diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-10-31 01:11:18 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-10-31 01:11:18 +0200 |
| commit | 08a9ff658f14b6ccd0d396711304b74e51307c0e (patch) | |
| tree | 59e35ba2954764d5aa3109144f978b60bec5a181 | |
| parent | Ensure certbot is installed on hornquist.se. (diff) | |
| download | webdav_server-08a9ff658f14b6ccd0d396711304b74e51307c0e.tar.gz webdav_server-08a9ff658f14b6ccd0d396711304b74e51307c0e.tar.xz | |
Work on netbooting raspberry pis.
| -rw-r--r-- | manifests/site.pp | 6 | ||||
| -rw-r--r-- | modules/exports/manifests/init.pp | 19 | ||||
| -rw-r--r-- | modules/overlay/manifests/init.pp | 17 | ||||
| -rw-r--r-- | modules/raspi/manifests/init.pp | 143 |
4 files changed, 185 insertions, 0 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 1bf73f1..467ab68 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -38,6 +38,12 @@ node 'gandalf.adrift.space' { nginx_server => 'gandalf' } + + # raspi { '': + # version => '2021-05-07', + # dir => '/usr/local/raspi', + # } + } node 'hornquist.se' { diff --git a/modules/exports/manifests/init.pp b/modules/exports/manifests/init.pp new file mode 100644 index 0000000..ce75b29 --- /dev/null +++ b/modules/exports/manifests/init.pp @@ -0,0 +1,19 @@ +define exports ( + Hash[String,Array[String]] $options, + String $dir = $name, + String $exports_file = '/etc/exports', +) { + + $fixed_opts = $options.map |$key, $val| { + $joined_vals = $val.join(',') + "${key}(${joined_vals})" + }.join(' ') + + file_line { "Export ${exports_file} ${dir}": + ensure => present, + path => $exports_file, + match => "^${dir}", + line => "${dir} ${fixed_opts}" + } + +} diff --git a/modules/overlay/manifests/init.pp b/modules/overlay/manifests/init.pp new file mode 100644 index 0000000..a85683d --- /dev/null +++ b/modules/overlay/manifests/init.pp @@ -0,0 +1,17 @@ +define overlay ( +) { + + { + lowerdir => "${dir}/root/base", + upperdir => "${dir}/root/overlays/${name}", + workdir => "${dir}/root/workdirs/${name}", + nfs_export => 'on', + } + + file_line { + ensure => present, + path => "${dir}/fstab" + line => "overlay root/export/${name} + } + +} diff --git a/modules/raspi/manifests/init.pp b/modules/raspi/manifests/init.pp new file mode 100644 index 0000000..c622f26 --- /dev/null +++ b/modules/raspi/manifests/init.pp @@ -0,0 +1,143 @@ +define raspi ( + String $dir, + String $version, +) { + # https://www.kernel.org/doc/html/latest/admin-guide/nfs/nfsroot.html + + + file { $dir: + ensure => directory, + } + + $img_file = "${version}-raspios-buster-armhf-lite" + + file { "${dir}/${img_file}.zip": + ensure => file, + source => "https://downloads.raspberrypi.org/raspios_lite_armhf/images/raspios_lite_armhf-2021-05-28/${img_file}.zip", + checksum => 'sha256', + checksum_value => 'c5dad159a2775c687e9281b1a0e586f7471690ae28f2f2282c90e7d59f64273c', + } ~> exec { "/usr/bin/unzip ${img_file}.zip": + creates => "${dir}/${img_file}.img", + cwd => $dir, + } + + # see modprobe.d(5) + # /sys/module/loop/parameters/max_part + file { '/etc/modprobe.d/loop.conf': + content => "options loop max_part=8\n", + } + + ['root'].each |$d| { + file { "${dir}/${d}": + ensure => directory, + } + ['base', 'export', 'overlays', 'workdirs'].each |$subdir| { + file { "${dir}/${d}/${subdir}": + ensure => directory, + } + } + } + + $mounts = { + 'root' => ['music',], + # 'boot' => ['music',], + } + + # overlay fs not supported for FAT32 filesystems + + $fstab = "${dir}/fstab" + file { $fstab: + ensure => file, + } + + File[$fstab] -> File_Line <| path == $fstab |> + + $mounts.each |$type, $lst| { + $lst.each |$name| { + + $dict = { + lowerdir => "${dir}/${type}/base", + upperdir => "${dir}/${type}/overlays/${name}", + workdir => "${dir}/${type}/workdirs/${name}", + nfs_export => 'on', + } + + $target = "${dir}/${type}/export/${name}" + + file { [ + $dict['upperdir'], + $dict['workdir'], + $target, + ] : + ensure => directory, + } + + $opts = $dict.map |$k, $v| { "$k=$v" }.join(',') + + file_line { "Raspi fstab ${type} ${target}": + ensure => present, + path => $fstab, + line => "overlay ${target} overlay ${opts}", + } + } + } + + ensure_packages ( ['nfs-utils'], { ensure => latest, }) + service { 'nfs-server': + ensure => running, + enable => true, + } + + exports { "${dir}/root/export": + options => { + '*' => [ + 'rw', + 'no_subtree_check', + 'no_root_squash', + # Our mounts under the exported tree are also exported, which is + # needed since our export point is simply a mount point + 'crossmnt', + 'fsid=1', + ], + }, + } + + # TODO ensure that we are mounted before we start changing stuff + + $root = "${dir}/root/export/music" + + file { "${root}/etc/systemd/system/multi-user.target.wants/ssh.service": + ensure => link, + target => '/lib/systemd/system/ssh.service', + } + + file { "${root}/etc/fstab": + ensure => absent, + } + + file { "${root}/root/.ssh": + ensure => directory, + } + + file { "${root}/root/.ssh/authorized_keys": + ensure => file, + } + + file_line { 'raspbian root key': + path => "${root}/root/.ssh/authorized_keys", + line => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8bdCl6aFmYoWAZIoorFv96oV45Jv75vH0TyNTKyByNV0dr6qgJzt8HJ1J/bVDs+q679f4udA1HLGLncyoJS1rGw9meP36dXCQBPMdfZJN0tIrYWgo2Hb7ZpDjsvxGTHaE9jzWlDUI9DcoWoa1Hy8roqsFZgbEnW4H1QG2Hr1+MkjoKvxhXFZoDxuq5K8WcHpehhEU8YcHSKiL0R5jhGlGbL+Qvb1QUL1sXQquHrgJB4IwrrYt2chX4W9Uo+PMny6VYV8ubuXvYCyQehQqZmkYSWD3iJAu59Ti0MLC+egBVZ6UkWAn4kik5cbboC36ioDCKQfrpvfZuUg4OA01N033QoC3+aKUwic8t+Z9sQz7PKT3JTJA5cLTjV+FMoZfKUiSrgm2jgk2mYl86HyHbjwvVq3I0Ny5xXHX3n2DwY9kT3tV16lA3m6oRPeUwZDo7sCzHuMTj2tQE8mMzpZ6kA/CkwAOotY6S/XSbyynIrYpu0Y2HJ6Rax8XGt09DEc7XAE= hugo@gandalf', + } + + # $ l=$(losetup --show -f ${file}.img) + # $ mount "${l}p1" boot/base + # $ mount "${l}p2" root/base + # $ dd if=/dev/loop0p1 of=boot-sector.img + + + # console=serial0,115200 console=tty1 root=/dev/nfs rootfstype=10.0.0.40:/usr/local/raspi/root,vers=4.1,proto=tcp id=dhcp elevator=deadline rootwait rw + + # cmdline.txt + # root=/dev/nfs + # rootfstype=10.0.0.40:/usr/local/raspi/root,vers=4.1,proto=tcp + +} |