From 4cb5c07b1b01ad468a2fb3c2acb4cf504fb66274 Mon Sep 17 00:00:00 2001 From: Dorian Date: Sun, 19 Apr 2026 09:54:12 -0400 Subject: [PATCH] fix(iso): 3 first-boot issues from .198 reinstall report MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. nostr-vpn still failing despite last mask attempt — confirmed in the 6th ISO's rootfs.tar: the .service file was present but not in multi-user.target.wants. Previous `systemctl mask` silently no-oped because the real file was already there. Fixed properly with explicit `rm -f` + `ln -sf /dev/null` for nostr-vpn, archipelago-wg, and archipelago-wg-address — same /dev/null symlink state that `mask` would produce on a clean install. 2. Kiosk didn't come up on first boot, only on reboot. Extended the ExecStartPre health-poll from 30s → 120s (unbundled ISO takes longer to settle on first boot: archipelago initializes state, pulls FileBrowser, frontend settles), raised TimeoutStartSec to 180s, and added After=systemd-user-sessions.service + After=network-online.target so X / Chromium aren't racing. 3. /init: line 29: can't create /root/etc/network/interfaces error on installer boot — debootstrap --variant=minbase omits ifupdown so the target has no /etc/network/ directory, and live-boot's init tries to seed it. Non-fatal but noisy. Added ifupdown + isc-dhcp-client to the debootstrap --include list. Co-Authored-By: Claude Opus 4.7 (1M context) --- image-recipe/build-auto-installer-iso.sh | 21 +++++++++++++++---- .../configs/archipelago-kiosk.service | 13 ++++++++---- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index 735ee04d..f028bd50 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -465,10 +465,18 @@ RUN systemctl mask archipelago-fips.service || true # Same rationale for nostr-vpn and wireguard helpers — their env files # don't exist until onboarding completes, so leaving these "enabled" # (the default from WantedBy=multi-user.target) produces a red -# [FAILED] in the boot MOTD every reboot. Mask by default; the -# onboarding flow / fips.install-equivalent RPC handlers unmask and -# start them once their prerequisites are on disk. -RUN systemctl mask nostr-vpn.service archipelago-wg.service archipelago-wg-address.service || true +# [FAILED] in the boot MOTD every reboot. Mask by replacing each +# .service with a /dev/null symlink — plain `systemctl mask` refuses +# to clobber the real files we just COPY'd in, so the previous +# attempt left the services installable via dependency chains +# (nostr-relay has Before=nostr-vpn, which pulls it in). Explicit +# rm + ln -sf creates the proper masked state. The onboarding flow +# removes the symlink and drops in a configured service when env +# files are in place. +RUN for svc in nostr-vpn archipelago-wg archipelago-wg-address; do \\ + rm -f /etc/systemd/system/$svc.service; \\ + ln -sf /dev/null /etc/systemd/system/$svc.service; \\ + done # Remove policy-rc.d so services can start on first boot RUN rm -f /usr/sbin/policy-rc.d @@ -660,11 +668,16 @@ apt-get install -y -qq debootstrap squashfs-tools initramfs-tools dosfstools mto grub-efi-amd64-bin grub-pc-bin grub-common isolinux syslinux-common echo " [container] Running debootstrap --variant=minbase..." +# ifupdown + isc-dhcp-client added because live-boot's /init writes +# /etc/network/interfaces on the target — without ifupdown, /etc/network/ +# doesn't exist and the initramfs throws a non-fatal but noisy +# "can't create /root/etc/network/interfaces: nonexistent directory". debootstrap --variant=minbase --arch=${DEB_ARCH} \ --include=systemd,systemd-sysv,udev,dbus,bash,coreutils,mount,util-linux,\ kmod,procps,iproute2,ca-certificates,gdisk,\ cryptsetup,cryptsetup-initramfs,parted,dosfstools,e2fsprogs,\ linux-image-${DEB_ARCH},grub-efi-${DEB_ARCH},grub-pc-bin,\ +ifupdown,isc-dhcp-client,\ pciutils,usbutils,less,nano \ trixie /installer http://deb.debian.org/debian diff --git a/image-recipe/configs/archipelago-kiosk.service b/image-recipe/configs/archipelago-kiosk.service index 110bacb5..59492658 100644 --- a/image-recipe/configs/archipelago-kiosk.service +++ b/image-recipe/configs/archipelago-kiosk.service @@ -1,15 +1,20 @@ [Unit] Description=Archipelago Kiosk (X11 + Chromium) -After=archipelago.service -Wants=archipelago.service +After=archipelago.service systemd-user-sessions.service network-online.target +Wants=archipelago.service network-online.target ConditionPathExists=/usr/local/bin/archipelago-kiosk-launcher Conflicts=getty@tty1.service [Service] Type=simple -ExecStartPre=/bin/bash -c 'for i in $(seq 1 15); do curl -sf http://localhost/health >/dev/null 2>&1 && exit 0; sleep 2; done; exit 0' +# Wait up to 120s for archipelago to serve /health. On first boot it +# can take longer than 30s — the backend initialises state, unbundled +# ISO pulls FileBrowser, and the frontend dist has to settle. The +# previous 30s cap was firing Chromium at a not-yet-ready backend and +# the resulting blank window only recovered on reboot. +ExecStartPre=/bin/bash -c 'for i in $(seq 1 60); do curl -sf http://localhost/health >/dev/null 2>&1 && break; sleep 2; done' ExecStart=/usr/local/bin/archipelago-kiosk-launcher -TimeoutStartSec=60 +TimeoutStartSec=180 Restart=always RestartSec=5