The Raspberry Pi 400 is a strange, beautiful contradiction. It is a keyboard that dreams of being a desktop, but for my purposes, it is a silent workstation that needed to be stripped of its novelty. I wanted a system that was lean, secure, and most importantly, durable. Most Pi projects fail because the SD card eventually commits suicide under the weight of constant log writes. This post on jonas.rs is the documentation of how I avoided that fate while building a modern Wayland environment.
Choosing Arch for the Pi 400 was not about being a masochist. It was about control. Standard distributions come bloated with educational software and pre-configured desktops that eat away at the 4GB of RAM. Arch provides a clean slate. By starting with a minimal kernel, I could ensure every cycle of the Broadcom processor was dedicated to my actual work rather than background services I never asked for.
The biggest threat to a Raspberry Pi is the very storage it boots from. SD cards are not meant to be treated like hard drives. They have a finite number of write cycles, and a default Linux installation will happily exhaust them with system logs and temporary files. To solve this, I implemented a “Death Prevention” stack.
The first step was moving the entire system journal and the /tmp directory into RAM. By configuring journald to be volatile, the Pi no longer scratches the disk every time a service starts. To handle the memory pressure, I deployed ZRAM. This creates a compressed swap space directly in the RAM. It is faster than physical swap and ensures the SD card is never used as a “crutch” for memory overflow.
The final touch was tuning the filesystem itself. By mounting the root partition with noatime and data=writeback, I told the kernel to stop recording every time it reads a file and to prioritize data throughput over redundant metadata journaling. The Pi now treats its SD card like a library: it reads often but writes only when absolutely necessary.
Remote access is usually the part where security falls apart. Traditional port forwarding is a gateway for scanners and bots. I chose to bypass the public internet entirely by using Netbird. It creates a private, encrypted WireGuard mesh network where the Pi exists as a persistent node.
Whether the Pi is plugged into my home router or a random Ethernet port in a hotel, it always carries the same static internal IP. There is no need to configure DDNS or poke holes in firewalls. It simply appears on my laptop as if it were sitting on the desk next to me. This “Zero Trust” approach makes the headless nature of the build feel incredibly stable.
Most people think a Graphical User Interface requires a monitor, but the Wayland protocol disagrees. By using Sway with the WLR_BACKENDS=headless flag, I can trick the Pi into rendering a full 1080p desktop into its memory without anything plugged into the HDMI ports.
The magic happens via WayVNC, which acts as the window into this virtual world. Because the Pi 400 has a decent GPU, the rendering is crisp and hardware-accelerated. Navigating the desktop feels fluid because the system isn’t fighting with the overhead of the aging X11 protocol. I can launch a terminal or a browser in the “dark” and interact with it from my main computer with almost zero latency.
The result is a system I call bohrg. It is a high-performance workstation that happens to live inside a plastic keyboard. It uses Starship for a fast terminal prompt and Fuzzel for application launching. It is lean, it is fast, and because of the memory optimizations, it is effectively immortal. This setup proves that with a bit of intentional configuration, a twenty-five dollar SD card and a keyboard computer can outperform most “pro” setups in terms of reliability and elegance.
Read my implementation guide “Arch Linux ARM: Headless RPi 400 Workstation”