cable to start your raspberry pi. From your Mac connect to the pi on your network by

ssh pi@raspberrypi

The original password is raspberry.

Setup your user by replacing MYUSERNAME with your username and MYPASSWORD with your own password:

sudo -s
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
useradd -m -s /bin/bash -N -u 1001 MYUSERNAME
echo "root:MYPASSWORD" | chpasswd
echo "pi:MYPASSWORD" | chpasswd
echo "MYUSERNAME:MYPASSWORD" | chpasswd
adduser MYUSERNAME sudo
exit
exit

If you don’t yet have SSH keys on your Mac follow the instructions here to generate them. Copy your ssh keys to your pi

ssh-copy-id MYUSERNAME@raspberrypi

Using the password you just used to replace MYPASSWORD above. Edit your Mac’s .ssh/config file

vim ~/.ssh/config

to include

Host pi
    HostName raspberrypi
    Port 22
    User MYUSERNAME

You can now connect password free to your pi with:

ssh pi

and remove the original pi user:

sudo userdel -r pi

and add git, vim and tmux (because we love it):

sudo apt-get install -y tmux vim git

Congratulations! Your Raspberry Pi is set and ready to go!

Setting up your Raspberry Pi as an Airplay audio receiver

ssh pi
sudo apt-get install -y shairport-sync

Since the analog output is in mono only you might want to increase the quality of the audio coming out of your pi by using HDMI or a peripherical as shown here.

Set your raspberry pi sound higher as the standard 50% is quite low:

sudo amixer set 'PCM' 75%

Setting up your Raspberry Pi as a Time Capsule

Connect an empty HFS+ formated external drive to you pi over USB.

Install required packages for dealing with HFS in linux:

sudo apt-get install -y hfsprogs hfsplus

Find your disk and device name (usually /dev/sda2):

sudo fdisk -l

Format the drive

sudo mkfs.hfsplus -v my_external_drive /dev/sda2

Create the mounting point, add it to /etc/fstab, mount the device, and make sure you own the mount point:

su
mkdir -p /media/time_machine
echo "/dev/sda2 /media/time_machine hfsplus force,rw,user,auto 0 0" >> /etc/fstab
mount -a
chown -R MYUSERNAME /media/time_machine

Now that you’ve mounted your external drive make sure to never pull the power cable or USB on your raspberry pi as this might render the external drive read-only. For unmounting the drive you can

sudo umount /dev/sda2

and for shutting down your raspberry pi you can

sudo shutdown -h now

This is also where investing a bit more on an external desktop hard drive might be more functional (eg.: Western Digital 10 TB Elements, USB 3.0, 224.99 EUR).

Install the required packages for mounting your pi over afp and emulate a Time Capsule

su
apt-get update
apt-get install aptitude
aptitude install -y build-essential libevent-dev libssl-dev \
libgcrypt20-dev libkrb5-dev libpam0g-dev libwrap0-dev \
libdb-dev libtdb-dev avahi-daemon libavahi-client-dev \
libacl1-dev libldap2-dev libcrack2-dev systemtap-sdt-dev \
libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev \
libio-socket-inet6-perl tracker libtracker-sparql-2.0-dev \
libtracker-miner-2.0-dev libmariadbclient-dev

wget http://prdownloads.sourceforge.net/netatalk/netatalk-3.1.11.tar.gz
tar -xf netatalk-3.1.11.tar.gz
cd netatalk-3.1.11/
./configure \
        --with-init-style=debian-systemd \
        --without-libevent \
        --without-tdb \
        --with-cracklib \
        --enable-krbV-uam \
        --with-pam-confdir=/etc/pam.d \
        --with-dbus-daemon=/usr/bin/dbus-daemon \
        --with-dbus-sysconf-dir=/etc/dbus-1/system.d \
        --with-tracker-pkgconfig-version=1.0
make 
make install
netatalk -V
echo """[Global]
  mimic model = TimeCapsule6,106
[Time Machine]
  path = /media/time_machine
  time machine = yes""" > /usr/local/etc/afp.conf
systemctl enable avahi-daemon
systemctl enable netatalk
service avahi-daemon start
service netatalk start

You Mac should now be seeing raspberrypi on your network as a Time Capsule and you should be able to mount it by clicking on it on the Finder and select it as a Time Machine destination in System Preferences > Time Machine > Add or Remove Backup Disk….

Installing Docker

Docker is great!

sudo apt-get update
curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $USER
sudo gpasswd -a $USER docker
docker --version
sudo reboot

Login to your pi again once it has rebooted ssh pi

docker login
sudo docker engine activate

and test your docker installation:

docker run armhf/hello-world

Here the message you should see

Hello from Docker on armhf!
This message shows that your installation appears to be working correctly.

Install Docker Compose from pip (using Python3)

This might take a while

sudo apt update
sudo apt install -y python3-pip libffi-dev
sudo pip3 install docker-compose

To run you registry on your home network in an insecure fashion add {"insecure-registries":["raspberrypi:5000"]} to your Docker daemon configuration file and restart docker.

Building and running the Nextcloud and etherpad Docker image

As we will be generating ssl certificates with a Certificate Authority you will need to make sure your raspberry pi is accessible to the world. For this you will need to make sure your router is forwarding ports 80 (http) and 443 (https) to your raspberry pi. If you wish to backup you laptop wherever you are over the internet you can also set port 548 to be forwarded to your raspberry pi and then connect to your Time Capsuble over afp://myhostname.com. For instructions on how to set port forwarding consult your router’s manual.

Also, as you might not have a fixed IP you might wanna create a public Hostname with a Free Dynamic DNS. A good place for this is noip.com for which you can install the Dynamic Update Client (DUC) so that your web address continuously points to your router’s external IP address. You will need 2 hostnames, 1 for Nextcloud, 1 for etherpad.

Installing the Dynamic Update Client (DUC)

su
cd /usr/local/src
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz&redir_token=8N73LFVgQSnqLuVOQf0FMQHM58F8MTU1MjMzNDQ2MkAxNTUyMjQ4MDYy
tar xzf noip-duc-linux.tar.gz
cd noip-2.1.9-1/ && make && make install
/usr/local/bin/noip2
exit

To test that this is working you can have your router forward port 22 to your raspberry pi and try to ssh to your pi over the Hostname you created at noip.com. For safety reasons you might stop this forwarding once your test comes through.

Clone the repo:

cd ~/
git clone https://github.com/jorgeboucas/docker_nextcloud_etherpad.git

Edit the variables in the Dockerfile between ##### USER GIVEN VARIABLES ##### and ##### END OF USER GIVEN VARIABLES #####. You might wanna check this blog post for help on choosing passwords.

##### USER GIVEN VARIABLES #####

# root password
ENV ROOTPASS=my_root_pass

# password for mysql
ENV myqsl_password=sqpass

# user and password for the database used by nextcloud
ENV MAINDB=nextcloud
ENV PASSWDDB=ncdbpass

# user and password for the nextcloud administrator
ENV ADMIN=nextcloud
ENV ADMINPASS=ncpass

# server info for ssl certificates
ENV SERVER_ADDRESS=nextcloud.myhostname.com
ENV SERVER_ADMIN="my.email@email.com"

# company info for hacking the nextcloud's landing page
ENV COMPANY_NAME=company_name
ENV COMPANY_WEBPAGE='http:\/\/www.company.com'
ENV COMPANY_SLOGAN='My Company Slogan'

# internal host ip for trusted hosts
ENV HOST_INTERNAL_IP=pi_ip_on_my_network

# user and password for the database used by etherpad
ENV ETHERPAD_MYSQL_USER=ETHERPAD_MYSQL_USER
ENV ETHERPAD_MYSQL_PASS=ETHERPAD_MYSQL_PASS

# user and password for the etherpad administrator
ENV ETHERPAD_ADMIN=ETHERPAD_ADMIN
ENV ETHERPAD_ADMIN_PASS=ETHERPAD_ADMIN_PASS

# etherpad address, ip bind,  and port
ENV ETHERPAD_WEB_ADDRESS=etherpad.myhostname.com

##### END OF USER GIVEN VARIABLES #####

Build the image and run the container:

cd ~/docker_nextcloud_etherpad
docker build -t webserver .

Run the container mapping the certificates /etc/letsencrypt, nextcloud /var/www/html, databases var/lib/mysql, and etherpad /etherpad-lite folders to your external hard drive. If you wish to create backups of your Nextcloud and etherpad instances these are the folders you need to copy/backup to a separate/3rd drive. If you ever restart your raspberry pi you can relaunch your instances by starting here:

cd /media/time_machine
mkdir -p persistent_data/letsencrypt \
persistent_data/nextcloud \
persistent_data/db \
persistent_data/etherpad && \
docker run \
-v $(pwd)/persistent_data/letsencrypt:/etc/letsencrypt \
-v $(pwd)/persistent_data/nextcloud:/var/www/html \
-v $(pwd)/persistent_data/db:/var/lib/mysql \
-v $(pwd)/persistent_data/etherpad:/etherpad-lite \
--name cloud -d -p 80:80 -p 443:443 -p 9001:9001 webserver /bin/bash

If you wish to get a shell on the running container you can do so by

docker exec -it cloud /bin/bash

You can now access your Nextcloud instance at your defined hostname nextcloud.myhostname.com and etherpad at your defined etherpad.myhostname.com.

For login in to Nextcloud you can use the values you’ve set for ADMIN and ADMINPASS. You can add users to yout Nextcloud instace by using the managment console inside Nexcloud.

For WebRTC you can use the Talk app inside Nextcloud.

For login to etherpad you can use the values you’ve set to ETHERPAD_ADMIN and ETHERPAD_ADMIN_PASS. For private pads you can access etherpad.myhostname.com/mypads which you can administrate on etherpad.myhostname.com/mypads/?/admin.

Issues/comments welcome!