11 changed files with 7 additions and 62 deletions
--- a/contestops/configure-machines.sh
+++ b/contestops/configure-machines.sh
@ -10,7 +10,9 @@ parallel-scp -x "-F local.ssh_config" -h hostlist ./config-hosts /etc/hosts

 # Configure firewall.
 parallel-scp -x "-F local.ssh_config" -h hostlist ./config-nftables.conf /etc/nftables.conf
-parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl reload nftables.service
+parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl enable nftables.service
+# For some unknown reason nft gets stuck the first time it is run.
+parallel-ssh -x "-F local.ssh_config" -h hostlist --par 30 systemctl start nftables.service

 # Uncomment these lines if machines have 4K displays. This scales display to 2x.
 # parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py
--- a/contestops/readme.md
+++ b/contestops/readme.md
@ -122,6 +122,7 @@ You can look these up with `host contest.soi.ch`.
 Edit `contest-lock.json` to fill in the title and start time of the contest.

 Apply the configuration to machines.
+If the script gets stuck, press Ctrl+C and run it again.

 ```bash
 ./configure-machines.sh
--- a/os/build.py
+++ b/os/build.py
@ -129,7 +129,6 @@ def main():
            # We need ca-certificates for fetching https packages repos.
            "--debootstrap-options", "--exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=ca-certificates" +
                VARIANT_EXTRA_BOOTSTRAP.get(args.variant, ""),
-            "--chroot-squashfs-compression-type", "zstd",
            "--loadlin", "false",
            "--iso-volume", f"SOI {VARIANT_LABEL[args.variant]} @ISOVOLUME_TS@",
            "--bootappend-live", "boot=live toram=filesystem.squashfs",
--- a/os/layers/contestant/hooks/live/2010-contestant.hook.chroot
+++ b/os/layers/contestant/hooks/live/2010-contestant.hook.chroot
@ -28,6 +28,3 @@ systemctl disable kexec.service

 # Restrict access to the config which contains the WiFi password.
 chmod og= /etc/NetworkManager/system-connections/contest.nmconnection
-
-# Enable firewall.
-systemctl enable nftables.service
--- a/os/layers/contestant/includes.chroot/etc/nftables.conf
+++ b/os/layers/contestant/includes.chroot/etc/nftables.conf
@ -1,19 +0,0 @@
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
-	chain input {
-		type filter hook input priority filter;
-    # Add a rule which references conntrack, to make sure that conntrack is
-    # already enabled when we activate a restrictive ruleset.
-    ct state { established, related } accept
-	}
-	chain forward {
-		type filter hook forward priority filter;
-	}
-	chain output {
-		type filter hook output priority filter;
-    ct state { established, related } accept
-	}
-}
--- a/os/layers/live/includes.chroot/etc/default/zramswap
+++ b/os/layers/live/includes.chroot/etc/default/zramswap
@ -1,2 +0,0 @@
-ALGO=zstd
-PERCENT=80
--- a/os/layers/live/includes.chroot/etc/systemd/system/detect-swap.service
+++ b/os/layers/live/includes.chroot/etc/systemd/system/detect-swap.service
@ -1,14 +0,0 @@
-[Unit]
-Description=detect and enable swap partitions.
-Before=basic.target
-After=local-fs.target systemd-tmpfiles-setup.service
-DefaultDependencies=no
-ConditionKernelCommandLine=boot=live
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/usr/local/bin/detect-swap
-
-[Install]
-WantedBy=basic.target
--- a/os/layers/live/includes.chroot/usr/local/bin/detect-swap
+++ b/os/layers/live/includes.chroot/usr/local/bin/detect-swap
@ -1,13 +0,0 @@
-#!/usr/bin/python3
-
-import subprocess
-import json
-
-SD_GPT_SWAP = '0657fd6d-a4ab-43c4-84e5-0933c84b4f4f'
-
-lsblk_result = subprocess.run(['lsblk', '--json', '--output=PATH,PARTTYPE'], check=True, stdout=subprocess.PIPE)
-lablk_out = json.loads(lsblk_result.stdout)
-for block in lablk_out['blockdevices']:
-    if block['parttype'] == SD_GPT_SWAP:
-        print('Enabling swap on', block['path'])
-        subprocess.run(['swapon', block['path']])
--- a/os/layers/live/package-lists/live-extra.list.chroot
+++ b/os/layers/live/package-lists/live-extra.list.chroot
@ -1,5 +0,0 @@
-# Show progress while copying squashfs to RAM.
-rsync
-
-# Enable zram to make better use of available RAM.
-zram-tools
--- a/os/layers/participant/includes.chroot/etc/dconf/db/local.d/00-window-buttons
+++ b/os/layers/participant/includes.chroot/etc/dconf/db/local.d/00-window-buttons
@ -1,4 +0,0 @@
-# Enable minimize and maximize buttons, which should make gnome a bit easier to
-# use for people more familiar with Windows or macOS.
-[org/gnome/desktop/wm/preferences]
-button-layout = 'appmenu:minimize,maximize,close'
--- a/os/layers/training-live/package-lists/training-live.list.chroot
+++ b/os/layers/training-live/package-lists/training-live.list.chroot
@ -1 +1,4 @@
 sudo
+
+# Show progress while copying squashfs to RAM.
+rsync