From 982cb4f7ccf67784d50b77fdb9db52254b9d4ab2 Mon Sep 17 00:00:00 2001
From: Mathieu Strypsteen <mathieu@strypsteen.me>
Date: Sun, 17 Dec 2023 17:55:26 +0100
Subject: [PATCH] Finish router-home split

---
 common/etc/ssh/ssh_config                             |  2 ++
 .../systemd/users/1500/act-runner.container           |  2 +-
 .../systemd/users/1500/podman-container.container     |  4 +++-
 .../users/1500/{podman.volume => podman-run.volume}   |  0
 .../systemd/users/1500/podman-storage.volume          |  0
 ignition/router.bu                                    | 11 +++++++++++
 router/etc/systemd/resolved.conf                      |  6 ++----
 setup-home.sh                                         |  1 +
 setup-server.sh                                       |  2 +-
 9 files changed, 21 insertions(+), 7 deletions(-)
 rename home/etc/containers/systemd/users/1500/{podman.volume => podman-run.volume} (100%)
 create mode 100644 home/etc/containers/systemd/users/1500/podman-storage.volume
 create mode 100644 ignition/router.bu

diff --git a/common/etc/ssh/ssh_config b/common/etc/ssh/ssh_config
index 4ebd8f0..7319707 100644
--- a/common/etc/ssh/ssh_config
+++ b/common/etc/ssh/ssh_config
@@ -8,6 +8,8 @@ Host home
   HostName home.strypsteen.com
 Host home-gw
   HostName home-gw.strypsteen.com
+Host router
+  HostName 192.168.255.1
 Host vps
   HostName vps.strypsteen.com
 Host *
diff --git a/home/etc/containers/systemd/users/1500/act-runner.container b/home/etc/containers/systemd/users/1500/act-runner.container
index 8006ef9..fbe26cc 100644
--- a/home/etc/containers/systemd/users/1500/act-runner.container
+++ b/home/etc/containers/systemd/users/1500/act-runner.container
@@ -4,7 +4,7 @@ After=podman-container.service
 [Container]
 Image=docker.io/gitea/act_runner
 LogDriver=none
-Volume=podman.volume:/run/podman:z
+Volume=podman-run.volume:/run/podman:z
 Volume=/var/lib/system-config/container-config/act-runner:/etc/act-runner:O
 Volume=act-runner.volume:/data:U,Z
 Tmpfs=/root/.cache
diff --git a/home/etc/containers/systemd/users/1500/podman-container.container b/home/etc/containers/systemd/users/1500/podman-container.container
index 19b1109..f88f3f5 100644
--- a/home/etc/containers/systemd/users/1500/podman-container.container
+++ b/home/etc/containers/systemd/users/1500/podman-container.container
@@ -1,10 +1,12 @@
 [Container]
 Image=quay.io/containers/podman
 SecurityLabelDisable=true
+Unmask=/proc/sys
 User=1000
 AddDevice=/dev/net/tun
 Exec=podman system service -t0 unix:///run/podman/podman.sock
-Volume=podman.volume:/run/podman:U,z
+Volume=podman-storage.volume:/home/podman/.local/share/containers:U,Z
+Volume=podman-run.volume:/run/podman:U,z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
diff --git a/home/etc/containers/systemd/users/1500/podman.volume b/home/etc/containers/systemd/users/1500/podman-run.volume
similarity index 100%
rename from home/etc/containers/systemd/users/1500/podman.volume
rename to home/etc/containers/systemd/users/1500/podman-run.volume
diff --git a/home/etc/containers/systemd/users/1500/podman-storage.volume b/home/etc/containers/systemd/users/1500/podman-storage.volume
new file mode 100644
index 0000000..e69de29
diff --git a/ignition/router.bu b/ignition/router.bu
new file mode 100644
index 0000000..b20b14b
--- /dev/null
+++ b/ignition/router.bu
@@ -0,0 +1,11 @@
+variant: fcos
+version: 1.5.0
+boot_device:
+  luks:
+    tpm2: true
+    discard: true
+passwd:
+  users:
+    - name: root
+      ssh_authorized_keys_local:
+        - ssh/desktop-sk.pub
diff --git a/router/etc/systemd/resolved.conf b/router/etc/systemd/resolved.conf
index 02c084c..d8bb32a 100644
--- a/router/etc/systemd/resolved.conf
+++ b/router/etc/systemd/resolved.conf
@@ -3,7 +3,5 @@ DNS=2620:fe::10#dns10.quad9.net 9.9.9.10#dns10.quad9.net
 FallbackDNS=
 DNSSEC=true
 DNSOverTLS=true
-DNSStubListenerExtra=192.168.255.1
-DNSStubListenerExtra=192.168.254.1
-DNSStubListenerExtra=192.168.253.1
-DNSStubListenerExtra=192.168.252.1
+DNSStubListenerExtra=0.0.0.0
+DNSStubListenerExtra=::
diff --git a/setup-home.sh b/setup-home.sh
index df518bf..a73ccd8 100644
--- a/setup-home.sh
+++ b/setup-home.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
 set -e
 cp -R home/* /
+ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
 sh setup-server.sh
 systemd-tmpfiles --create
diff --git a/setup-server.sh b/setup-server.sh
index 7182a33..dd1bcde 100644
--- a/setup-server.sh
+++ b/setup-server.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 cp -R server/* /
-systemctl disable --now docker.socket rpm-ostree-countme.timer
+systemctl disable --now auditd docker.socket rpm-ostree-countme.timer
 systemctl enable --now podman-auto-update.timer
 systemctl enable --global podman-auto-update.timer
 useradd -M containers || true