Raspberry Pi Home Server Setup (opinionated walk-through)

At home in my local network I run a small Raspberry Pi as a server for ad-blocking with Pi-hole and (hopefully in near future) with an internal family photo gallery based on HomeGallery.

Today I want to walk you through my way of setting up a new Raspberry Pi as a home server. Note that this is only one of many, many ways to setup a server. I choose this one because I find it easy and the result "good enough" to get started.

This blog post is for you if you are either new to a Raspberry Pi or of you want to copy some commands to save some time.

  1. Operating System installation
  2. Switch from Desktop to SSH
  3. Disable Wifi and Bluetooth
  4. Assign a static IP address
  5. Enable public key login
  6. Disable root and password login
  7. Delete stored WiFi password
  8. Enable unattended upgrades
  9. Reclaim SD card space
  10. Stop unneeded services
  11. Install Log2Ram
Raspberry Pi logo

Operating System installation

For the initial setup you can use the Raspberry Pi Imager to install the Raspberry Pi OS on your SD card. I find the initial setup more convenient with the desktop UI. As soon as the connection via SSH works, we will disable the UI and (maybe) uninstall some of the larger packages.

After the first time boot just finish the OS configuration in the wizard. You may even configure Wifi to have less cables on your desk. We can disable it again later.

Switch from Desktop to SSH

After the initial OS setup we can start scaling down. For a server we need SSH instead of the Desktop. Open the Raspberry Pi Configuration in the start menu and adjust it as follow (do not reboot right now):

  • on tab System
    • set you password
    • … and your hostname, eg. raspberry.lan
    • boot to CLI
    • no auto-login
    • no waiting for network
  • on tab Interfaces
    • enable SSHd

Save the settings but do not reboot now as we want to change some other settings as well.

Disable Wifi and Bluetooth

Usually my Raspberry Pi Home Server resides near my router and I prefer a cable connection over Wifi. I usually switch off Wifi and Bluetooth — mostly to reduce energy consumption but also as a protection against unauthorized access.

To permanently disable Wifi and Bluetooth you can edit the boot configuration at /boot/config.txt and insert the following lines. Changes apply after the next reboot.

# Disable Bluetooth dtoverlay=disable-bt # Disable WiFi dtoverlay=disable-wifi

Assign a static IP address

The Raspberry uses the DHCP of your router per default. This is usually fine. In my case I want my home server to have a static IP which never changes. Note that your DHCP must not assign this IP to another device.

I added the following lines to /etc/dhcpcd.conf. You can read this article for more details.

interface eth0 # /24 means the subnet mask is 255.255.255.0 static ip_address=192.168.12.34/24 static routers=192.168.12.1 # those are Google DNS static domain_name_servers=8.8.8.8 8.8.4.4

Now is a good time to reboot and connect the Raspberry Pi via cable. You should be able to login with password via SSH.

Enable public key login

On our servers we always disable password authentication. It is more safe and more convenient to login via a public key. If you want to login via password, just skip the SSH configuration.

Before disabling password login and locking ourselves out we must enable login via public key. Copy your public key into ~/.ssh/authorized_keys as follows.

# login on the raspberry pi ssh pi@192.168.12.34 # be sure to be in the home directory cd # create the SSH config folder mkdir .ssh chmod 755 .ssh # create the authorized_keys file touch .ssh/authorized_keys chmod 600 .ssh/authorized_keys # now copy-paste you public key into this file nano .ssh/authorized_keys # (in another shell) test public key login ssh pi@192.168.12.34

Disable root and password login

Now let’s disable SSH login as root user or via password. You have to adjust the /etc/ssh/sshd_config such that it contains the following two lines. There are probably some lines you can comment in and adjust.

PermitRootLogin no PasswordAuthentication no

Now make the SSHd to reload and read the new settings. Do not close the current session before you logged in via another terminal. Otherwise you can still lock yourself out.

sudo service sshd reload # (in another shell) test before logging out # should work only with public key # … and should not ask for pi's password ssh pi@192.168.12.34 # should not work at all ssh root@192.168.12.34

Delete stored WiFi password

Remember the WiFi password we entered during the initial setup? It is still stored on the Raspberry. You can delete it as follows.

# delete the stored wireless network sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Enable unattended upgrades

It is just a small home server but I want to install security updates nonetheless. I would probably forget about it, so I enable auto-updates.

In theory it might cause problems which require manual attention though it rarely does. I rather have a server down before not installing security related updates. In the first case I have a problem and I know it; in the latter I have a problem and don't know about it. Feel free to have your own opinion though.

You can enable auto-update as follows:

sudo su # install unattended-upgrades apt update apt install -y unattended-upgrades # enable auto cleanup (optional) cat > /etc/apt/apt.conf.d/20auto-upgrades <<EOF APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "7"; EOF # start unattended-upgrades service unattended-upgrades start

Reclaim SD card space

The Raspberry Pi OS comes with a bunch of installed packages which I find great to get started. However if you want to free some disk space you can quickly find the largest packages and identify some to uninstall.

sudo su # list installed packages ordered by size dpkg-query \ -Wf '${db:Status-Status} ${Installed-Size}\t${Package}\n' | \ sed -ne 's/^installed //p' | \ sort -n # uninstall large unneeded packages apt remove what-you-do-not-need # remove dependencies as well apt autoremove

I decided to keep the installed packages.

Stop unneeded services

There might be some unneeded services running as well. I do this for the same reason I disabled WiFi and Bluetooth. However the reduction in energy consumption in this case is probably much, much less.

You can inspect all running services including their description with the following command.

sudo su # list running services including description service --status-all | \ grep '+' | \ cut -d ' ' -f 6 | \ xargs -Iservice bash -c \ 'echo service; \ echo $(cat /etc/init.d/service | grep -i description); \ echo '

Note that some services need to be uninstalled. Otherwise they re-activate after reboot. Just try it out.

You know best what you need or want to keep around. I disabled the following services:

sudo su apt remove cups apt autoremove # Short-Description: CUPS Printing spooler and server # Description: Manage the CUPS Printing spooler and server; # Short-Description: cups-browsed - Make remote CUPS printers available locally # Description: This daemon browses Bonjour broadcasts of shared remote CUPS systemctl disable triggerhappy systemctl stop triggerhappy # Short-Description: triggerhappy hotkey daemon # Description: triggerhappy hotkey daemon

Install Log2Ram

After reading over the blog post, my Sandstorm college Theo hinted me to another nice little package: Log2Ram. It reduces write access to the SD card by collecting system logs in main memory for a day (per default) before writing them to the SD card.

I have no experience whatsoever with this service, but want to give it a try. So can you if you want to. You can install and configure it with the following commands. Please consult the docs for details.

sudo su # add package repository echo "deb http://packages.azlux.fr/debian/ bullseye main" | \ sudo tee /etc/apt/sources.list.d/azlux.list wget -qO - https://azlux.fr/repo.gpg.key | \ sudo apt-key add - # install log2ram apt update apt install log2ram # adjust the settings (optional) nano /etc/log2ram.conf # reboot reboot

After rebooting I checked for Log2Ram and it failed to start. My logs at /var/log were too large (already? how?). Without further investigation I deleted some larger log files and restarted Log2Ram. Looks fine now.

sudo su # check log2ram systemctl status log2ram # clean up some logs cd /var/log du -hd1 # now remove what can be removed # restart log2ram and check again systemctl restart log2ram systemctl status log2ram

Thanks for reading

This concludes my preparation of the Raspberry Pi home server. Now I can start installing Pi-hole and HomeGallery. This is worth another blog post in the future.

If you have any question or suggestion please get in touch!