tooling/pinephone/readme.org

Pinephone setup

• Start temporary terminal session
• Setup ssh server
• Setup access tunnel
• Install extra packages
• Bluetooth audio fix
• Optional configuration
  • List apt changelogs when upgrading
  • Disable haptic feedback for on screen keyboard
  • Create app launcher for remote access

Below are the steps I follow post standard installation of mobian on my pinephone or pinephone pro.

I've been using the pinephone pro as a daily driver since mid 2021, I still carry an android phone in my every day carry to act as my alarm and camera as these two functions don't currently work well enough for me on the pinephone pro.

After much experimentation with various distros I have settled on Mobian with Phosh as this is keeps me in the Debian ecosystem that I run for my servers and laptop devices and also seems to be quite stable.

Start temporary terminal session

The first thing I do once the operating system is installed and up to date is to install tmate so that I can start a temporary remotely accessible terminal session on the device.

This will give us a terminal session we can use to complete the remainder of this setup.

sudo apt install --yes tmate

Once tmate is installed we can launch it in a terminal and provided our device has internet connectivity use the ssh connection strings shown on screen to connect from a terminal or web browser on my primary device.

Setup ssh server

Once we have a foothold on the device via tmate we need to setup ssh server which we will use to securely connect to the device.

sudo apt install --yes openssh-server

Setup access tunnel

We want to be able to drop into a terminal on the device from anywhere provided it is powered on and has an internet connection. We can achieve this using a cloudflare access tunnel.

There are many similar projects that can achieve a similar outcome however I currently use cloudflare for dns for my domains and want to keep control plane sprawl down currently. In future I might move to a self hosted tunnel solution.

To install the cloudflared daemon on the phone go to the control plane at https://one.dash.cloudflare.com, select the james-pinephone-pro tunnel, then run the given command on the pinephone terminal to install the service.

Note: Ensure to select the arm64-bit architecture rather than the default 64-bit.

The command will look something like this:

curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb &&

sudo dpkg -i cloudflared.deb &&

sudo cloudflared service install <token>

At the client end we need to add the following to our ssh config to simplify the connection process so we can use our familar [user]@[hostname] approach for starting a session.

cat << EOF >> ~/.ssh/config

Host phone.jamma.life
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
EOF

At this point with both services installed we should now be able to start both and connect. For security reasons we will be limiting connections to key based only and disabling both services by default so we need to intentionally start them.

# Start services and exit tmate session
sudo systemctl start cloudflared ssh && exit

# Copy our key to the server
ssh-copy-id -i ~/.ssh/james.pub mobian@phone.jamma.life

# Connect via ssh
ssh mobian@phone.jamma.life

# Disable ssh password authentication
sudo sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/"  /etc/ssh/sshd_config

# Restart ssh daemon
sudo systemctl restart ssh

# Disable services by default
sudo systemctl disable cloudflared ssh

Install extra packages

Now that we have our remote access done let's install any pinephone specific packages that we need over an above the standard packages covered in the setup.org file at the top level of this repository.

sudo apt install --yes yad

Bluetooth audio fix

To pair a wireless headset we first need to install the pa bluetooth module.

sudo apt install pulseaudio-module-bluetooth

Optional configuration

Once the primary setup is complete there is some further customisation I will generally do however these steps are optional.

List apt changelogs when upgrading

Development for linux mobile packages is happening at a fast rate and breaking changes are sometimes introduced. For this reason I like to keep a close eye on package changelogs and get an idea of what is changing before an upgrade.

To help with this package changelogs can be displayed directly in terminal whenever completing a sudo apt upgrade. Follow the steps below to set this up.

sudo apt install --yes apt-listchanges

sudo tee /etc/apt/listchanges.conf << EOF
[apt]
frontend=text
which=both
email_address=none
email_format=text
confirm=true
headers=false
reverse=false
save_seen=/var/lib/apt/listchanges.db
no_network=false
EOF

Disable haptic feedback for on screen keyboard

I prefer to have no haptic vibration feedback when typing with the on screen keyboard. To disable it run the following:

gsettings set org.sigxcpu.feedbackd.application:/org/sigxcpu/feedbackd/application/sm-puri-squeekboard/ profile silent

Create app launcher for remote access

I want a quick and easy way to launch the ssh and cloudflared services that I use for remote terminal access to the phone. Additionally this should provide a quick way to disable these services when no longer required, which gives us a battery life improvement.

To achive this we can create a simple bash script leveraging yad. This will display gtk+ dialogs prompting for user input and return output to the script.

cat << EOF > ~/Downloads/remote-start.sh
#!/usr/bin/env bash

# Prompt for start
yad --title "Start remote access." \
    --text "Remote access via cloudflared and ssh will start once you press Ok." \
    --button gtk-ok

# Start services (this will prompt with native dialog for password)
systemctl start cloudflared ssh

# Prompt for end
yad --title "End remote access." \
    --text "Remote access via cloudflared and ssh will end once you press Ok." \
    --button gtk-ok

# Stop services (this will prompt with native dialog for password)
systemctl stop cloudflared ssh
EOF

Once the script has been created we can make it executable and test it manually by running the following:

chmod +x ~/Downloads/remote-start.sh

cd ~/Downloads && ./remote-start.sh

We should see our flow of prompts and the services start and stop as expected. If all is well create a gnome phosh app launcher icon for the script as follows:

cat << EOF > ~/.local/share/applications/remote-access.sh
[Desktop Entry]
Type=Application
Name=Remote access
Icon=gnome-power-manager
Exec=/home/mobian/Downloads/remote-start.sh
Terminal=false
EOF

Done! You now have a custom app in the launcher to control your remote device access 😎