Finish router-home split

2023-12-17 17:55:26 +01:00 · 2023-12-17 17:55:26 +01:00 · 982cb4f7cc
commit 982cb4f7cc
parent 265c659e3e
9 changed files with 21 additions and 7 deletions
--- a/common/etc/ssh/ssh_config
+++ b/common/etc/ssh/ssh_config
@ -8,6 +8,8 @@ Host home
  HostName home.strypsteen.com
 Host home-gw
  HostName home-gw.strypsteen.com
+Host router
+  HostName 192.168.255.1
 Host vps
  HostName vps.strypsteen.com
 Host *
--- a/home/etc/containers/systemd/users/1500/act-runner.container
+++ b/home/etc/containers/systemd/users/1500/act-runner.container
@ -4,7 +4,7 @@ After=podman-container.service
 [Container]
 Image=docker.io/gitea/act_runner
 LogDriver=none
-Volume=podman.volume:/run/podman:z
+Volume=podman-run.volume:/run/podman:z
 Volume=/var/lib/system-config/container-config/act-runner:/etc/act-runner:O
 Volume=act-runner.volume:/data:U,Z
 Tmpfs=/root/.cache
--- a/home/etc/containers/systemd/users/1500/podman-container.container
+++ b/home/etc/containers/systemd/users/1500/podman-container.container
@ -1,10 +1,12 @@
 [Container]
 Image=quay.io/containers/podman
 SecurityLabelDisable=true
+Unmask=/proc/sys
 User=1000
 AddDevice=/dev/net/tun
 Exec=podman system service -t0 unix:///run/podman/podman.sock
-Volume=podman.volume:/run/podman:U,z
+Volume=podman-storage.volume:/home/podman/.local/share/containers:U,Z
+Volume=podman-run.volume:/run/podman:U,z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
--- a/home/etc/containers/systemd/users/1500/podman-run.volume
+++ b/home/etc/containers/systemd/users/1500/podman-run.volume
--- a/home/etc/containers/systemd/users/1500/podman-storage.volume
+++ b/home/etc/containers/systemd/users/1500/podman-storage.volume
--- a/ignition/router.bu
+++ b/ignition/router.bu
@ -0,0 +1,11 @@
+variant: fcos
+version: 1.5.0
+boot_device:
+  luks:
+    tpm2: true
+    discard: true
+passwd:
+  users:
+    - name: root
+      ssh_authorized_keys_local:
+        - ssh/desktop-sk.pub
--- a/router/etc/systemd/resolved.conf
+++ b/router/etc/systemd/resolved.conf
@ -3,7 +3,5 @@ DNS=2620:fe::10#dns10.quad9.net 9.9.9.10#dns10.quad9.net
 FallbackDNS=
 DNSSEC=true
 DNSOverTLS=true
-DNSStubListenerExtra=192.168.255.1
-DNSStubListenerExtra=192.168.254.1
-DNSStubListenerExtra=192.168.253.1
-DNSStubListenerExtra=192.168.252.1
+DNSStubListenerExtra=0.0.0.0
+DNSStubListenerExtra=::
--- a/setup-home.sh
+++ b/setup-home.sh
@ -1,5 +1,6 @@
 #!/bin/sh
 set -e
 cp -R home/* /
+ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
 sh setup-server.sh
 systemd-tmpfiles --create
--- a/setup-server.sh
+++ b/setup-server.sh
@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 cp -R server/* /
-systemctl disable --now docker.socket rpm-ostree-countme.timer
+systemctl disable --now auditd docker.socket rpm-ostree-countme.timer
 systemctl enable --now podman-auto-update.timer
 systemctl enable --global podman-auto-update.timer
 useradd -M containers || true