Add reboot with BootNext

By default, cap-ram is set to limit the swap partition to 1024 MB. After
removing this limit, the swap partition is then created with the same
size as the RAM. We want to do this to make more swap available to live
systems.

contestops/configure-machines.sh

@@ -14,7 +14,7 @@ parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl reload nftables.serv
 
 # Uncomment these lines if machines have 4K displays. This scales display to 2x.
 # parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py
-# parallel-ssh -x "-F local.ssh_config" -h hostlist 'DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u contestant)/bus" runuser -u contestant -- python3 /usr/local/bin/set-display-scale.py'
+# parallel-ssh -x "-F local.ssh_config" -h hostlist runcontestant python3 /usr/local/bin/set-display-scale.py
 
 # Configure contest lock screen.
 parallel-scp -x "-F local.ssh_config" -h hostlist ./contest-lock.json /etc/contest-lock.json

contestops/readme.md

@@ -168,14 +168,39 @@ rsync -e "ssh -F local.ssh_config" -av --chown contestant:contestant backups/con
 Stop the periodic backup command with Ctrl+C.
 Rename the `backups` folder to e.g. `backups-day1`.
 
-You can shut down all machines.
+Machines should be rebooted from USB stick between contests (e.g. between practice and actual contest) to ensure all data is erased.
+There is a script which helps with this: It sets the color scheme to dark as a visual marker for not yet rebooted machines, and then shows a question dialog.
+You can then insert a boot USB stick and press Enter, and the machine will reboot.
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist "nohup reboot-interactive > /dev/null 2> /dev/null &"
+```
+
+If the machines don't boot from USB stick by default, you can run the following command beforehand to make them boot from USB stick.
+This is especially useful when the boot menu is password protected, because then you don't need to enter the password again.
+This command sets the EFI BootNext setting to the current boot option.
+The BootNext setting only applies for the next boot, and is then deleted by the EFI, so you have to run the command again before rebooting again.
+This should also work when you power off the machines and turn them back on later (e.g. on the next day).
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist 'efibootmgr --bootnext $(efibootmgr | grep -xE "BootCurrent: [0-9a-fA-F]{4}" | cut "-d " -f2)'
+```
+
+An alternative to setting BootNext is to reboot using kexec.
+This is a partial reboot which does not go through EFI, so it is faster, but less reliable.
+For example, in my testing it only works once; the second time the screen stays blank.
+You can try improving the reliability, but otherwise I would avoid this method.
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist 'kexec --kexec-file-syscall --load /vmlinuz --initrd=/initrd.img --append="$(cat /proc/cmdline)"'
+```
+
+When the event is over, you can shut down all machines:
 
 ```
 parallel-ssh -x "-F local.ssh_config" -h hostlist poweroff
 ```
 
-Machines should be shut down and booted again from USB stick between contests (e.g. between practice and actual contest) to ensure all data is erased.
-
 ## Contest lock screen
 
 The contest lock screen is a gnome extension which can lock the screen and show a countdown until the contest starts.

os/layers/contestant/includes.chroot/usr/local/bin/reboot-interactive

@@ -2,15 +2,11 @@
 
 set -eu
 
-# Reboot with kexec.
-# This has the advantage that we don't need to go through the system boot menu,
-# which is especially useful when the boot menu is password protected.
-# However, we currently can't preserve the squashfs in RAM across kexec,
-# so the boot USB stick needs to be plugged in before rebooting.
+# Set dark color scheme, as a way to mark machines which have not been rebooted
+# yet. This should make it less likely to forget to reboot some machines.
+runcontestant gsettings set org.gnome.desktop.interface color-scheme prefer-dark
 
-kexec --kexec-file-syscall --load /vmlinuz --initrd=/initrd.img --append="$(cat /proc/cmdline)"
-
-if XDG_RUNTIME_DIR="/run/user/$(id -u contestant)" runuser -u contestant -- zenity --question --title="Reboot?" --text="Press Enter after inserting the boot USB stick."
+if runcontestant zenity --question --title="Reboot?" --text="Press Enter after inserting the boot USB stick."
 then
   reboot
 fi

os/layers/contestant/includes.chroot/usr/local/bin/runcontestant

@@ -0,0 +1,7 @@
+#!/bin/bash
+# This script allows running a command as the contestant user, with environment
+# variables for that user. This allows e.g. running graphical commands.
+set -o allexport
+XDG_RUNTIME_DIR="/run/user/$(id -u contestant)"
+eval "$(runuser -u contestant -- systemctl --user show-environment)"
+exec /usr/sbin/runuser -u contestant -- "$@"

os/layers/contestant/package-lists/contestant.list.chroot

@@ -8,5 +8,8 @@ nftables
 # Reboot with kexec
 kexec-tools
 
+# Reboot with BootNext
+efibootmgr
+
 # For importing client certificate
 libnss3-tools

os/layers/live/hooks/live/2005-live.hook.chroot

@@ -5,6 +5,8 @@ set -eu
 # Enable the live system configuration script at boot.
 systemctl enable live-config.service
 
+systemctl enable detect-swap.service
+
 # Disable automatic apt update.
 systemctl disable apt-daily.timer
 systemctl disable apt-daily-upgrade.timer

os/layers/training-installer/includes.installer/preseed.cfg

@@ -19,6 +19,7 @@ d-i passwd/user-password-crypted password @install_admin_password@
 d-i partman-auto/method string regular
 d-i partman-auto/init_automatically_partition select some_device
 d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/cap-ram string false
 d-i partman/choose_partition select finish
 
 d-i apt-setup/use_mirror boolean false