I have a small fleet of Raspberry Pis (mostly the Pi 4 Model B), which I use at home for various tasks.
They are all firewalled off and are reachable via Tailscale. A small number of the services they run are also exposed to the local network.
What they run
As of the time of writing, services I run on the Pis include the following:
- Nextcloud
- Photoprism
- Home Assistant
- Jellyfin
- FreshRSS
Storage
I use large SSDs (e.g. this one) for the Pis that require extra storage, such as for my photos. These are connected via USB3-SATA cables (such as these).
Encryption
For sensitive data, I encrypt the enclosing directories using Fscrypt. Follow the instructions on the Arch Wiki.
OS
I tend to use Manjaro Linux as an OS for the Pis.
Setup notes
To setup a new Pi I follow this rough guide:
- Prepare a micro SD card with the chosen OS (e.g. using the official imager)
- Boot the Pi
- Get the IP address (from your router or otherwise) of the Pi
- SSH into the new OS (default user:
rootwith no password) - Set-up in the usual way (e.g. create non-root user, harden in usual way)
- Update all current packages
pacman -Syyu - Install new packages (
pacman -S vim tailscale docker ufw) - Bring up and enable services
- Configure Tailscale (
tailscale up) - Configure UFW (
ufw allow in on tailscale0,ufw default deny,ufw enable) - Add non-root user to
dockergroup (usermod -aG docker will) - Pull and run required Docker containers
Note: Make sure to use the arm64 version of any Docker images required.