dcode

README

The goal of this gist is to setup waypipe to automically run locally on user login and remotely when you connect to it. In both cases, this is managed by systemd user session and assumes that is running. This took way too long to figure out, so I hope it helps someone (or me) in the future.

Instructions

Local

dcode

When trying to use newer versions of pip on a remote headless system, it requires keyring access, or will at least use it if present. When running poetry installed via pipx, it installs keyring and it all breaks. Here's how I fixed it today.

Install development headers (assumes build tools already installed).

sudo apt install -y libkeyutils-dev

Enter the bin dir for the poetry pipx environment and install the keyutils extension for keyring.

dcode

#!/bin/env python3
import libvirt
import pathlib

conn = libvirt.open("qemu:///system")
template_pool = conn.storagePoolLookupByName("default")
image_filename = "fedora-cloud-base-38-x86_64.qcow2"
spool_file = pathlib.Path("Fedora-Cloud-Base-38-1.6.x86_64.qcow2")

# Size from output of `qemu-img info --output=json Fedora-Cloud-Base-38-1.6.x86_64.qcow2`

dcode

Create the filesystem overlay

If you're going to create several nspawn containers, you can save some disk space by using overlayfs to use a common base. Follow the instructions in the unifi-utilities documentation for UnifiOS 3.0+ containers. I called my container debian-base.

Next, we need an upperdir where the file changes are saved and a workdir where temporary file changes are saved. I'm going to create a container for multicast-relay, replacing the podman container

dcode

#!/bin/bash
# Place at /etc/NetworkManager/dispatcher.d/15-activate_home_vlans.sh 
# chown root:root
# chmod 0755

# This is the UUID for the connection entry representing your home network (mine is called "Wired - Home")
HOME_UUID="c09ab0ba-58e0-4c89-ad52-58bd39a63ad4"

# This is an array listing all the VLAN connections (or others, I guess) 
# that you want to de/activate when you connect to the home network

dcode

# ~/.config/direnv/direnvrc
# Adapted from https://rgoswami.me/posts/poetry-direnv/
layout_poetry() {
  if [[ ! -f pyproject.toml ]]; then
    log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.'
    exit 2
  fi

  # create venv if it doesn't exist
  poetry run true

dcode

# This assumes you have already setup a LUKS volume with a password (which you will need for this process)
# This process will create a recovery key (which you need to save in a safe place), enroll a LUKS key in the
# TPM using PCR 7 to check secure boot state (see https://www.freedesktop.org/software/systemd/man/systemd-cryptenroll.html).
# Finally, it will remove the password, leaving the TPM and the recovery key. You will need the recovery key
# if you install a firmware update that modifies the secure boot state

# !!!! WARNING - WARNING - WARNING !!!!
# I recommend you copy/paste this and do it one line at a time, not automated in a for loop
# like below. I wrote it this way to serve more as documentation. If this doesn't go right, you'll have
# a storage volume(s) full of random data that is irrecoverable.

dcode

pactl set-source-output-mute "$( \
  pactl list  source-outputs | \
  perl -ne '/^Source Output #(\d+)/ && { $sourceid=$1 }; /^\s+node.name = \"ZOOM VoiceEngine\"/ && print $sourceid;'\
  )" toggle

dcode

#!/bin/sh
# file: /mnt/data/on_boot.d/30-ssdp-relay.sh
# See https://github.com/unifi-utilities/unifios-utilities
# for info on how to setup on-boot scripts

CONTAINER="ssdp-relay"

# Specify which interfaces to relay, number is VLAN number
INTERFACES="br10 br20"

dcode

# ~/.config/direnv/direnvrc
layout_poetry() {
  if [[ ! -f pyproject.toml ]]; then
    log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.'
    exit 2
  fi

  # create venv if it doesn't exist
  poetry run true