Defaults>root env_file=/etc/rootsudoenv
# a few commands we should be able to run with no password
-iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff
+iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/local/bin/us,/usr/local/bin/off,/usr/bin/nmtui-connect,/usr/local/bin/bitcoinoff,/usr/local/bin/bitcoinon
EOF
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+# todo: we should make this be a service which sets the /sys/ value
+# before the mount target or something like that, because if you hot
+# plug a drive in, its ata number will change on reboot, meaning you
+# have to remember to run this again and then reboot again.
+
+# example from t8 kernel
+# Sep 01 14:35:01 watson kernel: ata7.00: status: { DRDY }
+# Sep 01 14:35:01 watson kernel: ata7.00: failed command: WRITE FPDMA QUEUED
+# Sep 01 14:35:01 watson kernel: ata7.00: cmd 61/08:c0:b8:bf:ff/00:00:01:00:00/40 tag 24 ncq 4096 out
+
+
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# evo-870 doesnt get along well with d16.
# Dmesg gives us an ata number we could disable specifically on the command line, but I've had that number change on me between oses, so reenabling ncq
+debug=false
+if [[ $1 == debug ]]; then
+ debug=true
+fi
+
upgrub=true
if [[ $1 == no-upgrub ]]; then
upgrub=false
fi
-byid=/dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V
+regex='^.*-part[0-9]*$'
+for path in /dev/disk/by-id/ata-Samsung_SSD_870*; do
+ if [[ ! $path =~ $regex ]]; then
+ byid=$path
+ break
+ fi
+done
+
if [[ ! -e $byid ]]; then
- # not plugged in we assume
+ if $debug; then echo "samsung 870 not plugged in or not found"; fi
exit 0
fi
if grep -qF libata.force=noncq /proc/cmdline; then
echo $0: warning, cant change queue_depth due to globally disabled ncq
else
+ if $debug; then
+ echo "updating to 1 if not: cat /sys/block/$dev/device/queue_depth"
+ cat /sys/block/$dev/device/queue_depth
+ fi
echo 1 >/sys/block/$dev/device/queue_depth
fi
fi
}
fi
-
+if [[ $FAI_ROOT != / ]]; then
+ bprogs_pre=/srv
+ chroot="chroot $FAI_ROOT"
+fi
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1 ||:
+$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
+$chroot /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- chroot $FAI_ROOT /usr/bin/apt update
+ $chroot /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- chroot $FAI_ROOT bash <<'EOFOUTER'
+ $chroot bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
# use networkmanager if this host has wireless.
if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- chroot $FAI_ROOT bash <<EOF
+ $chroot bash <<EOF
apt-get -y install network-manager
EOF
vb=$va-060403
vc=${vb}.202307110536
pre="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$va/amd64/linux-"
- urls=(
- ${pre}headers-${vb}_${vc}_all.deb
- ${pre}{headers,image-unsigned,modules}-${vb}-generic_${vc}_amd64.deb
- )
- wget "${urls[@]}"
- chroot $FAI_ROOT make install
-
- chroot $FAI_ROOT bash <<EOF
+ if ! dpkg -s -- linux-headers-${vb} 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ urls=(
+ ${pre}headers-${vb}_${vc}_all.deb
+ ${pre}{headers,image-unsigned,modules}-${vb}-generic_${vc}_amd64.deb
+ )
+ wget "${urls[@]}"
+ $chroot bash <<EOF
cd /tmp/kernel-debs
dpkg -i *.deb
EOF
-
+ fi
;;
*)
- chroot $FAI_ROOT apt-get install linux-libre
+ $chroot apt-get -y install linux-libre
;;
esac
-cp -ra /srv/a/opt/btrfs-progs-release/btrfs-progs-v6.3.2 $FAI_ROOT/tmp/btrfs-progs
-chroot $FAI_ROOT bash <<EOF
+cp -ra $bprogs_pre/a/opt/btrfs-progs-release/btrfs-progs-v6.3.2 $FAI_ROOT/tmp/btrfs-progs
+$chroot bash <<EOF
cd /tmp/btrfs-progs
make install
EOF
if ifclass VOL_BULLSEYE_BOOTSTRAP; then
fcopy /etc/systemd/system/faicheck.service
- chroot $FAI_ROOT bash <<'EOFOUTER'
+ $chroot bash <<'EOFOUTER'
systemctl enable faicheck.service
EOFOUTER
exit 0 # avoid unnecessary stuff in bootstrap vol
## misc settings
-chroot $FAI_ROOT bash <<'EOFOUTER'
+$chroot bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
option target ACCEPT
option dest_port 2202
+# was working on an openvpn server, didn't finish
+# config redirect
+# option name vpnkd
+# option src wan
+# option src_dport 1196
+# option dest_port 1196
+# option dest_ip $l.2
+# option dest lan
+# config rule
+# option src wan
+# option target ACCEPT
+# option dest_port 1196
+
config redirect
option name sshkdalt
# default dhcp range is 100-150
# bottom port, iPXE (PCI 03:00.0) in seabios boot menu
dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
-dhcp-host=94:05:bb:1e:2c:2e,set:sy,$l.3,sy
#dhcp-host=94:05:bb:1e:2c:2e,set:bo,$l.38,bo
# top port, iPXE (PCI 04:00.0) in seabios boot menu
#dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
# 4 is reserved for a staticly configured host wrt2
-# temporarily commented
-dhcp-host=f0:de:f1:81:ec:88,set:x2,$l.5,x2
-dhcp-host=c4:8e:8f:44:f5:63,set:x2w,$l.6,x2w
+dhcp-host=c4:8e:8f:60:63:cb,set:x2w,$l.6,x2w
dhcp-host=10:51:07:f5:f1:b8,set:syw,$l.7,syw
dhcp-host=80:fa:5b:1c:6e:cf,set:amy,$l.8,amy
-# This is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.12,demohost
+dhcp-host=a0:ce:c8:9f:7a:f3,set:sy,$l.12,sy
+# alternate dongle
+#dhcp-host=94:05:bb:1e:2c:2e,set:sy,$l.12,sy
+dhcp-host=00:1f:16:16:39:24,set:x2,$l.13,x2
+
## for using different dhcp server
#dhcp-host=52:54:00:9c:ef:ad,ignore
# 14 = wrt3
dhcp-host=70:a6:cc:3a:bb:b4,set:bow,$l.29,bow
dhcp-host=6c:56:97:88:7b:74,set:amazontab,$l.31,amazontab
dhcp-host=0a:8a:9b:cf:b5:ec,set:samsungtab,$l.32,samsungtab
-# old x2 with bad fan
-dhcp-host=00:1f:16:16:39:24,set:x8,$l.38,x8
# server d16:
dhcp-host=38:2c:4a:c9:33:13,set:bigs,$l.48,bigs
dhcp-host=e4:5f:01:07:50:40,set:pi4,$l.49,pi4
# samsung phone
dhcp-host=a8:79:8d:71:54:68,set:s22,$l.52,s22
+# This is so fai can have an explicit name to use for testing,
+# or else any random machine which did a pxe boot would get
+# reformatted. The mac is from doing a virt-install, cancelling it,
+# and copying the generated mac, so it should be randomish.
+dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.88,demohost
+
# faiserver vm
#dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.15,faiserver
iankelling.org / git / automated-distro-installer / commitdiff