The goal of this gist is to setup waypipe to automically run locally on user login and remotely when you connect to it. In both cases, this is managed by systemd user session and assumes that is running. This took way too long to figure out, so I hope it helps someone (or me) in the future.
When trying to use newer versions of pip on a remote headless system, it requires keyring access, or will at least use it if present. When running poetry installed via pipx, it installs keyring and it all breaks. Here's how I fixed it today.
Install development headers (assumes build tools already installed).
sudo apt install -y libkeyutils-dev
Enter the bin dir for the poetry pipx environment and install the keyutils extension for keyring.
#!/bin/env python3 | |
import libvirt | |
import pathlib | |
conn = libvirt.open("qemu:///system") | |
template_pool = conn.storagePoolLookupByName("default") | |
image_filename = "fedora-cloud-base-38-x86_64.qcow2" | |
spool_file = pathlib.Path("Fedora-Cloud-Base-38-1.6.x86_64.qcow2") | |
# Size from output of `qemu-img info --output=json Fedora-Cloud-Base-38-1.6.x86_64.qcow2` |
If you're going to create several nspawn containers, you can save some disk
space by using overlayfs to use a common base. Follow the instructions in the
unifi-utilities documentation
for UnifiOS 3.0+ containers. I called my container debian-base
.
Next, we need an upperdir
where the file changes are saved and a workdir
where temporary file changes are saved. I'm going to create a container for
multicast-relay, replacing the podman container
#!/bin/bash | |
# Place at /etc/NetworkManager/dispatcher.d/15-activate_home_vlans.sh | |
# chown root:root | |
# chmod 0755 | |
# This is the UUID for the connection entry representing your home network (mine is called "Wired - Home") | |
HOME_UUID="c09ab0ba-58e0-4c89-ad52-58bd39a63ad4" | |
# This is an array listing all the VLAN connections (or others, I guess) | |
# that you want to de/activate when you connect to the home network |
# ~/.config/direnv/direnvrc | |
# Adapted from https://rgoswami.me/posts/poetry-direnv/ | |
layout_poetry() { | |
if [[ ! -f pyproject.toml ]]; then | |
log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.' | |
exit 2 | |
fi | |
# create venv if it doesn't exist | |
poetry run true |
# This assumes you have already setup a LUKS volume with a password (which you will need for this process) | |
# This process will create a recovery key (which you need to save in a safe place), enroll a LUKS key in the | |
# TPM using PCR 7 to check secure boot state (see https://www.freedesktop.org/software/systemd/man/systemd-cryptenroll.html). | |
# Finally, it will remove the password, leaving the TPM and the recovery key. You will need the recovery key | |
# if you install a firmware update that modifies the secure boot state | |
# !!!! WARNING - WARNING - WARNING !!!! | |
# I recommend you copy/paste this and do it one line at a time, not automated in a for loop | |
# like below. I wrote it this way to serve more as documentation. If this doesn't go right, you'll have | |
# a storage volume(s) full of random data that is irrecoverable. |
pactl set-source-output-mute "$( \ | |
pactl list source-outputs | \ | |
perl -ne '/^Source Output #(\d+)/ && { $sourceid=$1 }; /^\s+node.name = \"ZOOM VoiceEngine\"/ && print $sourceid;'\ | |
)" toggle |
#!/bin/sh | |
# file: /mnt/data/on_boot.d/30-ssdp-relay.sh | |
# See https://github.com/unifi-utilities/unifios-utilities | |
# for info on how to setup on-boot scripts | |
CONTAINER="ssdp-relay" | |
# Specify which interfaces to relay, number is VLAN number | |
INTERFACES="br10 br20" |
# ~/.config/direnv/direnvrc | |
layout_poetry() { | |
if [[ ! -f pyproject.toml ]]; then | |
log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.' | |
exit 2 | |
fi | |
# create venv if it doesn't exist | |
poetry run true |