diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index f1b1e6c8..d4e1fa02 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -1838,6 +1838,84 @@ if [ -f /cdrom/99-mesh-radio.rules ]; then echo " Installed mesh radio udev rule" fi +# First-boot diagnostics — runs once, captures system state for debugging +cat > /mnt/target/usr/local/bin/archipelago-diagnostics <<'DIAG' +#!/bin/bash +LOG="/var/log/archipelago-first-boot-diagnostics.log" +echo "=== Archipelago First Boot Diagnostics ===" > "$LOG" +echo "Date: $(date -u)" >> "$LOG" +echo "Kernel: $(uname -r)" >> "$LOG" +echo "Hostname: $(hostname)" >> "$LOG" +echo "IP: $(hostname -I 2>/dev/null)" >> "$LOG" +echo "" >> "$LOG" + +echo "=== Disk ===" >> "$LOG" +lsblk -o NAME,SIZE,TYPE,MOUNTPOINT,FSTYPE >> "$LOG" 2>&1 +df -h >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== LUKS ===" >> "$LOG" +ls -la /dev/mapper/archipelago-data 2>&1 >> "$LOG" +cryptsetup status archipelago-data >> "$LOG" 2>&1 || echo "No LUKS" >> "$LOG" +echo "" >> "$LOG" + +echo "=== Services ===" >> "$LOG" +for svc in nginx archipelago archipelago-kiosk archipelago-load-images \ + archipelago-first-boot-containers archipelago-setup-tor \ + console-setup; do + STATUS=$(systemctl is-active "$svc" 2>/dev/null || echo "inactive") + ENABLED=$(systemctl is-enabled "$svc" 2>/dev/null || echo "disabled") + printf " %-40s %s / %s\n" "$svc" "$STATUS" "$ENABLED" >> "$LOG" +done +echo "" >> "$LOG" + +echo "=== Failed Services ===" >> "$LOG" +systemctl --failed --no-pager >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== Nginx ===" >> "$LOG" +nginx -t >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== EFI Boot ===" >> "$LOG" +ls -laR /boot/efi/EFI/ >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== SSL Cert ===" >> "$LOG" +ls -la /etc/archipelago/ssl/ >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== Podman ===" >> "$LOG" +su - archipelago -c "podman ps -a --format '{{.Names}} {{.Status}}'" >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== Memory ===" >> "$LOG" +free -h >> "$LOG" 2>&1 +echo "" >> "$LOG" + +echo "=== Journal Errors (last 50) ===" >> "$LOG" +journalctl -p err --no-pager -n 50 >> "$LOG" 2>&1 + +echo "Diagnostics saved to $LOG" +DIAG +chmod +x /mnt/target/usr/local/bin/archipelago-diagnostics + +cat > /mnt/target/etc/systemd/system/archipelago-diagnostics.service <<'DIAGSVC' +[Unit] +Description=Archipelago First Boot Diagnostics +After=multi-user.target archipelago.service nginx.service +ConditionPathExists=!/var/log/archipelago-first-boot-diagnostics.log + +[Service] +Type=oneshot +ExecStartPre=/bin/sleep 30 +ExecStart=/usr/local/bin/archipelago-diagnostics +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +DIAGSVC + # Ensure SSL cert exists for nginx HTTPS (safety net if rootfs build missed it) if [ ! -f /mnt/target/etc/archipelago/ssl/archipelago.crt ]; then mkdir -p /mnt/target/etc/archipelago/ssl @@ -1856,6 +1934,7 @@ chroot /mnt/target systemctl enable archipelago-load-images.service 2>/dev/null chroot /mnt/target systemctl enable archipelago-setup-tor.service 2>/dev/null || true chroot /mnt/target systemctl enable archipelago-first-boot-containers.service 2>/dev/null || true chroot /mnt/target systemctl enable archipelago-kiosk.service 2>/dev/null || true +chroot /mnt/target systemctl enable archipelago-diagnostics.service 2>/dev/null || true # Install first-boot diagnostic script — runs once after first boot and logs system state cat > /mnt/target/opt/archipelago/scripts/first-boot-diag.sh <<'DIAGSCRIPT'