From 911127eb4546a45014a620944bd17805d8ef078e Mon Sep 17 00:00:00 2001 From: Mathieu Strypsteen Date: Tue, 17 Dec 2024 19:45:16 +0100 Subject: [PATCH] Misc fixes --- containers/code-server/Containerfile | 2 +- home/etc/containers/systemd/synapse.container | 2 ++ qubes-fedora/etc/systemd/logind.conf | 2 ++ sandbox/etc/containers/systemd/forgejo-runner.container | 2 ++ server/etc/containers/systemd/borgmatic-cache.volume | 0 server/etc/containers/systemd/borgmatic.container | 2 +- setup-vyos.sh | 7 +++++++ 7 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 qubes-fedora/etc/systemd/logind.conf delete mode 100644 server/etc/containers/systemd/borgmatic-cache.volume diff --git a/containers/code-server/Containerfile b/containers/code-server/Containerfile index 70e2c87..57ad528 100644 --- a/containers/code-server/Containerfile +++ b/containers/code-server/Containerfile @@ -1,6 +1,6 @@ FROM quay.io/fedora/fedora-toolbox:41 RUN dnf up -y -RUN dnf install -y bash-color-prompt clang clang-tools-extra gcc hyperfine java-devel llvm mtools nodejs-npm openssl-devel parted poetry postgresql-server python3-pip qemu-system-x86-core rustup systemd-container vim-enhanced +RUN dnf install -y bash-color-prompt cargo-deny clang clang-tools-extra gcc hyperfine java-devel llvm mtools nodejs-npm openssl-devel parted poetry postgresql-server python3-pip qemu-system-x86-core rustup systemd-container vim-enhanced RUN dnf install -y https://github.com/coder/code-server/releases/download/v4.95.3/code-server-4.95.3-amd64.rpm RUN mkdir /etc/systemd/system/user@.service.d RUN mkdir /var/lib/systemd/linger diff --git a/home/etc/containers/systemd/synapse.container b/home/etc/containers/systemd/synapse.container index 55d6ae0..94f6ec5 100644 --- a/home/etc/containers/systemd/synapse.container +++ b/home/etc/containers/systemd/synapse.container @@ -1,6 +1,8 @@ [Unit] Requires=postgresql.service After=postgresql.service +[Service] +Restart=on-failure [Container] Image=docker.io/matrixdotorg/synapse Network=synapse.network diff --git a/qubes-fedora/etc/systemd/logind.conf b/qubes-fedora/etc/systemd/logind.conf new file mode 100644 index 0000000..f71ad2a --- /dev/null +++ b/qubes-fedora/etc/systemd/logind.conf @@ -0,0 +1,2 @@ +[Login] +RuntimeDirectorySize=1G diff --git a/sandbox/etc/containers/systemd/forgejo-runner.container b/sandbox/etc/containers/systemd/forgejo-runner.container index 7563a66..5a013ad 100644 --- a/sandbox/etc/containers/systemd/forgejo-runner.container +++ b/sandbox/etc/containers/systemd/forgejo-runner.container @@ -1,3 +1,5 @@ +[Service] +Restart=on-failure [Container] Image=code.forgejo.org/forgejo/runner:5 SecurityLabelDisable=true diff --git a/server/etc/containers/systemd/borgmatic-cache.volume b/server/etc/containers/systemd/borgmatic-cache.volume deleted file mode 100644 index e69de29..0000000 diff --git a/server/etc/containers/systemd/borgmatic.container b/server/etc/containers/systemd/borgmatic.container index 2de4163..c2e2b4b 100644 --- a/server/etc/containers/systemd/borgmatic.container +++ b/server/etc/containers/systemd/borgmatic.container @@ -6,10 +6,10 @@ HostName=%H Volume=/var/lib/system-config/container-config/borgmatic/config.yaml:/etc/borgmatic/config.yaml:z,ro Volume=/var/lib/system-config/container-config/borgmatic/%H.yaml:/etc/borgmatic/local.yaml:z,ro Volume=/:/run/host:ro -Volume=borgmatic-cache.volume:/root/.cache/borg:U,Z Volume=borgmatic-config.volume:/root/.config/borg:U,Z Volume=borgmatic-ssh.volume:/root/.ssh:U,Z Tmpfs=/etc/crontabs +Tmpfs=/root/.cache/borg Environment=BACKUP_CRON="0 0 * * *" Secret=BORG_PASSWORD,type=env Secret=BORG_REMOTE,type=env diff --git a/setup-vyos.sh b/setup-vyos.sh index 2728bd9..d9a97a4 100644 --- a/setup-vyos.sh +++ b/setup-vyos.sh @@ -55,15 +55,22 @@ set service dhcp-server shared-network-name server subnet 192.168.253.0/24 range set service dhcp-server shared-network-name server subnet 192.168.253.0/24 range 0 stop 192.168.253.253 set service dhcp-server shared-network-name server subnet 192.168.253.0/24 lease 1800 set service router-advert interface eth1 prefix ::/64 +set service router-advert interface eth1 name-server fc00::1 set service router-advert interface eth2 prefix ::/64 +set service router-advert interface eth2 name-server fc01::1 set service router-advert interface eth3 prefix ::/64 +set service router-advert interface eth3 name-server fc02::1 set service dns forwarding listen-address 192.168.252.1 set service dns forwarding listen-address 192.168.253.1 set service dns forwarding listen-address 192.168.254.1 set service dns forwarding listen-address 192.168.255.1 +set service dns forwarding listen-address fc00::1 +set service dns forwarding listen-address fc01::1 +set service dns forwarding listen-address fc02::1 set service dns forwarding name-server 127.0.0.1 set service dns forwarding dnssec validate set service dns forwarding allow-from 192.168.0.0/16 +set service dns forwarding allow-from fc00::/7 set service tftp-server directory /config/tftp set service tftp-server listen-address 192.168.253.1 set service monitoring telegraf influxdb url http://home.server.home.arpa