nftable-migration
 1#+TITLE: Nagoya Configuration
 2#+FILETAGS: imperative debian server nagoya
 3
 4Configuration scripts for the Nagoya system, a Debian-based server.
 5
 6* Overview
 7
 8This directory contains idempotent configuration scripts for the Nagoya host, which runs Debian and is not managed by NixOS.
 9
10** System Information
11
12- *Hostname:* nagoya
13- *OS:* Debian
14- *Type:* Server
15- *Architecture:* aarch64
16- *VPN Address:* 10.100.0.80/24
17
18* Files
19
20** =apply.sh=
21
22The main configuration script that sets up the system. This script is designed to be run multiple times safely (idempotent).
23
24* Setup Components
25
26The =apply.sh= script configures the following:
27
28** Wireguard VPN
29- Configures wireguard VPN client
30- Creates =/etc/wireguard/wg0.conf= with VPN settings
31- Connects to VPN endpoint at 167.99.17.238:51820
32- Assigns client IP: 10.100.0.80/24
33- Requires =WG_PRIVATE_KEY= environment variable
34
35** Docker
36- Removes old Docker packages (docker.io, podman-docker, etc.)
37- Installs official Docker CE from docker.com repository
38- Installs docker-ce, docker-ce-cli, containerd.io, and docker-buildx-plugin
39- Configures Docker APT repository with proper GPG keys
40
41** Kind (Kubernetes in Docker)
42- Installs Kind v0.30.0 for ARM64
43- Installs to =/usr/local/bin/kind=
44- Used for local Kubernetes development
45
46** Syncthing
47- Installs Syncthing from official APT repository
48- Configures GPG keys for package verification
49- Note: User service setup needs to be completed (see TODOs)
50
51* Usage
52
53** Running the Script
54
55From the repository root:
56
57#+begin_src bash
58# Basic run (without wireguard configuration)
59sudo ./imperative/nagoya/apply.sh
60
61# With wireguard private key
62sudo WG_PRIVATE_KEY="your-private-key-here" ./imperative/nagoya/apply.sh
63#+end_src
64
65** First-Time Setup
66
671. Ensure you have root/sudo access
682. Have your wireguard private key ready
693. Run the script with the WG_PRIVATE_KEY environment variable
70
71** Updating Configuration
72
73Simply re-run the script. It's designed to be idempotent, meaning running it multiple times will bring the system to the desired state without causing issues.
74
75* TODOs
76
77- [ ] Complete Syncthing user service setup
78- [ ] Add config.txt configuration (diff with default, nvme settings)
79- [ ] Add error handling for missing Kind download
80- [ ] Consider adding Docker post-install steps (user groups, etc.)
81
82* Notes
83
84- The script uses =set -euo pipefail= for strict error handling
85- All setup functions are prefixed with =setup.=
86- Logging functions provide colored output for better readability
87- Shellcheck directives are used where system files are sourced