RasPiOps

Hardened, self-healing Raspberry Pi setup for remote access, system monitoring, and full-tunnel VPN routing

Raspberry PiKali LinuxNetBirdWireGuardBashsystemd

The Problem

Remote access to home infrastructure is often insecure and unreliable. Commercial VPN solutions are expensive and lack customization. Need secure access to Indian IP from abroad.

The Approach

Built a hardened Raspberry Pi system that serves as:

Full-tunnel NetBird VPN exit node (WireGuard-based mesh VPN)
Secure SSH/VNC access point with key-only login
Self-healing remote box with automatic recovery

Security Features:

SSH hardening with non-standard port
ufw + fail2ban protection
Email alerts via msmtp for reboots/disconnections
zram for RAM compression
Watchdog scripts for automatic VPN/service recovery
Avahi/.local hostname support

The Impact

Achieved 97.7% uptime with MTTR reduced from 18 to 4 minutes. Runs Pi-hole, Samba, Nginx, Home Assistant, and Grafana on a single Pi 3B+. Full-tunnel routing enables Indian IP access from USA.

Build Notes

Key Components:

SSH hardening - Key-only login, non-standard port
NetBird VPN - WireGuard-based full-tunnel mesh
ufw + fail2ban - Firewall and brute-force protection
Email alerts - msmtp notifies of reboots/disconnections
zram - RAM compression for low-memory Pis
Watchdog scripts - Auto-recovery from failures

Requirements:

Raspberry Pi 3B (or later) with Kali Linux
Internet access via Ethernet or Wi-Fi
NetBird account (free tier is sufficient)