apu2_debian_stretch
Table of Contents
PC Engines APU2 - Debian 9.6 / Stretch
Note!
- It seems the APU2 won't boot from USB3 drive and external USB2 card reader. Booting from a USB2 thumb drive was not a problem. Or try to update the BIOS / firmware.
- This is a netinstall, you'll need an internet connection.
- Enable
Legacy console redirection
in BIOS.
Install Debian 9 (using USB)
- Download amd64 netinst ISO:
curl -L -O https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.6.0-amd64-netinst.iso
- Copy image to USB drive:
sudo dd if=debian-9.6.0-amd64-netinst.iso of=/dev/sdX bs=4k status=progress
- Unmount USB drive.
- Boot APU2 from USB (press F10 for boot menu).
- Press
h
and <ENTER>.
- Then enter the following 'install' line the following line:
#Press F2 through F10 for details, or ENTER to boot: install vga=off console=ttyS0,115200n8
- Press <ENTER> to start install.
- During install, deselect any desktop environment and select the
SSH server
andstandard system utilities
. - At first reboot, you'll get the following error:
text is deprecated. Use set gfxpayload=vga=off before linux command instead.
- Reboot, and at the grub menu press
e
and remove thevga=off
option. Press ctrl-x to boot.
Post install configuration
- Log in as root
- Fix grub:
sed -i 's/vga=off\ //g' /etc/default/grub update-grub
- Reboot to test.
- Configure network.
- Configure SSH. Use SSH to complete the configuration.
- System should be updated during install, but you can check / install if there are any updates.
apt update apt upgrade
- Known watchdog problem, it doesn't work with i2c and ccp loaded.
[ 4.912372] sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver v0.05 [ 4.912619] sp5100_tco: PCI Vendor ID: 0x1022, Device ID: 0x780b, Revision ID: 0x42 [ 4.912630] sp5100_tco: I/O address 0x0cd6 already in use
- To fix for now, blacklist the following modules.
cat >> /etc/modprobe.d/blacklist.conf <<EOF blacklist i2c_piix4 blacklist ccp EOF
- Alternatively you can blacklist sp5100_tco if you don't need it.
echo "blacklist sp5100_tco" > /etc/modprobe.d/sp5100_tco.conf
- Update initramfs:
update-initramfs -u reboot
- Configure iptables (allow only SSH and ICMP)
apt install iptables-persistent iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 ip6tables -F ip6tables -P INPUT DROP ip6tables -P FORWARD DROP ip6tables -P OUTPUT DROP # for local resolving ip6tables -A INPUT -i lo -d ::1/128 -s ::1/128 -j ACCEPT ip6tables -A OUTPUT -o lo -d ::1/128 -s ::1/128 -j ACCEPT iptables-save > /etc/iptables/rules.v4 ip6tables-save > /etc/iptables/rules.v6
- Configure systemd-timesync:
sed -i '/^#NTP/c\NTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org' /etc/systemd/timesyncd.conf systemctl enable systemd-timesyncd --now
- Beep after boot:
apt install beep cat > /etc/systemd/system/beep.service <<EOF [Unit] Description=Beep when started After=multi-user.target [Service] Type=idle ExecStart=/usr/bin/beep -f 1800 -l 20 -d 20 -r 10 [Install] WantedBy=multi-user.target EOF systemctl enable beep.service
- Temperature reading:
apt install lm-sensors hddtemp hddtemp /dev/sda /dev/sda: SATA SSD: 33°C sensors-detect sensors k10temp-pci-00c3 Adapter: PCI adapter temp1: +54.4°C (high = +70.0°C) (crit = +105.0°C, hyst = +104.0°C) fam15h_power-pci-00c4 Adapter: PCI adapter power1: 5.56 W (interval = 0.01 s, crit = 6.00 W)
- Front LEDs https://github.com/qu1x/leds-apu2:
apt install build-essential curl curl -O https://daduke.org/dl/apu2-leds.tgz tar xf apu2-leds.tgz cd apu2 make make install modprobe ledtrig_default_on; modprobe ledtrig_heartbeat echo heartbeat > /sys/class/leds/apu2:1/trigger
apu2_debian_stretch.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1