chore: Debian 12 → 13 (Trixie) migration, service hardening
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 12m25s

- Update all references from Debian 12 (Bookworm) to Debian 13 (Trixie)
- Enable SystemCallArchitectures, RestrictAddressFamilies, RestrictRealtime
  in archipelago.service (safe on systemd 256+ which respects NoNewPrivileges=no)
- Update GLIBC compatibility checks from 2.36 to 2.40
- ISO filename, build container, and docs updated throughout

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-09 21:32:08 +02:00
parent fe3c844fe6
commit a0a7aadcb3
19 changed files with 41 additions and 43 deletions

View File

@@ -126,7 +126,7 @@ else
fi
# ── NostrVPN: configure native system service with node identity ──────
# The nvpn binary may have GLIBC mismatch (built for newer glibc than Debian 12).
# The nvpn binary may have GLIBC mismatch (built for newer glibc than target OS).
# Write config.toml directly as fallback — the Rust backend reads it for vpn.invite/status.
NOSTR_SECRET=$(cat /var/lib/archipelago/identity/nostr_secret 2>/dev/null)
NOSTR_PUBKEY=$(cat /var/lib/archipelago/identity/nostr_pubkey 2>/dev/null)

View File

@@ -273,7 +273,7 @@ PHASE_DETAILS=(
"/dev/sda (465.8G) — TOSHIBA MQ01ACF0"
"BIOS boot + EFI + root + data"
"FAT32, ext4, LUKS2"
"debootstrap → Debian 12 minimal"
"debootstrap → Debian 13 minimal"
"AES-256-XTS (AES-NI detected)"
"GRUB: BIOS + UEFI hybrid"
)