Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


apu2_debian_stretch

PCEngines APU2 - Debian 9.3 / Stretch

Note!

  • It seems the APU2 won't boot from USB3 drive and external USB2 card reader. Booting from a USB2 thumb drive was not a problem.
  • This is a netinstall, you'll need an internet connection.

Install Debian 9 (using USB)

  • Download amd64 netinst ISO:
    curl -L -O https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso
  • Copy image to USB drive:
    sudo dd if=debian-9.3.0-amd64-netinst.iso of=/dev/sdb bs=1M status=progress && sync
  • Unmount USB drive.
  • Boot APU2 from USB (press F10 for boot menu).
  • Press h and <ENTER>.
  • Then add the following line:
    install vga=off console=ttyS0,115200n8
  • Press <ENTER> to start install.
  • During install, deselect any desktop environment and select the SSH server and standard system utilities.
  • At first reboot, you'll get the following error:
    text is deprecated. Use set gfxpayload=vga=off before linux command instead.
  • Reboot, and at the grub menu press e and remove the vga=off option. Press ctrl-x to boot.

Post install configuration

  • Log in as root
  • Fix grub:
    sed -i 's/vga=off\ //g' /etc/default/grub
    update-grub
  • Reboot to test.
  • Configure network.
  • Configure SSH. Use SSH to complete the configuration.
  • System should be updated during install, but you can check / install if there are any updates.
    apt-get update
    apt-get upgrade
  • Known watchdog bug.
    [    4.912372] sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver v0.05
    [    4.912619] sp5100_tco: PCI Vendor ID: 0x1022, Device ID: 0x780b, Revision ID: 0x42
    [    4.912630] sp5100_tco: I/O address 0x0cd6 already in use
    
    to fix for now: blacklist the following modules
    cat >> /etc/modprobe.d/blacklist.conf <<EOF
    blacklist i2c_piix4
    blacklist ccp
    EOF
    
  • You can blacklist sp5100_tco if you don't need it.
    echo "blacklist sp5100_tco" > /etc/modprobe.d/sp5100_tco.conf
    update-initramfs -u
    reboot
  • Configure iptables (allow only SSH and ICMP)
    cat > /etc/iptables.rules <<EOF
    *filter
    
    -P INPUT DROP
    -P FORWARD DROP
    -P OUTPUT ACCEPT
    
    -A INPUT -i lo -j ACCEPT
    -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
    
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
    
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
    
    COMMIT
    EOF
    
    iptables-restore < /etc/iptables.rules
    
    cat > /etc/network/if-pre-up.d/iptables <<EOF
    #!/bin/sh
    /sbin/iptables-restore < /etc/iptables.rules
    EOF
    
    chmod +x /etc/network/if-pre-up.d/iptables
  • Configure systemd-timesync:
    sed -i '/^#NTP/c\NTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org' /etc/systemd/timesyncd.conf
    
    systemctl enable systemd-timesyncd --now
  • Beep after boot:
    apt install beep
    
    cat > /etc/systemd/system/beep.service <<EOF
    [Unit]
    Description=Beep when started
    After=multi-user.target
    
    [Service]
    Type=idle
    ExecStart=/usr/bin/beep -f 1800 -l 20 -d 20 -r 10
    
    [Install]
    WantedBy=multi-user.target
    EOF
    
    systemctl enable beep.service
  • Temperature reading:
    apt-get install lm-sensors hddtemp
    
    hddtemp /dev/sda
    /dev/sda: SATA SSD: 33°C
    
    sensors-detect
    sensors
    k10temp-pci-00c3
    Adapter: PCI adapter
    temp1:        +54.4°C  (high = +70.0°C)
                           (crit = +105.0°C, hyst = +104.0°C)
    
    fam15h_power-pci-00c4
    Adapter: PCI adapter
    power1:        5.56 W  (interval =   0.01 s, crit =   6.00 W)
apu2_debian_stretch.txt · Last modified: 2017/12/14 20:35 by admin