👨‍💻 about me home CV/Resume 🖊️ Contact Github LinkedIn I’m a Haskeller 📝 Blog Freedom, privacy, tutorials… 🏆 Best of LuaX Calculadoira panda upp Haskell todo pwd TPG Nextcloud Git BitTorrent

💣 Kick GAFAMs out (✔️ ǝlƃooפ, ✔️ ʞooqǝɔɐℲ, ✔️ uozɐɯ∀): Stop giving our soul and money to evils, be free and respectful!
📰 Friday 2. April 2021: upp is a panda companion. It’s a Lua-scriptable lightweight text preprocessor.
🆕 since December 2020: Playing with the actor model in an embedded multicore context. C imperative components become C stream pure functions with no side effect ➡️ C low level programming with high level pure functional programming properties 🏆
📰 Saturday 30. January 2021: Playing with Pandoc Lua filters in Lua. panda is a lightweight alternative to abp providing a consistent set of Pandoc filters (text substitution, file inclusion, diagrams, scripts, …).
🆕 Sunday 24. May 2020: Working at EasyMile for more than 5 years. Critical real-time software in C, simulation and monitoring in Haskell ➡️ perfect combo! It’s efficient and funny ;-)
🚌 And we are recruiting! Contact if you are interested in Haskell or embedded softwares (or both).

Raspberry Pi 4 setup for a personal local cloud

Christophe Delord

Goal

I don’t like GAFAM’s way of eating my personal data. So I decided to self-host my personal cloud to protect my privacy and have full powers on my data instead of Google.

This page describes a basic Raspberry Pi installation:

All being run on a small pretty Raspberry Pi ;-)

Hardware setup

The server will run 24/7 so running on a regular desktop PC is no good idea. We are going to install it on a Rapsberry Pi connected to the local network.

For this you will need:

My own data center is also equipped with a nice aluminium open case with two fans:

My Raspberry Pi data center

Just plug everything and let’s continue with the software setup.

Software setup

The software setup is completely made from a Linux PC connected to the same local network than the Raspberry Pi (Ethernet or WiFi).

The whole installation is scripted. My script is available here: rrpi-config.

rrpi-config connects to the Raspberry Pi with ssh. The Raspberry Pi hostname shall be given on the command line. The default host name is raspberrypi.local. The script shows a menu for a step-by-step installation.

WARNING: This script is provided for free and with no guaranty. Please read it before using it. It may fail and you may have to fix issues that are not described here.

rrpi-config

Installation of RaspiIO on the external SSD.

RaspiOS image download and configuration

  1. Run rrpi-config and select Prepare.
  2. Wait for RaspiOS beeing downloaded (it is saved to ~/raspios).
  3. An admin password may be asked to mount and configure the image.
  4. Enter your WiFi SSID (leave it empty if you want to connect the Raspberry Pi to an Ethernet network).
    1. Enter your WiFi password.
    2. Enter your WiFi country (a two-letter country code).

Installation to the external SSD

  1. Run rrpi-config and select Flash.
  2. Plug the SSD to the Linux PC (rrpi-config should auto-detect it).
  3. Check the partition has been correctly detected and confirm (be sure the detected partition is actually the SSD or you may overwrite important data).
  4. Wait for the image to be completely written to the SSD.
  5. Unplug the SSD from the Linux PC and plug it to the Raspberry Pi.

First configuration of RaspiOS

We will start by configuring the Raspberry Pi with raspi-config.

  1. Run rrpi-config and select Configure
  2. In the Raspberry Pi Configuration Tool some parameters can be changed:
    1. System Options / Password: change the pi user password and choose a strong password.
    2. System Options / Hostname: choose a different hostname (this hostname will be a parameter of rrpi-config in the next steps, e.g. mypi).
    3. Interface Options / SSH: Enable SSH.
    4. Localisation Options / Locale.
    5. Localisation Options / Timezone.
    6. Advanced Options / Network Interface Names: Enable predictable network i/f names.

SSH configuration

To connect with SSH keys instead of password, you need to push your keys to the Raspberry Pi.

  1. Run ssh-keygen to create your SSH keys if you don’t have one.
  2. Run rrpi-config and select Keys to push your public key to the Raspberry Pi.
  3. Select Ssh to try your SSH configuration. You should now be connected to the Raspberry Pi.
  4. Run sudo reboot to reboot with the new configuration (hostname, …).

From now on you shall start rrpi-config with the right hostname (e.g. rrpi-config mypi.local).

Installation/configuration of some basic packages

The following steps use a configuration files that must be created on the Linux PC used to configure the Raspberry Pi:

This file is a Lua script that shall be executable and define the following parameters:

-------------------------------------------------------------------------------
-- GANDI API
-------------------------------------------------------------------------------

gandi = {
    api_key = "Your Gandi API key here",
    domain = "your domaine name",
    subdomain = "subdomain pointing to the Raspberry Pi (e.g. mypi)",
}

-------------------------------------------------------------------------------
-- Network monitor
-------------------------------------------------------------------------------

netmon = {
    router = "local IP of the local router (may be your ISP modem or a local router)",
    box    = "local IP of your ISP modem",
    web    = {
        "first Internet server to ping",
        "second Internet server to ping",
        "third Internet server to ping",
    },
}

-------------------------------------------------------------------------------
-- AbuseIPDB
-------------------------------------------------------------------------------

abuseipdb = {
    api_key = {
        ssh = "Key used to report SSH attacks",
        web = "Key used to report Apache attacks",
    }
}

Dynamic DNS configuration (gdns)

If the server shall be accessed from Internet, it shall have a fixed IP or a domain named. rrpi-config can configure a DNS entry on a Gandi DNS record. You will need to buy a domain name at Gandi (or adapt the script for your own needs) and create a configuration table with Gandi API key (~/.myconf).

The script bin/gdns will be created on the Raspberry Pi. It regularly checks the external IP and updates the Gandi DNS record when the external IP changes.

Network monitoring scripts (netmon)

rrpi-config creates two scripts used to monitor the Internet connectivity and the Raspberry Pi:

  1. ~/bin/status: updates /var/www/html/status.html (some statistics about the Raspberry Pi).
  2. ~/bin/netmon: updates /var/www/html/netmon.html (regularly pings some servers to check Internet is reachable). To reset this file, please delete /var/www/html/netmon.csv.

netmon is configured by ~/..myconf.

My ISP modem is very bad and regularly looses Internet connection. A simple workaround is to reboot the modem every night at 4 AM. netmon ignores errors around 4 AM. This behaviour can be changed in rrpi-config.

Fail2ban

Fail2ban is used to ban IP that try to hack the Raspberry Pi. Its configuration is hard-coded in rrpi-config. Banned IPs are reported to AbuseIPDB. AbuseIPDB keys shall be defined in ~/.myconf.

Configuration

  1. Run rrpi-config mypi.local and select Install.

    This will install some Debian packages:

    and configure:

Apache web server

The Apache web server can be used to host an HTTP server on the Raspberry Pi. Its is also required if you plan to install Nextcloud.

  1. Run rrpi-config mypi.local and select Apache.
  2. Select Ssh to connect to the Raspberry Pi.
  3. Run sudo certbot --apache to configure and install SSL certificates.

Radicale

Radicale is a small but powerful CalDAV (calendars, to-do lists) and CardDAV (contacts) server. You can install Radicale if you don’t need Nextcloud.

  1. Run rrpi-config mypi.local and select Radicale.
  2. Choose Radicale user name and password.

Nextcloud

Nextcloud is a complete alternative to Google (calendars, contacts, drive, …) and Dropbox (file synchronization). It works pretty well and integrates perfectly with Thunderbird, Android, … I have a 500 Gb cloud for just the price of a 500 Gb SSD and my data remain mine.

  1. Run rrpi-config mypi.local and select Nextcloud.
  2. Enter the MySQL password.
  3. Some parameters must be applied manually to /var/www/html/nextcloud/config/config.php (see rrpi-config output).
  4. Connect to http:mypi.local/nextcloud to configure the Nextcloud server.

UPnP

The Debian packet minidlna can be used to store and shared media files (music, video, …). Shared files will be stored in /home/pi/dlna.

  1. Run rrpi-config mypi.local and select UPnP.

qBittorrent

  1. Run rrpi-config mypi.local and select qBittorrent.
  2. Run qbittorrent-nox on the Raspberry Pi to start the qBittorrent server (Ctrl-C to stop it).

WORK IN PROGRESS…

This script is constantly updated and the documentation may be outdated. The best is always to read the sources and change them to fit your requirements.