Here I'm documenting the steps (in varying level of detail) for posterity and others to get an e-paper price tag with the next event of my day merging multiple calendars together.

This is what the end result looks like (that's a 2.9” epaper display and looks so much nicer in-person) :

So what do you need to make that happen?

• Calendars in Home Assistant
• OpenEPaperLink Access Point
• 2.9” tag with OpenEPaperLink firmware
• Some fun with jinja templating

Calendars in Home Assistant

Google Calendar

Where I work uses Google Calendar and have not disabled the iCal feed. Where you work may use something different, and also you might want to check with someone if it's against policy to have calendar entries exported.

To get that Google Calendar into Home Assistant is relatively simple, you add the ICS Calendar integration, give it the “Secret address in iCal format” from the settings of the calendar, name it something like “Work” and done.

NextCloud Calendar

I use NextCloud for my personal calendar so I don't miss out on things like game night.

Again, simple integration, this time the CalDAV one. Go into the Calendar app on NextCloud, click settings and scroll down until you get to “Copy primary CalDAV address”. Enter that, along with credentials into HomeAssistant, and calendar is set up.

Others

There are integrations for other calendars but I don't use them, so YMMV, but worth a shot.

OpenEPaperLink Access Point

Okay, this takes a little explaining. OpenEPaperLink (henceforth OEPL) is a combination of custom firmware for various price tags/ePaper displays and an Access Point for sending data to them.

Generally, these use the same radio (and therefore channels in the 2.4Ghz spectrum) as ZigBee (802.15.4) but without the ZigBee protocol layer. Yes, that means your existing ZigBee setup won't help you here.

Note: I'm ignoring the rarer price tag types, which need another radio (known as subghz) and bluetooth-only tags which to my understanding are currently problematic for the AP.

To make things easy, OEPL has created multiple types of access point. Usually this is an ESP32-S3 coupled with an ESP32-C6. You need both pieces to make an AP because you need to be talking wifi (s3) and 802.15.4 (c6) at the same time. I'm actually using a much older AP based on the ESP32-S2 and a spare segmented tag which is acting in place of the ESP32-C6, but that's not getting any updates now.

Choices are here : – The easiest (but definitely not the cheapest) AP is the LilyGo T-Panel AP. – If you're not so good at soldering, and want a cheap option you can use dupont cables and make the Spaghetti AP. – If you want a cheap but nice option and don't mind ordering PCBs and a bit of soldering, the Yellow AP is probably for you.

Bear in mind this blog post was written in February 2025, so you might want to browse the OEPL github wiki to see if things have changed here.

Once you have an AP, connect it to your network and it will talk to any flashed tags you have.

E-paper price tag

I'm using the most common tag, manufactured by Solum, the ST‐GR29000. There are a lot of tags that have OpenEPaperLink (OEPL) firmware, and getting them is sometimes hard. eBay sometimes has them, aliexpress rarely, and the discord (check the homepage for a current link) that's used for OEPL has some trading because when people find a tag they like, they often buy in bulk, and have spares.

The tags come in different shapes and sizes, the code on this page is for a 2.9” tag at a resolution of 296x128px. It should work for any tag that is the same resolution, or you might want to tweak the positions of things if you have a different resolution.

Also fun to know, ePaper usually comes in Black and White; Black, White and Red or Black White and Yellow. I like BWR myself, and if you only have a Black and White tag, you might need to change the Red to Black in the code, not sure what the integration would do if you sent red to a Black&White tag. I don't know if OEPL supports more colours (the integration doesn't) as colour ePaper screens are still quite rare.

Mine came pre-flashed with the OEPL firmware because they were used by someone else before. If you have to flash more than one, you probably want to make a jig for it.

Fun with templates

Once you have all the above, install the OpenEPaperLink (OEPL) integration. You can get this via HACS, which I recommend, and doesn't require your HA be connected to the “My Home Assistant” Cloud stuff.

Home Assistant uses the Jinja templating language to template text. The OEPL integration provides a new action called DrawCustom that you can call from an automation and allows you to describe in YAML form what you want to draw. That's a choice (one that the HA ecosystem leaves you with little choice in) but we work with what we have.

One of the people on the aforementioned discord (check the homepage for a current link) posted an agenda view automation and combined their calendars, and I iterated on that to provide this one.

Here's the juicy YAML:

alias: Next Event
description: ""
triggers:
  - hours: /1
    trigger: time_pattern
    minutes: /5
conditions:
  - condition: time
    after: "05:00:00"
    before: "23:00:00"
actions:
  - alias: Get events 0 day(s) from now (filtered out past events)
    data:
      start_date_time: "{{ now() }}"
      end_date_time: "{{today_at('00:00') + timedelta(days=1)}}"
    response_variable: cal_day_0
    target:
      entity_id:
        - calendar.personal
        - calendar.work
    action: calendar.get_events
  - alias: Get events 1 day(s) from now
    data:
      start_date_time: "{{ today_at('00:00') + timedelta(days=1) }}"
      end_date_time: "{{ today_at('00:00') + timedelta(days=2) }}"
    response_variable: cal_day_1
    target:
      entity_id:
        - calendar.personal
        - calendar.work
    action: calendar.get_events
  - alias: Get events 2 day(s) from now
    data:
      start_date_time: "{{ today_at('00:00') + timedelta(days=2) }}"
      end_date_time: "{{ today_at('00:00') + timedelta(days=3) }}"
    response_variable: cal_day_2
    target:
      entity_id:
        - calendar.personal
        - calendar.work
    action: calendar.get_events
  - alias: Get events 3 day(s) from now
    data:
      start_date_time: "{{ today_at('00:00') + timedelta(days=3) }}"
      end_date_time: "{{ today_at('00:00') + timedelta(days=4) }}"
    response_variable: cal_day_3
    target:
      entity_id:
        - calendar.personal
        - calendar.work
    action: calendar.get_events
  - alias: Extract events from all calendars
    variables:
      header: Next Event
      timeheaderstart: Start
      timeheaderstartx: 266
      timeheaderend: End
      timeheaderendx: 272
      events_day0: >
        {{ cal_day_0.values() | map(attribute='events') | list |
        sum(start=[])}} 
      events_day1: >
        {{ cal_day_1.values() | map(attribute='events') | list |
        sum(start=[])}} 
      events_day2: >
        {{ cal_day_2.values() | map(attribute='events') | list |
        sum(start=[])}} 
      events_day3: >
        {{ cal_day_3.values() | map(attribute='events') | list |
        sum(start=[])}} 
      days:
        - Today
        - Tomorrow
        - Ubermorgen
        - 3 Days away
  - alias: Send generated Event to OEPL
    metadata: {}
    data:
      rotate: 0
      dry-run: false
      background: white
      payload:
        - type: text
          value: |
            {{ header}}
          font: ../../media/OpenSans-Bold.ttf
          x: 10
          "y": 10
          size: 20
          color: black
        - type: text
          value: |
            {% if events_day0 | count > 0 %}
              {{ days[0] }}
            {% elif events_day1 | count > 0 %}
              {{ days[1] }}
            {% elif events_day2 | count > 0 %}
              {{ days[2] }}
            {% else %}
              {{ days[3] }}
            {% endif %}
          font: ../../media/OpenSans-Bold.ttf
          x: 10
          "y": 50
          size: 28
          color: red
        - type: text
          value: |
            {%- set events = [{}] %}    
            {% if events_day0 | count > 0 %}
              {%- set events = events_day0 | sort(attribute='start') | list %}
            {% elif events_day1 | count > 0 %}
              {%- set events = events_day1 | sort(attribute='start') | list %}
            {% elif events_day2 | count > 0 %}
              {%- set events = events_day2 | sort(attribute='start') | list %}
            {% elif events_day3 | count > 0 %}
              {%- set events = events_day3 | sort(attribute='start') | list %}
            {% else %}
              {%- set events = [{}] %}
            {% endif %}
            {%- set event = events[0] %}
            {%- if 'start' in event -%}
                {% if as_timestamp(event.start) | timestamp_custom('%H:%M') == "00:00"%}
                  All day:  {{ event.summary }}
                {% else %}
                  {{ event.summary }}
                {% endif %}
            {%- endif -%}
          font: ../../media/OpenSans-Bold.ttf
          "y": 105
          size: 14
          x: 10
        - type: text
          value: |
            {{ timeheaderstart }}
          font: ../../media/OpenSans-Bold.ttf
          x: |
            {{ timeheaderstartx }}
          "y": 5
          size: 11
          color: red
        - type: text
          value: |
            {{ timeheaderend }}
          font: ../../media/OpenSans-Bold.ttf
          x: |
            {{ timeheaderendx}}
          "y": 55
          size: 11
          color: red
        - type: multiline
          delimiter: §
          font: ../../media/OpenSans-Bold.ttf
          value: |
            {%- set events = [{}] %}    
            {% if events_day0 | count > 0 %}
              {%- set events = events_day0 | sort(attribute='start') | list %}
            {% elif events_day1 | count > 0 %}
              {%- set events = events_day1 | sort(attribute='start') | list %}
            {% elif events_day2 | count > 0 %}
              {%- set events = events_day2 | sort(attribute='start') | list %}
            {% elif events_day3 | count > 0 %}
              {%- set events = events_day3 | sort(attribute='start') | list %}
            {% else %}
              {%- set events = [{}] %}
            {% endif %}
            {%- set event = events[0] %}
            {%- if 'start' in event -%}
                {{- as_timestamp(event.start) | timestamp_custom('%H:%M') }}§{{as_timestamp(event.end) | timestamp_custom('%H:%M') }}
            {% endif -%}
          start_y: 32
          x: 190
          size: 40
          offset_y: 50
          color: black
    action: open_epaper_link.drawcustom
    target:
      device_id: b173ed2bf21ca8444c86afb61ef222e1
mode: single

You'll need to grab the font and put it in your Home Assistant media directory (mine is /config/media but your setup might be different).

I've made some config variable in Extract events from all calendars like the heading, and words for Today/Tomorrow/Übermorgen/In 3 days (I love the word Übermorgen), and you can left-align Start/End to the time by setting their x values in there to 190 if you prefer that look.

Comments on this blog post can be sent direct on the fediverse (any activitypub server like mastodon etc.) on @martyn@toot.martyn.berlin.

So, When I first read this article about using Apple's Airtag network to notify that post had been delivered, I was super intrigued, but as I investigated, it required a mac to run the server side and I got disheartened and didn't look at it again until recently.

Somewhere the macless-haystack project got linked to me and I found out they had found a way to not need a mac and I was super happy. In between times, I got really into homeassistant and have so many devices, I just assumed it would have support for it. Not so, but it is possible to add now. So how do we get to hass having a cheap tracker in it? Let's dive in.

The pieces

• A supported cheap tracker or make your own
• A working apple id with SMS 2factor auth – this can be tricky, there's a section below on this
• A linux machine, VM or place you can run docker containers
• The software :
  • Homeassistant
  • anisette – think of this as a proxy to the mac servers
  • (Optional but recommended)macless-haystack – web/mobile client to ensure everything is working before moving on.
  • hass-FindMy integration

The process

I'm going to assume you already have homeassistant installed and not go over that, but the rest is worth talking about.

Supported tracker

Okay, so it's time to play the aliexpress roulette game here. 99% of the trackers you can get on AliExpress will be one of the supported trackers :

• ST17H66
• TLSR825X
• CH592

Especially if you get an item that lists the chip in the title, you're probably good, but you probably want to buy one and open it up before proceeding because you won't be 100% certain until then.

biemster from the FindMy project is also looking at making a custom tracker.

No guarantees that the next batch from this supplier will be the same but I bought this one and got ST17H66-based trackers.

Opening and flashing

On a machine with python, clone the findmy repo and run the generate_keys.py script. You can generate a number of keys with -n if you want, -y to output in yaml all that fun stuff.

Put the keys somewhere safe, like in a password manager

Remove the battery, take a spudger and get that case open. It is possible that the case is heat-sealed, in which case, you might want to have a 3d printer handy. I thought mine was, took side cutters to it and it popped open even though I had tried to spudge it open. Oh well.

Depending on your fob type, you might have to do a bit of soldering. I found using magnet wire worked well to solder to the fob's test points. The documentation is a bit distributed, but this issue got me there on my ST17H66. Effectively, you connect your UART adapter's RX to P9, TX to P10, GND to GND and a 3.3v (not 5v) power supply to P15. Then you run the flash tool (which you have to edit to point at the right port), with your private key as a parameter whilst wiggling the 3.3v line until it goes into upload mode.

Once it's flashed, any passing iPhone user will report the tag's location (encrypted – here's how that works) to apple's servers. All good, but you might want to actually retrieve that data, so let's continue.

Anisette

Anisette is a reimplementation of omnisette, which is a http wrapper around a set of rust libraries that talk to apple's APIs. That's not that important, but it does a simple job, it talks to apples apis and exposes an api to get findmy devices by private key.

macless-haystack (somewhat optional)

By running macless-haystack you get two things – one is that you are able to validate that you can log in with your apple id, and the other is you can have a nice interface to where your tracker has been since you flashed it with the firmware.

Running it in docker (or in my case in k8s) in interactive mode starts up the login process, which is super important. If you can't get macless-haystack running because of a message like Account limit reached, then you're gonna need a “real” apple device to knock your apple account into a working state.

If you see serving at port 6176 over HTTP, you're golden and can skip the next section.

fixing your apple id

Your Apple ID needs to have :

• a working phone number for 2 factor auth via SMS
• an official device having logged into it like an iPhone, iPod or macbook
• probably a valid payment method

You can try some of these options :

• Borrow a friends' ipad, macbook or phone, login to your apple id, then remove yourself from it. (easiest but may expire at some point, maybe?)
• Register a new apple id via apple music, add a payment method, sign up for the free trial, add 2factor auth and maybe it will work. I couldn't get to set up 2fa so never got this working
• Run a macOS VM and login with your apple ID and shut it down without removing it. This is the one that worked for me.

I used https://github.com/sickcodes/Docker-OSX/ in the end, but on wsl2 getting the interface to appear is really hard, so I ended up with this command and accessing the VM with tightvncviewer localhost::1

docker run -it \
    --device /dev/kvm \
    -p 50922:10022 \
    -v /mnt/wslg/.X11-unix:/tmp/.X11-unix -v /run/desktop/mnt/host/wslg:/mnt/wslg \
    -e "DISPLAY=${DISPLAY:-:0}" \
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
    -e SHORTNAME=monterey -e EXTRA='-vnc :1' -p5901:5901 \
    sickcodes/docker-osx:latest

There's also https://github.com/kholia/OSX-KVM if you're on a real linux machine and a couple of very outdated blogs showing how to do it on VMWare/VirtualBox etc. but I've never got any of the blog posts to actually work.

homeassistant integration

The integration is seamless but has not yet been published to the HACS store yet, so open HACS, click the three dot menu, and go to “Custom repositories”. There you can add the github url – https://github.com/malmeloo/hass-FindMy and a name for the repo, it's of type Integration if you're asked. Once that's done you can install the integration and restart, before adding the integration in settings.

If you're running a containerised version of homeassistant, you'll probably need to add pip install FindMy==0.7.3 into the startup scripts because it often doesn't add dependencies from HACS which is quite annoying.

When you add the integration, it asks you to add a device, select Apple Account and give it your apple id details. Then add another device which is the tracker you want to monitor – for this you need the private key, which you stored somewhere safe when I suggested it above, right?!

If it can't login to your apple account, go back and check macless-haystack, and see if the message is account locked or account limit reached, if so, see the previous section.

Recently I was asked about my android phone setup where I don't have Google Play and yet seem to have no real issues with life without the Big G.

What prompted this ironically was a time where I actually did have an issue, but the fact that it is so rare is worthy of note, so have a note!

First, the hardware

I run a Poco 5G and this took some research as most handset manufacturers are refusing to unlock bootloaders and I want a relatively modern experience, not a slow ancient (in phone terms) device.

Poco is a sub-company of Xiaomi but it's easier to unlock them than some Xiaomi devices because they're a smaller company.

To unlock the phone required me to buy the phone, attach it to my PC, request unlock code, then put it back in it's box for 2 weeks. Yep, you read that right, they force a wait of 2 weeks to basically attempt to get you to use the phone the way they want you to. I persevered and continued 2 weeks later.

Then, the OS

I use LineageOS which is the successor to CyanogenMod which stopped being so open when they became a company and there was drama. Let's not go into that.

It is possible as with any custom “rom” to install the Gapps package, sign into a google account and everything work, but that's not my style. So no Gapps. Instead I use a project called MicroG.

Setting up MicroG can be a bit of a pain, and I can't really remember what I did to get it completely setup but once it's set up, it's solid.

What?! MicroG uses google servers!

Yep, that's an irritating fact of life. Almost anything that wants to send push messages to an android device without their app draining battery uses google servers, so you are a bit stuck here. I prefer that than a signed-in google account though, I can at least tell myself that it's harder to correlate that way. More on push later though.

It however doesn't use Google Maps or Play Services and instead reimplements these. There is a “fake store” app that you install and it uses OpenStreetmap for the mapping side of things.

Then I sideload using “Browser” (yep that's the AOSP browser right there) f-droid and we start installing apps.

And what apps would those be? f-droid only does open source, what about my bank, public transit etc.

Hold your horses, we're getting there. First, we get the opensource apps and set up the niceties like contacts and calendar sync.

• DAVx5 allows me to sync my contacts and calendar with my NextCloud account. I prefer to use this than the NextCloud app because it uses standards-driven stuff. I'm also used to doing it this way since in the early days OwnCloud didn't have an app.
• FairEmail – I use this because k9mail always had trouble with push notifications over IMAP and surprise surprise, I don't use Gmail on my phone (my legacy gmail address forwards to either my zoho or yunohost mailbox)
• FakeStore – as mentioned above, this is for allowing stuff to think it's installed by the Play Store.
• FFUpdater – this is an odd one, but it installs various browsers and keeps them updated – I use it for Bromite when I have to use “chrome”, Firefox Klar and Tor Browser.
• Molly – I use this signal fork, and to get it I had to add a separate repo to f-droid.
• NewPipe – a nice YouTube frontend that again, doesn't require a login.
• ntfy – This one rocks. I self-host an ntfy.sh server and my Tusky notifications go via this rather than google's servers – a growing standard called UnifiedPush enables this and it's worth checking out.
• OrganicMaps & OsmAnd~ – Organic is a lovely front-end to OpenStreetmap data, with routing and even transit routing built-in. It's really quite good. It will keep getting better I hope. I still have OsmAnd because whilst it's transit routing is slower and ostensibly worse, it does allow for more variations.
• QR Scanner (PFA) – this is a nice QRCode scanner that actually shows you the url before going to it.
• Telegram FOSS – yup, telegram is on f-droid.
• Tusky – I'm a fediverse fedizen and this is my preferred client.
• UntrackMe – This redirects links sent to me from twitter, reddit, youtube etc. to nitter, teddit, invidious etc. Really nice tbh.

Enough already, what about my banking app?

Okay, okay. The last app that I install from f-droid is the AuroraStore app. Until about a month ago it was perfect, but now, the search is somewhat broken. I might create a disposable gmail account to fix that. What it does is basically logged-out playstore.

If you have correctly set up microG – there's an app called microG Settings that is installed as part of flashing microG that has a handy Self-Check option – you're good to just install all the horrible tracker-filled software you want from play.

It even downloads the packages from google's servers – this is not ye olde skool “search apkpure.com and hope that it's the real apk”.

I have lots of things installed this way, and whilst they'll be full of trackers, some are actually necessary for my lifestyle.

• My banking apps – I have n26, tomorrow bank and revolut as backup banks in Germany, and they all “just work”.
• 1password – much as I love the company I doubt they will want an opensource client
• BVG Fahrinfo – the Berlin transit app, again, just works.
• Chwazi – this one is for the boardgamers, it's purely for choosing who goes first.
• DB Navigator – the German railways app, very nice to have for train travel without paper.
• FreeNow – Taxi app that works in Berlin with the real Taxis and has deals with Uber and other non-taxi rideshare drivers.
• Slack – yeah, kinda nice to have that.
• ÖBB tickets – again, I often use Vienna public transport. Just works.

Really, just works?

Okay, so the other day I had an issue where DB left me stranded in a town where FreeNow didn't have coverage so I had a bit of an emergency because there were no taxis and I didn't have Uber installed (still don't really know if it would have helped tbh). The search on Aurora wasn't working and I couldn't get it to trigger from the play store (which it can do, but google is trying to make it hard).

Whilst I was getting microg working, I did have trouble with the taxi app because it wasn't getting the mapping right and so would tell the taxi company I was a long way from where I was ordering and at the time they were not letting you order where your phone was not. That's a bad policy imo but also once I was getting green ticks throughout my MicroG settings, it's been glitch-free since.

Am I getting the best most privacy-respecting experience with zero hassle? No. Is it convenient enough for me, yes. Is it privacy-respecting enough for me, well, I want better, but for now, yes.

If you want to comment feel free to tag in @martyn@toot.martyn.berlin in your favorite fediverse client :–)

I've split the list into some sections :

Useful for most folks interested in self-hosting

• cryptpad – Collaborative “office type” suite, entirely clientside encrypted drive, docs, spreadsheets etc. very useful when sharing info with my parents that really shouldn't be public
• funkwhale – I make music sometimes, and this is a federated music site akin to soundcloud.
• gotosocial – a lightweight #fediverse #mastodon style server. I currently am having some issues with it, so my main account is on https://masto.host/
• hauk – Remember google latitude? where you could share your location with a friend on google maps and actually walk toward them and have it update? This is a self-hosted implementation of that kind of service.
• logitech media server – a completely offline multiroom audio capable music library. I have devices scattered through the apartment, and I can play music to all of them at once with them all in sync.
• nextcloud – very extensible personal “cloud” storage – I use this for ensuring my password manager is synced (webDAV), and my phone contacts (cardDAV) and calendar (calDAV) are up-to-date.
• ntfy – a UnifiedPush self-hosted notification system. It allows tusky to ask for notifications without google being involved, and also allows me to send push messages from scripts (e.g. attached to flexget) or other systems such as uptime-kuma
• owncast – a single-user twitch or youtube live replacement. Allows me to stream if I'm in the mood for that, without using a third party. NOTE: this is one of the few things I have on a free tier hosting platform as well because it does run better there.
• peertube – #peertube is video hosting, like youtube, only better, decentralised and federated #fediverse
• pihole – access the internet without the trackers and adverts.
• syncthing – an alternative way of syncing data between machines. Great for folders of files such as obsidian or other notetaking apps.
• whoogle – This is SO good. Google search without the javascript tracking. Okay, they can still track my IP, but it's so much better. I love the idea of duckduckgo and others, but they just don't get the results I need. I use libredirect to redirect any google results pages to whoogle, so even if someone gives me a link to a google search, I get to my whoogle instance.
• writefreely – this blog, running WriteFreely

Useful for the more geeky folks (programmers, arduino tinkerers, home automation geeks etc.)

• argocd – a #continuousDelivery platform, defines what is running in kubernetes in git and keeps it in sync with the git repo. Allows me to rebuild the cluster from scratch in theory.
• drupal – I have a very old site that I want to keep online, and ~15 years ago I migrated the content to drupal.
• code-server – vscode, but not built by microsoft, and in the browser. Allows me to access my dev environment anywhere I have a browser.
• (No longer running) domoticz – a home automation system written in c(++?) that used to run my home automation
• (Deprecated) drone – a CI system I no longer use for new projects because they switched to a proprietary license
• echo-server – a useful piece of debugging software that tells me how a request actually looks when it reaches a pod in the cluster
• esphome – a way to expose esp8266/esp32 devices to HomeAssistant for automation purposes without writing code.
• flexget – a download manager that lets me listen to rss feeds and download the files within them. I need this for reasons.
• gitea – Fork of Gogs – a nice little git server that looks and feels a lot like github.
• homeassistant – Home automation, done pretty well, and entirely offline (it can be online but the way I run it isn't).
• hyperion – creates an “ambient light” system from video streams – this is used to make my TV have an “ambilight” style colourwash behind it that changes based on the scene. I use wled, an esp8266 and a string of ws2812 addressable LEDs to achieve the lighting, and https://rootmy.tv to allow my LG tv to capture it's screen and send it to hyperion.
• jellyfin – My media library, completely offline, sat on my drives here, not on some cloud server.
• karaoke-eternal – My karaoke library exposed as a web service so I can plug a web browser into a projector or TV and create a karaoke party.
• minio – S3 compatible storage allowing me to upload files of any kind and link to them.
• mosquitto – I like to string things together using MQTT. Instead of letting homeassistant provide this, I point homeassistant at my own MQTT server.
• nodered – When I don't want to write code to automate my homeassistant stuff, this allows flow-based “programming” of things. e.g. if the smoke alarm above my 3d printer makes a loud noise, the esp8266 next to the fire alarm detects this, sends an MQTT message to mosquitto, and node-red sees this and sends a signal to turn off power to the printer.
• (deprecated) openvpn – a VPN solution that I don't really use any more but is slightly more supported than wireguard, the one I actively use. It's also a lot easier to debug.
• renovate – monitor your repos for outdated dependencies. a lot like dependabot. Works with gitea nicely.
• rhasspy – OFFLINE VOICE ASSISTANT! This is super cool and I haven't done enough with it, fairly new to me, but you can use the ai-thinker esp32 boards as satellites to a server with ESP32-Rhasspy-Satellite.
• uptime kuma – a system that checks if services are up and notifies if they are not, a lot like pingdom or uptime robot. NOTE: this is one of the few things I have on a free tier hosting platform as well because it lets me know if my home network is reachable from the internet then.
• wg-access-server – the first easy reliable wireguard (VPN) setup I've seen. Works well, allows me to enroll devices onto my network super easily.
• woodpecker ci – a fork of the drone CI system which allows me to automatically build code on a git push.

Useful for just me

• ledcontroller – I wrote this to make pretty patterns on an LED wall behind me when I'm streaming. The wall is wled on an esp8266 with strips of ws2812 leds

Part of the setup of my home kubernetes cluster

• cert-manager – Automatically gets me https certificates so everything I expose to the internet gets a nice certificate
• cluster-ingress – NGINX Kubernetes ingress controller that allows me to direct all inbound port 443 + 80 traffic to the appropriate service
• external-dns configures my dns records by what I put in my ingresses so I don't have to manually create dns records.
• grafana – dashboards for my prometheus monitoring.
• longhorn – a system that allows me to use all my disks in all the nodes on the cluster to create PVCs.
• metallb – by defining a kubernetes service of type LoadBalancer, it gets an IP on my home network.
• prometheus – gotta have that observability on the system. Super overkill for home use but hey, I like having it.
• samba – I expose some PVCs to my local network for windows based PCs.
• vault – I'll be honest here, I have never got this working the way I would like, and so my secrets are not as well encrypted.

Oh, and the cluster is running on very minimal debian boxes with k3s as the kubernetes cluster software.

Do you want to try an Owncast stream but don't have a VPS and don't want to spend money on it? How about we set up one on Oracle's “Always-Free” Tier?

First question out of the way: Is Oracle's “Always-Free” Tier good enough to run Owncast. Simple answer: yes.

Longer answer you can skip if that satisfies you : We can either run their VM.Standard.E2.1.Micro class machine which has 1Gb ram and a 2Ghz vCPU (ish) and that should be enough or an ARM machine with up to 4 CPUs and 24 Gb or RAM. Given Owncast has an arm distribution, that's pretty incredible and works perfectly fine for Owncast.

Is this the best way to set up Owncast on Oracle? No! I'm doing this the easy way, and as an SRE person I would say “nooooo, don't do that, this is production, no clickops”, but I'm making this easy for streamers who are not so techie.

So, without further rambling, here's the prerequisites and the how-to.

Prerequisites: – A credit card that Oracle accepts. Seems to be Visa, Mastercard and Amex. Not sure if debit cards for those networks work, but I see no reason why not, they're mostly after ID verification here to stop spammers and bots creating accounts. – A domain name that you can control – that can be annoying, but you should be able to use a service like afraid.org if you don't have your own domain name. You probably do want a real domain name as a streamer though, just saying...

So from the top:

1. Sign up for an Oracle cloud free account – https://signup.cloud.oracle.com – The steps are really quite simple and other than the card payment which was less than a euro for me and refunded, painless. Be sure to choose the region closest to you as your home region because that will cut down latency to the Owncast box.
2. Sign into your Oracle cloud account. Note that it's frustrating that they use two different usernames. The first is sent to you in the email, and you need to enter that to get to the real login page, then the second is your email address.
3. Navigate to create an instance – Burger menu –> Compute –> Instances then click Compartment and choose the one marked (root) and click “Create Instance”
4. Change the shape of the instance to meet our needs. I suggest using Ubuntu as they don't have Debian (my usual preference) and I recommend using half of your free tier allowance, allows you to use the other half if you need to try a new version out for instance.
   • Click “Edit” next to Image and shape
   • Click “Change Image” and select “Canonical Ubuntu” and click “Select Image”
   • Click “Change Shape” and select “Ampere” and “VM.Standard.A1.Flex”. Scroll down a little and change the “Number of OCPUs” to 2. The Memory should automatically change to 12, but if it doesn't set that as well. It's overkill but better than being too strict. Click “Select Shape”
   • Under “Add SSH keys” either click on the “Save private key” and “Save public key” links or if you know what an ssh key is and you already have one, click on upload or paste public keys.
   • Click “Create”
5. Once your newly created machine has booted, you should then allow web traffic to it. This is in a couple of places (well done to Oracle for making this secure by default, but it makes for a longer document here!)
   • In the instance page click on the blue link next to “Virtual cloud network” under Instance details.
   • Scroll down to “Security Lists” on the left hand side
   • Click “Add Ingress Rules” and fill in the following details :
   • – Source Type : CIDR
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 80
   • – Description : (Optional but my recommendation) HTTP
   • Click + Another Ingress Rule and fill in almost the same details
   • – Source Type : CIDR
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 443 This is the difference from the previous rule
   • – Description : (Optional but my recommendation) HTTPS
   • Click + Another Ingress Rule and fill in almost the same details
   • – Source Type : CIDR
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 1935 This is the difference from the previous rule
   • – Description : (Optional but my recommendation) RTMP
   • Click Add Ingress Rules
   • Go back to the Burger menu, click Networking and Virtual Cloud Networks.
   • Click the VCN in the table (blue text, should be something like vcn-20220909-2138)
   • Click on Network Security Groups, click Create Network Security Group and give it a Name (I chose allowown because it's, allowing owncast, I'm creative like that) and click Next.
   • Enter almost exactly all the above stuff over again. 2/3 of network access is then done...:
   • – Direction: Ingress
   • – Source Type : CIDR
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 80
   • – Description : (Optional but my recommendation) HTTP
   • + Another rule
   • – Direction: Ingress
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 443 This is the difference from the previous rule
   • – Description : (Optional but my recommendation) HTTPS
   • + Another rule
   • – Direction: Ingress
   • – Source CIDR : 0.0.0.0/0
   • – IP Protocol : TCP
   • – Source Port Range : LEAVE BLANK
   • – Destination Port Range : 1935 This is the difference from the previous rule
   • – Description : (Optional but my recommendation) RTMP
   • Create
   • Now we need to assign it to the instance NIC so Burger Menu –> Compute –> Instances
   • Click on the instance in the table
   • Network Security Groups: edit
   • + Another network security group
   • Select a value –> allowown –> Save changes
6. Now is a good time to assign a DNS name to the IP of the machine. This is pretty much out of scope but make an A record to the Public IP address listed in the instance machine. I'll use your.domain.here for an example from here.
7. Okay, so all the “infrastructure” is done now, we just need to connect to the machine by ssh and install Owncast and Caddy (this does the https stuff for us). First, connect via SSH to the Public IP of your machine using the ssh key you downloaded or used in creation. Again, fairly well documented elsewhere, feel free to use PuTTY or other client, but this is somewhat out of scope here.
   • If you're on windows, the simplest thing is to install the openssh client : https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/ – On mac or linux, it's already installed.
   • run on your local computer ssh -i {private key file} ubuntu@{IP From above}
8. The third and final network allow is to edit the iptables firewall on the ubuntu virtual machine. This is annoyingly a text edit, here's a sed line that should work, but you basically need to duplicate the line that ends with 22 -j ACCEPT three times, and change on the new lines 22 to 80, 443 and 1935.
   • Copy pasta: sudo sed -i s/"\(^.*22 -j ACCEPT\)"/"\1\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 1935 -j ACCEPT"/ /etc/iptables/rules.v4
   • OR sudo nano /etc/iptables/rules.v4, duplicate the 22 line with 80 and 443 instead. LEAVE THE 22 LINE THERE!
   • sudo iptables-restore < /etc/iptables/rules.v4

From here I'm repeating some stuff from the official install docs here so feel free to check if there's updated instructions.

1. Stay connected to your virtual machine in oracle and run the following commands to get owncast up and running :
2. curl -s https://owncast.online/install.sh | bash
3. curl https://files.martyn.berlin/blog/oracle-owncast-systemd-unit.txt | sudo tee /etc/systemd/system/owncast.service †
4. sudo systemctl daemon-reload
5. sudo systemctl enable owncast
6. sudo systemctl start owncast
7. Stay connected and now it's the following commands from (Caddy's install docs)[https://caddyserver.com/docs/install#debian-ubuntu-raspbian]
8. sudo apt install -y apt-transport-https
9. curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
10. curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
11. sudo apt update
12. sudo apt install caddy
13. Create a Caddyfile for owncast :
14. curl https://files.martyn.berlin/blog/oracle-owncast-caddyfile.txt | sudo tee /etc/caddy/Caddyfile ‡ – Switch the hostname for yours (your.domain.here) : sudo sed -i /etc/caddy/Caddyfile s/streams\.martyn\.berlin/your.domain.here/g (again, you are welcome to use nano, vim etc. if you prefer!)
15. sudo systemctl daemon-reload
16. sudo systemctl enable caddy`
17. sudo systemctl stop caddy
18. sudo systemctl start caddy

Viola! all done! You can proceed to login http://your.domain.here/admin/ with user “admin” and password “abc123” (PLEASE CHANGE THIS as soon as you do!). Your stream key is the admin password.

Change the admin password (stream key), add extra resolutions, edit your home page, all the usual things, and you're good to go.

Final thoughts

This is a free way of getting your own owncast setup and will get you a working system, that should do you fine. What it doesn't do is updates, backups and helping you fix it if things go wrong. That might be fine for you, it might not. I'm just enabling you to give it a go.

I might terraform this at some point, and I long for a day where there's a good free-tier kubernetes where a lot of the above is nicely abstracted away, but here we are.

† Contents of that file in case it goes missing :

[Unit]
Description=Owncast Service

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/owncast
ExecStart=/home/ubuntu/owncast/owncast
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

‡ The caddyfile contents :

streams.martyn.berlin {
encode gzip
reverse_proxy 127.0.0.1:8080
tls webmaster@mydomain.com
}

I'm gonna be doing a stream on Owncast soon and probably co-streaming to twitch where I already have some connections. That means I want both chats on screen, so twitch viewers can see the owncast chat and vice versa. So obviously I search the interwebs with whoogle “Chat Owncast OBS” and all the answers seem pretty complex. Example link that is well-written

Whilst I'm capable of setting up those things, I found it hard to believe that this was the best use of my time. So I searched a bit harder and found the right keywords to use – “embed” is the magic term. It's not perfect so I added some custom CSS and thought I'd make it easier for people to search for and document those changes I made.

So, to add your chat as an “overlay” in OBS you can simply add a Browser type source with the URL http://your.host/embed/chat/readonly – In my case, I use a local IP here via http rather than the external https url, that saves having to sort out hairpin mode on my router.

Here is the custom CSS I use for making the chat a bit more compact :

.message { margin-top: 0px;
margin-right: 0px;
margin-bottom: 2px;
margin-left: 0px;
padding-top: 1px;
padding-right: 1px;
padding-bottom: 1px;
padding-left: 5px; }
.message-author {
display: inline;
}
.message-author:after {
content: ": "
}
.message-text{
padding: 0;
display: inline;
}

Here is what it looks like before adding the custom css:

and after :

I'm still not “happy” with the appearance, but perhaps some cool frontend person might be able to make it look better than I can. Of course I could just go the difficult way, but that seems excessive for now.

(Restored: Original date: May 2, 2022)

There's a saying that goes along the lines of “Some people collect things, like stamps or fridge magnets, and that's their hobby, but geeks collect hobbies”. That's pretty true of me, here's a bit of a non-exhaustive list :

• Boardgaming
• Computer Gaming
• Programming & Infrastructure (that's my dayjob – SRE/Devops/Platform Engineering/latest buzzword...)
• Electronics
• 3D Printing / Laser Cutting / CNC
• Home metal casting (bizmuth)
• Airbrush painting stuff I've printed
• Home automation
• Singing and Songwriting

To that last one, lately I've decided I want to put some of my songs “out there” on music platforms so I can say “oh yeah, look me up on spotify, apple music etc. if you want to hear my stuff”. That requires having a bit of a bio, which is what this post will serve as the basis of.

So, to paint a picture with words artist Martyn looks like this :

Always been surrounded by music my whole life, Dad is a Bass player and producer, Mum sings and writes lyrics. I'm named after “John Martyn” and my middle name means Harmony (thanks mum!) so early on, I had the right stuff in alignment. I played Cornet in a brass band and also a “Big band” in my teens, picked up and never got great at saxaphone in my 20s, don't have the callouses or muscle memory for guitar and can kinda “plinky-plonk” on a keyboard to make melodies or chord progressions in my daw.

Some people like to see a list of influences, and who am I to blow against the wind*? It's a very long list so I'll just list a few here : Paul Simon, Peter Gabriel, Phil Collins, The Police, Pet Shop Boys, Propaganda, Pulp, Placebo... Okay, it's not just Ps, that's just a start, let's add some more : Alan Menken, Blue Oyster Cult, The Carpenters, David Bowie, Elvis Costello, Fleetwood Mac, George Michael, Heart, Imagine Dragons, Janis Joplin, Kate Bush, Limp Bizkit, The Mamas & Papas, Nightwish, Orchestral Manoeuvres in the Dark, Paramore, Queen, REM, Sting, Trent Reznor, Ultravox, Vivaldi, Wagner, XTC, Yazoo, ZZ Top and MANY more. *If you know the song, you know.

Like my parents, music isn't my dayjob, it's a passion, not a grind for me. My muse strikes and a song is in my head, and has to “get out”. Sometimes it's a lyric, sometimes it's a beat, sometimes it's a funky bass line.

In 2021 I attempted “Songtober” which was to write and record a song a day, from a set of prompts. I didn't manage 30 songs (31st was a day off!), but I did manage 25, of varying quality.

I have two “Personas” for music :

“LycanSong” – that's me, my DAW and so many plugins (instruments), and sometimes now my producer, his DAW and many more plugins! This is the name I compose music under, and in general I don't stick to a Genre. If you had to pin me down it would probably be Folk/Pop/Rock but that doesn't cover it all and is already three!

“AcapellaWolf” – that's me, my DAW as effectively a loopstation, and no instruments. Think Pentatonics but only one person, or aspiring to be like Jared Halley, Peter Hollens, Smooth McGroove or Mike Tompkins. I don't “write” music under this persona, but I might cover LycanSong tracks this way. This is also my streaming persona when I do stream on twitch, and I also mod for (currently) one other Music streamer, and help out in the Twitch Music and associated discords.

Am I looking to be “discovered”, well, not really, I'm not after fame, and I'm fairly certain fortune is not on the cards for me with music either (should probably have “pursued” it earlier in life).

(Restored: Original date: January 9, 2022)

If you've been following my previous blog posts, you have now a dual-boot pinenote with debian, but you have a rather black-looking e-ink screen and only a terminal entry. You probably want a GUI, wifi, the touchscreen working and pen configured so you can interact with the device.

So let's start. First, wifi.

create a file with your wifi configuration (change “home” to the ssid of your wifi and “SuperSecretPassword” to the wifi password) :

cat > /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
network={
        ssid="home"
        scan_ssid=1
        key_mgmt=WPA-PSK
        psk="SuperSecretPassword"
}

(Press Control+D on a blank line to finish creating the file) Then run wpa_supplicant in the background :

wpa_supplicant -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -B

After about a minute, you'll have an IP on wlan0 :

ip a show wlan0
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
     inet 192.168.5.156/24 brd 192.168.5.255 scope global noprefixroute wlan0 
         valid_lft forever preferred_lft forever
     inet6 dead::beef:1010:1010:0001/64 scope link       
          valid_lft forever preferred_lft forever

So we can use apt to install xwindows and a DE. For now, we'll use xfce as it's lightweight :

apt install -y xfce4 onboard xserver-xorg-input-evdev network-manager-gnome

That's a lot of packages. Eventually though, you'll be returned to the prompt.

Note: I included network-manager-gnome in the package list above as wicd no longer seems to be in debian and xfce's own network management tool is abandoned. You can decide not to include it but to get network you'd have to use wpa_supplicant manually. You can remove it from the list if you prefer to manage wifi a different way.

Now you have some more config files to create :

First, the xorg config for rotating the pen and enabling touch input :

cat > /etc/X11/xorg.conf.d/pinenote.conf
Section "InputClass"
        Identifier "evdev touchscreen"
        MatchProduct "tt21000"
        MatchIsTouchscreen "on"
        #MatchDevicePath "/dev/input/event5"
        Driver        "evdev"
EndSection

Section "InputClass"
        Identifier    "RotateTouch"
        MatchProduct    "w9013"
        Option    "TransformationMatrix" "-1 0 1 0 -1 1 0 0 1"
EndSection

Control-D again for the prompt on a blank line.

And to enable the greeter to switch to the onscreen keyboard (note TWO chevrons!):

echo "keyboard=onboard" >> /etc/lightdm/lightdm-gtk-greeter.conf

Now's also as good a time as any to create a normal user (you don't have to call it fred!) and enable them to sudo:

adduser fred

Put in the password twice, enter for the other details then when the prompt returns:

apt install -y sudo
addgroup fred sudo

Now, I'm not usually a fan of saying this, but the easiest thing to do here is reboot, as dbus, lightdm and all sorts of other things need to talk to each other and it would be fiddly to get them to do so. So issue reboot, Spam your Interrupt and use the last u-boot commands from the previous article. You should be greeted by the lightdm greeter.

To bring up the onscreen keyboard so you can log in, you can press F3 on the keyboard. I kid you not, that's the default. You can also enable it by clicking the “person in a bubble” icon in the top right though.

There you have it, a “minimal” XFCE desktop with working touch and pen.

I want to give a shout out here to everyone who has been involved with getting Linux on the pinenote up to this stage.

MASSIVE props to smauel who has been doing the kernel work that gets the panel and sound working! Thanks to everyone in the pine64 irc/discord/matrix pinenote channel for support too. Without them, I'd probably still be fighting stuff. Special thanks to irrenhaus, vveapon and pgwipeout there for their patience with me. Also a quick thanks to DorianRudolph who's docs form some very important basis for my own. And of course, pine64 themselves, this is such a cool device!

Debootstrap problems

(Restored: Original date: January 9, 2022)

So I lost a day, maybe two to this piece of software, and I'm gonna have a little side-rant about this.

I have a device (pinenote) running android, and I have a kernel to boot it into linux, and I want to boot debian, because it's my preferred distro.

So okay, we have termux on the device, but after hours of fighting it, debootstrap there fails in many many ways. One here was the final straw :

W: Failure trying to run: proot -w /home -b /dev -b /proc --link2symlink -0 -r /data/data/com.termux/files/home/target dpkg --force-overwrite --force-confold --skip-same-version --install /var/cache/apt/archives/libapparmor1_2.13.6-10_arm64.deb /var/cache/apt/archives/libargon2-1_0~20171227-0.2_arm64.deb /var/cache/apt/archives/libcryptsetup12_2%3a2.3.5-1_arm64.deb /var/cache/apt/archives/libip4tc2_1.8.7-1_arm64.deb /var/cache/apt/archives/libjson-c5_0.15-2_arm64.deb /var/cache/apt/archives/libkmod2_28-1_arm64.deb /var/cache/apt/archives/libcap2_1%3a2.44-1_arm64.deb /var/cache/apt/archives/dmsetup_2%3a1.02.175-2.1_arm64.deb /var/cache/apt/archives/libdevmapper1.02.1_2%3a1.02.175-2.1_arm64.deb /var/cache/apt/archives/systemd_247.3-6_arm64.deb /var/cache/apt/archives/systemd-timesyncd_247.3-6_arm64.deb
W: See /data/data/com.termux/files/home/target/debootstrap/debootstrap.log for details (possibly the package systemd is at fault)

BUT, dear reader, I have an alpine chroot handy (I used this to repartition the disk), so I try that.

NO DICE. No matter what I do, I get fun errors like Tried to extract package, but file already exists. Exit... which turns out to be a tar bug, maybe... because in the log you get the wonderful error:

Cannot change mode to rwxr-xr-x: No such file or directory

Another annoying situation was using the --foreign option, I often got a chrootable system that didn't contain perl. This meant that --second-stage just barfed and failed.

Anyway, I'm not writing this post because I have a solution, EXCEPT I gave in and built a Dockerfile that builds the filesystem from a debian base. Once I had that, I then made github automatically build me a tarball using github actions.

So yeah, it's really annoying that debootstrap is supposed to be “easy to use” and “available with almost no dependencies” and yet every way I went about it, I didn't get a working system. It may work well on a debian system, but on non-debian ones it's a nightmare to be honest.

What would my suggestion be? Follow the alpine strategy and provide downloadable tarballs instead. Like the ones I had to build myself on Github, by running debootstrap, but on a debian system.

Yes, I can simply run it myself on a debian box or using docker, but the reason I want to use a CI like github actions is because I'm documenting for others how to get debian on this device.

(Restored: original date: January 8, 2022)

IMPORTANT: This will trash your userdata. Back up your files first. You will get the full android back but without your data.

Pre-requisites: – Pinenote kernel, dtb and modules – Rooted android – Termux and ssh – this method is REALLY the easiest to get up and running with. If you want, you could fight replacing busybox to include curl and get files over some other way, but you're taking the path less travelled. – Your data you need on your pinenote BACKED UP – I'm not kidding, it all goes.

Stage 1: prepare:

Copy onto your android device (I recommend using termux and scp) : – Image, rk3566-pinenote.dtb – the kernel and it's device tree.

Stage 2: repartitioning

The only ext4 filesystem that isn't going to be upset by us placing linux on it is the /cache partition and unfortunately, debian with a window manager, wifi and onscreen keyboard is about 1Gig, and so is that partition, so no headroom. So we need to repartition.

First, we'll use that /cache partition to house a the smallest distro with parted (alpine, what a surprise) so in termux let's grab the stuff we need :

curl https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/aarch64/alpine-minirootfs-3.15.0-aarch64.tar.gz > min.tar.gz
su -
mount -o remount,rw /cache
cp Image rk3566-pinenote.dtb /cache/
tar -zxf min.tar.gz -C /cache
echo "nameserver $(getprop net.dns1)" > /cache/etc/resolv.conf 
chroot /cache
apk add --no-cache parted e2fsprogs

Now, you need that USB dongle that came with your pinenote for this next step : – connect the USB dongle to your pc in-line to the pinenote – fire up a terminal emulator connected to the device at 1500000/8n1 – touch the touchscreen to see that you get output – reboot your pinenote and spam Ctrl+C in that terminal until you get

=> <INTERRUPT>

Then paste these u-boot commands :

load mmc 0:b ${kernel_addr_r} /Image
load mmc 0:b ${fdt_addr_r} /rk3566-pinenote.dtb
setenv bootargs ignore_loglevel root=/dev/mmcblk0p11 rw rootwait earlycon console=tty0 console=ttyS2,1500000n8 fw_devlink=off init=/bin/sh
booti ${kernel_addr_r} - ${fdt_addr_r}

You should get a prompt that looks similar to this :

/bin/sh: can't access tty; job control turned off
/ # ␛[6n

Now we have a VERY minimal linux running, so that's cool, but what we're here for is partitioning, so let's go!

export TERM=dumb
parted
print

You should see something like this :

Model: Generic SD/MMC Storage Card (sd/mmc)
Disk /dev/mmcblk0: 124GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number  Start   End     Size    File system  Name      Flags
1      8389kB  12.6MB  4194kB               uboot
2      12.6MB  16.8MB  4194kB               trust
3      16.8MB  18.9MB  2097kB               waveform
4      18.9MB  23.1MB  4194kB               misc
5      23.1MB  27.3MB  4194kB               dtbo
6      27.3MB  28.3MB  1049kB               vbmeta
7      28.3MB  70.3MB  41.9MB               boot
8      70.3MB  74.4MB  4194kB               security
9      74.4MB  209MB   134MB                recovery
10      209MB   611MB   403MB                backup
11      611MB   1685MB  1074MB  ext4         cache
12      1685MB  1702MB  16.8MB  ext4         metadata
13      1702MB  4965MB  3263MB               super
14      4965MB  4982MB  16.8MB               logo
15      4982MB  5049MB  67.1MB  fat16        device
16      5049MB  124GB   119GB   f2fs         userdata

We're going to split that userdata partition – my suggestion (and what's documented here) is 8Gb for Android and the rest for Linux : (it looks weird here because serial connections to odd terminals are, well, weird)

(parted) resizepart 16 13049M
Warning: Shrinking a partition can cause data loss, are you sure you want to
continue?
Yes/No?
Yes/No? yes
Error: Partition(s) 11 on /dev/mmcblk0 have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use.
As a result, the old partition(s) will remain in use.  You should reboot now before making further changes.
Ignore/Cancel?
Ignore/Cancel? Ignore
(parted) mkpart primary ext4 13G 100%
: Partition(s) 11 on /dev/mmcblk0 have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use.
As a result, the old partition(s) will remain in use.  You should reboot now before making further changes.
Ignore/Cancel?
Ignore/Cancel? Ignore
(parted)
(parted) quit
Information: You may need to update /etc/fstab.
/ #
/ # ␛[6n exit

Here's just the commands for copy-pasta-funtimes:

resizepart 16 13049M
yes
Ignore
mkpart primary ext4 13G 100%
Ignore
quit
exit

At this point your pinenote will attempt to reboot, but we really upset the android system (you did read the warning, right?). So now we need to get back to the u-boot prompt again (spam that ctrl-c whilst rebooting the device).

Once you got there :

=> fastboot usb 0
Enter fastboot...OK 

and remove the dongle between your usb-cable and the pinenote and plug in the cable directly. Now we use the android fastboot command to wipe the userdata part in a way it will like, and boot into recovery :

fastboot erase userdata
erasing 'userdata'...
OKAY [  4.026s]
finished. total time: 4.027s
fastboot reboot

The pinenote will switch to “Charging” mode, so power it on and watch the progress-bar which will cycle MANY times at this point (it's creating a fs on userdata for us and possibly other files) but eventually the backlight will come on and then android will boot.

You probably want to reboot into fastboot mode again to re-flash your magisk'd boot partition (no need to start from a clean image though, you can simply flash the magisk'd version again from fastboot). Follow Step 1 from the other blog post then on your computer :

adb reboot bootloader
fastboot flash boot magisk_patched-23016_oYeer.img

Congratulations, android resized, and once you've launched the magisk app, back to rooted. Now, again, install termux and ssh and come back for stage 3. You're safe to restore your files and use android again, we're not going to mess with it from hereon in.

Stage 3: (re)prep for Linux

copy everything back to android : – Image, rk3566-pinenote.dtb – the kernel and it's device tree.

– modules – the ones from your kernel build.

You can grab these from my github if you like (not random binary, but built from source, see the CI) with

curl -L https://github.com/iMartyn/auto-pinenote-kernel/releases/download/0f33365e0a84/release.zip > release.zip
unzip release.zip

Stage 4: minimal debian (finally!)

Here's a rant on why I suggest getting this from github

in termux:

su -
mkdir target
mkfs.ext4 /dev/block/mmcblk2p17
mount /dev/block/mmcblk2p17 target
exit

Fetch a debian arm64 base image and extract it (jq for the messy github stuff, you could also just visit https://github.com/iMartyn/pinedeb/releases/ and copy the link for the withwifi tarball) :

pkg install jq
curl -L $(curl --silent "https://api.github.com/repos/iMartyn/pinedeb/releases/latest" | jq '.assets[] | select(.name == "debian-bullseye-arm64-withwifi.tar.bz2") | .browser_download_url') > fs.tar.bz2
sudo tar -jxf fs.tar.bz2 --same-owner -C target/

Let's also add the kernel, dtbs, modules and firmware files from android at this point:

sudo cp Image rk3566-pinenote.dtb target/
sudo cp -r modules/ target/lib/
sudo mkdir -p target/lib/firmware/brcm
sudo cp -r /vendor/etc/firmware/* target/lib/firmware/
sudo cp /vendor/etc/firmware/fw_bcm43455c0_ag_cy.bin target/lib/firmware/brcm/brcmfmac43455-sdio.bin
sudo cp /vendor/etc/firmware/nvram_ap6255_cy.txt target/lib/firmware/brcm/brcmfmac43455-sdio.txt
sudo cp target/lib/firmware/BCM4345C0.hcd target/lib/firmware/brcm/BCM4345C0.hcd

Now we need to chroot to set the root password. Note that the PATH and TMP env vars from android are not friendly, so we'll set those too before running any commands in the chroot. Also, sudo from tsu won't chroot, so we're back to su

su -
chroot /mnt/linux /bin/bash
export TMP=/tmp/
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
passwd

you can if you want, add more stuff at this point with apt but given we're going to have to “rescue boot” for the next stage, you may as well wait.

So, debian installed, but not really fully bootable yet, but we can now boot into a rescue shell for that!

Stage 5: boot rescue

Again comes the need for the dongle – so go ahead and plug that in and start your terminal session in one window.

You can reboot either by issuing reboot in a su shell or by using the android interface to reboot. Then spam that control-c to get your u-boot prompt and issue the commands to boot rescue shell :

load mmc 0:11 ${kernel_addr_r} /Image
load mmc 0:11 ${fdt_addr_r} /rk3566-pinenote.dtb
setenv bootargs ignore_loglevel root=/dev/mmcblk0p17 rw rootwait earlycon console=tty0 console=ttyS2,1500000n8 fw_devlink=off init=/bin/sh
booti ${kernel_addr_r} - ${fdt_addr_r}

Very similar to before, only this time we're on a different partition :–)

You'll want to wait about 30s for some more kernel messages to pop in, but then we'll grab the waveform partition and make it a file :

dd if=/dev/mmcblk0p3 of=/lib/firmware/waveform.bin bs=1k count=2048

Now you can start making the ramdisk that debian expects (TERM=dumb helps on difficult terminals like miniterm in windows) :

export TERM=dumb
bash
mount -t proc none /proc
mount -t sysfs none /sys
depmod -a
mkinitrd /dracut-initrd.img $(uname -r)
mkimage -A arm -T ramdisk -C none -n uInitrd -d /dracut-initrd.img /uInitrd.img
exit

Ready to boot into full debian yet?! YES! When you type exit again, the pinenote will reboot, so get ready to spam the control-c again and at the INTERRUPT prompt you need :

load mmc 0:11 ${kernel_addr_r} /Image
load mmc 0:11 ${fdt_addr_r} /rk3566-pinenote.dtb
load mmc 0:11 ${ramdisk_addr_r} /uInitrd.img
setenv bootargs ignore_loglevel root=/dev/mmcblk0p17 rw rootwait earlycon console=tty0 console=ttyS2,1500000n8 fw_devlink=off init=/sbin/init
booti ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr_r}

Note that we're now loading a ramdisk. You'll also get a terminal on the screen, so you can use a usbc docking-station to use a keyboard, mouse etc.

This post is way too long at this point, so next post will be a shorter one on getting X up and running with the touchscreen, pen and onscreen keyboard.