Make firstboot updates configurable
This commit is contained in:
Aaron
@@ -8,9 +8,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
- Nginx + Pi‑Kit dashboard
|
||||
- DietPi dashboard
|
||||
3) Update the system if needed.
|
||||
4) Run the prep scrub:
|
||||
4) Run the prep scrub + verify:
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./check-pikit-clean.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
5) Image the SD card with DietPi Imager.
|
||||
6) Store it as the golden base (e.g., `images/base/pikit-base-YYYYMMDD.img.xz`).
|
||||
|
||||
@@ -24,9 +24,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
4) Add dashboard services using the UI (Add Service modal).
|
||||
5) Open any needed ports in ufw (done as part of testing/config):
|
||||
- `sudo ufw allow from <LAN subnet> to any port <port>`
|
||||
6) Run the prep scrub:
|
||||
6) Run the prep scrub + verify:
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./check-pikit-clean.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
7) Image the SD card via the QEMU DietPi VM:
|
||||
- Insert the SD card into your desktop.
|
||||
- Identify it with `lsblk`.
|
||||
@@ -52,8 +52,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
- Merges services into `/etc/pikit/services.json` (idempotent).
|
||||
5) Run the drift check (planned script):
|
||||
- Confirms services + ports match the profile + base.
|
||||
6) Run the prep scrub:
|
||||
6) Run the prep scrub + verify:
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
7) Image the SD card with DietPi Imager.
|
||||
|
||||
First boot on the end‑user device will:
|
||||
@@ -61,10 +62,33 @@ First boot on the end‑user device will:
|
||||
- Ensure the profile’s firewall ports are open (LAN‑only).
|
||||
- Show a progress overlay until complete.
|
||||
|
||||
Optional: to skip the first‑boot update step for faster startup, create
|
||||
`/etc/pikit/firstboot.conf` with:
|
||||
|
||||
```
|
||||
PIKIT_FIRSTBOOT_UPDATES=0
|
||||
```
|
||||
|
||||
## 3) Flashing an image to SD
|
||||
Use the helper:
|
||||
- `sudo ./flash_sd.sh <image.img.xz> /dev/sdX`
|
||||
|
||||
## 4) Manufacturing / imaging checklist (production)
|
||||
1) Start from the golden base image.
|
||||
2) Flash it to a known‑good SD card.
|
||||
3) Boot and verify:
|
||||
- `http://pikit.local` and `https://pikit.local`
|
||||
- dashboard loads
|
||||
- first‑boot completes
|
||||
4) Apply any required profile/services.
|
||||
5) Run prep + verify:
|
||||
- `sudo ./pikit-prep.sh`
|
||||
6) Power down cleanly.
|
||||
7) Image the SD card (DietPi Imager via QEMU or on‑device).
|
||||
8) Label and archive the image (include date + profile name).
|
||||
9) Smoke test the flashed image on a second SD card:
|
||||
- boot → first‑boot → dashboard → services
|
||||
|
||||
## Notes
|
||||
- Profiles are additive to the base image defaults; do not include Pi‑Kit or DietPi dashboard entries in profiles.
|
||||
- Keep `RESCUE.md` in `/root` and `/home/dietpi` only (not in `/var/www`).
|
||||
|
||||
@@ -14,6 +14,7 @@ CERT_DIR="/etc/pikit/certs"
|
||||
WEB_ASSETS="/var/www/pikit-web/assets"
|
||||
PROFILE_FILE="/etc/pikit/profile.json"
|
||||
MOTD_FILE="/etc/motd"
|
||||
FIRSTBOOT_CONF="/etc/pikit/firstboot.conf"
|
||||
|
||||
STEPS=(
|
||||
"Preparing system"
|
||||
@@ -26,11 +27,27 @@ STEPS=(
|
||||
STEP_STATUS=(pending pending pending pending pending pending)
|
||||
CURRENT_STEP=""
|
||||
CURRENT_INDEX=-1
|
||||
PIKIT_FIRSTBOOT_UPDATES="${PIKIT_FIRSTBOOT_UPDATES:-1}"
|
||||
|
||||
log() {
|
||||
printf '[%s] %s\n' "$(date '+%Y-%m-%dT%H:%M:%S%z')" "$*"
|
||||
}
|
||||
|
||||
load_config() {
|
||||
if [ -f "$FIRSTBOOT_CONF" ]; then
|
||||
# shellcheck disable=SC1090
|
||||
. "$FIRSTBOOT_CONF"
|
||||
fi
|
||||
PIKIT_FIRSTBOOT_UPDATES="${PIKIT_FIRSTBOOT_UPDATES:-1}"
|
||||
}
|
||||
|
||||
skip_updates() {
|
||||
case "${PIKIT_FIRSTBOOT_UPDATES,,}" in
|
||||
0|false|no|off) return 0 ;;
|
||||
esac
|
||||
return 1
|
||||
}
|
||||
|
||||
write_state() {
|
||||
local state="$1"
|
||||
local current="$2"
|
||||
@@ -121,6 +138,7 @@ mkdir -p "$FIRSTBOOT_DIR"
|
||||
exec >>"$LOG_FILE" 2>&1
|
||||
|
||||
log "Pi-Kit firstboot starting"
|
||||
load_config
|
||||
|
||||
if [ -f "$DONE_FILE" ]; then
|
||||
log "Firstboot already completed; exiting."
|
||||
@@ -206,11 +224,15 @@ fi
|
||||
finish_step 2
|
||||
|
||||
begin_step 3
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
mkdir -p /var/cache/apt/archives/partial /var/lib/apt/lists/partial
|
||||
chmod 755 /var/cache/apt/archives /var/cache/apt/archives/partial /var/lib/apt/lists /var/lib/apt/lists/partial
|
||||
apt-get update
|
||||
apt-get -y -o Dpkg::Options::=--force-confold full-upgrade
|
||||
if skip_updates; then
|
||||
log "Skipping software updates (PIKIT_FIRSTBOOT_UPDATES=$PIKIT_FIRSTBOOT_UPDATES)."
|
||||
else
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
mkdir -p /var/cache/apt/archives/partial /var/lib/apt/lists/partial
|
||||
chmod 755 /var/cache/apt/archives /var/cache/apt/archives/partial /var/lib/apt/lists /var/lib/apt/lists/partial
|
||||
apt-get update
|
||||
apt-get -y -o Dpkg::Options::=--force-confold full-upgrade
|
||||
fi
|
||||
finish_step 3
|
||||
|
||||
begin_step 4
|
||||
|
||||
Reference in New Issue
Block a user