Raspberry Pi as Jabber server, Gitolite server and more

Last edited

Raspberry Pi as Jabber server

I added two new Raspberry Pi boards to my network

image of two raspberries

Raspberry Pi as Gitlolite server and as XMPP Jabber server

I bought two new Raspberry Pi boards, one of them to become my Gitlolite server and XMPP Jabber server as well as my webserver.

The second Raspberry Pi is going to be a bridging firewall.

I allready have a Raspberry Pi in my network as my PXE, TFTP, DHCP and NFS server. This is one of the elder series, with only 256 Mb RAM memory. This board has been running great from day one, so I am confident the two new boards will provide many years of service.

Secure Jabber for modern instant messaging

Although we live in the era of the smartphone, Jabber still is very relevant. The communication with the Jabber server is protected by SSL. It is very easy to encrypt Jabber messages with GPG.

Raspbian on Raspberry Pi

The Raspberry Pi is a very cheap small board with a 700 MHz Arm11 SoC. Buy only the B-model, because this one has a network interface. The A-model comes without network, which makes it much less fun and useable.

Raspbian is an operating system based on Debian that is ptimized for the Raspberry Pi hardware.

I wanted to start with a minimal installation of Raspbian.

With Debian, I normaly start with a debootstrap as a minimal system and go on from there. With Raspbian this will result in a workable system, but without any kernel modules. This can be awkward in some sitations.

This is how you will end up with a complete modules directory:

  • Download a Raspbian image and dd it to a SD-card
  • Boot Raspberry Pi from SD-card
  • Create a new directory and do a debootstrap into it
  • Copy the /lib/modules directory into the bootstrap directory
  • chroot into the debootstrap directory, set root password, add a user (with password) and apt-get install openssh
  • Still in the chroot set the network settings
  • Exit chroot environment
  • Delete everything on the SD-card except the new created debootstrap directory
  • Move the contents from the deboostrap directory (with the /lib/modules in it) to the root of the SD-card
  • Reboot

After the reboot, log in over ssh and check what is mounted. To prevent early death of the SD-card put stuff like /var/log into tmpfs.

Unfortunately Debian is not designed to run from a read-only root filesystem. F.e. it is better to choose a fixed network address and not use DHCP. Using DHCP results in hard to avoid frequently writing to disc.

Also check the sshd-config. Disable root login, disable password login and enable key authentication. Add your public key to ~/.ssh/authorized_keys. Restart sshd and check it works OK.

ejabberd as Jabber server

Ejabberd is an easy to install Jabber server. Debian provides ejabberd as package.

Just start with apt-get install ejabberd. Edit the /etc/ejabberd.cfg to harden ejabberd. Don't allow public registration. Create a certicate.

See configuration chapter from the ejabberd documentation.

/var/lib/ejabberd in tmpfs?

After running the ejabberd server for a few weeks the /var/lib/ejabberd directory has grown into 465kb. This can easely run in tmpfs.

I am considering moving this directory to tmpfs an copy it to disc once or twice per day. Some script has to run on boot time in order to restore the copy back to tmpfs again.

I have not set this up yet, now ejabberd is still writing to my SD-card.

image of two raspberries

Gitolite on the Raspberry Pi

Besides Jabber server the Raspberry Pi also functions as a Gitolite server. Gitolite is easy to setup and is available as Debian package. So again installing is just a matter of apt-get install gitolite.

Before installing Gitolite, first create a ssh key that you will be going to use to administer Gitolite. After creation, scp the public key to the Raspberry. Now you can run apt-get install gitolite followed by a dbpk-reconfigure gitolite. This last step results in the import of your ssh key into the gitolite configuration.

After this, you can clone the admin repository on your workstation and do the gitolite administration into there. Do a commit and a push. This way you can create Git repositories on the Raspberry and have Gitolite control the access rights to them.