Resolve "Raspberry Pi OS bugs"

README.md

@@ -48,7 +48,9 @@ Tested Operating Systems (in order of thoroughness):
 - Ubuntu 20.04 LTS
 - Ubuntu 18.04 LTS
 - Debian 10 (Buster)
-- Raspbian Buster
+- Raspberry Pi OS (formerly Raspbian) Buster
+
+**Note:** Install operating system updates and restart. Raspberry Pi OS particularly needs to be restarted after kernel updates (kernel modules for the currently running kernel may be missing).
 
 Tested Browsers:
 - Firefox
@@ -59,8 +61,8 @@ The Mistborn docker images exist for these architectures:
 
 | Mistborn Docker Images (hub.docker.com)        | Architectures       |
 |------------------------------------------------|---------------------|
-| mistborn (django, celery{worker,beat}, flower) | amd64, arm64, armv7 |
-| dnscrypt-proxy                                 | amd64, arm64, armv7 |
+| mistborn (django, celery{worker,beat}, flower) | amd64, arm64, arm/v7 |
+| dnscrypt-proxy                                 | amd64, arm64, arm/v7 |
 
 Recommended System Specifications:
 
@@ -132,8 +134,8 @@ Running `install.sh` will do the following:
 - install Docker
 - install OpenSSH
 - install Wireguard
-- install Cockpit
-- create a `cockpit` system user
+- install Cockpit (optional)
+- create a `cockpit` system user (if Cockpit is installed)
 - configure unattended-upgrades
 - generate a self-signed TLS certificate/key (WebRTC functionality requires TLS)
 - create and populate traefik.toml
@@ -317,7 +319,7 @@ But wait, there's more! You can:
 | Rocket.Chat    | [Rocket.Chat](https://play.google.com/store/apps/details?id=chat.rocket.android)                   | [Rocket.Chat](https://apps.apple.com/us/app/rocket-chat/id1148741252)              |
 
 ## TLS Certificate
-Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings.
+Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings. This certificate is checked every day and will be re-generated when expiration is less than 30 days away.
 
 The TLS certificate can be found here:
 ```
@@ -446,7 +448,7 @@ These are some notes regarding the technical design and implementations of Mistb
 ## Additonal Notes
 - Interface names are not hardcoded anywhere in Mistborn. Two commands that are used in different circumstances to determine the default network interface and the interface that would route a public IP address are: `ip -o -4 route show to default` and `ip -o -4 route get 1.1.1.1`.
 - The "Update" button will pull updated Docker images for mistborn, postgresql, redis, pihole, and dnscrypt. Those services will then be restarted.
-- The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 10 years. The nanny at Apple has decided to restrict the kinds of certificates iOS users may choose to manually trust and so you may have issues with TLS on an Apple device for now.
+- The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 397 days. The certificate is checked daily and will regenerate when expiration is within 30 days.
 - Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked.
 - Unattended upgrades are set to automatically install operating system security updates.
 

scripts/install.sh

@@ -69,9 +69,9 @@ fi
 
 # Install Cockpit?
 if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then
-    read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface)? [Y/n]: " MISTBORN_INSTALL_COCKPIT
+    read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface -- NOT RECOMMENDED on Raspberry Pi)? [y/N]: " MISTBORN_INSTALL_COCKPIT
     echo
-    MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-Y}
+    MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-N}
 fi
 
 # SSH keys
@@ -132,7 +132,7 @@ sudo -E apt-get install -y dnsutils fail2ban
 # Install kernel headers
 if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
     sudo -E apt install -y linux-headers-$(uname -r)
-elif [ "$DISTRO" == "raspbian" ]; then
+elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
     sudo -E apt install -y raspberrypi-kernel-headers
 fi
 

scripts/subinstallers/cockpit.sh

@@ -10,11 +10,8 @@ elif [ "$DISTRO" == "debian" ]; then
     && echo "buster-backports already in sources" \
     || echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list
     
-
-elif [ "$DISTRO" == "raspbian" ]; then
-    
+elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
     echo "Raspbian repos contain cockpit"
-
 fi
     
 sudo -E apt-get install -y cockpit

scripts/subinstallers/docker_manual.sh

@@ -15,7 +15,7 @@ if [ "$DISTRO" == "ubuntu" ]; then
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 elif [ "$DISTRO" == "debian" ]; then
     curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
-elif [ "$DISTRO" == "raspbian" ]; then
+elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
     curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add -
 fi
 
@@ -31,7 +31,7 @@ elif [ "$DISTRO" == "debian" ]; then
    "deb https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"
-elif [ "$DISTRO" == "raspbian" ]; then
+elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
     echo "deb [arch=armhf] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
      $(lsb_release -cs) stable" | \
     sudo tee /etc/apt/sources.list.d/docker.list
@@ -43,7 +43,7 @@ sudo apt-get update
 
 if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
     sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io
-elif [ "$DISTRO" == "raspbian" ]; then
+elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
     sudo -E apt install -y --no-install-recommends \
     docker-ce \
     cgroupfs-mount
@@ -59,7 +59,7 @@ echo "Installing Docker Compose"
 #    sudo chmod +x /usr/local/bin/docker-compose
 #elif [ "$DISTRO" == "raspbian" ]; then
 # Install required packages
-sudo -E apt install -y python-backports.ssl-match-hostname
+#sudo -E apt install -y python-backports.ssl-match-hostname
 
 # Install Docker Compose from pip
 # This might take a while

scripts/subinstallers/wireguard.sh

@@ -9,18 +9,19 @@ if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then
     echo "Adding Wireguard PPAs"
 
     # Wireguard
-    if [ "$DISTRO" == "raspbian" ]; then
+    if [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
         echo "Adding Wireguard repo keys"
         sudo -E apt-get install -y dirmngr
         sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
         sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
         sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
+        sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 
     fi
 
     if [ "$DISTRO" == "ubuntu" ]; then
         # Ubuntu	
         sudo add-apt-repository -y ppa:wireguard/wireguard
-    elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then
+    elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
         # Debian
         sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list'
         sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable"