Tag Archives: Pi 4

PiServer Client Image Adjustments

After running PiServer for a few years now, we have the process of adjusting our client images fairly well documented. I thought I would share that process here for others making the move from PiNet to PiServer.

Some of the packages we install / uninstall may not be relevant to you; please adjust accordingly!

After installing PiServer certain software needs installing and uninstalling from the standard Raspbian Full image (1). First make a clone (2) of the Raspbian Full image in PiServer and then open a shell (4) for the new software image.

Adjust existing software / configs

Perform these following steps inside the shell (4) for the operating system you have just cloned.

APT Sources

We run an APT Cache server in our school, here we update the APT sources to use the cache server.

sed -i 's+http://+http://<APT Cache Server FQDN>:3142/+g' /etc/apt/sources.list
sed -i 's+http://+http://<APT Cache Server FQDN>:3142/+g' /etc/apt/sources.list.d/raspi.list

Now update and upgrade through APT:

apt update && apt dist-upgrade -y

Enable BASH Tab Completion

Open the bash.bashrc file for editing in nano:

nano /etc/bash.bashrc

Uncomment the “# enable bash completion in interactive shells” section:

# enable bash completion in interactive shells
if ! shopt -oq posix; then
    if [ -f /usr/share/bash-completion/bash_completion ]; then
        . /usr/share/bash-completion/bash_completion
    elif [ -f /etc/bash_completion ]; then
        . /etc/bash_completion

“Ctrl + o” followed by “Enter” to write the file, “Ctrl + x” to exit. Now close and reopen your CHROOT shell.

Turn off screen blanking

  • Select “Display Options”
  • Select “D4 Screen Blanking”
  • Select “<No>”
  • Select “<OK>”
  • Select “<Finish>”
  • Select “<Yes>”

Chromium Managed Policy

We now apply a custom json policy file to the Chromium install on the clients. There is absolutely loads that you can set here; you should probably go and read over here to work what you need to set in your environment!

nano /etc/chromium-browser/policies/managed/sch-policy.json

Add the following to the file and save:

    "HomepageLocation": "https://<Home Page URL>",
    "BrowserGuestModeEnabled": false,
    "IncognitoModeAvailability": 1,
    "RestoreOnStartup": 1,
    "PopupsAllowedForUrls": [
        "http://<Smoothwall FQDN>", 
        "https://<Smoothwall FQDN>"

Install Smoothwall SSL certs

We run Smoothwall for our filtering and have it set to use IDex agents running on our Domain Controllers for authentication. The great thing with this is that as users are logging into the Raspberry Pi devices using their AD credentials, the IDex agent on the DCs sees the log on as a standard log in and filters all access for the Raspberry Pi devices as if they were Windows devices on the network… I might do another write-up with more detail about this later!

As well as setting up IDex for filtering, we also install the Smoothwall’s root CA certificate on the Raspberry Pi devices.

  • Download the root CA certificate from Smoothwall here: https://<smoothwall FQDN>:441/ui/admin/trust
  • Rename the file to: smoothwall-<YYYY>.crt
  • SCP this to the PiServer pi user’s home directory
  • Copy it to this directory in each OS image from a SSH connection directly to the PiServer:
sudo cp /home/pi/smoothwall-<YYYY>.crt /var/lib/piserver/os/<CLIENT OS NAME>/usr/local/share/ca-certificates/

Pi Dual Monitor fix

Using dual monitors on the Raspberry Pi with an image from PiServer does not quite work… I have my teacher’s Raspberry Pi connected to a monitor and the projector!

Back in the CHROOT shell for your new OS:

mv /usr/share/X11/xorg.conf.d/99-fbturbo.conf /usr/share/X11/xorg.conf.d/99-fbturbo.conf.fubar

Disable Overscan

echo "disable_overscan=1" >> /boot/config.txt

Enable the camera module

  • Select option 3 “Interface Options”
  • Select option P1 “Camera”
  • Select “Yes”, then “OK” then “Finish”
  • Select “No” when asked to reboot

Install new software

Aptitude installs

apt update && apt install gimp sl imagemagick gpac gnome-screenshot python3-matplotlib blender inkscape libnss3-tools mariadb-client dia dia-shapes gsfonts-x11 -y

Python 3 PIP Installs

pip3 install bluedot Pillow guizero network

FanShim library and service

All our Pi 4 devices use the Pimoroni Fan SHIM for cooling; so here we install and configure the software.

git clone https://github.com/pimoroni/fanshim-python
cd fanshim-python
cd examples
./install-service.sh --on-threshold 65 --off-threshold 55 --delay 2

User login scripts

In this section we create logon scripts that run each time a user logs into the Raspberry Pi devices.

Smoothwall Cert install

Create the user login script to import the Smoothwall cert:

nano /etc/profile.d/import-Smoothwall-SSL.sh

Enter the following into this file:

certutil -d sql:$HOME/.pki/nssdb -A -n "Smoothwall <YYYY>" -t "TCu,Cu,Tu" -i /usr/local/share/ca-certificates/smothwall-<YYYY>.crt

Apache User Dir setup

Create the user login script to create the public_html directory and fix permissions for Apache to read it:

nano /etc/profile.d/apache-user-dir.sh

Enter the following into this file:

mkdir $HOME/public_html
chmod 711 $HOME
chmod 711 $HOME/public_html

Uninstall software

apt update && apt remove bluej greenfoot-unbundled wolfram-engine wolframscript nodered claws-mail realvnc-vnc-viewer realvnc-vnc-server -y && apt autoremove -y

Overclock the Pi 4

These settings in the config.txt file overclock the PI 4. The [pi4] and [all] ensure that older Pis do not get these settings applied.

echo -e "\n\n# Pi 4 Overclock\n[pi4]\nover_voltage=6\narm_freq=2100\ngpu_freq=750\n[all]" >> /boot/config.txt

Teacher’s RPi Image

If you are setting up a teacher’s Raspberry Pi Image then follow these additional steps:

Install Remmina

Adjust the URL that is being echoed to match your APT Cache server…

apt update && apt install dirmngr fswebcam -y
apt-key adv --fetch-keys https://www.remmina.org/raspbian/remmina_raspbian.asc
echo "deb http://<APT Cache Server FQDN>:3142/www.remmina.org/raspbian/ buster main" > /etc/apt/sources.list.d/remmina_raspbian.list
apt update && apt install remmina -y

Pi 4, Buster and PiServer – Part II

This post is an update to my earlier post “Pi 4, Buster and PiServer” where I talked about the tweaks and adjustments I had to make to get Pi 4s working with the PiServer application. Since that post, the Buster version of the “Raspberry Pi Desktop for PC and Mac” has been released and all of the tweaks I had to make have been added to the standard version of PiServer.

This post is based heavily on our internal documentation for setting up PiServer so some parts may not apply in your setting!

I will be writing a follow-up post soon about the process we use to customise our Raspberry Pi client operating systems using PiServer.

Continue reading Pi 4, Buster and PiServer – Part II

Pi 4, Buster and PiServer

Note: There is an updated version of this post here: https://www.jonwitts.co.uk/archives/1422

I was very excited with the release of the Raspberry Pi 4, not just because I am a great fan of the Raspberry Pi and wanted to get my hands on the latest and greatest; but also because I have been teaching my Computer Science classes pretty much exclusively using the Raspberry Pi computer for the past few years.

I say “pretty much” because there had always been a few sticking points when we had to leave my RPi CS classroom and up sticks to the Windows PC lab. In the most part it was when we needed to do any graphics editing (in Photoshop) or anything that relied on using Google Drive and Docs heavily.

It was with great excitement that I saw the new Pi 4 with 4 Gb of RAM and full gigabit networking… However as network boot was not available out-of-the-box and the PiServer software was not yet updated to be used with Pi 4s and Raspbian Buster; there was a bit of work to do…

With great thanks to the devs over at the PiServer github page, I now have a working PiServer setup for use with Pi 4 devices! Set up instructions below 😀

Continue reading Pi 4, Buster and PiServer