Server Installation

Contents

Preliminaries

Pre-installation

  1. Download the Fedora IoT .iso installer. In the unlikely scenario that your hosting provider offers Fedora IoT images, you can skip until step 4.

  2. Upload and attach the .iso installer to the virtual machine.

  3. Configure the VM for UEFI boot.

Installation

  1. Start the installer.

  2. Disable the root account and create an administrator max.

  3. Partition as follows:

    Index Mount Point Size Type
    1 /boot/efi 500M EFI
    2 /boot 4G ext4
    3 [SWAP] 8G swap
    4 / remaining btrfs
    4.1 /home/ subvol
  4. Install the system.

  5. Reboot into the installed system.

  6. Install your SSH key:

    % ssh-copy-id max@maxchernoff.ca  # From your local machine
    
  7. Log in to the server:

    % ssh max@maxchernoff.ca
    
  8. Reboot.

    $ sudo systemctl reboot
    

Post-installation

  1. Install the needed packages:

    $ sudo rpm-ostree install borgbackup fish git-core htop perl-File-Find python3-pystemd qemu-guest-agent snapper vim
    
  2. Switch shell to fish:

    $ chsh -s /usr/bin/fish
    
  3. Fix /etc/fstab:

    Change the options for / to defaults,compress=zstd:1,noatime.

  4. Fix /etc/passwd: If not done, podman will complain about a mismatched home location.

    Change the home for max to /var/home/max.

  5. Disable authselect:

    $ sudo authselect opt-out
    

Downloading the repository

  1. Create the repo user:

    $ sudo useradd --create-home --shell /usr/sbin/nologin repo
    
  2. Switch to the repo user:

    $ sudo machinectl shell repo@ /usr/bin/fish
    
  3. Generate a new SSH key:

    % ssh-keygen -t ed25519
    
  4. Add this new key as a single-repo deploy key on GitHub.

  5. Clone the repositories:

    % git clone https://github.com/gucci-on-fleek/maxchernoff.ca.git
    % git clone --no-checkout \
    >     git@github.com:gucci-on-fleek/maxchernoff.ca-credentials.git \
    >     credentials
    
  6. Decrypt the credentials' repository:

    % cd credentials/
    % echo 'PRIVATE-KEY' > .git/git-encrypt.private-key
    % echo > .git/config <<EOF
    [filter "git-encrypt"]
        clean = git-encrypt encrypt %f
        smudge = git-encrypt decrypt %f
        required
    EOF
    % git checkout master
    

Installing TeX Live

  1. Create the tex user:

    $ sudo useradd --create-home --shell /usr/sbin/nologin tex
    $ sudo loginctl enable-linger tex
    
  2. Switch to the tex user:

    $ sudo machinectl shell tex@ /usr/bin/fish
    
  3. Create the necessary directories:

    % mkdir -p ~/texlive  # As the `tex` user
    
  4. Download the installer:

    % cd $(mktemp -d)
    % curl -O 'https://ftp.math.utah.edu/pub/ctan/tex-archive/systems/texlive/tlnet/install-tl-unx.tar.gz'
    % tar xf install-tl-unx.tar.gz
    
  5. Install TeX Live:

    % ./install-tl-*/install-tl \
    >     --repository=https://ftp.math.utah.edu/pub/ctan/tex-archive/systems/texlive/tlnet \
    >     --texdir=/var/home/tex/texlive --scheme=full --paper=letter
    
  6. Download and run the ConTeXt installer:

    % mkdir -p ~/context-installer
    % cd ~/context-installer
    % curl -O 'https://lmtx.pragma-ade.com/install-lmtx/context-linux-64.zip'
    % busybox unzip context-linux-64.zip
    % chmod a+x install.sh
    % ./install.sh
    % ln -s ~/context-installer/tex ~/context
    
  7. Install the ConTeXt modules:

    % cd ~/context
    % ./texmf-linux-64/bin/mtxrun --script install-modules --install --all
    

Web Server

  1. Create the web user:

    $ sudo useradd --create-home --shell /usr/sbin/nologin web
    
  2. Allow the web user to run services:

    $ sudo loginctl enable-linger web
    
  3. Reboot to make sure everything starts correctly.

  4. Once all the containers have been built, switch to bootc:

    $ sudo bootc switch maxchernoff.ca/fedora-iot:latest
    $ reboot
    

Woodpecker CI

  1. Create the woodpecker user:

    $ sudo useradd --create-home --shell /usr/sbin/nologin woodpecker
    $ sudo loginctl enable-linger woodpecker
    

Container Builders

Sometimes there aren't any pre-built containers for the software that you want to run, so we'll need to add a container builder.

  1. Create the builder user:

    $ sudo useradd --create-home --shell /usr/sbin/nologin builder
    $ sudo loginctl enable-linger builder
    
  2. That's pretty much it.

Snapshots

  1. Create subvolumes for the .local and .cache directories for every user:

    $ btrfs subvolume create {.local,.cache}
    
  2. Mount the snapshot directory:

    # /etc/fstab
    # This line was here originally
    UUID={uuid}  /home/            btrfs  subvol={subvol},compress=zstd:1,noatime             0  0
    # Add this line
    UUID={uuid}  /home/.snapshots  btrfs  subvol={subvol}/.snapshots,compress=zstd:1,noatime  0  0
    
    $ sudo systemctl daemon-reload
    $ sudo mount -av