diff --git a/contestops/configure-machines.sh b/contestops/configure-machines.sh index 6e2f61e..c3d8fd6 100755 --- a/contestops/configure-machines.sh +++ b/contestops/configure-machines.sh @@ -10,7 +10,9 @@ parallel-scp -x "-F local.ssh_config" -h hostlist ./config-hosts /etc/hosts # Configure firewall. parallel-scp -x "-F local.ssh_config" -h hostlist ./config-nftables.conf /etc/nftables.conf -parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl reload nftables.service +parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl enable nftables.service +# For some unknown reason nft gets stuck the first time it is run. +parallel-ssh -x "-F local.ssh_config" -h hostlist --par 30 systemctl start nftables.service # Uncomment these lines if machines have 4K displays. This scales display to 2x. # parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py diff --git a/contestops/readme.md b/contestops/readme.md index d0a392b..14a3f5d 100644 --- a/contestops/readme.md +++ b/contestops/readme.md @@ -122,6 +122,7 @@ You can look these up with `host contest.soi.ch`. Edit `contest-lock.json` to fill in the title and start time of the contest. Apply the configuration to machines. +If the script gets stuck, press Ctrl+C and run it again. ```bash ./configure-machines.sh diff --git a/os/build.py b/os/build.py index 6ba41fd..c84070d 100755 --- a/os/build.py +++ b/os/build.py @@ -129,7 +129,6 @@ def main(): # We need ca-certificates for fetching https packages repos. "--debootstrap-options", "--exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=ca-certificates" + VARIANT_EXTRA_BOOTSTRAP.get(args.variant, ""), - "--chroot-squashfs-compression-type", "zstd", "--loadlin", "false", "--iso-volume", f"SOI {VARIANT_LABEL[args.variant]} @ISOVOLUME_TS@", "--bootappend-live", "boot=live toram=filesystem.squashfs", diff --git a/os/layers/contestant/hooks/live/2010-contestant.hook.chroot b/os/layers/contestant/hooks/live/2010-contestant.hook.chroot index c8c0dea..e65b6fd 100755 --- a/os/layers/contestant/hooks/live/2010-contestant.hook.chroot +++ b/os/layers/contestant/hooks/live/2010-contestant.hook.chroot @@ -28,6 +28,3 @@ systemctl disable kexec.service # Restrict access to the config which contains the WiFi password. chmod og= /etc/NetworkManager/system-connections/contest.nmconnection - -# Enable firewall. -systemctl enable nftables.service diff --git a/os/layers/contestant/includes.chroot/etc/nftables.conf b/os/layers/contestant/includes.chroot/etc/nftables.conf deleted file mode 100644 index 190685b..0000000 --- a/os/layers/contestant/includes.chroot/etc/nftables.conf +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority filter; - # Add a rule which references conntrack, to make sure that conntrack is - # already enabled when we activate a restrictive ruleset. - ct state { established, related } accept - } - chain forward { - type filter hook forward priority filter; - } - chain output { - type filter hook output priority filter; - ct state { established, related } accept - } -} diff --git a/os/layers/live/includes.chroot/etc/default/zramswap b/os/layers/live/includes.chroot/etc/default/zramswap deleted file mode 100644 index 1f43fca..0000000 --- a/os/layers/live/includes.chroot/etc/default/zramswap +++ /dev/null @@ -1,2 +0,0 @@ -ALGO=zstd -PERCENT=80 diff --git a/os/layers/live/includes.chroot/etc/systemd/system/detect-swap.service b/os/layers/live/includes.chroot/etc/systemd/system/detect-swap.service deleted file mode 100644 index 912c92e..0000000 --- a/os/layers/live/includes.chroot/etc/systemd/system/detect-swap.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=detect and enable swap partitions. -Before=basic.target -After=local-fs.target systemd-tmpfiles-setup.service -DefaultDependencies=no -ConditionKernelCommandLine=boot=live - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/local/bin/detect-swap - -[Install] -WantedBy=basic.target diff --git a/os/layers/live/includes.chroot/usr/local/bin/detect-swap b/os/layers/live/includes.chroot/usr/local/bin/detect-swap deleted file mode 100644 index 19a5042..0000000 --- a/os/layers/live/includes.chroot/usr/local/bin/detect-swap +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/python3 - -import subprocess -import json - -SD_GPT_SWAP = '0657fd6d-a4ab-43c4-84e5-0933c84b4f4f' - -lsblk_result = subprocess.run(['lsblk', '--json', '--output=PATH,PARTTYPE'], check=True, stdout=subprocess.PIPE) -lablk_out = json.loads(lsblk_result.stdout) -for block in lablk_out['blockdevices']: - if block['parttype'] == SD_GPT_SWAP: - print('Enabling swap on', block['path']) - subprocess.run(['swapon', block['path']]) diff --git a/os/layers/live/package-lists/live-extra.list.chroot b/os/layers/live/package-lists/live-extra.list.chroot deleted file mode 100644 index 4f7a935..0000000 --- a/os/layers/live/package-lists/live-extra.list.chroot +++ /dev/null @@ -1,5 +0,0 @@ -# Show progress while copying squashfs to RAM. -rsync - -# Enable zram to make better use of available RAM. -zram-tools diff --git a/os/layers/participant/includes.chroot/etc/dconf/db/local.d/00-window-buttons b/os/layers/participant/includes.chroot/etc/dconf/db/local.d/00-window-buttons deleted file mode 100644 index 7ed7b76..0000000 --- a/os/layers/participant/includes.chroot/etc/dconf/db/local.d/00-window-buttons +++ /dev/null @@ -1,4 +0,0 @@ -# Enable minimize and maximize buttons, which should make gnome a bit easier to -# use for people more familiar with Windows or macOS. -[org/gnome/desktop/wm/preferences] -button-layout = 'appmenu:minimize,maximize,close' diff --git a/os/layers/training-live/package-lists/training-live.list.chroot b/os/layers/training-live/package-lists/training-live.list.chroot index 7864d0d..56e00e8 100644 --- a/os/layers/training-live/package-lists/training-live.list.chroot +++ b/os/layers/training-live/package-lists/training-live.list.chroot @@ -1 +1,4 @@ sudo + +# Show progress while copying squashfs to RAM. +rsync