Useful RPI scripts and commands

Here are some helpful scripts and commands for use on RPI OS

#!/usr/bin/env bash

sudo wget -O /usr/bin/
sudo chmod +x /usr/bin/

grep -qxF '/usr/bin/ &' /etc/rc.local || sed -i "/exit 0/i\/usr/bin/ &" /etc/rc.local
#!/usr/bin/env bash

echo -e
echo  "Please enter the password for admin"
echo -e
read -r adpass

echo -e
echo  "Please enter your domain name"
echo -e
read -r domain

#Updating file /etc/hosts

echo " localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters               $(cat /etc/hostname).$domain $(cat /etc/hostname)" > /etc/hosts

#Updating file /etc/sudoers

grep -qxF '%domain\ admins ALL=(ALL:ALL) ALL' /etc/sudoers || echo '%domain\ admins ALL=(ALL:ALL) ALL' >> /etc/sudoers

#Updating RPI

sudo apt -y update

#Installing krb-user

export DEBIAN_FRONTEND=noninteractive
sudo -E apt -y -qq install krb5-user

#Updating file /etc/krb5.conf

echo "[libdefaults]
        default_realm = AD.${domain^^}

        krb4_convert = true
        krb4_get_tickets = false" > /etc/krb5.conf

#Installing libpam-sss

export DEBIAN_FRONTEND=noninteractive
sudo -E apt -y -qq install libpam-sss

#Installing libpam-mount

export DEBIAN_FRONTEND=noninteractive
sudo -E apt -y -qq install libpam-mount

#Updating file /etc/pam.d/common-session

echo "#
# /etc/pam.d/common-session - session-related modules common to all services
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session [default=1]           
# here's the fallback if no module succeeds
session requisite             
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required              
# and here are more per-package modules (the "Additional" block)
session required 
session optional               
session optional 
session optional 
session required skel=/etc/skel/ umask=0022

# end of pam-auth-update config" > /etc/pam.d/common-session

#Installing realmd

export DEBIAN_FRONTEND=noninteractive
sudo -E apt -y -qq install realmd

#Updating file /etc/realmd.conf

echo "[active-directory]
os-name = Raspbian
os-version = $(cat /etc/debian_version)

automatic-install = yes

default-home = /home/%u
default-shell = /bin/bash

user-principal = yes
fully-qualified-names = no" > /etc/realmd.conf

#Installing Prerequisites
sudo apt -y install ntp python3-pip sssd adcli libsss-sudo cifs-utils smbclient sssd-tools samba-common packagekit samba-common-bin samba-libs libnss-sss oddjob oddjob-mkhomedir packagekit


#Updating file /etc/sssd/sssd.conf

echo "[sssd]
domains =
config_file_version = 2
services = nss, pam

ad_domain = ad.$domain
krb5_realm = AD.${domain^^}
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u
access_provider = ad

auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600" > /etc/sssd/sssd.conf

#Updating file /etc/ntp.conf

echo "# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).

# maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <>
pool iburst
pool iburst
pool iburst
pool iburst

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <>
# might also be helpful.
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict -6 ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict mask notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient" > /etc/ntp.conf

#Restarting the NTP service

sudo systemctl restart ntp

#Discovering Realm

realm discover ad.$domain

echo "$adpass" | kinit -V admin

#Joining domain

echo "$adpass" | realm join -U admin@AD.${domain^^} ad.$domain


echo -e
echo  "Congratulations $(cat /etc/hostname) is now part of ad.$domain"
echo -e

This script uses as NTP server

  • to leave domain simply run
    realm leave

if you need to change the hostname (ie to change from default raspberrypi to yourhostname) run this command before running

sudo hostnamectl set-hostname yourhostname


  • To disable Bluetooth

grep -qxF 'dtoverlay=disable-bt' /boot/config.txt || echo 'dtoverlay=disable-bt' >> /boot/config.txt

using grep -qxF 'dtoverlay=disable-bt' /boot/config.txt || before cmd makes sure the line won’t be appended if it’s already there

  • To disable HDMI (if were using it as headless)

/usr/bin/tvservice -o

or If you want this to be applied also at boot time

grep -qxF '/usr/bin/tvservice -o' /boot/config.txt || sed -i "/exit 0/i\/usr/bin/tvservice -o" /boot/config.txt

  • To update firmware

sudo apt -y update && sudo rpi-eeprom-update && sudo apt -y full-upgrade

  • To enable Root access on ssh

grep -qxF 'PermitRootLogin yes' /etc/ssh/sshd_config || echo "PermitRootLogin yes" >> /etc/ssh/sshd_config && sudo systemctl restart ssh.service && sudo passwd root