Mercurial > code > home > repos > infra

changeset 320:11d3bcedb9f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updates for tofu rebuild; some dead code; start moving tasks into subdirs with their files and templates
author drewp@bigasterisk.com
date Fri, 08 Nov 2024 23:16:56 -0800
parents 2e6dbebb2cb3
children 06f6daf66686
files apt.py apt/apt.py apt/templates/more.sources.j2 apt/templates/sources.list.j2 apt/templates/ubuntu.sources.j2 dns.py files/fstab/tofu files/net/bang_10.2.network home.py inventory.py net.py tasks.py templates/dnsmasq/hosts.j2 templates/sources.list.j2
diffstat 14 files changed, 234 insertions(+), 177 deletions(-) [+]
line wrap: on
line diff
--- a/apt.py	Wed Oct 16 20:47:19 2024 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,106 +0,0 @@
-import io
-from pathlib import Path
-import shlex
-from typing import cast
-from pyinfra import host
-from pyinfra.facts.files import FindFiles
-from pyinfra.facts.server import Arch, LinuxDistribution
-from pyinfra.operations import apt, files, server
-
-TZ = 'America/Los_Angeles'
-
-
-def pkg_keys():
-    files.directory(path='/etc/apt/keyrings/')  # for raspi
-    for url, name in [
-        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
-    ]:
-        files.download(src=url, dest=f'/usr/share/keyrings/{name}')
-
-    # vscode keeps making this, but I fetch my own
-    files.file(path='/etc/apt/trusted.gpg.d/microsoft.gpg', present=False)
-
-    # and it makes this, which is redundant with my sources.list template line
-    files.file(path='/etc/apt/sources.list.d/vscode.list', present=False)
-
-    apt.packages(packages=['curl', 'gpg'])
-    server.shell(commands=[
-        f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
-            ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'),
-            ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource-older.gpg'),  # rm after everything's on 23.10
-            ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'),
-            ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
-            ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'),
-            ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'),
-            ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'),
-            ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'),
-            ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
-        ]
-    ])
-    if 'pi' in host.groups or host.name == 'bang':
-        # this contaminates the apt-update
-        files.file(path="/etc/apt/trusted.gpg.d/podman.asc", present=False)
-
-    # also these
-    #-rw-r--r-- 1 root root 2794 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
-    #-rw-r--r-- 1 root root 1733 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
-
-    # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -
-
-
-dir = Path('/etc/apt/sources.list.d')
-
-
-def clear_known_sources_files(known=[
-    dir / 'vscode.list',
-    dir / 'google-chrome.list',
-    dir / 'steam-beta.list',
-    dir / 'google-chrome-unstable.list',
-    dir / 'steam-stable.list',
-    dir / 'raspi.list',
-]):
-    found = map(Path, cast(str, host.get_fact(FindFiles, dir, quote_path=True)))
-    if set(found) - set(known) - {dir / 'ubuntu.sources'}:
-        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
-    for f in known:
-        files.file(path=f, present=False)
-
-
-def apt_sources():
-    if host.get_fact(Arch) == 'x86_64':
-        server.shell(commands=['dpkg --add-architecture i386'])
-
-    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
-
-    if 'big' in host.groups or 'laptop' in host.groups or 'hosted' in host.groups:
-        files.template(src='templates/ubuntu.sources.j2', dest='/etc/apt/sources.list.d/ubuntu.sources')
-
-    clear_known_sources_files()
-    apt.packages(update=True,
-                 cache_time=86400,
-                 packages=['tzdata'],
-                 force=True,
-                 _env={
-                     'TZ': TZ,
-                     'LANG': 'en_US.UTF-8',
-                     'DEBIAN_FRONTEND': 'noninteractive'
-                 })
-
-    # squib 1st setup seemed to need more updates for node(nodesource)
-    # and steam-launcher
-
-
-def flatpak_sources():
-    apt.packages(update=True, cache_time=86400, packages=['flatpak'])
-    server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo')
-
-
-def correct_dns():
-    files.put(src=io.StringIO("nameserver 10.2.0.3\n"), dest='/etc/resolv.conf')
-
-
-if 'pi' in host.groups:
-    correct_dns()
-pkg_keys()
-apt_sources()
-flatpak_sources()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt/apt.py	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,80 @@
+import shlex
+
+from pyinfra import host
+from pyinfra.facts.server import Arch
+from pyinfra.operations import apt, files, server
+
+TZ = 'America/Los_Angeles'
+
+
+def pkg_keys():
+    files.directory(path='/etc/apt/keyrings/')  # for raspi
+    for url, name in [
+        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
+    ]:
+        files.download(src=url, dest=f'/usr/share/keyrings/{name}')
+
+    apt.packages(packages=['curl', 'gpg'])
+    server.shell(commands=[
+        f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
+            ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'),
+            ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'),
+            ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
+            ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'),
+            ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'),
+            ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'),
+            ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'),
+            ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
+        ]
+    ])
+
+    # also these
+    #-rw-r--r-- 1 root root 2794 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
+    #-rw-r--r-- 1 root root 1733 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
+
+    # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -
+
+
+def arch386():
+    server.shell(commands=['dpkg --add-architecture i386'])
+
+
+def old_deleteme_apt_sources():
+    files.template(src='apt/templates/sources.list.j2', dest='/etc/apt/sources.list')
+    apt_update()
+
+
+def apt_update():
+    apt.packages(update=True,
+                 cache_time=86400,
+                 packages=['tzdata'],
+                 force=True,
+                 _env={
+                     'TZ': TZ,
+                     'LANG': 'en_US.UTF-8',
+                     'DEBIAN_FRONTEND': 'noninteractive'
+                 })
+
+    # squib 1st setup seemed to need more updates for node(nodesource)
+    # and steam-launcher
+
+
+def flatpak_sources():
+    apt.packages(update=True, cache_time=86400, packages=['flatpak'])
+    server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo')
+
+
+if host.get_fact(Arch) == 'x86_64':
+    arch386()
+
+pkg_keys()
+using_new_sources = ['tofu']
+if host.name in using_new_sources:
+    # todo: rm /etc/apt/sources.list.d/*.list
+    files.template(src='apt/templates/ubuntu.sources.j2', dest='/etc/apt/sources.list.d/ubuntu.sources')
+    files.template(src='apt/templates/more.sources.j2', dest='/etc/apt/sources.list.d/more.sources')
+    apt_update()
+else:
+    old_deleteme_apt_sources()
+
+flatpak_sources()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt/templates/more.sources.j2	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,84 @@
+# written by pyinfra
+
+{% if 'big' in host.groups or 'laptop' in host.groups %}
+Types: deb
+URIs: http://packages.microsoft.com/repos/code
+Suites: stable
+Components: main
+Architectures: amd64
+Signed-By: /etc/apt/keyrings/ms.gpg
+
+Types: deb
+URIs: http://dl.google.com/linux/chrome/deb/
+Suites: stable
+Components: main
+Architectures: amd64
+Signed-By: /etc/apt/keyrings/chrome.gpg
+
+Types: deb
+URIs: https://repo.steampowered.com/steam/
+Suites: stable
+Components: steam
+Architectures: amd64 i386
+Signed-By: /usr/share/keyrings/steam.gpg
+
+Types: deb
+URIs: https://hub.unity3d.com/linux/repos/deb
+Suites: stable
+Components: main
+Signed-By: /etc/apt/keyrings/unityhub.gpg
+
+Types: deb
+URIs: https://deb.nodesource.com/node_18.x
+Suites: nodistro
+Components: main
+Architectures: amd64
+Signed-By: /etc/apt/keyrings/nodesource.gpg
+{% endif %}
+
+{% if host.data.get('gpu') %}
+Types: deb
+URIs: https://nvidia.github.io/libnvidia-container/stable/deb/$(ARCH)
+Suites: /
+Components: main
+Signed-By: /etc/apt/keyrings/nvidia.gpg
+{% endif %}
+
+{% if host.data.get('coral') %}
+Types: deb
+URIs: https://packages.cloud.google.com/apt
+Suites: coral-edgetpu-stable
+Components: main
+Signed-By: /etc/apt/keyrings/coral.gpg
+{% endif %}
+
+{% if host.name == 'pipe' %}
+
+todo convert
+
+# seems stuck on jammy since http://deb.odroid.in/n2/ and https://wiki.odroid.com/odroid-n2/os_images/ubuntu don't have anything newer (2023-12-28)
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://archive.canonical.com/ubuntu jammy partner
+deb [signed-by=/etc/apt/trusted.gpg] http://deb.odroid.in/n2/ jammy main
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy universe
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security universe
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates universe
+# or, if you have to get this, try: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=index&search=0xABB1931B59A40B968609F153D0392EC59F9583BA
+deb [signed-by=/etc/apt/trusted.gpg] http://ppa.launchpad.net/hardkernel/ppa/ubuntu jammy main
+{% endif %}
+
+{% if 'pi' in host.groups %}
+
+todo convert
+
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+{% endif %}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt/templates/sources.list.j2	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,42 @@
+# written by pyinfra
+
+{% if 'big' in host.groups or 'laptop' in host.groups %}
+deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/ms.gpg] http://packages.microsoft.com/repos/code stable main
+deb [arch=amd64 signed-by=/etc/apt/keyrings/chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main
+deb [arch=amd64,i386 signed-by=/usr/share/keyrings/steam.gpg] https://repo.steampowered.com/steam/ stable steam
+deb [signed-by=/etc/apt/keyrings/unityhub.gpg] https://hub.unity3d.com/linux/repos/deb stable main
+deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main
+{% endif %}
+
+{% if host.data.get('gpu') %}
+deb [signed-by=/etc/apt/keyrings/nvidia.gpg] https://nvidia.github.io/libnvidia-container/stable/deb/$(ARCH) /
+{% endif %}
+
+{% if host.data.get('coral') %}
+deb [signed-by=/etc/apt/keyrings/coral.gpg] https://packages.cloud.google.com/apt coral-edgetpu-stable main
+{% endif %}
+
+{% if host.name == 'pipe' %}
+# seems stuck on jammy since http://deb.odroid.in/n2/ and https://wiki.odroid.com/odroid-n2/os_images/ubuntu don't have anything newer (2023-12-28)
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://archive.canonical.com/ubuntu jammy partner
+deb [signed-by=/etc/apt/trusted.gpg] http://deb.odroid.in/n2/ jammy main
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy universe
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security universe
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates multiverse
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates universe
+# or, if you have to get this, try: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=index&search=0xABB1931B59A40B968609F153D0392EC59F9583BA
+deb [signed-by=/etc/apt/trusted.gpg] http://ppa.launchpad.net/hardkernel/ppa/ubuntu jammy main
+{% endif %}
+
+{% if 'pi' in host.groups %}
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+{% endif %}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt/templates/ubuntu.sources.j2	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,13 @@
+# written by pyinfra
+
+Types: deb
+URIs: http://us.archive.ubuntu.com/ubuntu
+Suites: noble noble-updates noble-backports
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu
+Suites: noble-security
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
--- a/dns.py	Wed Oct 16 20:47:19 2024 -0700
+++ b/dns.py	Fri Nov 08 23:16:56 2024 -0800
@@ -60,11 +60,6 @@
 systemd.service(service='dnsmasq', enabled=False, running=False)
 
 if host.name == 'bang':
-    files.directory(path='/opt/dnsmasq')
-
-    dnsmasq_instance('10.5', house_iface='unused', dhcp_range='unused',
-                     listen_address='unused')  # only works after wireguard is up
-# move out of this file- it's not dns
 
 def watchLeasesFile():
     """summary:
@@ -75,7 +70,8 @@
     """
     dhcp_graph_url = "http://10.5.0.7:8005"
     leases = "/opt/dnsmasq/10.2/leases"
-    files.put(dest='/etc/systemd/system/dhcp_graph_watch.path', src=StringIO(f'''
+    files.put(dest='/etc/systemd/system/dhcp_graph_watch.path',
+              src=StringIO(f'''
 [Unit]
 Description=dhcp leases file changed- run dhcp_graph_update
 After=localfs.target
@@ -88,7 +84,8 @@
 WantedBy=multi-user.target
 '''))
 
-    files.put(dest='/etc/systemd/system/dhcp_graph_update.service', src=StringIO(f'''
+    files.put(dest='/etc/systemd/system/dhcp_graph_update.service',
+              src=StringIO(f'''
 [Unit]
 Description=Send new dhcp leases content to dhcp_graph
 After=network.target
@@ -103,6 +100,7 @@
     systemd.service(service='dhcp_graph_watch.path', enabled=True, restarted=True, daemon_reload=True)
     systemd.service(service='dhcp_graph_update.service', enabled=True, restarted=True, daemon_reload=True)
 
+
 if host.name == 'pipe':
     rpi_net_boot()
     files.directory(path='/opt/dnsmasq')
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/files/fstab/tofu	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,4 @@
+# written by pyinfra
+
+# <file system> <mount point>   <type>  <options>       <dump>  <pass>
+/dev/nvme0n1p6 / ext4 rw,relatime 0 0
--- a/files/net/bang_10.2.network	Wed Oct 16 20:47:19 2024 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-# written by pyinfra
-
-[Match]
-MACAddress=60:e3:27:04:4a:85
-
-[Network]
-DHCP=no
-Address=10.2.0.1/16
-DNS=10.2.0.3
-Gateway=10.2.0.3
--- a/home.py	Wed Oct 16 20:47:19 2024 -0700
+++ b/home.py	Fri Nov 08 23:16:56 2024 -0800
@@ -7,6 +7,7 @@
     server.shell(commands=['chsh -s /bin/zsh drewp'])
     files.link(path='/home/drewp/.aptitude/config', target='../own/config/aptitude-config', force=True)
     files.link(path='/home/drewp/.config/blender',  target='../own/config/blender', force=True)
+    files.link(path='/home/drewp/.config/i3',       target='../own/config/i3', force=True)
     files.link(path='/home/drewp/.emacs.d',         target='own/config/emacs-d', force=True)
     files.link(path='/home/drewp/.fonts',           target='own/config/fonts', force=True)
     files.link(path='/home/drewp/.fvwm2rc',         target='own/config/fvwm2rc', force=True)
--- a/inventory.py	Wed Oct 16 20:47:19 2024 -0700
+++ b/inventory.py	Fri Nov 08 23:16:56 2024 -0800
@@ -25,5 +25,5 @@
 laptop = [
     ('plus',       {'drewp_uid': 501,  'drewp_gid': 1000, 'wireguard_address': '10.5.0.110','ssh_hostname': 'plus5',      'drewp_home': True,                    'syncthing': True, 'wg_roamer': True,          }),
     ('pillow',     {'drewp_uid': 1000 ,'drewp_gid': 1000, 'wireguard_address': '10.5.0.111','ssh_hostname': '10.5.0.111',                                        'syncthing': True, 'wg_roamer': True,          }),
-    ('tofu',       {'drewp_uid': 501 , 'drewp_gid': 1000, 'wireguard_address': '10.5.0.113','ssh_hostname': '10.2.0.137', 'drewp_home': True,                    'syncthing': True, 'wg_roamer': True,          }),
+   ('tofu',       {'drewp_uid': 501 , 'drewp_gid': 1000, 'wireguard_address': '10.5.0.113','ssh_hostname': '10.2.0.148', 'drewp_home': True,                    'syncthing': True, 'wg_roamer': True,          }),
 ]
--- a/net.py	Wed Oct 16 20:47:19 2024 -0700
+++ b/net.py	Fri Nov 08 23:16:56 2024 -0800
@@ -51,13 +51,6 @@
     )
     systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
 
-if host.name == 'bang':
-    cleanup()
-
-    files.template(src="files/net/bang_10.2.network", dest="/etc/systemd/network/20-10.2.network")
-    apt.packages(packages=['network-manager'], present=False)
-    systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-
 if host.name == 'pipe':
     cleanup()
 
--- a/tasks.py	Wed Oct 16 20:47:19 2024 -0700
+++ b/tasks.py	Fri Nov 08 23:16:56 2024 -0800
@@ -9,7 +9,7 @@
 
 
 def _run(ctx, s):
-    ctx.run(cmd + '--no-wait inventory.py %s' % s, pty=True, echo=True)
+    ctx.run(cmd + '--no-wait -y inventory.py %s' % s, pty=True, echo=True)
 
 
 @task
@@ -29,7 +29,7 @@
 
 @task
 def apt(ctx):
-    _run(ctx, 'apt.py')
+    _run(ctx, 'apt/apt.py')
 
 
 @task
@@ -102,7 +102,7 @@
         'users.py',
         'ssh.py',
         'system.py',
-        'apt.py',
+        'apt/apt.py',
         'packages.py',
         'net.py',
         'dns.py',
--- a/templates/dnsmasq/hosts.j2	Wed Oct 16 20:47:19 2024 -0700
+++ b/templates/dnsmasq/hosts.j2	Fri Nov 08 23:16:56 2024 -0800
@@ -5,7 +5,7 @@
 # This is the dns trick-- hosts at home should use the local address
 # for 'bigasterisk.com' etc instead of taking a trip to prime.
 10.2.0.1 bang bang.bigasterisk.com 
-10.2.0.133 bigasterisk.com cam-int.bigasterisk.com cam-ext.bigasterisk.com imap.bigasterisk.com repo.bigasterisk.com drewp.quickwitretort.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com vpn-home.bigasterisk.com file.bigasterisk.com antigen-superset.bigasterisk.com authenticate.bigasterisk.com authenticate2.bigasterisk.com authenticate3.bigasterisk.com megasecond.club hass.bigasterisk.com bitwarden.bigasterisk.com livegrep.bigasterisk.com dev.bigasterisk.com apprise.bigasterisk.com sco-bot-prefect.bigasterisk.com paperless.bigasterisk.com
+10.2.0.133 bigasterisk.com cam-int.bigasterisk.com cam-ext.bigasterisk.com imap.bigasterisk.com repo.bigasterisk.com drewp.quickwitretort.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com vpn-home.bigasterisk.com file.bigasterisk.com antigen-superset.bigasterisk.com authenticate.bigasterisk.com authenticate2.bigasterisk.com authenticate3.bigasterisk.com megasecond.club hass.bigasterisk.com bitwarden.bigasterisk.com livegrep.bigasterisk.com dev.bigasterisk.com apprise.bigasterisk.com sco-bot-prefect.bigasterisk.com paperless.bigasterisk.com linkwarden.bigasterisk.com
 
 # deleteme
 162.243.138.136 light9.bigasterisk.com
--- a/templates/sources.list.j2	Wed Oct 16 20:47:19 2024 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-# written by pyinfra
-
-{% if 'big' in host.groups or 'laptop' in host.groups %}
-deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/ms.gpg] http://packages.microsoft.com/repos/code stable main
-deb [arch=amd64 signed-by=/etc/apt/keyrings/chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main
-deb [arch=amd64,i386 signed-by=/usr/share/keyrings/steam.gpg] https://repo.steampowered.com/steam/ stable steam
-deb [signed-by=/etc/apt/keyrings/unityhub.gpg] https://hub.unity3d.com/linux/repos/deb stable main
-deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main
-{% endif %}
-
-{% if host.data.get('gpu') %}
-deb [signed-by=/etc/apt/keyrings/nvidia.gpg] https://nvidia.github.io/libnvidia-container/stable/deb/$(ARCH) /
-{% endif %}
-
-{% if host.data.get('coral') %}
-deb [signed-by=/etc/apt/keyrings/coral.gpg] https://packages.cloud.google.com/apt coral-edgetpu-stable main
-{% endif %}
-
-{% if host.name == 'pipe' %}
-# seems stuck on jammy since http://deb.odroid.in/n2/ and https://wiki.odroid.com/odroid-n2/os_images/ubuntu don't have anything newer (2023-12-28)
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://archive.canonical.com/ubuntu jammy partner
-deb [signed-by=/etc/apt/trusted.gpg] http://deb.odroid.in/n2/ jammy main
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy multiverse
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy universe
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security multiverse
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-security universe
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates multiverse
-deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates universe
-# or, if you have to get this, try: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=index&search=0xABB1931B59A40B968609F153D0392EC59F9583BA
-deb [signed-by=/etc/apt/trusted.gpg] http://ppa.launchpad.net/hardkernel/ppa/ubuntu jammy main
-{% endif %}
-
-{% if 'pi' in host.groups %}
-deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
-deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
-{% endif %}
-