From Sid down to Bullseye: installing Armbian on NanoPi M4 v2
Well, as on July 2022 Armbian Bullseye release did not boot on my NanoPi M4v2. Shit happens. Reflashed microSD with Sid and it seems to work well. After installation I downgraded the system to Bullseye. This note describes the process in details with all tweaks to the base system, logging, ssh server, LED control, and desktop environment with VNC server. As of now this is a summary of my best practices.
I apply many tweaks immediately after flashing the distro to microSD card, before booting. So, need to mount it:
mkdir /mnt/microsd mount /dev/mmcblk0p1 /mnt/microsd
For headless SBCs I usually start from editing /mnt/microsd/etc/network/interfaces, but my mediacenter has display and keyboard attached so I skip this step. Also, as a side project I implemented ethwifi network manager. I placed it in /mnt/microsd/root directory and the systemd unit in /mnt/microsd/etc/systemd/system directory. The unit should be activated after boot.
Make tweaks to /mnt/microsd/root/.bashrc:
Disable SSH password authorization and use public key authorization only:
mkdir /mnt/microsd/root/.ssh chmod 700 /mnt/microsd/root/.ssh
Create file /mnt/microsd/root/.ssh/authorized_keys with my SSH public key.
Disable systemd-journald logging. Make change to /mnt/microsd/etc/systemd/journald.conf:
Disable armbian-ramlog. I use bare tmpfs instead. In a few cases when I needed logs, they were lost anyway. I mean if something goes really wrong, ramlog has no chances to flush logs back to microSD. So, make change to /mnt/microsd/etc/default/armbian-ramlog:
Log rotation tweaks. Edit /mnt/microsd/etc/logrotate.d/rsyslog and change
rotate 4 weekly
rotate 1 daily
Apply same tweaks to /mnt/microsd/etc/logrotate.conf.
Remove the following lines from /mnt/microsd/etc/cron.daily/logrotate:
# skip in favour of systemd timer if [ -d /run/systemd/system ]; then exit 0 fi
Add the following line to /mnt/microsd/etc/fstab:
tmpfs /var/log tmpfs nosuid,noexec,nodev,mode=755,size=1M 0 1
Yes, 1M for daily logs is more than enough. If not, the system is misconfigured.
And while fstab is edited, limit the size of /tmp as well. I use 32M limit.
In my opinion, this is absolutely unnecessary thing. No benefits. Edit /mnt/microsd/etc/default/armbian-zram-config:
Final tweaks before booting
Add password hash for the root user to /mnt/microsd/etc/shadow. The has can be generated with
mkpasswd command. In past Armbian setup accepted any initial password but now they made it much more restrictive. Worse, after a few unsuccessful attempts the initialization fails and will never boot desktop environment.
For mediacenter I don't want any passwords. Given that I purge
sudo, 12345 is more than enough for console login. Desktop environment does not need a password at all.
Delete /mnt/microsd/root/.not_logged_in_yet. We have configured almost everything manually.
Boot and setup networking
I use ethwifi, so the first thing is to purge all unnecessary networking tools:
apt purge network-manager* networkd-dispatcher* avahi* netplan* ifupdown resolvconf
systemd stop wpa_supplicant systemd disable wpa_supplicant
ethwifi is already in place, enable and start it:
systemd enable ethwifi systemd start ethwifi
Re-generate SSH keys
rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server
I don't remember if SSH server is enabled, just in case:
systemctl enable ssh
Purge unnecessary packages
unattended-upgrades: I always upgrade manually.
vnstat: I don't need to collect network statistics on the mediacenter.
sudo: unnecessary security hole
mc, mc-data: unnecessary Midnight commander, not Unix way
Disable some services
Getty is unnecessary for me:
systemctl mask console-getty serial-getty
My mediacenter is fanless:
systemctl stop nanopim4-pwn-fan systemctl disable nanopim4-pwn-fan
I don't need SMART daemon:
systemctl disable smartmontools
Disable sysstat cronjobs:
Drop one more systemd crap:
systemctl disable logrotate.timer
I have a bunch of JMicron USB-SATA adapters, so I add 152d:0578:u to usbstoragequirks in /boot/armbianEnv.txt.
Blinking LED is annoying. This is how to turn it off:
echo 0 >/sys/class/leds/status_led/brightness
Just in case, here's how to turn it on:
echo default-on >/sys/class/leds/status_led/trigger
Systemd unit for turning the LED off at startup /etc/systemd/system/led-off.service:
[Unit] Description=Turn blinking LED off [Install] WantedBy=multi-user.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/bash -c "echo 0 >/sys/class/leds/status_led/brightness"
Install desktop environment and other software
apt install xorg xfce4 xfce4-xkb-plugin xfce4-terminal xfce4-power-manager xfce4-power-manager-plugins \ pulseaudio pasystray pavucontrol lightdm accountsservice alsa-ucm-conf x11vnc \ xscreensaver xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra \ fonts-arphic-ukai fonts-arphic-uming fonts-beng fonts-dejavu fonts-deva \ fonts-font-awesome fonts-freefont-ttf fonts-gubbi fonts-gujr fonts-guru fonts-indic \ fonts-liberation fonts-liberation2 fonts-mathjax fonts-mathjax-extras \ fonts-noto-mono fonts-opensymbol fonts-samyak* fonts-stix fonts-symbola \ fonts-texgyre fonts-thai-tlwg-ttf fonts-unfonts-core fonts-unfonts-extra \ zip unzip unrar lz4 zstd poppler-utils ghostscript \ gthumb ristretto atril libjs-mathjax-doc distro-info autofs nftables \ mplayer mpv qmmp chromium firefox
Create desktop user:
useradd -g users user
Enable autologin. Edit /etc/lightdm/lightdm.conf:
[Seat:*] autologin-guest=false autologin-user=user autologin-user-timeout=0
Disable root login for desktop environment. Edit /etc/pam.d/lightdm and add the following line in the beginning, after session directives:
auth required pam_succeed_if.so user != root quiet
I use x11vnc, launched by XFCE. Configured in Session and Startup, Application Autostart:
x11vnc -shared -forever
How to install particular kernel
In the process of installation I tried to downgrade the kernel. This is how:
apt install linux-dtb-current-rockchip64=22.05.3 linux-image-current-rockchip64=22.05.3 apt-mark hold linux-dtb-current-rockchip64 linux-image-current-rockchip64
Downgrading from Sid to Bullseye
The reason for downgrade was segmentation fault in
mpv. Mplayer worked well, though.
Changed sid to bullseye in /etc/apt/sources.list and created /etc/apt/preferences:
Package: * Pin: release a=stable Pin-Priority: 1001
apt update apt dist-upgrade
There were some quirks after downgrade. Here's a summary how to fix them:
apt purge policykit-1 apt install policykit-1 policykit-1-gnome apt install --reinstall dbus apt purge libwbclient0 apt install --reinstall mpv apt purge firefox chromium apt install firefox-esr
I failed to make chromium working.
Also, there's no easy way to install latest Firefox. Flatpak is useless because there are no precompiled binary for aarch64. Installing from Sid is not an option as well because it needs latest libc and other dependencies which may break all the rest.