raspberry pi
- Set up the runner user. Since I was using Podman, not Docker, I didn’t have to add it to the
docker
group. As root: - Allow that user to run commands via
systemctl
without logging in and launching them manually: - Use
machinectl
instead ofsu
to become theforgejo-runner
user. Without this, mostsystemd
commands will fail with theFailed to connect to bus: No medium found
message. I’m certain there’s a way to getsu
orsudo
to play nicely withdbus
but I had more interesting problems to solve today than this. - Run
podman-system-service
as theforgejo-runner
user: - Run the
forgejo-runner
program as theforgejo-runner
user. I lightly modified the standard forgejo-runner.service file: - Power off the Raspberry Pi.
- Eject its SD card.
- Put the SD card in my M1 Mac.
- Magically replace the Pi’s
/etc/shadow
file with the previous/etc/shadow-
version, undoing the password change. - Put the SD card back in my Pi.
- Power up, log in, and pat myself on the back.
Forgejo Runner in rootless Podman on Debian
I wanted to experiment with Forgejo’s Actions as a DIY alternative to GitHub Actions, using a nearby Raspberry Pi as a build server. I also wanted to deviate slightly from their Runner installation process by executing the Runner and rootless Podman as a regular, non-privileged user and without using the system-level systemctl
. It was pretty easy once I wrapped my head around it.
root# useradd --create-home forgejo-runner
This created user number 1001
on my system. Remember that number later when it’s time to configure systemd
.
root# loginctl enable-linger forgejo-runner
root# apt install systemd-container
root# machinectl shell forgejo-runner@
$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
$ cat > .config/systemd/user/forgejo-runner.service <<EOHD
[Unit]
Description=Forgejo Runner
Documentation=https://forgejo.org/docs/latest/admin/actions/
After=podman.socket
[Service]
ExecStart=/usr/local/bin/forgejo-runner daemon
ExecReload=/bin/kill -s HUP $MAINPID
# 1001 is the forgejo-runner user's UID
Environment="DOCKER_HOST=unix:///run/user/1001/podman/podman.sock"
# This user and working directory must already exist
WorkingDirectory=/home/forgejo-runner
Restart=on-failure
TimeoutSec=0
RestartSec=10
[Install]
WantedBy=default.target
EOHD
$ systemctl --user daemon-reload
$ systemctl --user enable forgejo-runner.service
$ systemctl --user start forgejo-runner.service
I rebooted my RPi to make sure it would start on its own and it did. Yay! Now I can run Forgejo Actions on my little server and everything works as documented.
My Raspberry Pi 4 started running hot when I moved it from a freestanding case to a fanless server rack. I’d often SSH in and see idling it at 65C or warmer, with log messages showing it had been thermally throttled. That’s not great.
I just bought a Argon Fan HAT. I installed it and fired up a large Rust compile with 4 concurrent jobs. 20 minutes later and the RPi averaged about 54C with no throttling.
Get your Pi a fan. It wants one very much.
I dusted off an older Raspberry Pi 4 to play with. Now I remember how glacially, painfully slow microSD cards are. This thing feels nearly unusable after being spoiled by its twin with an SSD.
If you use a Raspberry Pi for anything more than occasional goofing around, get an SSD. It makes it a new computer.
Upgrade your Raspberry Pi with an SSD
I upgraded my Raspberry Pi to use an external SSD drive instead of its built-in SD card reader. If you use your little computer for anything non-trivial, so should you.
For boring old dd
sequential reads, the SSD is several times faster than the SD card:
Recovering a Raspberry Pi password on an M1 Mac
I would never accidentally change my Raspberry Pi’s account password before clicking “save” in my password manager, therefore locking myself out. But let’s say, hypothetically, that I did. How would I get back into my account?
The process would look like:
Hypothetically, that magic bit could be a pain in the neck.
False start #1: ext4fuse
The relevant part of the Pi’s SD card is formatted with the ext4 filesystem. macOS doesn’t natively support ext4, and I’d need to install software so that I could access and edit the files on the card.
First, I’d install the open source ext4fuse program and navigate to the Pi’s /etc
directory. Only then would I realize that ext4fuse is a read-only filesystem and doesn’t support writing at all.
False start #2: extFS for Mac
If the open source option didn’t work, I’d try the paid extFS for Mac filesystem and use its trial offer to do the work.
After installation, I’d discover that something in the way that the Pi formats its SD card prevents extFS from mounting it.
False start #3: run Debian in a VirtualBox VM
I bet by then I’d give up on mounting the filesystem inside macOS, and accept that it’d be easier to do the work inside a Linux VM. I’d likely hold my nose and download Oracle’s VirtualBox. Bummer that it doesn’t work well on M1 Macs yet, which I’d learn would cause the Debian installer to reboot every couple of minutes.
Success at last: Parallels Desktop
After trying and ruling out everything else, I’d probably try the trial version of Parallels Desktop. I’d use it to install Debian, then go to the Devices > USB & Bluetooth > Apple SDXC Reader Media (disk6) menu to mount the Pi’s SD card inside the VM. Then I’d open the VM’s Terminal app and run:
cd /media/parallels/root/etc
sudo mv shadow shadow.bak
sudo cp shadow- shadow
Finally, I’d go into the VM’s Files app and unmount the “boot”, “root”, and “SETTINGS” disks.
Crossing my fingers
After all that, I’d pop the card out, stick it back in the Raspberry Pi, boot it, log in via SSH, and run sudo -s
. At the password prompt, I’d type my original password (as stored in my password manager), then exhale in relief as I was once again able to log in.
That is, if I were to lock myself out in the first place. Which I never would. Because I’m a professional.