How to prepare a self-hosted machine I gift to remote friends

system

Here is the basic process I follow when gifting a self-hosted device to friends and family, as described on Byebye Raspberry Pi episode of Linux Prepper.

Caveats

Requires basic understanding of Linux, so you'll need to be using it.
- use of a terminal, basic package manager commands ala apt-get, ssh, VPN usage ala wireguard (hosted on a VPS, Tailscale, Netbird, etc), editing text in the terminal with nano, vi, etc.
- Perhaps this guide could be adapted to beginners in the future. Let me know how following along is for you!!
Focus on arm64 devices, such as the Debian-based flavors of Raspberry Pi's Raspberry OS (formerly known as Raspbian, Diet Pi, Armbian (Odroid), Ubuntu, etc. Should apply to amd64 / x86.
- Guide assumes you are running Debian, or a spinoff like Ubuntu, but can be applied to any variation of Linux.
Test each step. Best to fix issues as they crop up, which is wont to happen in these situations. Assume any change you've made, and not confirmed, is an automatic fail.
- It is outside this guide, but the best method I've found for confirming my work is to keep copious notes and run every aspect of this process through Ansible, because if it fails to execute in Ansible you are 100% clear that you failed up front. This is obviously a whole other topic, so consider a "nice to have" way to manage devices, but also system architectures, distributions, etc. Thank you Red Hat!
- Nix types, all love to you, but this almost off-topic recommendation might also be treated as a holy war of sorts so please understand this guide is simply a guide. 💘

I already had these devices in production for a few years, so none of them were brand new in terms of setup... I just didn't want to hold onto all of them. 😅 We're focusing entirely on the terminal, because we are forcing ourselves to work remotely... the terminal is the way we will handle things, be it locally or remotely.

Managing your username (and permissions)

Best to confirm the user of a particular device is functioning properly. This means confirming you have:

A regular user on the computer you intend to gift, not just root!
- If typing sudo returns a privilege / permission error, that is totally unacceptable! We must have the ability to perform basic maintenance like installing package updates.
- For the sake of sanity root is a total no here as a security and privilege nightname. Worst case scenario you are on root and can make a new user following this nice guide: grandma

You'll be adding this user to sudo group and/or wheel group for privilege escalation support, using the above guide like this:

sudo usermod -aG sudo grandma

This is critical, because the user needs to be able to take privileged actions on the remote machine.

Optional: Having a user account also allows you to further restrict the remote machine using tools like SSH, if you choose to write your own restrictive sshd config, etc.
Outside of this guide, but highly recommended to understand how SSH works, especially if you want to lock things down in a manner you feel comfortable.
Because such a step is recommened as a "nice to have", never ever edit ssh configs remotely. Ask me how I know, haha, you'll have to wait until the next time you see the literal machine to fix it. Yikes.
If interested in this step, I consider editing ssh configs the best first step in learning how to run Ansible, as mentioned above.
If you've done this, congratulations! Be sure to track your access detail in your SSH Config as well in /etc/.ssh/config for more bonus points.

Understanding Permissions is Mandatory

If you run into any issues with the user account and their permissions, you must resolve those before moving forward in the guide. Thankfully, permissions in Linux are not horrible to understand thanks to tons of great info online. You'll need to at least answer these questions:

What is the difference between 777 and RWXRW-RWX
How is ls -la useful within pwd ?
When you execute a sudo command for your user, does it work?

Try sudo apt-get update and confirm it works.
Are you able to execute apt-get update without needing sudo as a non-root user?

Apologies if this already feels like climbing Mount Everest! Don't worry, it was worth it! Now you can log into the machine and complete the rest of the guide!

Writing a hostname that is actually useful.

hostname is something I'm historically confused by. It feels totally needless, but suddenly it actually matters to me. As mentioned in despecialized episode, I personally make my hostname something like r0 because it tells me it is the first Raspberry Pi I purchased.

This is because I'm running more than one of the same device, so I can identify the difference at a glance between r0 and r1

Setting up a new Linux server requires a username and hostname. You might end up with something like:
pi@raspberry or
doug@dougslaptop

Since this machine is leaving my home, I found the r0 hostname slightly confusing since the device is leaving my home. I get around this by editing the hostname directly. Editors is a holy war in open source, but I would personally recommend understanding nano and vi in order to edit text in the terminal in 99.9999999% of all situations. I cannot imagine anyone would regret understanding the basics of these universal tools. Please accept this is a basic suggestion and let's not discuss text editors here outside of good faith. 🥰

Editing the hostname

You need to edit the computer name in two files:

/etc/hostname

and

/etc/hosts

If it doesn't show up in /etc/hosts don't worry about it. Please see this nice, clear guide for more information

Choosing a useful hostname

This is really up to you, but I think it is nice to make the name into something especially clear for both you and the recipient. Let's say it is going to your grandmother's cottage, so we'll change the name to cottage

Don't forget to confirm after restarting, etc. that your hostname is changed to the intended cottage.

Remember we will test each change we make 🏁 as part of proceeding, to save having to fix something once the device has left our hands.

Setting up Avahi agent, to make that hostname useful for the recipient!

If avahi is not installed, follow a guide like this to install and enable from boot in systemd
Once installed, edit avahi-daemon.conf and create your own local network available name, even if your device still has a name like r0

Default avahi is to your existing hostname.local
In this example, we'll set avahi to cottage
You'll now be able to type cottage.local instead of ip.add.r.ess

You should now be able to access services on your device locally as 🎆 cottage.local or cottage.local:$PORT 🎊
Avahi, also known as Bonjour, supports super useful services like Samba and Printers as well! See this cool guide on setting up a Raspberry Pi as a Timemachine Backup server for ideas.

Tmux enters the screen 😆

Once we are SSH'ed onto this box as a our user, now what? Personally, I have no idea what is going on at a glance... every terminal screen looks the same.

Terminal session management is done in screen or tmux. Both are great (no holy war, please 😅).

apt-get install tmux
Add tmux to ~/.bashrc to auto-start your tmux session over SSH
Edit tmux config to taste, both aesthetically and functionally.
- Make sure hostname is visible in the tmux pane of your terminal.
- Add a visual theme configuration you'll understand. It only works if you can easily tell what is happening syntactically (visually).
- Considering re-mapping tmux keybindings to match screen, linked above. Might as well understand the basics of both applications.

Congratulations, now you will not have to worry about losing an active session over SSH. Tmux will keeps things nice and tidy for you! And, you can now tell what machine you are accessing in your terminal! Congratulations!!!