Upgrading my Pi4

… OK, in my defense it was PAST me who chose which the data drive was and there is no reason I should have remembered. So let’s start that backup again.

We’re going to need to restart the two services we run here. One is blinkbot, which reminds someone I know to take care of their eyes, and also does some other things. One is a django web app.

I have no idea how blinkbot works, but I … I think it is a service? So I need to work out where services go. And apache2 runs the other one, and that’s an install and configure.

Oh, hello backup of /root. It turns out you have a bash history. I love you after all… Because I don’t actually *do* much on this computer so that will probably all be very useful…

Oh my, I did a lot of fucking around.

And I’m frustrated and this is slow, and I think I’ve got everything, so let’s go re-install and then I’ll add a private key and stuff…

Wait. I didn’t preserve permissions.

So I need to ssh things to a known folder and preserve permissions. I can’t preserve the users, though. So screw it, can I just record the permissions here? Maybe. And I’m making bad decisions. So let’s log in and do the thing. I can literally rebuild this all anyhow. We’ve got the home directory, and /root, and /etc. The data in /home is all we actually need, but everything else is very very useful. /etc in particular means we’ve already got the work done in Apache2.

First of all, we have to work out which Python to use. We’ve got 3.10.9 on our computer, and we’ve got some awesome people at Mythic Beasts who can tell us which OS to install, of a choice of Ubuntus and Rasbians. I recommend these people.

We remove the old known_hosts entry, upload our root public key via their web-based UI, and when the network comes up, we’re in.

I need beer. I should not start yet, but I need beer.

# apt-get update && apt-get upgrade

# apt-get install git

# apt-get install dehydrated // certificate management and automation

But this still gives us a failure, so…

# apt-get install dehydrated-apache2

adduser --disabled-password char_dev[footnote]Ooooh, it’s nice to have that instead of useradd[/footnote]. I can also use passwd -d char_dev if I want to not have a password, but created one by accident. That way I can only use the ssh key.

Add our ssh key to /home/char_dev/.ssh/authorized keys. Curse American spelling.[footnote]Still no beer.[/footnote]

… Did I delete something in this build-log? Who cares. I got beer.

# /usr/bin/dehydrated --register --accept-terms // This accepts the terms and conditions of the letsencrypt authority. It generates an account key.

upload our config and domains.txt to /etc/dehydrated/

# dehydrated -c

# apt-get install python3-pip

# apt-get install apache2-dev // gets around missing apxs in an outdated wsgi otherwise provided

Upload our old home folder.

# chown -R char_dev:char_dev /home/char_dev

As not-root,

$ pip3 install virtualenv && python3 -m virtualenv venv

$ source venv/bin/activate

$ pip3 install mod_wsgi

$ pip3 install django-nested_admin weasyprint django-simple_search // and so on.

As root:

Edit /etc/apache2/apache2.conf to put in the correct path in the venv to mod_wsgi[footnote]Around this point I generally install emacs.[/footnote]

Make sure there’s a secret key as defined in settings.py

test with python manage.py runserver from the non-root.

chown -R :www-data /home/char_dev/rqg_char_db/char_db/wsgi.py// to make sure that apache and co are allowed to access wsgi.py

apt-get install libapache2-mod-wsgi-py3 // connect everything

a2enmod ssl // actually turn on ssl

make sure you have uploaded sites-enabled as well as all the other configs. it turns out that’s pretty important.

From non-root $ mod_wsgi-express the one with the config. Copy that into apache2.conf and you may also have to add

WSGIApplicationGroup %{GLOBAL} // into apache2.conf as well

and collect static as non-root.


There are some choices behind the scenes about adding permissions to the db and the path to it, and where to put it. It’s best out of the django app folder, where it can be in its own little open sandpit.