I have a small fleet of Raspberry Pis (mostly the Pi 4 Model B), which I use at home for various tasks.
They are all firewalled off and are reachable via Tailscale. A small number of the services they run are also exposed to the local network.
What they run
As of the time of writing, services I run on the Pis include the following:
- Home Assistant
For sensitive data, I encrypt the enclosing directories using Fscrypt. Follow the instructions on the Arch Wiki.
I tend to use Manjaro Linux as an OS for the Pis.
To setup a new Pi I follow this rough guide:
- Prepare a micro SD card with the chosen OS (e.g. using the official imager)
- Boot the Pi
- Get the IP address (from your router or otherwise) of the Pi
- SSH into the new OS (default user:
rootwith no password)
- Set-up in the usual way (e.g. create non-root user, harden in usual way)
- Update all current packages
- Install new packages (
pacman -S vim tailscale docker ufw)
- Bring up and enable services
- Configure Tailscale (
- Configure UFW (
ufw allow in on tailscale0,
ufw default deny,
- Add non-root user to
usermod -aG docker will)
- Pull and run required Docker containers
Note: Make sure to use the
arm64 version of any Docker images required.