Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-06-25 15:10:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

reorganize configurations into etc directory

Browse source
This commit is contained in:
Daniel Micay 2025-04-15 12:32:52 -04:00
parent b5fd158374
commit 1f4d7316b8
106 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

36
deploy-initial
View file

@ -21,42 +21,42 @@ ssh $remote '[[ $(grep IMAGE_VERSION /etc/os-release) = "IMAGE_VERSION=2025.03.0
ssh $remote "sfdisk /dev/$drive -w always <<< ';'" ssh $remote "sfdisk /dev/$drive -w always <<< ';'"
ssh $remote "mkfs.xfs -d agcount=$agcount -f /dev/${drive}1" ssh $remote "mkfs.xfs -d agcount=$agcount -f /dev/${drive}1"
rsync -cv pacman.d/mirrorlist $remote:/etc/pacman.d/mirrorlist rsync -cv etc/pacman.d/mirrorlist $remote:/etc/pacman.d/mirrorlist
ssh $remote "mount /dev/${drive}1 /mnt" ssh $remote "mount /dev/${drive}1 /mnt"
ssh $remote "pacstrap -K /mnt $(tr '\n' ' ' < packages/$host)" ssh $remote "pacstrap -K /mnt $(tr '\n' ' ' < packages/$host)"
rsync -cv grub $remote:/mnt/etc/default/grub rsync -cv etc/default/grub $remote:/mnt/etc/default/grub
ssh $remote "arch-chroot /mnt grub-install /dev/$drive" ssh $remote "arch-chroot /mnt grub-install /dev/$drive"
ssh $remote "arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg" ssh $remote "arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg"
ssh $remote "echo $hostname >/mnt/etc/hostname" ssh $remote "echo $hostname >/mnt/etc/hostname"
rsync -cpv --chmod=644 systemd/network/$host.link $remote:/mnt/etc/systemd/network/10-public.link rsync -cpv --chmod=644 etc/systemd/network/$host.link $remote:/mnt/etc/systemd/network/10-public.link
rsync -cpv --chmod=644 systemd/network/$host.network $remote:/mnt/etc/systemd/network/10-public.network rsync -cpv --chmod=644 etc/systemd/network/$host.network $remote:/mnt/etc/systemd/network/10-public.network
rsync -cpv --chmod=644 fstab.virtual $remote:/mnt/etc/fstab rsync -cpv --chmod=644 etc/fstab.virtual $remote:/mnt/etc/fstab
rsync -cpv --chmod=644 crypttab locale.conf mkinitcpio.conf pacman.conf pacreport.conf resolv.conf $remote:/mnt/etc/ rsync -cpv --chmod=644 etc/{crypttab,locale.conf,mkinitcpio.conf,pacman.conf,pacreport.conf,resolv.conf} $remote:/mnt/etc/
rsync -cv unbound.conf $remote:/mnt/etc/unbound/unbound.conf rsync -cv etc/unbound/unbound.conf $remote:/mnt/etc/unbound/unbound.conf
if [[ $host = @(0.grapheneos.network|1.grapheneos.network|2.grapheneos.network|3.grapheneos.network) ]]; then if [[ $host = @(0.grapheneos.network|1.grapheneos.network|2.grapheneos.network|3.grapheneos.network) ]]; then
cp chrony.conf chrony.conf.tmp cp etc/chrony.conf etc/chrony.conf.tmp
echo -e '\nallow' >> chrony.conf.tmp echo -e '\nallow' >> etc/chrony.conf.tmp
rsync -cv chrony.conf.tmp $remote:/mnt/etc/chrony.conf rsync -cv etc/chrony.conf.tmp $remote:/mnt/etc/chrony.conf
rm chrony.conf.tmp rm etc/chrony.conf.tmp
else else
rsync -cv chrony.conf $remote:/mnt/etc/chrony.conf rsync -cv etc/chrony.conf $remote:/mnt/etc/chrony.conf
fi fi
ssh $remote mkdir -vp /mnt/etc/sysconfig ssh $remote mkdir -vp /mnt/etc/sysconfig
rsync -cpv --chmod 644 sysconfig/chronyd $remote:/mnt/etc/sysconfig/chronyd rsync -cpv --chmod 644 etc/sysconfig/chronyd $remote:/mnt/etc/sysconfig/chronyd
rsync -cv authorized_keys $remote:/mnt/root/.ssh/authorized_keys rsync -cv authorized_keys $remote:/mnt/root/.ssh/authorized_keys
cp ssh/sshd_config ssh/sshd_config.tmp cp etc/ssh/sshd_config etc/ssh/sshd_config.tmp
sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" ssh/sshd_config.tmp sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" etc/ssh/sshd_config.tmp
rsync -cv ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config rsync -cv etc/ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config
rm ssh/sshd_config.tmp rm etc/ssh/sshd_config.tmp
rsync -cv nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/nftables.conf rsync -cv etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/nftables.conf
ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service plocate-updatedb.timer systemd-networkd.service systemd-oomd.service sshd.service sysstat.service unbound.service" ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service plocate-updatedb.timer systemd-networkd.service systemd-oomd.service sshd.service sysstat.service unbound.service"
ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service systemd-userdbd.socket" ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service systemd-userdbd.socket"

0
chrony.conf → etc/chrony.conf
View file

0
crypttab → etc/crypttab
View file

0
grub → etc/default/grub
View file

0
fstab.metal → etc/fstab.metal
View file

0
fstab.virtual → etc/fstab.virtual
View file

0
locale.conf → etc/locale.conf
View file

0
logrotate.conf → etc/logrotate.conf
View file

0
logrotate.d/letsencrypt → etc/logrotate.d/letsencrypt
View file

0
mkinitcpio.conf → etc/mkinitcpio.conf
View file

0
mkinitcpio.d/linux-lts.preset → etc/mkinitcpio.d/linux-lts.preset
View file

0
modprobe.d/local.conf → etc/modprobe.d/local.conf
View file

0
modules-load.d/local.conf → etc/modules-load.d/local.conf
View file

0
modules-load.d/softdog.conf → etc/modules-load.d/softdog.conf
View file

0
nftables/nftables-attestation.conf → etc/nftables/nftables-attestation.conf
View file

0
nftables/nftables-discuss.conf → etc/nftables/nftables-discuss.conf
View file

0
nftables/nftables-mail.conf → etc/nftables/nftables-mail.conf
View file

0
nftables/nftables-matrix.conf → etc/nftables/nftables-matrix.conf
View file

0
nftables/nftables-network.conf → etc/nftables/nftables-network.conf
View file

0
nftables/nftables-ns1.conf → etc/nftables/nftables-ns1.conf
View file

0
nftables/nftables-ns2.conf → etc/nftables/nftables-ns2.conf
View file

0
nftables/nftables-social.conf → etc/nftables/nftables-social.conf
View file

0
nftables/nftables-web.conf → etc/nftables/nftables-web.conf
View file

0
pacman.conf → etc/pacman.conf
View file

0
pacman.d/mirrorlist → etc/pacman.d/mirrorlist
View file

0
pacreport.conf → etc/pacreport.conf
View file

0
resolv.conf → etc/resolv.conf
View file

0
ssh/ssh_config → etc/ssh/ssh_config
View file

0
ssh/sshd_config → etc/ssh/sshd_config
View file

0
sysconfig/chronyd → etc/sysconfig/chronyd
View file

0
sysctl.d/local.conf → etc/sysctl.d/local.conf
View file

0
systemd/journald.conf → etc/systemd/journald.conf
View file

0
systemd/network/0.grapheneos.network.link → etc/systemd/network/0.grapheneos.network.link
View file

0
systemd/network/0.grapheneos.network.network → etc/systemd/network/0.grapheneos.network.network
View file

0
systemd/network/0.grapheneos.org.link → etc/systemd/network/0.grapheneos.org.link
View file

0
systemd/network/0.grapheneos.org.network → etc/systemd/network/0.grapheneos.org.network
View file

0
systemd/network/0.ns2.grapheneos.org.link → etc/systemd/network/0.ns2.grapheneos.org.link
View file

0
systemd/network/0.ns2.grapheneos.org.network → etc/systemd/network/0.ns2.grapheneos.org.network
View file

0
systemd/network/0.releases.grapheneos.org.link → etc/systemd/network/0.releases.grapheneos.org.link
View file

0
systemd/network/0.releases.grapheneos.org.network → etc/systemd/network/0.releases.grapheneos.org.network
View file

0
systemd/network/1.grapheneos.network.link → etc/systemd/network/1.grapheneos.network.link
View file

0
systemd/network/1.grapheneos.network.network → etc/systemd/network/1.grapheneos.network.network
View file

0
systemd/network/1.grapheneos.org.link → etc/systemd/network/1.grapheneos.org.link
View file

0
systemd/network/1.grapheneos.org.network → etc/systemd/network/1.grapheneos.org.network
View file

0
systemd/network/1.ns2.grapheneos.org.link → etc/systemd/network/1.ns2.grapheneos.org.link
View file

0
systemd/network/1.ns2.grapheneos.org.network → etc/systemd/network/1.ns2.grapheneos.org.network
View file

0
systemd/network/1.releases.grapheneos.org.link → etc/systemd/network/1.releases.grapheneos.org.link
View file

0
systemd/network/1.releases.grapheneos.org.network → etc/systemd/network/1.releases.grapheneos.org.network
View file

0
systemd/network/2.grapheneos.network.link → etc/systemd/network/2.grapheneos.network.link
View file

0
systemd/network/2.grapheneos.network.network → etc/systemd/network/2.grapheneos.network.network
View file

0
systemd/network/2.grapheneos.org.link → etc/systemd/network/2.grapheneos.org.link
View file

0
systemd/network/2.grapheneos.org.network → etc/systemd/network/2.grapheneos.org.network
View file

0
systemd/network/2.ns2.grapheneos.org.link → etc/systemd/network/2.ns2.grapheneos.org.link
View file

0
systemd/network/2.ns2.grapheneos.org.network → etc/systemd/network/2.ns2.grapheneos.org.network
View file

0
systemd/network/2.releases.grapheneos.org.link → etc/systemd/network/2.releases.grapheneos.org.link
View file

0
systemd/network/2.releases.grapheneos.org.network → etc/systemd/network/2.releases.grapheneos.org.network
View file

0
systemd/network/3.grapheneos.network.link → etc/systemd/network/3.grapheneos.network.link
View file

0
systemd/network/3.grapheneos.network.network → etc/systemd/network/3.grapheneos.network.network
View file

0
systemd/network/3.grapheneos.org.link → etc/systemd/network/3.grapheneos.org.link
View file

0
systemd/network/3.grapheneos.org.network → etc/systemd/network/3.grapheneos.org.network
View file

0
systemd/network/3.releases.grapheneos.org.link → etc/systemd/network/3.releases.grapheneos.org.link
View file

0
systemd/network/3.releases.grapheneos.org.network → etc/systemd/network/3.releases.grapheneos.org.network
View file

0
systemd/network/4.releases.grapheneos.org.link → etc/systemd/network/4.releases.grapheneos.org.link
View file

0
systemd/network/4.releases.grapheneos.org.network → etc/systemd/network/4.releases.grapheneos.org.network
View file

0
systemd/network/attestation.app.link → etc/systemd/network/attestation.app.link
View file

0
systemd/network/attestation.app.network → etc/systemd/network/attestation.app.network
View file

0
systemd/network/discuss.grapheneos.org.link → etc/systemd/network/discuss.grapheneos.org.link
View file

0
systemd/network/discuss.grapheneos.org.network → etc/systemd/network/discuss.grapheneos.org.network
View file

0
systemd/network/grapheneos.social.link → etc/systemd/network/grapheneos.social.link
View file

0
systemd/network/grapheneos.social.network → etc/systemd/network/grapheneos.social.network
View file

0
systemd/network/mail.grapheneos.org.link → etc/systemd/network/mail.grapheneos.org.link
View file

0
systemd/network/mail.grapheneos.org.network → etc/systemd/network/mail.grapheneos.org.network
View file

0
systemd/network/matrix.grapheneos.org.link → etc/systemd/network/matrix.grapheneos.org.link
View file

0
systemd/network/matrix.grapheneos.org.network → etc/systemd/network/matrix.grapheneos.org.network
View file

0
systemd/network/ns1.grapheneos.org.link → etc/systemd/network/ns1.grapheneos.org.link
View file

0
systemd/network/ns1.grapheneos.org.network → etc/systemd/network/ns1.grapheneos.org.network
View file

0
systemd/network/ns1.staging.grapheneos.org.link → etc/systemd/network/ns1.staging.grapheneos.org.link
View file

0
systemd/network/ns1.staging.grapheneos.org.network → etc/systemd/network/ns1.staging.grapheneos.org.network
View file

0
systemd/network/staging.attestation.app.link → etc/systemd/network/staging.attestation.app.link
View file

0
systemd/network/staging.attestation.app.network → etc/systemd/network/staging.attestation.app.network
View file

0
systemd/network/staging.grapheneos.org.link → etc/systemd/network/staging.grapheneos.org.link
View file

0
systemd/network/staging.grapheneos.org.network → etc/systemd/network/staging.grapheneos.org.network
View file

0
systemd/networkd.conf → etc/systemd/networkd.conf
View file

0
systemd/sleep.conf → etc/systemd/sleep.conf
View file

0
systemd/system.conf → etc/systemd/system.conf
View file

0
systemd/system/-.slice.d/override.conf → etc/systemd/system/-.slice.d/override.conf
View file

0
systemd/system/attestation.service.d/override.conf → etc/systemd/system/attestation.service.d/override.conf
View file

0
systemd/system/certbot-ocsp-fetcher.service → etc/systemd/system/certbot-ocsp-fetcher.service
View file

0
systemd/system/certbot-ocsp-fetcher.timer → etc/systemd/system/certbot-ocsp-fetcher.timer
View file

0
systemd/system/certbot-renew.service.d/override.conf → etc/systemd/system/certbot-renew.service.d/override.conf
View file

0
systemd/system/chronyd.service.d/override.conf → etc/systemd/system/chronyd.service.d/override.conf
View file

0
systemd/system/fstrim.service.d/override.conf → etc/systemd/system/fstrim.service.d/override.conf
View file

0
systemd/system/fstrim.timer.d/override.conf → etc/systemd/system/fstrim.timer.d/override.conf
View file

0
systemd/system/nginx-create-session-ticket-keys.service → etc/systemd/system/nginx-create-session-ticket-keys.service
View file

0
systemd/system/nginx-rotate-session-ticket-keys.service → etc/systemd/system/nginx-rotate-session-ticket-keys.service
View file

0
systemd/system/nginx-rotate-session-ticket-keys.timer → etc/systemd/system/nginx-rotate-session-ticket-keys.timer
View file

0
systemd/system/nginx.service.d/override.conf → etc/systemd/system/nginx.service.d/override.conf
View file

0
systemd/system/plocate-updatedb.service.d/override.conf → etc/systemd/system/plocate-updatedb.service.d/override.conf
View file

0
systemd/system/sshd.service.d/override.conf → etc/systemd/system/sshd.service.d/override.conf
View file

0
systemd/system/sysstat-collect.timer.d/override.conf → etc/systemd/system/sysstat-collect.timer.d/override.conf
View file

Some files were not shown because too many files have changed in this diff Show more