Make firstboot updates configurable
This commit is contained in:
Aaron
@@ -8,9 +8,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
|||||||
- Nginx + Pi‑Kit dashboard
|
- Nginx + Pi‑Kit dashboard
|
||||||
- DietPi dashboard
|
- DietPi dashboard
|
||||||
3) Update the system if needed.
|
3) Update the system if needed.
|
||||||
4) Run the prep scrub:
|
4) Run the prep scrub + verify:
|
||||||
- `sudo ./pikit-prep.sh`
|
- `sudo ./pikit-prep.sh`
|
||||||
- (optional) `sudo ./check-pikit-clean.sh`
|
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||||
5) Image the SD card with DietPi Imager.
|
5) Image the SD card with DietPi Imager.
|
||||||
6) Store it as the golden base (e.g., `images/base/pikit-base-YYYYMMDD.img.xz`).
|
6) Store it as the golden base (e.g., `images/base/pikit-base-YYYYMMDD.img.xz`).
|
||||||
|
|
||||||
@@ -24,9 +24,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
|||||||
4) Add dashboard services using the UI (Add Service modal).
|
4) Add dashboard services using the UI (Add Service modal).
|
||||||
5) Open any needed ports in ufw (done as part of testing/config):
|
5) Open any needed ports in ufw (done as part of testing/config):
|
||||||
- `sudo ufw allow from <LAN subnet> to any port <port>`
|
- `sudo ufw allow from <LAN subnet> to any port <port>`
|
||||||
6) Run the prep scrub:
|
6) Run the prep scrub + verify:
|
||||||
- `sudo ./pikit-prep.sh`
|
- `sudo ./pikit-prep.sh`
|
||||||
- (optional) `sudo ./check-pikit-clean.sh`
|
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||||
7) Image the SD card via the QEMU DietPi VM:
|
7) Image the SD card via the QEMU DietPi VM:
|
||||||
- Insert the SD card into your desktop.
|
- Insert the SD card into your desktop.
|
||||||
- Identify it with `lsblk`.
|
- Identify it with `lsblk`.
|
||||||
@@ -52,8 +52,9 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
|||||||
- Merges services into `/etc/pikit/services.json` (idempotent).
|
- Merges services into `/etc/pikit/services.json` (idempotent).
|
||||||
5) Run the drift check (planned script):
|
5) Run the drift check (planned script):
|
||||||
- Confirms services + ports match the profile + base.
|
- Confirms services + ports match the profile + base.
|
||||||
6) Run the prep scrub:
|
6) Run the prep scrub + verify:
|
||||||
- `sudo ./pikit-prep.sh`
|
- `sudo ./pikit-prep.sh`
|
||||||
|
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||||
7) Image the SD card with DietPi Imager.
|
7) Image the SD card with DietPi Imager.
|
||||||
|
|
||||||
First boot on the end‑user device will:
|
First boot on the end‑user device will:
|
||||||
@@ -61,10 +62,33 @@ First boot on the end‑user device will:
|
|||||||
- Ensure the profile’s firewall ports are open (LAN‑only).
|
- Ensure the profile’s firewall ports are open (LAN‑only).
|
||||||
- Show a progress overlay until complete.
|
- Show a progress overlay until complete.
|
||||||
|
|
||||||
|
Optional: to skip the first‑boot update step for faster startup, create
|
||||||
|
`/etc/pikit/firstboot.conf` with:
|
||||||
|
|
||||||
|
```
|
||||||
|
PIKIT_FIRSTBOOT_UPDATES=0
|
||||||
|
```
|
||||||
|
|
||||||
## 3) Flashing an image to SD
|
## 3) Flashing an image to SD
|
||||||
Use the helper:
|
Use the helper:
|
||||||
- `sudo ./flash_sd.sh <image.img.xz> /dev/sdX`
|
- `sudo ./flash_sd.sh <image.img.xz> /dev/sdX`
|
||||||
|
|
||||||
|
## 4) Manufacturing / imaging checklist (production)
|
||||||
|
1) Start from the golden base image.
|
||||||
|
2) Flash it to a known‑good SD card.
|
||||||
|
3) Boot and verify:
|
||||||
|
- `http://pikit.local` and `https://pikit.local`
|
||||||
|
- dashboard loads
|
||||||
|
- first‑boot completes
|
||||||
|
4) Apply any required profile/services.
|
||||||
|
5) Run prep + verify:
|
||||||
|
- `sudo ./pikit-prep.sh`
|
||||||
|
6) Power down cleanly.
|
||||||
|
7) Image the SD card (DietPi Imager via QEMU or on‑device).
|
||||||
|
8) Label and archive the image (include date + profile name).
|
||||||
|
9) Smoke test the flashed image on a second SD card:
|
||||||
|
- boot → first‑boot → dashboard → services
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
- Profiles are additive to the base image defaults; do not include Pi‑Kit or DietPi dashboard entries in profiles.
|
- Profiles are additive to the base image defaults; do not include Pi‑Kit or DietPi dashboard entries in profiles.
|
||||||
- Keep `RESCUE.md` in `/root` and `/home/dietpi` only (not in `/var/www`).
|
- Keep `RESCUE.md` in `/root` and `/home/dietpi` only (not in `/var/www`).
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ CERT_DIR="/etc/pikit/certs"
|
|||||||
WEB_ASSETS="/var/www/pikit-web/assets"
|
WEB_ASSETS="/var/www/pikit-web/assets"
|
||||||
PROFILE_FILE="/etc/pikit/profile.json"
|
PROFILE_FILE="/etc/pikit/profile.json"
|
||||||
MOTD_FILE="/etc/motd"
|
MOTD_FILE="/etc/motd"
|
||||||
|
FIRSTBOOT_CONF="/etc/pikit/firstboot.conf"
|
||||||
|
|
||||||
STEPS=(
|
STEPS=(
|
||||||
"Preparing system"
|
"Preparing system"
|
||||||
@@ -26,11 +27,27 @@ STEPS=(
|
|||||||
STEP_STATUS=(pending pending pending pending pending pending)
|
STEP_STATUS=(pending pending pending pending pending pending)
|
||||||
CURRENT_STEP=""
|
CURRENT_STEP=""
|
||||||
CURRENT_INDEX=-1
|
CURRENT_INDEX=-1
|
||||||
|
PIKIT_FIRSTBOOT_UPDATES="${PIKIT_FIRSTBOOT_UPDATES:-1}"
|
||||||
|
|
||||||
log() {
|
log() {
|
||||||
printf '[%s] %s\n' "$(date '+%Y-%m-%dT%H:%M:%S%z')" "$*"
|
printf '[%s] %s\n' "$(date '+%Y-%m-%dT%H:%M:%S%z')" "$*"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
load_config() {
|
||||||
|
if [ -f "$FIRSTBOOT_CONF" ]; then
|
||||||
|
# shellcheck disable=SC1090
|
||||||
|
. "$FIRSTBOOT_CONF"
|
||||||
|
fi
|
||||||
|
PIKIT_FIRSTBOOT_UPDATES="${PIKIT_FIRSTBOOT_UPDATES:-1}"
|
||||||
|
}
|
||||||
|
|
||||||
|
skip_updates() {
|
||||||
|
case "${PIKIT_FIRSTBOOT_UPDATES,,}" in
|
||||||
|
0|false|no|off) return 0 ;;
|
||||||
|
esac
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
write_state() {
|
write_state() {
|
||||||
local state="$1"
|
local state="$1"
|
||||||
local current="$2"
|
local current="$2"
|
||||||
@@ -121,6 +138,7 @@ mkdir -p "$FIRSTBOOT_DIR"
|
|||||||
exec >>"$LOG_FILE" 2>&1
|
exec >>"$LOG_FILE" 2>&1
|
||||||
|
|
||||||
log "Pi-Kit firstboot starting"
|
log "Pi-Kit firstboot starting"
|
||||||
|
load_config
|
||||||
|
|
||||||
if [ -f "$DONE_FILE" ]; then
|
if [ -f "$DONE_FILE" ]; then
|
||||||
log "Firstboot already completed; exiting."
|
log "Firstboot already completed; exiting."
|
||||||
@@ -206,11 +224,15 @@ fi
|
|||||||
finish_step 2
|
finish_step 2
|
||||||
|
|
||||||
begin_step 3
|
begin_step 3
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
if skip_updates; then
|
||||||
mkdir -p /var/cache/apt/archives/partial /var/lib/apt/lists/partial
|
log "Skipping software updates (PIKIT_FIRSTBOOT_UPDATES=$PIKIT_FIRSTBOOT_UPDATES)."
|
||||||
chmod 755 /var/cache/apt/archives /var/cache/apt/archives/partial /var/lib/apt/lists /var/lib/apt/lists/partial
|
else
|
||||||
apt-get update
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get -y -o Dpkg::Options::=--force-confold full-upgrade
|
mkdir -p /var/cache/apt/archives/partial /var/lib/apt/lists/partial
|
||||||
|
chmod 755 /var/cache/apt/archives /var/cache/apt/archives/partial /var/lib/apt/lists /var/lib/apt/lists/partial
|
||||||
|
apt-get update
|
||||||
|
apt-get -y -o Dpkg::Options::=--force-confold full-upgrade
|
||||||
|
fi
|
||||||
finish_step 3
|
finish_step 3
|
||||||
|
|
||||||
begin_step 4
|
begin_step 4
|
||||||
|
|||||||
Reference in New Issue
Block a user