While these tutorials are a great way to teach system administration to those who want to start tinkering, I wish people would put more energy into building well crafted firmware images using frameworks like openembedded or buildroot and teaching people how to use those.
Most of the raspbian-based tutorials or images out there treating the raspberry pi like a normal server are just going to trash the SD or fail because system state is mutating in unexpected ways.
Start building immutable images that hold temporary data strictly in RAM.
Its true that buildroot/yocto-based immutable images are a lot more resilient and prevent regular sd-card death, for most one-off uses you can get 90% of the way by simply using the "overlay file system" option in raspi-config already built-into the Raspberrypi OS.
Essentially, you start with your Rpi OS, configure it the way you want it - install services etc, and once you are done, just do "sudo raspi-config", select "Performance Options" and under that enable "overlay file system" (also select "read-only /boot" when asked). Reboot when prompted to complete this setup.
This will cause all changes to go to a temporary ramfs - and these changes will be lost on reboot. Most importantly, this means your SDcard won't be written to at all during normal operation. Do note that if you are using one of the older Rpis with 1GB RAM, you might face issues with RAM availability - depending on the amount of changes you make while the overlay is enabled. RPI4 variants with 4GB/8GB ram work really well, though.
If you do need to make persistent changes, just repeat the process starting with "sudo raspi-config", disable the overlay and read-only /boot, reboot, make changes, then renable the overlay. Its is a good idea to do an apt update/upgrade every month of so after disabling overlay.
Another thing you can do is to simply use USB sticks or USB drives as boot media (on RPI4). Those have much better lifetimes than sdcards, and are much faster as well.
While this does not compare to the performance/speed/safety/etc of a fully custom buildroot/yocto image, its a good compromise considering its almost effortless.
Shameless plug: I build such custom OS images for RPI and other SBCs for a living.
>Another thing you can do is to simply use USB sticks or USB drives as boot media (on RPI4). Those have much better lifetimes than sdcards, and are much faster as well.
>Shameless plug: I build such custom OS images for RPI and other SBCs for a living.
I havent seen anyone using a rpi to usb boot other pi's via a usb hub, do you think thats possible? :-)
That needs the "boot host" rpi to be a usb device or usb otg - afaik, only the pi0 and pi4 have usb otg. These can emulate a usb storage device via the usb gadget subsystem. Additionally, only RPI4 has USB boot capability, and it does not work with all usb devices.
More importantly - something like this can only be hooked up to _one_ boot device, so the usb hub and multiple pi's are a no go. I don't see any advantage compared to just using a usb stick instead of making a rp0/rpi4 pretend to be a usb stick.
You should look into network booting the multiple pi's - if thats suitable for your use case. You will still need an sdcard in each pi to provide the network bootloader, but once the boot is done, the sdcard isn
't used anymore (until the next boot)
I have some buildroot external trees on github that build images using github actions. It's for personal stuff I needed and only need to update occasionally.
The Buildroot manual is fantastic and it's worth working through the getting started section to get an idea. It boils down to creating a br_external tree that contains everything necessary to create a custom sdcard image as documented here:
Building images from a br_external tree is pretty trivial, see the gitub actions in these example repos:
This builds a raspi4 64 bit image for tvheadend (I'm using this image for a SAT-IP TV dish w/ Kodi clients in my sister's house - so far no complaints about a crashed tv server after 1.5 years of uptime). This image runs the whole rootfs from initramfs w/o mounting a persistent root filesystem. I don't care for the additional ~150MB RAM that is used in this use case:
My most recent buildroot based raspi image builds a 32 bit image pulling binary distribution of openhab and it's recommended jre into the image, running them from a read only root filesystem. I'm using this to reliably run openhab home automation in multiple places. This repo also is a br_external tree and embarrasingly doesn't have a README yet, I really really need to write one becaus I think it's quite useful and mature.
Speaking of building immutable images - I want to do that for one of my projects, but scanning the docs for buildroot and yocto, I don’t see anything about applying updates - which is the part where I most want an off-the-shelf battle-tested solution so I won’t need to fly out and fix it in person.
Specifically, I want to have a disk image with two root partitions - by default (ie, what I flash to the SD card) the first partition has a read-only root FS and the second is empty. When an upgrade is ready, the system downloads the update from the internet, writes it to the second partition, and reboots - if the reboot is successful and the system passes health checks, it marks partition 2 as the default. If something goes wrong, it reboots again back into the original partition. (Then when v3 comes out, v2 downloads and writes it to the first partition, etc)
I keep thinking “surely this must be a solved problem?”, but I can find very little information about it; and the few things I can find are proprietary cloud-based management systems, when I’d much rather have my image hard-coded to poll an update-feed-URL that I control myself...
I am going to show you, how you can install telephony server Asterisk on a small computer RaspberryPi in order to be able to make calls from your computer or smartphone to ordinary phone numbers. So basically, you will end up literally with your own PBX in your pocket. Actually no, because RaspberryPi needs to be connected to power supply and network, and you would look weird with cables going into your pocket, but you get the idea.
I've worked with Asterisk in a former job, but we needed a VOIP provider to make the link to the normal network. But everyone connected to the company Asterisk server could phone with eachother for free, all around the world.
How is this better than just getting a VoIP line in the country you want cheap calls to/from, and installing a SIP softphone app on your phone or computer?
Or using something like Signal, where the call is not only better than "HD voice", it's e2ee encrypted? There are other services that offer varying levels of encryption.
Does it really cost lots of money to call someone from one part of the EU to another?
As an American I resent how much I have to pay for cellular data (though things are certainly better than they used to be; I've now got ~4GB for slightly under $20/month) but the concept of having to pay extra charges for calling someone who is ~100 miles away is quite foreign/confusing, especially given the EU is, well....the EU?
Unlimited calling is virtually defacto here, as is free long distance calling. I can call someone 3,000 miles away and it doesn't cost me a dime.
Area codes are so irrelevant these days that nobody really bothers to switch phone numbers even when they move cross-country.
I run my own XMPP server, and I can literally call anyone anywhere in the world on the XMPP network. End-to-end encrypted. No phone numbers required. For free.
So one of the things you can do with Asterisk and Freeswitch on the PSTN network is hook up a Cisco/Linksys SPA122 adapter or use something more recent. If using a VOIP line, some providers in some countries let you control the VOIP line entirely so you can spoof phone numbers to the PSTN network, and as Asterisk/Freeswitch lets you do things like call record and will send the ringing tones (or what ever you choose to play to someone calling your VOIP line) before you answer it, you can also listen to people talking waiting for you to pick up and answer or direct to a voicebox. In effect you can create a voicebox where you never get charged for leaving a message, ideally for covert activities, legal or otherwise, and its done because of the way the channels are handled. Whilst you are playing the dialling tone back to the caller, you have asterisk/freeswitch setup to record the call from the time the tones are played to the caller, only you never answer and the caller can leave whatever message on the PBX because officially according to internation standards a call was never made and thus charged for. I dont know the legality of it, but it seems to be an exploitable weakness in international standards, for covert activity.
There's lots of things you can do with these and Freeswitch also works on a Pi2B.
You'll find some telco providers have just taken Asterisk or Freeswitch and recoded it enough to class it as their own, but you could run an entire phone company in a country on Asterisk/Freeswitch if the HW is powerful enough.
So if you want to do some HW hacking, you could start with any old modem and turn it into your own SPA122, and once you have done that you could look at taking an ADSL router and turn it into a SPA122 of sorts. These are just devices with some hw capabilities but could do more.
This is guaranteed to give you more privacy because the data stays inside your own VPN. When using any 3rd party infrastructure all packets can be silently duplicated/mirrored to snooped upon by altering setup and teardown, e.g. mitmproxy.
> How is this better than just getting a VoIP line ..
Many countries block this, and even make it illegal for international calls. Both for security and financial reasons. Telecom companies around the world have an understanding with other on interconnection charges. Security reason should be obvious - it is easier to track people and collect metadata on foreign calls if everything happens through your network.
E.g. Many countries even block voice calls through Signal, Skype, WhatsApp etc.
I agree. Only businesses and VoIP hobbyists bother to self-host their PBX. And smaller businesses are often better off using a hosted service. The time money and hassle spent setting this up and maintaining it can buy a lot of calling plan minutes or months. Or you could train your contacts on how to use Signal.
Yes, calling any other EU country from the EU costs a lot. 1 dollar/minute and more. The most expensive plans (50+ dollars a month) usually include 100 EU minutes or so, but not many people have these plans.
Data costs vary a lot across the EU. I pay 70 dollars a month for unlimited data with unlimited speed, for example.
That's not true for over two years. Capped by EU at 19 eurocents a minute. And 70 dollars is pretty expensive, I think you should check if there aren't better deals available (I assume it's CZ?)
Security is paramount when running your own PBX. Make sure all SIP extension passwords are strong and any IVRs do not allow unauthenticated callers to get a dial tone. Otherwise toll fraudsters can make tens of thousands of dollars of calls in one night!
Most of the raspbian-based tutorials or images out there treating the raspberry pi like a normal server are just going to trash the SD or fail because system state is mutating in unexpected ways.
Start building immutable images that hold temporary data strictly in RAM.