Create a clean raspbian image

Clean your sd card

Before writing the raspbian image into your sd card, clean your storage device by turning all its bits into 0.

  # dd if=/dev/zero of=/dev/rdisk<sd card number> bs=4m

Burn raspbian image into sd card

  # dd if=/Users/<username>/Downloads/2019-04-08-raspbian-stretch-lite.img of=/dev/rdisk<sd card number> bs=4m

Serial connection and disable first boot autosize

Do the following 3 steps BEFORE BOOTING FOR THE FIRST TIME your raspberry pi

Backup cmdline.txt and config.txt

Before modifying cmdline.txt and config.txt, BACKUP THEM!

  $ cp -p cmdline.txt cmdline.txt.original
  $ cp -p config.txt config.txt.original

Modify cmdline.txt

Once you have finished, change the output console device and remove the script that autoexpands / partition size at first startup.

  $ vi cmdline.txt
  console=serial0,115200 console=tty1 -> console=ttyAMA0,115200
  delete init=/usr/lib/raspi-config/

Modify config.txt

Don't forget to enable this option, otherwise you won't be able to communicate to your raspberry pi throught raspberry debug port (TTL-232R-RPi).

  $ vi config.txt
  add this : enable_uart=1
  /dev/root       1.6G  978M  538M  65% /
  devtmpfs        460M     0  460M   0% /dev
  tmpfs           464M     0  464M   0% /dev/shm
  tmpfs           464M   12M  452M   3% /run
  tmpfs           5.0M  4.0K  5.0M   1% /run/lock
  tmpfs           464M     0  464M   0% /sys/fs/cgroup
  /dev/mmcblk0p1   43M   22M   21M  51% /boot
  tmpfs            93M     0   93M   0% /run/user/1000

Resize / manualy and create /media/data partition

Now, resize the / partition and create a new one.

  # fdisk /dev/mmcblk0

Your partition table should look like this :

  Device         Boot Start     End Sectors  Size Id Type
  /dev/mmcblk0p1       8192   96042   87851 42.9M  c W95 FAT32 (LBA)
  /dev/mmcblk0p2      98304 3522559 3424256  1.6G 83 Linux

Delete the / partition, and create a new one (primary) which starts at THE SAME POSITION as the one you have just deleted, in my case 98304.

In the fstab, replace PARTUUID by /dev/mmcblk0p<partition number>. Reboot your raspberry pi and then tell your system you have resized a partition by typing :

  # resize2fs /dev/mmcblk0p<partition number>

After creating the partition that will be mounted at /media/data, reboot your raspberry pi. Then, turn it into an ext4 partition, and add it to fstab.

  # mkfs.ext4 /dev/mmcblk0p3
  # mkdir -p /media/data
  # vi /etc/fstab
  /dev/mmcblk0p3        /media/data     ext4    defaults             0       0
Make sure you have CREATED /media/data folder BEFORE MOUNTING it because your raspberry pi WON'T BOOT after that : Cannot open access to console. The root account is locked see sulogin(8) man page for more details.

Now, it's time to test what you have done.

  # mount -a
  $ df -h
  Filesystem      Size  Used Avail Use% Mounted on
  /dev/root       7.9G  1.1G  6.5G  14% /
  devtmpfs        460M     0  460M   0% /dev
  tmpfs           464M     0  464M   0% /dev/shm
  tmpfs           464M   12M  452M   3% /run
  tmpfs           5.0M  4.0K  5.0M   1% /run/lock
  tmpfs           464M     0  464M   0% /sys/fs/cgroup
  tmpfs           464M     0  464M   0% /var/spool
  tmpfs           464M  148K  464M   1% /var/log
  tmpfs           464M     0  464M   0% /var/tmp
  tmpfs           464M     0  464M   0% /tmp
  /dev/mmcblk0p1   43M   22M   21M  51% /boot
  tmpfs            93M     0   93M   0% /run/user/1000
  /dev/mmcblk0p3  6.7G   31M  6.3G   1% /media/data

Update raspbian packages and install needed packages

  # apt update
  # apt upgrade
  # apt install --no-install-recommends tree lsof nmap git

Enable ssh

  touch /boot/ssh
  # systemctl enable ssh
  # systemctl start ssh

Reference :

Mount partitions

  # vi /etc/fstab
  tmpfs		/tmp		tmpfs	defaults	  0	  0
  tmpfs		/run		tmpfs	defaults	  0	  0
  tmpfs		/var/spool	tmpfs	defaults	  0	  0
  tmpfs		/var/log	tmpfs	defaults	  0	  0
  # reboot
REBOOT your raspberry pi AFTER adding each line to FSTAB

Systemd-hostnamed doest not start

  # vi /etc/fstab
  tmpfs		/var/tmp	tmpfs   defaults	  0	  0

Check if there are any errors

Fix rsyslog /var/spool/rsyslog directory missing

By unit file

  # vi /etc/systemd/system/generateRsyslogStructure.service
  Description=Generate Rsyslog structure
  ExecStart=/bin/bash /home/pi/
  $ vi /home/pi/
  if [ -r /etc/rsyslog.conf ]; then
      WorkDirectory=$(grep "WorkDirectory" /etc/rsyslog.conf | cut -d\  -f2)
      echo "Cannot read /etc/rsyslog.conf" >> /tmp/rsyslogService.txt
      exit 1
  if [ ! -d "$WorkDirectory" ]; then
      mkdir $WorkDirectory
  exit 0
  sudo chmod 664 generateRsyslogStructure.service
  chmod a+x
  # systemctl enable generateRsyslogStructure.service

By tmpfiles.d config files

  # vi /etc/tmpfiles.d/genRsyslogStruc.conf
  d /var/spool/rsyslog 0755 root root
  # mkdir /var/spool/rsyslog


Disable swap

  # systemctl stop dphys-swapfile.service
  # systemctl disable dphys-swapfile.service
  # reboot

Mount system in read-only mode

  # vi /etc/fstab
  /dev/mmcblk0p2  /               ext4    defaults,noatime,ro  0       1
  /dev/mmcblk0p1  /boot           vfat    defaults,ro          0       2
REBOOT your raspberry pi AFTER adding each line to FSTAB

Systemd manual:

Disable apt-daily.service and apt-daily-upgrade.service

If you reboot your raspberry pi, you might see that apt-daily-upgrade.service failed to start. This happens because your system is in read-only mode. To solve this, disable it and it's timer.

  root@3780:/home/acdsn# systemctl list-timers
  NEXT                          LEFT     LAST                          PASSED       UNIT                         ACTIVATES
  Mon 2019-05-06 20:48:57 CEST  6h left  Mon 2019-05-06 08:38:50 CEST  6h ago       apt-daily.timer              apt-daily.service
  Tue 2019-05-07 06:39:25 CEST  15h left Mon 2019-05-06 14:27:48 CEST  19min ago    apt-daily-upgrade.timer      apt-daily-upgrade.service
  Tue 2019-05-07 14:43:08 CEST  23h left Mon 2019-05-06 14:43:08 CEST  3min 45s ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service

Now that you have the timer and ther unit name, stop and disable them.

  # systemctl stop apt-daily.timer
  # systemctl stop apt-daily.service
  # systemctl disable apt-daily.timer
  # systemctl disable apt-daily.service
  # systemctl stop apt-daily-upgrade.timer
  # systemctl stop apt-daily-upgrade.service
  # systemctl disable apt-daily-upgrade.timer
  # systemctl disable apt-daily-upgrade.service    


This service doesn't start on boot. Move /var/lib/sudo/ts to /media/data/var/lib/sudo/ts by creating a symlink.

  # mkdir -p /media/data/var/lib/sudo/ts
  # rm -r /var/lib/sudo/ts
  # ln -s /media/data/var/lib/sudo/ts /var/lib/sudo/ts
