Compare commits
No commits in common. "500ca364447877c3c3a05a4b6435d4183df9b0c4" and "7768d84c5632309c402d824beda428dc1d49eb2c" have entirely different histories.
500ca36444
...
7768d84c56
|
|
@ -10,7 +10,9 @@ parallel-scp -x "-F local.ssh_config" -h hostlist ./config-hosts /etc/hosts
|
||||||
|
|
||||||
# Configure firewall.
|
# Configure firewall.
|
||||||
parallel-scp -x "-F local.ssh_config" -h hostlist ./config-nftables.conf /etc/nftables.conf
|
parallel-scp -x "-F local.ssh_config" -h hostlist ./config-nftables.conf /etc/nftables.conf
|
||||||
parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl reload nftables.service
|
parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl enable nftables.service
|
||||||
|
# For some unknown reason nft gets stuck the first time it is run.
|
||||||
|
parallel-ssh -x "-F local.ssh_config" -h hostlist --par 30 systemctl start nftables.service
|
||||||
|
|
||||||
# Uncomment these lines if machines have 4K displays. This scales display to 2x.
|
# Uncomment these lines if machines have 4K displays. This scales display to 2x.
|
||||||
# parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py
|
# parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py
|
||||||
|
|
|
||||||
|
|
@ -122,6 +122,7 @@ You can look these up with `host contest.soi.ch`.
|
||||||
Edit `contest-lock.json` to fill in the title and start time of the contest.
|
Edit `contest-lock.json` to fill in the title and start time of the contest.
|
||||||
|
|
||||||
Apply the configuration to machines.
|
Apply the configuration to machines.
|
||||||
|
If the script gets stuck, press Ctrl+C and run it again.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
./configure-machines.sh
|
./configure-machines.sh
|
||||||
|
|
|
||||||
|
|
@ -129,7 +129,6 @@ def main():
|
||||||
# We need ca-certificates for fetching https packages repos.
|
# We need ca-certificates for fetching https packages repos.
|
||||||
"--debootstrap-options", "--exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=ca-certificates" +
|
"--debootstrap-options", "--exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=ca-certificates" +
|
||||||
VARIANT_EXTRA_BOOTSTRAP.get(args.variant, ""),
|
VARIANT_EXTRA_BOOTSTRAP.get(args.variant, ""),
|
||||||
"--chroot-squashfs-compression-type", "zstd",
|
|
||||||
"--loadlin", "false",
|
"--loadlin", "false",
|
||||||
"--iso-volume", f"SOI {VARIANT_LABEL[args.variant]} @ISOVOLUME_TS@",
|
"--iso-volume", f"SOI {VARIANT_LABEL[args.variant]} @ISOVOLUME_TS@",
|
||||||
"--bootappend-live", "boot=live toram=filesystem.squashfs",
|
"--bootappend-live", "boot=live toram=filesystem.squashfs",
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,3 @@ systemctl disable kexec.service
|
||||||
|
|
||||||
# Restrict access to the config which contains the WiFi password.
|
# Restrict access to the config which contains the WiFi password.
|
||||||
chmod og= /etc/NetworkManager/system-connections/contest.nmconnection
|
chmod og= /etc/NetworkManager/system-connections/contest.nmconnection
|
||||||
|
|
||||||
# Enable firewall.
|
|
||||||
systemctl enable nftables.service
|
|
||||||
|
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
||||||
#!/usr/sbin/nft -f
|
|
||||||
|
|
||||||
flush ruleset
|
|
||||||
|
|
||||||
table inet filter {
|
|
||||||
chain input {
|
|
||||||
type filter hook input priority filter;
|
|
||||||
# Add a rule which references conntrack, to make sure that conntrack is
|
|
||||||
# already enabled when we activate a restrictive ruleset.
|
|
||||||
ct state { established, related } accept
|
|
||||||
}
|
|
||||||
chain forward {
|
|
||||||
type filter hook forward priority filter;
|
|
||||||
}
|
|
||||||
chain output {
|
|
||||||
type filter hook output priority filter;
|
|
||||||
ct state { established, related } accept
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
ALGO=zstd
|
|
||||||
PERCENT=80
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=detect and enable swap partitions.
|
|
||||||
Before=basic.target
|
|
||||||
After=local-fs.target systemd-tmpfiles-setup.service
|
|
||||||
DefaultDependencies=no
|
|
||||||
ConditionKernelCommandLine=boot=live
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStart=/usr/local/bin/detect-swap
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=basic.target
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
#!/usr/bin/python3
|
|
||||||
|
|
||||||
import subprocess
|
|
||||||
import json
|
|
||||||
|
|
||||||
SD_GPT_SWAP = '0657fd6d-a4ab-43c4-84e5-0933c84b4f4f'
|
|
||||||
|
|
||||||
lsblk_result = subprocess.run(['lsblk', '--json', '--output=PATH,PARTTYPE'], check=True, stdout=subprocess.PIPE)
|
|
||||||
lablk_out = json.loads(lsblk_result.stdout)
|
|
||||||
for block in lablk_out['blockdevices']:
|
|
||||||
if block['parttype'] == SD_GPT_SWAP:
|
|
||||||
print('Enabling swap on', block['path'])
|
|
||||||
subprocess.run(['swapon', block['path']])
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
||||||
# Show progress while copying squashfs to RAM.
|
|
||||||
rsync
|
|
||||||
|
|
||||||
# Enable zram to make better use of available RAM.
|
|
||||||
zram-tools
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
||||||
# Enable minimize and maximize buttons, which should make gnome a bit easier to
|
|
||||||
# use for people more familiar with Windows or macOS.
|
|
||||||
[org/gnome/desktop/wm/preferences]
|
|
||||||
button-layout = 'appmenu:minimize,maximize,close'
|
|
||||||
|
|
@ -1 +1,4 @@
|
||||||
sudo
|
sudo
|
||||||
|
|
||||||
|
# Show progress while copying squashfs to RAM.
|
||||||
|
rsync
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue