Commit 5cb907a2 authored by o's avatar o
Browse files

fixing some recent issues

parent 8f078d5b
......@@ -3,12 +3,10 @@
The main idea is to have:
1. An `ibox` template VM mirroring more or less a VM created by our [kickstart file](https://code.immerda.ch/immerda/ibox/stemcell/-/blob/master/http/centos8.ks).
1. An `ibox-base` AppVM which serves as "template" (not in the qubes sense) to create iboxes.
1. An `ibox-instance` AppVM.
The second step is merely to avoid repeatedly downloading the ibox repository.
First start by checking out this repository in your development VM, that we'll assume
to be called `idev`:
First start by checking out this repository in your development VM. We'll assume
it to be called `devqube`:
```
git clone git@code-ssh.immerda.ch:immerda/ibox/qubes.git ibox-qubes
......@@ -18,34 +16,27 @@ To create both VMs and install centos-8, there is a [setup/dom0.sh](setup/dom0.s
You can run it in dom0 with:
```
qvm-run -p idev "cat /home/user/Documents/ibox-qubes/setup/dom0.sh" > setup-ibox.sh
qvm-run -p devqube "cat /home/user/Documents/ibox-qubes/setup/dom0.sh" > setup-ibox.sh
sh setup-ibox.sh
```
Now all the vms are created and we can start setting up the `ibox` template. Start
Troubleshoot: If updating centos-8-minimal fails you might have a broken template. Removing and re-installing the `qubes-template-centos-8-minimal` might help.
Now all the vms are created and we can start setting up the `ibox-template` template. Start
the VM and execute [setup/ibox.sh](setup/ibox.sh) in it, as root. It installs all
required packages and repositories.
Stop the `ibox` VM again.
Stop the `ibox-template` VM again.
Now, start the `ibox-base` and download the ibox repo:
Now, start the `ibox-instance` and download the ibox repo:
```
git clone https://code.immerda.ch/immerda/ibox/boilerplate.git ibox
cd ibox
git submodule update --init --recursive
```
Stop `ibox-base` again.
Finally, you can start using your custom ibox. The easiest is, you clone it first, so you keep a clean state.
In dom0 `qvm-clone ibox-base ibox1`, then start `ibox1`.
In `ibox1` get going with:
```
cp hieradata/vagrant.yaml.sample hieradata/vagrant.yaml
sudo su -
hostnamectl set-hostname ibox1.local
cd /home/user/ibox
cp hieradata/vagrant.yaml.sample hieradata/vagrant.yaml
bin/local_apply.sh
```
sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-centos-8-minimal
qvm-clone centos-8-minimal ibox
qvm-run -p -u root ibox 'dnf install qubes-core-agent-networking qubes-core-agent-passwordless-root'
qvm-shutdown ibox
qvm-create --label gray --template ibox ibox-base
qvm-run -p -u root centos-8-minimal 'dnf update -y && dnf swap centos-linux-repos centos-stream-repos && rpm -e --nodeps python3-docutils && dnf distro-sync -y'
qvm-shutdown centos-8-minimal
qvm-clone centos-8-minimal ibox-template
qvm-run -p -u root ibox-template 'dnf install qubes-core-agent-passwordless-root qubes-core-agent-passwordless-networking'
qvm-shutdown ibox-template
qvm-create --label gray --template ibox-template ibox-instance
set -e
sed -i 's/^enabled=.*/enabled=1/' /etc/yum.repos.d/CentOS-Linux-PowerTools.repo /etc/yum.repos.d/CentOS-Linux-ContinousRelease.repo
cat <<-EOF > /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet
......@@ -128,14 +130,22 @@ EOF
dnf update
dnf remove unbound-libs python3-unbound
dnf install ebtables firewalld-filesystem ipset python3-firewall
dnf download firewalld
rpm --nodeps -i firewalld*.rpm
rm firewalld*.rpm
dnf install --allowerasing man-pages mlocate vim-enhanced termite-terminfo wget which virt-what sudo puppet-agent puppet-release puppet-agent-extensions epel-release drpm tmux bash-completion rkhunter munin-node cryptsetup gpm chrony tuned dnf-automatic fail2ban fail2ban-shorewall git yum rxvt-unicode
systemctl disable firewalld
systemctl mask firewalld
dnf remove -y unbound-libs python3-unbound
dnf install -y ebtables firewalld-filesystem ipset python3-firewall
dnf install -y --allowerasing man-pages mlocate vim-enhanced termite-terminfo wget which virt-what sudo puppet-agent puppet-release puppet-agent-extensions epel-release drpm tmux bash-completion rkhunter cryptsetup gpm chrony tuned dnf-automatic git yum rxvt-unicode
# for trocla
cat <<-EOF >/etc/puppetlabs/puppet/troclarc.yaml
profiles:
sysdomain_nc:
name_constraints:
- local
store: :moneta
store_options:
adapter: :YAML
adapter_options:
:file: /home/user/trocla_data.yaml
EOF
mkdir /etc/puppet
ln -s /home/user/ibox /etc/puppet/ibox
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment