Back to Projects
RasPiOps
Hardened, self-healing Raspberry Pi setup for remote access, system monitoring, and full-tunnel VPN routing
Raspberry PiKali LinuxNetBirdWireGuardBashsystemd
The Problem
Remote access to home infrastructure is often insecure and unreliable. Commercial VPN solutions are expensive and lack customization. Need secure access to Indian IP from abroad.
The Approach
Built a hardened Raspberry Pi system that serves as:
- Full-tunnel NetBird VPN exit node (WireGuard-based mesh VPN)
- Secure SSH/VNC access point with key-only login
- Self-healing remote box with automatic recovery
Security Features:
- SSH hardening with non-standard port
- ufw + fail2ban protection
- Email alerts via msmtp for reboots/disconnections
- zram for RAM compression
- Watchdog scripts for automatic VPN/service recovery
- Avahi/.local hostname support
The Impact
Achieved 97.7% uptime with MTTR reduced from 18 to 4 minutes. Runs Pi-hole, Samba, Nginx, Home Assistant, and Grafana on a single Pi 3B+. Full-tunnel routing enables Indian IP access from USA.
Build Notes
Key Components:
- SSH hardening - Key-only login, non-standard port
- NetBird VPN - WireGuard-based full-tunnel mesh
- ufw + fail2ban - Firewall and brute-force protection
- Email alerts - msmtp notifies of reboots/disconnections
- zram - RAM compression for low-memory Pis
- Watchdog scripts - Auto-recovery from failures
Requirements:
- Raspberry Pi 3B (or later) with Kali Linux
- Internet access via Ethernet or Wi-Fi
- NetBird account (free tier is sufficient)