Rebuild Pippin - 2024 Nov edition

[scottmuc]

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing all the previous repave issues. Have fun!

Things to do with the existing build

• [x] Enable DHCP on the router, remove port mapping and statically assign network to PC

  Instructions

  This is very important if repaving from the Windows PC. It being bound to 192.168.2.12 is necessary for the the automation to work. Changing the DNS should be sufficient.

• [x] Shutdown PI

  Instructions

  Make sure the USB drive has spun down before doing any work.

  sudo shutdown -h now

• [x] Create SD card with the latest Raspberry Pi OS

  Instructions

  Using the SD card in the now powered down PI.

  The new installer has options to enable SSH and create a user.

  installer download

  note check if the underlying Debian distribution is changing as this might result in some issues in the playbook execution.

  The Bookworm 64-bit lite image seems to work for now. note as of v1.8.4 of the Imager software, ensure to not select no filtering in the Raspberry Pi Device filter.

Post OS install steps on desktop

• [x] Ensure a working ansible enviroment

  Instructions

  This will exercise the mise setup.

• [x] Turn on the PI and note the IP obtained from the Router

• [x] Clean up old host keys

  Instructions

  The new instance will have new host keys so to ensure host key warning messages don't distract us from the repaving, run the following:

  ssh-keygen -R 192.168.2.10
  ssh-keygen -R pi
  ssh-keygen -R pi.home.scottmuc.com

• [x] Transfer local public ssh key to PI

  Instructions

  In order to avoid the use of sshpass, copy the current sessions public ssh key to to ./ssh/authorized_keys of the pi user on the PI. This user is only necessary to run the bootstrap playbook (which creates an admin ansible user) and will be subsequently cleaned up.

  ssh-copy-id pi@<pi ip>

• [x] Bootstrap with Ansible

  Instructions

  ./ansible.sh and select the bootstrap-playbook.yml

• [x] Add the PI port forwarding

  Instructions

  Needed for the certbot ACME challenge in the next step.

• [x] Complete full configuration

  Instructions

  ./ansible.sh and select the main-playbook.yml

• [x] Reboot PI

• [x] Re-add port mapping to the static IP

• [x] Disable DHCP on the router

• [x] Deploy goodenoughmoney.com

• [x] Clean up host key for ephemeral IP

  Instructions

  Remove host key reference to the temporary IP that was used to bootstrap the device. This cleanup will ensure that an error won't occur in the next refresh if the same IP is used again.

  ssh-keygen -R <ephemeral IP>

• [ ] Make this template slightly better

How Do I Know I Am Done?

• [x] https://www.goodenoughmoney.com/ displays stuff

• [x] https://home.scottmuc.com/music/ loads navidrome and the music is playable

• [x] http://192.168.2.10:9090/ loads and has data

• [x] http://192.168.2.10:3000/ loads and has data

• [x] ipconfig /release and then ipconfig /renew works

• [x] nslookup analytics.google.com is refused

• [x] Print out newly repaved machine details

  Instructions

  ssh ansible@192.168.2.10 -- "cat /etc/os-release; uname -a; dpkg -l" > state.txt

[scottmuc]

End State

PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
Linux pippin 6.6.51+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt3 (2024-10-08) aarch64 GNU/Linux

state.txt

[scottmuc]

Summary

I had to do some things to get this repave to work. I wasn't journaling these things as I just wanted to get it done before the certificates expire. I'll need to do the next repave earlier when I have time to review how I have the automation laid out. There are too many complicated dependencies that are making the ordering of things on first apply that is making it awkward.