dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2026-02-04 01:37:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dragonlock2:71988b74ff26f72939951d3b8fdf533917dd8f43
Branches Tags
dragonlock2:main
..
compare: dragonlock2:542d653d179b7dbb86dc9eb58dd0271ad497e8f0
Branches Tags
dragonlock2:main

No commits in common. "71988b74ff26f72939951d3b8fdf533917dd8f43" and "542d653d179b7dbb86dc9eb58dd0271ad497e8f0" have entirely different histories.
71988b74ff ... 542d653d17

3 changed files with 4 additions and 50 deletions
Show Stats Expand all files Collapse all files

46
config/provision.py
View File

@ -17,7 +17,6 @@ UIDS = {
"crypto" : 1002,
"game" : 1003,
"nas" : 1004,
"tv" : 1005,
}
PORTS = {
@ -42,7 +41,6 @@ PORTS = {
"nas": [
"445:445", # nas
],
"tv": [],
}
def check_keys():
@ -144,9 +142,10 @@ def add_more_drive():
})
def add_packages():
# TODO update once done https://github.com/coreos/fedora-coreos-tracker/issues/681
but["systemd"] = {
"units": [
{ # TODO update once done https://github.com/coreos/fedora-coreos-tracker/issues/681
{
"name": "rpm-ostree-install.service",
"enabled": True,
"contents": "\n".join([
@ -159,19 +158,13 @@ def add_packages():
"[Service]",
"Type=oneshot",
"RemainAfterExit=yes",
f"ExecStart=/usr/bin/usermod -aG {",".join(UIDS.keys())} core",
f"ExecStart=/usr/bin/usermod -a -G {",".join(UIDS.keys())} core",
"ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive " + " ".join([
"alsa-utils",
"avahi",
"chromium",
"firefox",
"htop",
"python3",
"seatd",
"sway",
"tmux",
"vim",
"weston",
"zip",
]),
"ExecStart=/bin/touch /etc/rpm/%N.stamp",
@ -180,26 +173,6 @@ def add_packages():
"WantedBy=multi-user.target",
]),
},
{ # TODO update once done https://github.com/coreos/rpm-ostree/issues/49
"name": "post-rpm-ostree-install.service",
"enabled": True,
"contents": "\n".join([
"[Unit]",
"Description=Post package install setup",
"After=local-fs.target",
"ConditionPathExists=/etc/rpm/rpm-ostree-install.stamp",
"ConditionPathExists=!/etc/rpm/%N.stamp",
"[Service]",
"Type=oneshot",
"RemainAfterExit=yes",
"ExecStart=/usr/bin/sh -c 'grep -E \"^(audio|seat|video):\" /usr/lib/group >> /etc/group'",
"ExecStart=/usr/bin/usermod -aG audio,seat,video tv",
"ExecStart=/usr/bin/systemctl enable --now seatd",
"ExecStart=/bin/touch /etc/rpm/%N.stamp",
"[Install]",
"WantedBy=multi-user.target",
]),
},
],
}
@ -228,14 +201,6 @@ def allow_port_access():
"contents": { "inline": "net.ipv4.ip_unprivileged_port_start=80" },
})
def allow_nouveau():
but["storage"]["files"].append({
"path": "/etc/modprobe.d/blacklist-nouveau.conf",
"mode": 0o644,
"overwrite": True,
"contents": { "inline": "" }
})
def add_users():
for user in UIDS:
but["passwd"]["users"].append({
@ -247,10 +212,6 @@ def add_users():
"path": f"/var/lib/systemd/linger/{user}",
"contents": { "inline": "" },
})
if user == "tv":
but["passwd"]["users"][-1]["password_hash"] = subprocess.run(
["docker", "run", "-it", "--rm", "quay.io/coreos/mkpasswd", "--method=yescrypt", cfg["core"]["tv_passwd"]],
capture_output=True, text=True, check=True).stdout.strip()
def copy_source():
but["storage"]["directories"].append({
@ -411,7 +372,6 @@ if __name__ == "__main__":
add_ssh_keys()
set_hostname()
allow_port_access()
allow_nouveau()
# server setup
add_users()

3
config/server.example
View File

@ -6,8 +6,7 @@
],
"stash_key": "<LUKS key>",
"stash_wipe": false,
"data_dir": "/var/mnt/stash/data",
"tv_passwd": "password"
"data_dir": "/var/home/core/matthewtrancom_data"
},
"drives": [
{

5
config/update.py
View File

@ -23,7 +23,6 @@ IMAGES = {
"nas": [
"nas",
],
"tv": [],
}
def generate(cfg):
@ -86,8 +85,6 @@ if __name__ == "__main__":
# run builds
for user in IMAGES:
if not IMAGES[user]:
continue
print(f"building images for {user}...")
run([f"cd {SOURCE_DIR}"] + [
f"sudo -u {user} podman build --tag {i} {SOURCE_DIR}/{i}"
@ -96,8 +93,6 @@ if __name__ == "__main__":
# restart pods
for user in IMAGES:
if not IMAGES[user]:
continue
print(f"restarting pod for {user}...")
run([
f"cd {SOURCE_DIR}",