fix systemd templates
This commit is contained in:
@ -39,7 +39,7 @@
|
||||
|
||||
# pacstrap
|
||||
# pacstrap -K /mnt/root base linux-lts linux-firmware nano openssh bind bash efibootmgr reflector screen pv pinentry sudo man-db man-pages texinfo ufw nftables intel-ucode e2fsprogs dosfstools curl cryptsetup
|
||||
# sbctl fwupd fwupd-efi dmidecode udisks2
|
||||
# sbctl sbsigntools fwupd fwupd-efi dmidecode udisks2 usbutils
|
||||
|
||||
# gen fstab
|
||||
# genfstab -L /mnt/root >> /mnt/root/etc/fstab
|
||||
@ -79,8 +79,39 @@
|
||||
# echo 'cryptdevice=dbbb9fb2-5509-4701-a2bb-5660934a5378:root root=/dev/mapper/root rw' > /etc/kernel/cmdline
|
||||
# echo 'rd.luks.name=dbbb9fb2-5509-4701-a2bb-5660934a5378=root root=/dev/mapper/root rw' > /etc/kernel/cmdline
|
||||
|
||||
# create a default systemd-networkd config
|
||||
# enable systemd-networkd
|
||||
# enable sshd
|
||||
# enable ufw service
|
||||
# enable ufw firewall
|
||||
# create ufw config to allow ssh port 22
|
||||
|
||||
# modify mkinitcpio for encryption
|
||||
# old HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)
|
||||
# new HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck)
|
||||
# sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf
|
||||
# sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf
|
||||
|
||||
# geneate sb keys with sbctl
|
||||
# keys go to /usr/share/secureboot/keys/db/db.pem
|
||||
# enroll sbctl keys
|
||||
|
||||
# add console= option to cmdline file
|
||||
|
||||
# create initcpio post hook /etc/initcpio/post/uki-sbsign
|
||||
# make /etc/initcpio/post/uki-sbsign executable
|
||||
# chmod +x /etc/initcpio/post/uki-sbsign
|
||||
# make initcpio
|
||||
# mkinitcpio -p linux-lts
|
||||
|
||||
# vfio and iommu
|
||||
# add 'intel_iommu=on iommu=pt' to kernel cmdline
|
||||
|
||||
# add vfio binding
|
||||
# vp2420 iGPU = 8086:4555
|
||||
# add vfio-pci ids to /etc/kernel/cmdline
|
||||
# vfio-pci.ids=8086:4555
|
||||
|
||||
# add vfio modules to mkinitcpio.conf
|
||||
# MODULES=(vfio_pci vfio vfio_iommu_type1)
|
||||
# ensure modconf hook is in mkinitcpio.conf
|
||||
# HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck)
|
||||
@ -10,7 +10,10 @@ libvirt_packages:
|
||||
hypervisor:
|
||||
storage: dir
|
||||
device: /dev/sda
|
||||
datasets:
|
||||
- name: tank/vhds
|
||||
compression: lz4
|
||||
encryption: 'off'
|
||||
|
||||
# hypervisor:
|
||||
# storage: zfs
|
||||
# datasets:
|
||||
# - name: tank/vhds
|
||||
# compression: lz4
|
||||
# encryption: 'off'
|
||||
@ -14,7 +14,7 @@
|
||||
- name: Create systemd-networkd config files
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: /etc/systemd/network/"{{ item.name }}"
|
||||
dest: /etc/systemd/network/{{ item.name }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
@ -3,6 +3,5 @@ PermanentMACAddress={{ item.mac_address }}
|
||||
|
||||
[Link]
|
||||
Name={{ item.name | regex_replace('^[0-9]*-', '') | regex_replace('\.link', '') }}
|
||||
MACAddressPolicy=permanent
|
||||
MACAddress={{ item.mac_address }}
|
||||
MACAddressPolicy=persistent
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
[Match]
|
||||
MACAddress={{ item.mac_address }}
|
||||
Name={{ item.name | regex_replace('^[0-9]*-', '') | regex_replace('\.network', '') }}
|
||||
|
||||
[Link]
|
||||
ARP={{ item.arp | default(true) }}
|
||||
@ -62,7 +62,7 @@ Type=unicast
|
||||
{% endif -%}
|
||||
|
||||
{% if item.bridge is defined and item.bridge.vlans is defined %}
|
||||
[BridgeVLANs]
|
||||
[BridgeVLAN]
|
||||
{% for vlan in item.bridge.vlans -%}
|
||||
VLAN={{ vlan }}
|
||||
{% endfor -%}
|
||||
|
||||
Reference in New Issue
Block a user