diff options
| author | Paul Buetow <paul@buetow.org> | 2026-04-13 14:13:59 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-04-13 14:13:59 +0300 |
| commit | e98587adfa904b0f93a54b6db97ea5ee951a4924 (patch) | |
| tree | 3495ee18196b5d6ca11a39a0f0db58173e67f906 | |
| parent | 9747e2712c1fc1434acecff87f96a380d70a8648 (diff) | |
add goprecords.f3s.buetow.org
| -rw-r--r-- | f3s/pkgrepo/helm-chart/templates/configmap-nginx.yaml | 5 | ||||
| -rw-r--r-- | frontends/Rexfile | 48 | ||||
| -rw-r--r-- | frontends/etc/relayd.conf.tpl | 12 | ||||
| -rw-r--r-- | frontends/scripts/fooodds.txt | 1 | ||||
| -rw-r--r-- | packages/Makefile | 44 |
5 files changed, 83 insertions, 27 deletions
diff --git a/f3s/pkgrepo/helm-chart/templates/configmap-nginx.yaml b/f3s/pkgrepo/helm-chart/templates/configmap-nginx.yaml index e575401..159262c 100644 --- a/f3s/pkgrepo/helm-chart/templates/configmap-nginx.yaml +++ b/f3s/pkgrepo/helm-chart/templates/configmap-nginx.yaml @@ -29,6 +29,11 @@ data: autoindex on; } + # Rocky Linux dnf repository + location /rockylinux/ { + autoindex on; + } + # Health check endpoint for k8s probes location = /healthz { return 200 "ok"; diff --git a/frontends/Rexfile b/frontends/Rexfile index 1cf1979..f44a33c 100644 --- a/frontends/Rexfile +++ b/frontends/Rexfile @@ -85,7 +85,7 @@ our $secrets = sub { read_file './secrets/' . shift }; # k3s cluster running on FreeBSD in my LAN our @f3s_hosts = - qw/f3s.buetow.org pihole.f3s.buetow.org jellyfin.f3s.buetow.org navidrome.f3s.buetow.org git.f3s.buetow.org cgit.f3s.buetow.org immich.f3s.buetow.org argocd.f3s.buetow.org keybr.f3s.buetow.org anki.f3s.buetow.org bag.f3s.buetow.org flux.f3s.buetow.org audiobookshelf.f3s.buetow.org garage.f3s.buetow.org grafana.f3s.buetow.org radicale.f3s.buetow.org syncthing.f3s.buetow.org koreader.f3s.buetow.org filebrowser.f3s.buetow.org webdav.f3s.buetow.org pkgrepo.f3s.buetow.org ipv6test.f3s.buetow.org ipv4.ipv6test.f3s.buetow.org ipv6.ipv6test.f3s.buetow.org/; + qw/f3s.buetow.org pihole.f3s.buetow.org jellyfin.f3s.buetow.org navidrome.f3s.buetow.org git.f3s.buetow.org cgit.f3s.buetow.org immich.f3s.buetow.org argocd.f3s.buetow.org keybr.f3s.buetow.org anki.f3s.buetow.org bag.f3s.buetow.org flux.f3s.buetow.org audiobookshelf.f3s.buetow.org garage.f3s.buetow.org grafana.f3s.buetow.org radicale.f3s.buetow.org syncthing.f3s.buetow.org koreader.f3s.buetow.org filebrowser.f3s.buetow.org webdav.f3s.buetow.org pkgrepo.f3s.buetow.org goprecords.f3s.buetow.org ipv6test.f3s.buetow.org ipv4.ipv6test.f3s.buetow.org ipv6.ipv6test.f3s.buetow.org/; # optionally, only enable manually for temp time, as no password protection yet # push @f3s_hosts, 'registry.f3s.buetow.org'; @@ -155,9 +155,9 @@ task 'hosts_wg', sub { my @lines = split /\n/, read_file('./etc/hosts.wg.append'); for my $line (@lines) { - next if $line =~ /^\s*#/; - next if $line =~ /^\s*$/; - append_if_no_such_line '/etc/hosts', $line; + next if $line =~ /^\s*#/; + next if $line =~ /^\s*$/; + append_if_no_such_line '/etc/hosts', $line; } }; @@ -485,16 +485,17 @@ task 'dtail_install', # Remove any previously manually deployed binaries not managed by pkg my $pkg_check = run 'pkg_info dtail 2>/dev/null'; if ( $? != 0 ) { - for my $bin (qw(dserver dcat dgrep dmap dtail dtailhealth)) { - if ( is_file("/usr/local/bin/$bin") ) { - Rex::Logger::info("Removing manually installed $bin binary..."); - run "rm -f /usr/local/bin/$bin"; + for my $bin (qw(dserver dcat dgrep dmap dtail dtailhealth)) { + if ( is_file("/usr/local/bin/$bin") ) { + Rex::Logger::info("Removing manually installed $bin binary..."); + run "rm -f /usr/local/bin/$bin"; + } } - } } # Install or update from custom repo (packages signed with signify) - say run 'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u dtail || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add dtail'; + say run +'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u dtail || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add dtail'; }; # Set up the dserver service user, daily key cache cron, and start dserver. @@ -515,6 +516,7 @@ task 'dtail', }; desc 'Installing Gogios binary'; + # Configure the custom package repository on OpenBSD frontends. # Adds PKG_PATH to root's .profile so custom packages are available # alongside the official OpenBSD repo. Packages are signed with signify; @@ -523,7 +525,7 @@ desc 'Setup custom package repo on OpenBSD frontends'; task 'pkgrepo_setup', group => 'frontends', sub { - my $custom_repo = 'https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/'; + my $custom_repo = 'https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/'; my $profile_line = "export PKG_PATH=\"${custom_repo}\""; append_if_no_such_line '/root/.profile', $profile_line; @@ -538,21 +540,23 @@ task 'gogios_install', chomp $os; if ( $os eq 'OpenBSD' ) { - # Remove any previously manually deployed binary not managed by pkg - my $pkg_check = run 'pkg_info gogios 2>/dev/null'; - if ( $? != 0 && is_file('/usr/local/bin/gogios') ) { - Rex::Logger::info('Removing manually installed gogios binary...'); - run 'rm -f /usr/local/bin/gogios'; - } - - # Install or update from custom repo (packages signed with signify) - say run 'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u gogios || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add gogios'; + + # Remove any previously manually deployed binary not managed by pkg + my $pkg_check = run 'pkg_info gogios 2>/dev/null'; + if ( $? != 0 && is_file('/usr/local/bin/gogios') ) { + Rex::Logger::info('Removing manually installed gogios binary...'); + run 'rm -f /usr/local/bin/gogios'; + } + + # Install or update from custom repo (packages signed with signify) + say run +'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u gogios || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add gogios'; } elsif ( $os eq 'FreeBSD' ) { - say run 'pkg update -r custom && pkg install -y gogios'; + say run 'pkg update -r custom && pkg install -y gogios'; } else { - Rex::Logger::info("Unsupported OS: $os", 'error'); + Rex::Logger::info( "Unsupported OS: $os", 'error' ); } say run 'gogios -version'; diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl index 29f5875..f850dd2 100644 --- a/frontends/etc/relayd.conf.tpl +++ b/frontends/etc/relayd.conf.tpl @@ -124,9 +124,11 @@ relay "https4" { session timeout 300 # Primary: f3s cluster (with health checks) - Falls back to localhost when all hosts down forward to <f3s> port 80 check tcp - # Static landing page is routed through a local relay so it can fall back to localhost - forward to <f3s_static_proxy> port 18080 check tcp forward to <localhost> port 8080 check http "/" code 200 + # Static landing page is routed through a local relay so it can fall back to localhost. + # Listed after localhost so it does NOT become a general fallback for k3s failures; + # only reached via explicit "match ... forward to <f3s_static_proxy>" rules. + forward to <f3s_static_proxy> port 18080 check tcp # Registry uses separate port and table forward to <f3s_registry> port 30001 check tcp # Jellyfin uses NodePorts (bypasses Traefik) @@ -141,9 +143,11 @@ relay "https6" { session timeout 300 # Primary: f3s cluster (with health checks) - Falls back to localhost when all hosts down forward to <f3s> port 80 check tcp - # Static landing page is routed through a local relay so it can fall back to localhost - forward to <f3s_static_proxy> port 18080 check tcp forward to <localhost> port 8080 check http "/" code 200 + # Static landing page is routed through a local relay so it can fall back to localhost. + # Listed after localhost so it does NOT become a general fallback for k3s failures; + # only reached via explicit "match ... forward to <f3s_static_proxy>" rules. + forward to <f3s_static_proxy> port 18080 check tcp # Registry uses separate port and table forward to <f3s_registry> port 30001 check tcp # Jellyfin uses NodePorts (bypasses Traefik) diff --git a/frontends/scripts/fooodds.txt b/frontends/scripts/fooodds.txt index 0e08bdd..ce77b4d 100644 --- a/frontends/scripts/fooodds.txt +++ b/frontends/scripts/fooodds.txt @@ -185,6 +185,7 @@ robots.txt /sites .sql /ueditor +/target.html /vendor @vite wordpress diff --git a/packages/Makefile b/packages/Makefile index 4933872..e9d115c 100644 --- a/packages/Makefile +++ b/packages/Makefile @@ -7,6 +7,7 @@ # # Multi-binary / CGo packages (built natively on OpenBSD build VM): # make dtail-openbsd # DTail for OpenBSD +# make dtail-rocky # DTail RPM repo for Rocky Linux 9 (x86_64 + aarch64) # # Build VM management: # make buildvm-start # boot the OpenBSD build VM @@ -34,6 +35,9 @@ FREEBSD_SCP := scp -P 22 OPENBSD_HOST := rex@fishfinger.buetow.org OPENBSD_SSH := ssh OPENBSD_SCP := scp +ROCKY_ARM_BUILD_HOST := paul@pi0.lan.buetow.org +ROCKY_ARM_SSH := ssh -p 22 +ROCKY_ARM_SCP := scp -P 22 # Local OpenBSD build VM (QEMU/KVM) for native compilation BUILDVM_SSH := ssh -o StrictHostKeyChecking=no -p 2222 @@ -46,6 +50,9 @@ PV_BASE := /data/nfs/k3svolumes/pkgrepo FREEBSD_REPO := freebsd/FreeBSD:15:amd64/latest OPENBSD_VERSION := 7.8 OPENBSD_REPO := openbsd/$(OPENBSD_VERSION)/packages/amd64 +ROCKY_VERSION := 9 +ROCKY_REPO := rockylinux/$(ROCKY_VERSION) +CONTAINER_ENGINE ?= podman # Defaults for package metadata COMMENT ?= $(NAME) @@ -64,8 +71,9 @@ DTAIL_SRC := /home/paul/git/dtail DTAIL_VERSION = $(shell grep 'Version string' $(DTAIL_SRC)/internal/version/version.go | sed 's/.*"\(.*\)"/\1/') DTAIL_BINARIES := dserver dcat dgrep dmap dtail dtailhealth CONF_FRONTENDS := $(abspath $(dir $(abspath $(lastword $(MAKEFILE_LIST))))../frontends) +DTAIL_RPM_FILES := $(abspath $(dir $(abspath $(lastword $(MAKEFILE_LIST))))files/dtail-rocky) -.PHONY: pkg pkg-freebsd pkg-openbsd dtail-openbsd check-vars clean +.PHONY: pkg pkg-freebsd pkg-openbsd dtail-openbsd dtail-rocky check-vars clean .PHONY: buildvm-start buildvm-stop buildvm-ensure # --- Build VM management --- @@ -177,6 +185,40 @@ dtail-openbsd: /tmp/dtail-binaries/.built rm -rf /tmp/dtail-binaries /tmp/dtail-$(DTAIL_VERSION).tgz @echo "OpenBSD package dtail-$(DTAIL_VERSION) uploaded to repo" +# Build RPMs for Rocky Linux 9 (x86_64 + aarch64), generate repodata, and upload to the PV. +dtail-rocky: + @echo "Packaging dtail $(DTAIL_VERSION) for Rocky Linux $(ROCKY_VERSION)..." + rm -rf /tmp/dtail-rocky-repo /tmp/dtail-rocky-upload /tmp/dtail-rocky-aarch64-root + mkdir -p /tmp/dtail-rocky-repo/x86_64 /tmp/dtail-rocky-repo/aarch64 + $(SCRIPTS)/pkg-dtail-rpm.sh x86_64 '$(DTAIL_VERSION)' '$(DTAIL_SRC)' '$(DTAIL_RPM_FILES)' /tmp/dtail-rocky-repo/x86_64 + mkdir -p /tmp/dtail-rocky-aarch64-root/usr/local/bin /tmp/dtail-rocky-aarch64-root/etc/dserver /tmp/dtail-rocky-aarch64-root/usr/lib/systemd/system /tmp/dtail-rocky-aarch64-root/usr/share/licenses/dtail + cd $(DTAIL_SRC) && for bin in $(DTAIL_BINARIES); do \ + CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -tags nozstd -o /tmp/dtail-rocky-aarch64-root/usr/local/bin/$$bin ./cmd/$$bin/main.go || exit 1; \ + done + install -m 0644 $(DTAIL_RPM_FILES)/dtail.json /tmp/dtail-rocky-aarch64-root/etc/dserver/dtail.json + install -m 0755 $(DTAIL_RPM_FILES)/dserver-update-key-cache.sh /tmp/dtail-rocky-aarch64-root/usr/local/bin/dserver-update-key-cache.sh + install -m 0644 $(DTAIL_RPM_FILES)/dserver.service /tmp/dtail-rocky-aarch64-root/usr/lib/systemd/system/dserver.service + install -m 0644 $(DTAIL_RPM_FILES)/dserver-update-keycache.service /tmp/dtail-rocky-aarch64-root/usr/lib/systemd/system/dserver-update-keycache.service + install -m 0644 $(DTAIL_RPM_FILES)/dserver-update-keycache.timer /tmp/dtail-rocky-aarch64-root/usr/lib/systemd/system/dserver-update-keycache.timer + install -m 0644 $(DTAIL_SRC)/LICENSE /tmp/dtail-rocky-aarch64-root/usr/share/licenses/dtail/LICENSE + $(ROCKY_ARM_SSH) $(ROCKY_ARM_BUILD_HOST) "rm -rf /tmp/dtail-rocky-aarch64-root /tmp/dtail-rocky-aarch64-out /tmp/pkg-dtail-rpm.sh" + $(ROCKY_ARM_SCP) -r /tmp/dtail-rocky-aarch64-root $(ROCKY_ARM_BUILD_HOST):/tmp/dtail-rocky-aarch64-root + $(ROCKY_ARM_SCP) $(SCRIPTS)/pkg-dtail-rpm.sh $(ROCKY_ARM_BUILD_HOST):/tmp/pkg-dtail-rpm.sh + $(ROCKY_ARM_SSH) $(ROCKY_ARM_BUILD_HOST) "chmod +x /tmp/pkg-dtail-rpm.sh && mkdir -p /tmp/dtail-rocky-aarch64-out && DTAIL_PREBUILT_ROOT=/tmp/dtail-rocky-aarch64-root /tmp/pkg-dtail-rpm.sh aarch64 '$(DTAIL_VERSION)' '$(DTAIL_SRC)' '$(DTAIL_RPM_FILES)' /tmp/dtail-rocky-aarch64-out" + $(ROCKY_ARM_SCP) $(ROCKY_ARM_BUILD_HOST):/tmp/dtail-rocky-aarch64-out/*.rpm /tmp/dtail-rocky-repo/aarch64/ + $(ROCKY_ARM_SSH) $(ROCKY_ARM_BUILD_HOST) "rm -rf /tmp/dtail-rocky-aarch64-root /tmp/dtail-rocky-aarch64-out /tmp/pkg-dtail-rpm.sh" + rm -rf /tmp/dtail-rocky-aarch64-root + $(CONTAINER_ENGINE) run --rm -v /tmp/dtail-rocky-repo:/repo:Z docker.io/library/rockylinux:9 \ + bash -lc 'dnf -qy install createrepo_c >/dev/null && createrepo_c /repo/x86_64 >/dev/null && createrepo_c /repo/aarch64 >/dev/null' + mkdir -p /tmp/dtail-rocky-upload/$(ROCKY_VERSION) + cp -R /tmp/dtail-rocky-repo/x86_64 /tmp/dtail-rocky-upload/$(ROCKY_VERSION)/ + cp -R /tmp/dtail-rocky-repo/aarch64 /tmp/dtail-rocky-upload/$(ROCKY_VERSION)/ + $(FREEBSD_SCP) -r /tmp/dtail-rocky-upload $(FREEBSD_HOST):/tmp/dtail-rocky-upload + $(FREEBSD_SSH) $(FREEBSD_HOST) "doas mkdir -p $(PV_BASE)/rockylinux && doas rm -rf $(PV_BASE)/$(ROCKY_REPO) && doas cp -R /tmp/dtail-rocky-upload/$(ROCKY_VERSION) $(PV_BASE)/rockylinux/ && rm -rf /tmp/dtail-rocky-upload" + rm -rf /tmp/dtail-rocky-repo /tmp/dtail-rocky-upload + @echo "Rocky Linux repo updated at $(PV_BASE)/$(ROCKY_REPO)" + clean: rm -f /tmp/$(NAME)-freebsd /tmp/$(NAME)-openbsd /tmp/$(NAME)-*.tgz rm -rf /tmp/dtail-binaries /tmp/dtail-*.tgz + rm -rf /tmp/dtail-rocky-repo /tmp/dtail-rocky-upload /tmp/dtail-rocky-aarch64-root |