When trying to use newer versions of pip on a remote headless system, it requires keyring access, or will at least use it if present. When running poetry installed via pipx, it installs keyring and it all breaks. Here's how I fixed it today.
Install development headers (assumes build tools already installed).
sudo apt install -y libkeyutils-devEnter the bin dir for the poetry pipx environment and install the keyutils extension for keyring.
| #!/bin/env python3 | |
| import libvirt | |
| import pathlib | |
| conn = libvirt.open("qemu:///system") | |
| template_pool = conn.storagePoolLookupByName("default") | |
| image_filename = "fedora-cloud-base-38-x86_64.qcow2" | |
| spool_file = pathlib.Path("Fedora-Cloud-Base-38-1.6.x86_64.qcow2") | |
| # Size from output of `qemu-img info --output=json Fedora-Cloud-Base-38-1.6.x86_64.qcow2` |
If you're going to create several nspawn containers, you can save some disk
space by using overlayfs to use a common base. Follow the instructions in the
unifi-utilities documentation
for UnifiOS 3.0+ containers. I called my container debian-base.
Next, we need an upperdir where the file changes are saved and a workdir
where temporary file changes are saved. I'm going to create a container for
multicast-relay, replacing the podman container
| #!/bin/bash | |
| # Place at /etc/NetworkManager/dispatcher.d/15-activate_home_vlans.sh | |
| # chown root:root | |
| # chmod 0755 | |
| # This is the UUID for the connection entry representing your home network (mine is called "Wired - Home") | |
| HOME_UUID="c09ab0ba-58e0-4c89-ad52-58bd39a63ad4" | |
| # This is an array listing all the VLAN connections (or others, I guess) | |
| # that you want to de/activate when you connect to the home network |
| # ~/.config/direnv/direnvrc | |
| # Adapted from https://rgoswami.me/posts/poetry-direnv/ | |
| layout_poetry() { | |
| if [[ ! -f pyproject.toml ]]; then | |
| log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.' | |
| exit 2 | |
| fi | |
| # create venv if it doesn't exist | |
| poetry run true |
| # This assumes you have already setup a LUKS volume with a password (which you will need for this process) | |
| # This process will create a recovery key (which you need to save in a safe place), enroll a LUKS key in the | |
| # TPM using PCR 7 to check secure boot state (see https://www.freedesktop.org/software/systemd/man/systemd-cryptenroll.html). | |
| # Finally, it will remove the password, leaving the TPM and the recovery key. You will need the recovery key | |
| # if you install a firmware update that modifies the secure boot state | |
| # !!!! WARNING - WARNING - WARNING !!!! | |
| # I recommend you copy/paste this and do it one line at a time, not automated in a for loop | |
| # like below. I wrote it this way to serve more as documentation. If this doesn't go right, you'll have | |
| # a storage volume(s) full of random data that is irrecoverable. |
| pactl set-source-output-mute "$( \ | |
| pactl list source-outputs | \ | |
| perl -ne '/^Source Output #(\d+)/ && { $sourceid=$1 }; /^\s+node.name = \"ZOOM VoiceEngine\"/ && print $sourceid;'\ | |
| )" toggle |
| #!/bin/sh | |
| # file: /mnt/data/on_boot.d/30-ssdp-relay.sh | |
| # See https://github.com/unifi-utilities/unifios-utilities | |
| # for info on how to setup on-boot scripts | |
| CONTAINER="ssdp-relay" | |
| # Specify which interfaces to relay, number is VLAN number | |
| INTERFACES="br10 br20" |
| # ~/.config/direnv/direnvrc | |
| layout_poetry() { | |
| if [[ ! -f pyproject.toml ]]; then | |
| log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.' | |
| exit 2 | |
| fi | |
| # create venv if it doesn't exist | |
| poetry run true |