chore: Debian 12 → 13 (Trixie) migration, service hardening
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 12m25s

- Update all references from Debian 12 (Bookworm) to Debian 13 (Trixie)
- Enable SystemCallArchitectures, RestrictAddressFamilies, RestrictRealtime
  in archipelago.service (safe on systemd 256+ which respects NoNewPrivileges=no)
- Update GLIBC compatibility checks from 2.36 to 2.40
- ISO filename, build container, and docs updated throughout

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-09 21:32:08 +02:00
parent fe3c844fe6
commit a0a7aadcb3
19 changed files with 41 additions and 43 deletions

View File

@@ -1058,8 +1058,8 @@ autopilot.active=false\n",
}
/// Resolve the host gateway IP for --add-host flag.
/// Podman 4.3.x (Debian 12) doesn't support "host-gateway" in rootless mode,
/// so we resolve the default gateway IP from the routing table.
/// Resolve the default gateway IP from the routing table for --add-host flag.
/// Explicit IP avoids issues with "host-gateway" in rootless Podman.
async fn resolve_host_gateway() -> String {
// Try `ip route` to get the default gateway
if let Ok(output) = tokio::process::Command::new("ip")