- Generate an SSH key pair using PuTTYgen.
- Copy the public key to the server:
type <filename>.pub | ssh pi@<rpi-ip> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"Or manually: Login to the server with the correct user.
mkdir ~/.ssh
nano ~/.ssh/authorized_keysEnsure the public key is on a single line, e.g.
ssh-ed25519 AAA... <user>
- Become root user:
sudo su -- Create SSH config file:
mkdir ~/.ssh
nano ~/.ssh/configAdd the following content:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/github
- Generate the GitHub SSH key:
cd ~/.ssh
ssh-keygen -t ed25519 -C "your_email"
cat ~/.ssh/github.pub- Add the public key to your GitHub account:
- Go to
GitHub > Settings > SSH and GPG keys > New SSH key - Paste the public key and give it a title.
- Click
Add SSH key.
- Go to
apt install git expect -y
cd ~
git clone git@github.com:GreenMachine582/HomeLab.git
mv HomeLab homelabSetup GreenTechHub project:
git clone git@github.com:GreenMachine582/GreenTechHub.git
mkdir ~/homelab/python_projects
mv GreenTechHub ~/homelab/python_projects/greentechhub- Create the user:
sudo adduser github-deploy --disabled-password --gecos ""- Fix permission for the GitHub key:
sudo chown github-deploy:github-deploy /root/.ssh/github- Setup SSH access for
github-deploy(same steps as section 1).
Ensure the key is of openSSH format and without passphase, if not, convert it using PuTTYgen.
- Test the SSH connection
- Allow passwordless execution of deploy script:
sudo visudo -f /etc/sudoers.d/github-deployInsert the following line:
github-deploy ALL=(root) NOPASSWD: /root/homelab/deploy_homelab.sh
github-deploy ALL=(root) NOPASSWD: /root/homelab/scripts/deploy_project.sh
- Update the system and SSH configuration:
sudo apt update && sudo apt upgrade -y
sudo nano /etc/ssh/sshd_config- Change or ensure the following lines:
AddressFamily any -> AddressFamily inet
ListenAddress 0.0.0.0 -> ListenAddress 0.0.0.0
PermitRootLogin yes -> PermitRootLogin no
PublicKeyAuthentication yes
PasswordAuthentication yes -> PasswordAuthentication no- Restart the SSH service:
sudo systemctl restart ssh- Disable root Bash history:
sudo su -
sed -i -E 's/^HISTSIZE=/#HISTSIZE=/' ~/.bashrc
sed -i -E 's/^HISTFILESIZE=/#HISTFILESIZE=/' ~/.bashrc
echo "HISTFILESIZE=0" >> ~/.bashrc
history -c; history -w
source ~/.bashrc- Disable pi sudo nopassword:
rm /etc/sudoers.d/010_*- Set root and user password:
passwd root
passwd <user>- Disable Bluetooth & Wi-Fi (Optional):
echo "dtoverlay=disable-bt" >> /boot/config.txt
echo "dtoverlay=disable-wifi" >> /boot/config.txt- Allow IPv4 only:
mkdir -p /etc/sysctl.d
cat << "EOF" > /etc/sysctl.d/99-disable-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF
sysctl --system- Enable ufw and configure firewall rules:
apt install ufw -y
bash ~/homelab/scripts/setup-ufw.shTo view the current status of UFW with numbered rules:
ufw status numbered verbose
⚠️ Test SSH access before applying the firewall rules to ensure you don't lock yourself out.
- Disable swap:
systemctl disable --now systemd-zram-setup@zram0.service
systemctl mask systemd-zram-setup@zram0.service- Update APT index and upgrade packages:
apt update && apt upgrade -y
reboot- Run Docker 🌐install commands:
sudo su -
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc- Add the Docker repository:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
- Install Docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-pluginEnsure you have an M.2 drive installed and formatted with
ext4filesystem.
⚠️ Run all commands as root
- Identify:
lsblk -o NAME,PARTUUID,FSTYPE,SIZE,MOUNTPOINT,LABEL- Mount:
mkdir /mnt/m2drive
mount /dev/<name> /mnt/m2drive- Make it persistent:
nano /etc/fstabAdd:
PARTUUID=<part_id> /mnt/m2drive ext4 defaults 0 2
- Test:
df -h /mnt/m2drive- Change Docker's global volume storage location:
mkdir -p /mnt/m2drive/docker
mkdir -p /etc/docker
nano /etc/docker/daemon.jsonAdd the following content to the file:
{
"data-root": "/mnt/m2drive/docker"
}- Then restart Docker service to apply the changes:
systemctl restart docker- Install dhcpcd5:
apt install dhcpcd5 -y
nano /etc/dhcpcd.conf- Add the following lines at the end of the file:
interface eth0
static ip_address=192.168.xx.xx/24
static routers=192.168.xx.1
static domain_name_servers=192.168.xx.1 1.1.1.1
- Apply:
systemctl restart dhcpcd- Disable Apache2
systemctl disable --now apache2- Run project 🗒️setup script:
Ensure to add/configure
.envfiles before running the setup script.
cd ~/homelab
bash setup.sh- Monthly Update Script Edit the crontab and add the following line to run the monthly update script:
crontab -eAdd:
0 2 1 * * ~/homelab/monthly-update.sh
Runs at 2 AM on the 1st of every month.
- Systemd service testing Below are the implemented systemd services for the HomeLab setup. You can test and check their status using the following commands:
systemctl start on-boot.service
systemctl status on-boot.service(Same for: on-shutdown.service, on-ssh-success.service)