chore: Debian 12 → 13 (Trixie) migration, service hardening
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 12m25s
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 12m25s
- Update all references from Debian 12 (Bookworm) to Debian 13 (Trixie) - Enable SystemCallArchitectures, RestrictAddressFamilies, RestrictRealtime in archipelago.service (safe on systemd 256+ which respects NoNewPrivileges=no) - Update GLIBC compatibility checks from 2.36 to 2.40 - ISO filename, build container, and docs updated throughout Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -126,7 +126,7 @@ else
|
||||
fi
|
||||
|
||||
# ── NostrVPN: configure native system service with node identity ──────
|
||||
# The nvpn binary may have GLIBC mismatch (built for newer glibc than Debian 12).
|
||||
# The nvpn binary may have GLIBC mismatch (built for newer glibc than target OS).
|
||||
# Write config.toml directly as fallback — the Rust backend reads it for vpn.invite/status.
|
||||
NOSTR_SECRET=$(cat /var/lib/archipelago/identity/nostr_secret 2>/dev/null)
|
||||
NOSTR_PUBKEY=$(cat /var/lib/archipelago/identity/nostr_pubkey 2>/dev/null)
|
||||
|
||||
@@ -273,7 +273,7 @@ PHASE_DETAILS=(
|
||||
"/dev/sda (465.8G) — TOSHIBA MQ01ACF0"
|
||||
"BIOS boot + EFI + root + data"
|
||||
"FAT32, ext4, LUKS2"
|
||||
"debootstrap → Debian 12 minimal"
|
||||
"debootstrap → Debian 13 minimal"
|
||||
"AES-256-XTS (AES-NI detected)"
|
||||
"GRUB: BIOS + UEFI hybrid"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user