=====PC Engines APU2 - Debian 9.6 / Stretch=====
**Note!**
* It seems the APU2 won't boot from USB3 drive and external USB2 card reader. Booting from a USB2 thumb drive was not a problem. Or try to update the BIOS / firmware.
* This is a netinstall, you'll need an internet connection.
* Enable ''Legacy console redirection'' in BIOS.
====Install Debian 9 (using USB)====
* Download amd64 netinst ISO: curl -L -O https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.6.0-amd64-netinst.iso
* Copy image to USB drive:sudo dd if=debian-9.6.0-amd64-netinst.iso of=/dev/sdX bs=4k status=progress
* Unmount USB drive.
* Boot APU2 from USB (press F10 for boot menu).
* Press ''h'' and . \\ {{::debian-serial.png?nolink|}}
* Then enter the following 'install' line the following line:#Press F2 through F10 for details, or ENTER to boot:
install vga=off console=ttyS0,115200n8
* Press to start install.
* During install, deselect any desktop environment and select the ''SSH server'' and ''standard system utilities''.
* At first reboot, you'll get the following error:text is deprecated. Use set gfxpayload=vga=off before linux command instead.
* Reboot, and at the grub menu press ''e'' and **remove** the ''vga=off'' option. Press ctrl-x to boot.
====Post install configuration====
* Log in as root
* Fix grub:sed -i 's/vga=off\ //g' /etc/default/grub
update-grub
* Reboot to test.
* Configure network.
* Configure SSH. Use SSH to complete the configuration.
* System should be updated during install, but you can check / install if there are any updates.apt update
apt upgrade
* Known watchdog problem, it doesn't work with i2c and ccp loaded. [ 4.912372] sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver v0.05
[ 4.912619] sp5100_tco: PCI Vendor ID: 0x1022, Device ID: 0x780b, Revision ID: 0x42
[ 4.912630] sp5100_tco: I/O address 0x0cd6 already in use
* To fix for now, blacklist the following modules.cat >> /etc/modprobe.d/blacklist.conf <
* Alternatively you can blacklist sp5100_tco if you don't need it.
echo "blacklist sp5100_tco" > /etc/modprobe.d/sp5100_tco.conf
* Update initramfs:update-initramfs -u
reboot
* Configure iptables (allow only SSH and ICMP)
apt install iptables-persistent
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
ip6tables -F
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT DROP
# for local resolving
ip6tables -A INPUT -i lo -d ::1/128 -s ::1/128 -j ACCEPT
ip6tables -A OUTPUT -o lo -d ::1/128 -s ::1/128 -j ACCEPT
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
* Configure systemd-timesync:
sed -i '/^#NTP/c\NTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org' /etc/systemd/timesyncd.conf
systemctl enable systemd-timesyncd --now
* Beep after boot:
apt install beep
cat > /etc/systemd/system/beep.service <
* Temperature reading:
apt install lm-sensors hddtemp
hddtemp /dev/sda
/dev/sda: SATA SSD: 33°C
sensors-detect
sensors
k10temp-pci-00c3
Adapter: PCI adapter
temp1: +54.4°C (high = +70.0°C)
(crit = +105.0°C, hyst = +104.0°C)
fam15h_power-pci-00c4
Adapter: PCI adapter
power1: 5.56 W (interval = 0.01 s, crit = 6.00 W)
* Front LEDs [[https://github.com/qu1x/leds-apu2]]:
apt install build-essential curl
curl -O https://daduke.org/dl/apu2-leds.tgz
tar xf apu2-leds.tgz
cd apu2
make
make install
modprobe ledtrig_default_on; modprobe ledtrig_heartbeat
echo heartbeat > /sys/class/leds/apu2:1/trigger
{{tag>[hardware apu2 debian linux ]}}