Earth Notes: On Setting Up a Raspberry Pi 3 as Off-grid Server and WiFi AP

(IN DEVELOPMENT as of 2018/07: the live server is still the RPi 2.)

As of 2018/07/13 I thought that my stand-alone Technicolor TG582n router had died, though it seemed OK again after several hours powered off. But it consumes ~8W and crashes about once per month. Also, since it is talking PPPoE (PPP over Ethernet) to a BT Openreach ECI Telecom ON316150 FTTC modem it doesn't need to do anything analogue, so the routing and filtering done by the Technicolor ought to be do-able by a Pi. Also the Pi 3 has on-board WiFi that can be used as an access point.

Another advantage of an upgrade to the Pi 3 is a bit more speed, and a bigger range of power draw to make better use of available sunshine, etc. Though I have to see if the base consumption of a stripped back Pi 3 is still OK.

I can also take the opportunity to buy a larger SD card to boost storage, and effectively keep the old SD card as backup. (Currently the RPi2 has a 128GB micro SD card.)

Yet another advantage of an upgrade is moving to a newer OS distribution, allowing access to a newer Apache, HTTP/2, and various other goodies.

So an RPi 3 Model B+ and mains and 12V power supplies and other goodies have been ordered from RS to get started.

I'll record below as I prototype various aspects of PPPoE networking, new HTTP/2 support, etc.

I anticipate a fair period of prototyping and testing before (re)building the production server.

Start

Starting with just the following RS parts, no keyboard or mouse or screen plugged in, and waiting for it to boot, settles to 2.5W power consumption measured at the mains.

Directly plugging in the USB keyboard and mouse from a previous Maplin Raspberry Pi kit (R45Pi) raises consumption to 3.4W. Plugging in HDMI doesn't add any further load/consumption.

Have logged in and changed the default password for user 'pi'.

The Wifi does not seem to be in use to grab an IP (with DHCP) and get an Internet connection. This may be normal for NOOBS.

Via the Preferences menu entry and the Raspberry Pi Configuration tool I have:

• Set the system to boot to CLI rather than desktop.
• Set GPU memory to minimum (16MB).
• (NOT enabled SSH yet.)
• Set WiFi country to GB.

I am being asked to reboot for some of those to take effect.

I am still being auto-logged-in, which on the console is probably OK.

ifconfig now shows wlan0, though not with an IP address.

uname -a shows ... 4.9.80-v7+ #1098 Fri Mar 9 19:11:42 GMT 2018 armv71 ...

Following Setting WiFi up via the command line I sudo raspi-config and in "Network Options" enter SSID and passphrase. I exit raspi-config and ... I have an IP address on wlan0 and can ping the outside world!

Security dictates that the very next thing to do is sudo apt-get update && sudo apt-get-dist-upgrade.

Space used in the root partition is ~1GB.

With all that finished, power consumption (measured at the mains) is 3.1W. (Unplugging the USB mouse seems to push that up to 3.2W!)

I have established that the RPi3 and WiFi are working. Also that power consumption is not outrageous even before any attempts to tune it.

PPPoE and AP

The next step may be to load up a minimal Raspbian, and (briefly) get the RPi3 talking PPPoE to my ISP and providing a WiFi Access Point. This would probably have to be a quick temporary swap-out with the current server, as none of the other services would be there, so there will be HTTP and mail server fails while the RPi is in place.

I also have to provide down-stream wired routed (and NATted) Ethernet connections for devices that need it, such as my Loop and SmartThings hubs, and my new storage system. They may need some protection against external attack, and possibly against being used to attack other things inside the house. So I'll need to adjust my iptables config.

Storage

On 2018/10/12 I ordered a 256GB Class 10 U3 micro SDXC memory card (Samsung MB-MC256GA Micro SDXC EVO PLUS Class 10 UHS-I U3, Amazon). The price was a little over £50+VAT.

My choice was partly informed by Raspberry Pi Dramble's microSD Card Benchmarks.

OS Download

Given that the "... "lite" download is about half that size, for the entire OS. The full fat version is over 4GB" (Ken Hagan), I'm inclined to start with "lite" to save some of the new GB!

So, from the Raspian download page I am pulling the "Raspbian Stretch Lite" "Minimal image based on Debian Stretch" with release date 2018/10/09 (kernel 4.14, 368MB, SHA-256 98444134e98cbb27e112f68422f9b1a42020b64a6fd29e2f6e941a3358d171b4) as a ZIP file.

For lolz, I'm trying Etcher as suggested on the Raspbian page. Nice and simple, but warned me that 256GB was "unusually large" for it to Flash. I told it to go ahead anyway. The process was fast, and the card was left unmounted afterwards.

Restart

2018/10/20: I inserted the "Lite" microSD card into the RPi3, connected up keyboard, plugged HDMI into the family TV, and powered up.

Some items noted during boot:

• A message appeared (somewhere, now off-screen!) about the (root) partition being resized. (Looking at dmesg and df -h output shows that there is a small /boot partition of 44MB and a huge ext4 root partition of 235GB. OK, though previously I have had a separate /local with most of the actual data in it. It looks like there are plenty of inodes with 15M compared to ~360k used in RPi2 main filesystem.)
• "Started LSB: Autogenerate and use a swap file." (I'll likely want to run swapless again, with some ZRAM. There appears to be a 100MB swap file in /var/swap.)
• SSH host keys have been regenerated.
• Bluetooth service has been enabled (I'll most likely want to turn that off for security and power reasons).
• A message says that "Wi-Fi is disabled because the country is not set. Use raspi-config to set the country before use."

I logged in as pi and changed the password. I should now be safe to connect up to the Intartubes and get updates, for example.

I have changed the fstab parameters of the root filesystem to be defaults,noatime,commit=120 as on the RPi2 to reduce write traffic and improve performance, and rebooted. I may further raise the commit interval to 300s as on the RPi2's /local partition.

I have set the hostname to sencha with raspi-config.

I have set the Wi-Fi country to GB with raspi-config, connected to the Net with the correct SSID and password by editing /etc/wpa_supplicant/wpa_supplicant.conf with a 'network' entry with 'ssid' and 'psk' items.

Then apt-get update and apt-get dist-upgrade to be up to date on security. At this moment, no updates were needed.

I have set up NTP with apt-get but have not yet fully configured it (ie accepting defaults for now).

At this moment, power consumption from the mains, with HDMI on, is shown as ~3.2W. The target is to get that as near as possible to 1W when idling without HDMI.

Avoiding need to use the Family TV!

2018/10/21: I have fixed the IP address handed out by the router to the RPi3 with DHCP. This will mean that the RPi3 has a stable LAN IP address. That in turn should make accessing the RPi3 via ssh easier, thus avoiding conflict over use of the family TV as console!

I also need to allow SSH to run on the RPi3 (with raspi-config), still at this point protected behind the firewall/NAT.

(Experimentally turning off HDMI at this point made no visible difference to power draw, still fluctuating around ~3.2W; similar to the original RPi experience. Turning off the red LED temporarily with echo none > /sys/class/leds/led1/trigger doesn't make a visible difference to mains consumption either.)

I have created my user ID on the RPi with the same uid. I can rsync stuff across, repeating as I get close to bringing the RPi3 live.

IN PROGRESS

To-Do List

Roughly prioritised...

1. Set timezone to UTC and localisation to en-GB.
2. Networking:
   1. (Done) Give RPi3 stable LAN address for setup work.
   2. Temporarily have Pi as Wi-Fi AP and client during set-up to avoid needing the TV and as a recovery mode!
   3. Tighten sshd security, eg limit users allowed and forbid password-based logins.
   4. Set up PPPoE.
   5. Set up new local LAN with DHCP 'behind' RPi3.
   6. Set up extended ipfilter to NAT local LAN traffic.
3. Swap and filesystems:
   1. Get swapiness right (1?).
   2. Enable ZRAM as on RPi2 and probably disable /var/swap swap file.
   3. Reduce syslog logging to reduce write traffic.
   4. Increase ext4 filesystem commit time to 300s.
4. Time:
   1. (Done) Install NTP FCS/vanilla config.
   2. Configure NTP per RPi2 including some defence against misuse.
   3. Install/configure hardware clock (spare device, new battery?).
5. Power:
   1. Turn off HDMI to save energy if no one logged in, per RPi2 rc.local.
   2. Set lower idling CPU clock to save energy (idle default apparently 600MHz, non-idle 1200MHz).
   3. Turn off Bluetooth to save energy.
   4. Turn off unnecessary LEDs eg not network connector (and have main red LED indicate CPU activity rather than solid on).
   5. Turn off other unnecessary h/w.
6. Install/configure Apache w/ HTTPS and HTTP/2 support.
7. Copy existing user accounts (uid, data, cron) across from RPi2.
8. Copy Web sites (uid, data, cron) across from RPi2.
9. Copy Gallery (uid, data, metadata, app, cron) across from RPi2.
10. Copy power management code etc and move HATs.
11. Set up extra log dirs for SunnyBeam, powermng, Enphase under /var/log.

Application Inventory

For significant applications added to the RPi 3, eg with apt-get or npm, a note will be made of what and when and why here.

App name

YYYY/MM/DD, apt-get/npm command, motivation and comments.

2018/10/20, apt-get install tcsh, because I like tcsh!

2018/10/20, apt-get install ntp, for good timekeeping.