diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index 735ee04d..f028bd50 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -465,10 +465,18 @@ RUN systemctl mask archipelago-fips.service || true # Same rationale for nostr-vpn and wireguard helpers — their env files # don't exist until onboarding completes, so leaving these "enabled" # (the default from WantedBy=multi-user.target) produces a red -# [FAILED] in the boot MOTD every reboot. Mask by default; the -# onboarding flow / fips.install-equivalent RPC handlers unmask and -# start them once their prerequisites are on disk. -RUN systemctl mask nostr-vpn.service archipelago-wg.service archipelago-wg-address.service || true +# [FAILED] in the boot MOTD every reboot. Mask by replacing each +# .service with a /dev/null symlink — plain `systemctl mask` refuses +# to clobber the real files we just COPY'd in, so the previous +# attempt left the services installable via dependency chains +# (nostr-relay has Before=nostr-vpn, which pulls it in). Explicit +# rm + ln -sf creates the proper masked state. The onboarding flow +# removes the symlink and drops in a configured service when env +# files are in place. +RUN for svc in nostr-vpn archipelago-wg archipelago-wg-address; do \\ + rm -f /etc/systemd/system/$svc.service; \\ + ln -sf /dev/null /etc/systemd/system/$svc.service; \\ + done # Remove policy-rc.d so services can start on first boot RUN rm -f /usr/sbin/policy-rc.d @@ -660,11 +668,16 @@ apt-get install -y -qq debootstrap squashfs-tools initramfs-tools dosfstools mto grub-efi-amd64-bin grub-pc-bin grub-common isolinux syslinux-common echo " [container] Running debootstrap --variant=minbase..." +# ifupdown + isc-dhcp-client added because live-boot's /init writes +# /etc/network/interfaces on the target — without ifupdown, /etc/network/ +# doesn't exist and the initramfs throws a non-fatal but noisy +# "can't create /root/etc/network/interfaces: nonexistent directory". debootstrap --variant=minbase --arch=${DEB_ARCH} \ --include=systemd,systemd-sysv,udev,dbus,bash,coreutils,mount,util-linux,\ kmod,procps,iproute2,ca-certificates,gdisk,\ cryptsetup,cryptsetup-initramfs,parted,dosfstools,e2fsprogs,\ linux-image-${DEB_ARCH},grub-efi-${DEB_ARCH},grub-pc-bin,\ +ifupdown,isc-dhcp-client,\ pciutils,usbutils,less,nano \ trixie /installer http://deb.debian.org/debian diff --git a/image-recipe/configs/archipelago-kiosk.service b/image-recipe/configs/archipelago-kiosk.service index 110bacb5..59492658 100644 --- a/image-recipe/configs/archipelago-kiosk.service +++ b/image-recipe/configs/archipelago-kiosk.service @@ -1,15 +1,20 @@ [Unit] Description=Archipelago Kiosk (X11 + Chromium) -After=archipelago.service -Wants=archipelago.service +After=archipelago.service systemd-user-sessions.service network-online.target +Wants=archipelago.service network-online.target ConditionPathExists=/usr/local/bin/archipelago-kiosk-launcher Conflicts=getty@tty1.service [Service] Type=simple -ExecStartPre=/bin/bash -c 'for i in $(seq 1 15); do curl -sf http://localhost/health >/dev/null 2>&1 && exit 0; sleep 2; done; exit 0' +# Wait up to 120s for archipelago to serve /health. On first boot it +# can take longer than 30s — the backend initialises state, unbundled +# ISO pulls FileBrowser, and the frontend dist has to settle. The +# previous 30s cap was firing Chromium at a not-yet-ready backend and +# the resulting blank window only recovered on reboot. +ExecStartPre=/bin/bash -c 'for i in $(seq 1 60); do curl -sf http://localhost/health >/dev/null 2>&1 && break; sleep 2; done' ExecStart=/usr/local/bin/archipelago-kiosk-launcher -TimeoutStartSec=60 +TimeoutStartSec=180 Restart=always RestartSec=5