Contents
Preliminaries
-
This guide is mainly intended for myself in case I ever need to rebuild the server, but I'm making it public in case it's useful to others.
-
I've provided the exact IP addresses and usernames for my server; if you're following along, you'll want to replace these with the appropriate values for your own server.
-
Commands that start with
$
are ran as themax
user on the server, while commands that start with%
are ran as some other user. -
This guide was tested with Fedora IoT versions 40–41.
Pre-installation
-
Download the Fedora IoT
.iso
installer. In the unlikely scenario that your hosting provider offers Fedora IoT images, you can skip until step 4. -
Upload and attach the
.iso
installer to the virtual machine. -
Configure the VM for UEFI boot.
Installation
-
Start the installer.
-
Disable the
root
account and create an administratormax
. -
Partition as follows:
Index Mount Point Size Type 1 /boot/efi
500M EFI 2 /boot
4G ext4 3 [SWAP]
8G swap 4 /
remaining btrfs 4.1 /home/
— subvol -
Install the system.
-
Reboot into the installed system.
-
Install your SSH key:
% ssh-copy-id max@maxchernoff.ca # From your local machine
-
Log in to the server:
% ssh max@maxchernoff.ca
-
Reboot.
$ sudo systemctl reboot
Post-installation
-
Install the needed packages:
$ sudo rpm-ostree install borgbackup fish git-core htop perl-File-Find python3-pystemd qemu-guest-agent snapper vim
-
Switch shell to
fish
:$ chsh -s /usr/bin/fish
-
Fix
/etc/fstab
:Change the options for
/
todefaults,compress=zstd:1,noatime
. -
Fix
/etc/passwd
: If not done,podman
will complain about a mismatched home location.Change the home for
max
to/var/home/max
. -
Disable
authselect
:$ sudo authselect opt-out
Downloading the repository
-
Create the
repo
user:$ sudo useradd --create-home --shell /usr/sbin/nologin repo
-
Switch to the
repo
user:$ sudo machinectl shell repo@ /usr/bin/fish
-
Generate a new SSH key:
% ssh-keygen -t ed25519
-
Add this new key as a single-repo deploy key on GitHub.
-
Clone the repositories:
% git clone https://github.com/gucci-on-fleek/maxchernoff.ca.git % git clone --no-checkout \ > git@github.com:gucci-on-fleek/maxchernoff.ca-credentials.git \ > credentials
-
Decrypt the credentials' repository:
% cd credentials/ % echo 'PRIVATE-KEY' > .git/git-encrypt.private-key % echo > .git/config <<EOF [filter "git-encrypt"] clean = git-encrypt encrypt %f smudge = git-encrypt decrypt %f required EOF % git checkout master
Installing TeX Live
-
Create the
tex
user:$ sudo useradd --create-home --shell /usr/sbin/nologin tex $ sudo loginctl enable-linger tex
-
Switch to the
tex
user:$ sudo machinectl shell tex@ /usr/bin/fish
-
Create the necessary directories:
% mkdir -p ~/texlive # As the `tex` user
-
Download the installer:
% cd $(mktemp -d) % curl -O 'https://ftp.math.utah.edu/pub/ctan/tex-archive/systems/texlive/tlnet/install-tl-unx.tar.gz' % tar xf install-tl-unx.tar.gz
-
Install TeX Live:
% ./install-tl-*/install-tl \ > --repository=https://ftp.math.utah.edu/pub/ctan/tex-archive/systems/texlive/tlnet \ > --texdir=/var/home/tex/texlive --scheme=full --paper=letter
-
Download and run the ConTeXt installer:
% mkdir -p ~/context-installer % cd ~/context-installer % curl -O 'https://lmtx.pragma-ade.com/install-lmtx/context-linux-64.zip' % busybox unzip context-linux-64.zip % chmod a+x install.sh % ./install.sh % ln -s ~/context-installer/tex ~/context
-
Install the ConTeXt modules:
% cd ~/context % ./texmf-linux-64/bin/mtxrun --script install-modules --install --all
Web Server
-
Create the
web
user:$ sudo useradd --create-home --shell /usr/sbin/nologin web
-
Allow the
web
user to run services:$ sudo loginctl enable-linger web
-
Reboot to make sure everything starts correctly.
-
Once all the containers have been built, switch to
bootc
:$ sudo bootc switch maxchernoff.ca/fedora-iot:latest $ reboot
Woodpecker CI
-
Create the
woodpecker
user:$ sudo useradd --create-home --shell /usr/sbin/nologin woodpecker $ sudo loginctl enable-linger woodpecker
Container Builders
Sometimes there aren't any pre-built containers for the software that you want to run, so we'll need to add a container builder.
-
Create the
builder
user:$ sudo useradd --create-home --shell /usr/sbin/nologin builder $ sudo loginctl enable-linger builder
-
That's pretty much it.
Snapshots
-
Create subvolumes for the
.local
and.cache
directories for every user:$ btrfs subvolume create {.local,.cache}
-
Mount the snapshot directory:
# /etc/fstab # This line was here originally UUID={uuid} /home/ btrfs subvol={subvol},compress=zstd:1,noatime 0 0 # Add this line UUID={uuid} /home/.snapshots btrfs subvol={subvol}/.snapshots,compress=zstd:1,noatime 0 0
$ sudo systemctl daemon-reload $ sudo mount -av