diff --git a/docs/ARCHITECTURE-ARTIFACTS.md b/docs/ARCHITECTURE-ARTIFACTS.md index d151dba..33ece74 100644 --- a/docs/ARCHITECTURE-ARTIFACTS.md +++ b/docs/ARCHITECTURE-ARTIFACTS.md @@ -93,7 +93,6 @@ filling the rest of the disk. The differences are: The BTRFS filesystem always carries two subvolumes: `@` mounted at `/`, and `@postgres` mounted at `/var/lib/postgresql`. Both are quota'd via -BTRFS simple quotas and snapshotted by snapper (6 hourly + 10 numbered). -The runtime mode (`plain`, `luks-keyfile`, or `luks-tpm`) is recorded in -`/etc/bes/image-variant`, which the installer overwrites for non-Pi -variants. +BTRFS simple quotas. The runtime mode (`plain`, `luks-keyfile`, or +`luks-tpm`) is recorded in `/etc/bes/image-variant`, which the installer +overwrites for non-Pi variants. diff --git a/docs/GUIDE-IMAGES.md b/docs/GUIDE-IMAGES.md index e665d45..d3e4587 100644 --- a/docs/GUIDE-IMAGES.md +++ b/docs/GUIDE-IMAGES.md @@ -159,8 +159,5 @@ Simple quotas are enabled to track per-subvolume disk usage. Transparent filesystem compression is enabled system-wide. -The Snapper snapshot manager is enabled by default, which takes hourly snapshots of the subvolumes and retains the last 6 hourly snapshots, plus up to 10 numbered (manual / pre-/post-) snapshots. -This provides a simple way to rollback a server or a file to an earlier configuration and protects against catastrophes. - The system partition can be grown or shrunk while online. Shrinking is a manual process, but growing is performed automatically if more space is available at first boot. diff --git a/docs/diagrams/disk-image-layout.py b/docs/diagrams/disk-image-layout.py index ba10c0b..8c314b0 100644 --- a/docs/diagrams/disk-image-layout.py +++ b/docs/diagrams/disk-image-layout.py @@ -79,6 +79,5 @@ def variant(label: str, *, encrypted: bool, pi: bool): with Cluster("Annotations"): notes = Document( "compress=zstd:6,\nxxhash, simple\nquotas, block-group-tree.\n" - "Snapper: 6 hourly +\n10 numbered\non / and /var/lib/postgresql.\n" "/etc/bes/image-variant\nrecords runtime mode:\nplain | luks-keyfile |\nluks-tpm." ) diff --git a/docs/spec/disk-images.md b/docs/spec/disk-images.md index 29318ed..91fbd3d 100644 --- a/docs/spec/disk-images.md +++ b/docs/spec/disk-images.md @@ -367,22 +367,6 @@ A weekly cron job must be present to run `apt install -y tailscale`. > not require that service to succeed. The service must additionally be > ordered after `network-online.target` and `local-fs.target`. -## Snapper - -r[image.snapper.root] -Snapper must be configured for the root subvolume (`/`) with timeline -snapshots enabled and retention of 6 hourly snapshots, plus 10 numbered -(non-timeline) snapshots. Daily, weekly, monthly, and yearly timeline -retention must be disabled. - -r[image.snapper.postgres] -Snapper must be configured for the PostgreSQL subvolume -(`/var/lib/postgresql`) with the same retention settings as the root config. - -r[image.snapper.timers] -The `snapper-timeline.timer` and `snapper-cleanup.timer` systemd timers must -be enabled. - ## Disk Growth > r[image.growth.service+3] diff --git a/image/configure.sh b/image/configure.sh index d6618b2..821c55f 100755 --- a/image/configure.sh +++ b/image/configure.sh @@ -4,7 +4,7 @@ # # It expects the following to be available under /tmp/: # /tmp/packages.sh — package list (sourced as bash) -# /tmp/scripts/ — setup scripts (firewall, tailscale, snapper, etc.) +# /tmp/scripts/ — setup scripts (firewall, tailscale, etc.) # /tmp/files/ — static files to install set -euo pipefail @@ -387,12 +387,6 @@ systemctl enable ssh install -m 644 /tmp/files/systemd/bes-ssh-keygen.service /etc/systemd/system/bes-ssh-keygen.service systemctl enable bes-ssh-keygen.service -# ============================================================ -# Snapper -# ============================================================ -# r[image.snapper.root] r[image.snapper.postgres] r[image.snapper.timers] -bash /tmp/scripts/setup-snapper.sh - # ============================================================ # Disk growth service # ============================================================ diff --git a/image/packages.sh b/image/packages.sh index cf26928..f55f7fa 100644 --- a/image/packages.sh +++ b/image/packages.sh @@ -7,7 +7,6 @@ PACKAGES=( # Filesystem and storage btrfs-progs cryptsetup - snapper gdisk mtools diff --git a/image/scripts/setup-snapper.sh b/image/scripts/setup-snapper.sh deleted file mode 100755 index 40a0712..0000000 --- a/image/scripts/setup-snapper.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# r[image.snapper.root] r[image.snapper.postgres] r[image.snapper.timers] -# -# Configure Snapper for BTRFS snapshot management. -# This runs inside the chroot during image build. -set -euxo pipefail - -# r[image.snapper.root]: Configure snapper for the root subvolume -snapper --no-dbus -c root create-config / -snapper --no-dbus -c root set-config \ - TIMELINE_CREATE=yes \ - TIMELINE_CLEANUP=yes \ - NUMBER_CLEANUP=yes \ - NUMBER_LIMIT=10 \ - TIMELINE_LIMIT_HOURLY=6 \ - TIMELINE_LIMIT_DAILY=0 \ - TIMELINE_LIMIT_WEEKLY=0 \ - TIMELINE_LIMIT_MONTHLY=0 \ - TIMELINE_LIMIT_YEARLY=0 - -# r[image.snapper.postgres]: Configure snapper for the PostgreSQL subvolume -mkdir -p /var/lib/postgresql -snapper --no-dbus -c postgres create-config /var/lib/postgresql -snapper --no-dbus -c postgres set-config \ - TIMELINE_CREATE=yes \ - TIMELINE_CLEANUP=yes \ - NUMBER_CLEANUP=yes \ - NUMBER_LIMIT=10 \ - TIMELINE_LIMIT_HOURLY=6 \ - TIMELINE_LIMIT_DAILY=0 \ - TIMELINE_LIMIT_WEEKLY=0 \ - TIMELINE_LIMIT_MONTHLY=0 \ - TIMELINE_LIMIT_YEARLY=0 - -# r[image.snapper.timers]: Enable snapper timers -systemctl enable snapper-timeline.timer -systemctl enable snapper-cleanup.timer diff --git a/justfile b/justfile index adf7f74..b04ada4 100644 --- a/justfile +++ b/justfile @@ -706,8 +706,6 @@ _make-test-cloud-init: _ensure-dirs check "ufw is active" systemctl is-active ufw # r[verify image.tailscale.service-enabled] check "tailscaled is active" systemctl is-active tailscaled - # r[verify image.snapper.timers] - check "snapper-timeline.timer is active" systemctl is-active snapper-timeline.timer # r[verify image.growth.service] check "grow-root-filesystem ran" systemctl show -p ActiveState grow-root-filesystem.service | grep -q inactive diff --git a/tests/test-e2e-install.sh b/tests/test-e2e-install.sh index bd12316..8469f72 100755 --- a/tests/test-e2e-install.sh +++ b/tests/test-e2e-install.sh @@ -266,7 +266,6 @@ runcmd: check "sshd is active" systemctl is-active ssh check "ufw is active" systemctl is-active ufw check "tailscaled is active" systemctl is-active tailscaled - check "snapper-timeline.timer is active" systemctl is-active snapper-timeline.timer check "root is btrfs" test "$(stat -f -c%T /)" = "btrfs" check "compression active in /proc/mounts" grep -q 'compress=' /proc/mounts diff --git a/tests/test-image-structure.sh b/tests/test-image-structure.sh index c981da9..bd9e635 100755 --- a/tests/test-image-structure.sh +++ b/tests/test-image-structure.sh @@ -501,42 +501,6 @@ check_not "installer network config absent" test -f "$MNT/etc/cloud/cloud.cfg.d/ check_not "unminimize prompt absent" test -f "$MNT/etc/update-motd.d/60-unminimize" -# ============================================================ -# Snapper configuration -# ============================================================ -echo "" -echo "--- Snapper ---" - -# r[verify image.snapper.root] -SNAPPER_ROOT_CFG="$MNT/etc/snapper/configs/root" -check "snapper root config exists" test -f "$SNAPPER_ROOT_CFG" -if [ -f "$SNAPPER_ROOT_CFG" ]; then - check "snapper root: TIMELINE_CREATE=yes" grep -q '^TIMELINE_CREATE="yes"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_CLEANUP=yes" grep -q '^TIMELINE_CLEANUP="yes"' "$SNAPPER_ROOT_CFG" - check "snapper root: NUMBER_CLEANUP=yes" grep -q '^NUMBER_CLEANUP="yes"' "$SNAPPER_ROOT_CFG" - check "snapper root: NUMBER_LIMIT=10" grep -q '^NUMBER_LIMIT="10"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_LIMIT_HOURLY=6" grep -q '^TIMELINE_LIMIT_HOURLY="6"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_LIMIT_DAILY=0" grep -q '^TIMELINE_LIMIT_DAILY="0"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_LIMIT_WEEKLY=0" grep -q '^TIMELINE_LIMIT_WEEKLY="0"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_LIMIT_MONTHLY=0" grep -q '^TIMELINE_LIMIT_MONTHLY="0"' "$SNAPPER_ROOT_CFG" - check "snapper root: TIMELINE_LIMIT_YEARLY=0" grep -q '^TIMELINE_LIMIT_YEARLY="0"' "$SNAPPER_ROOT_CFG" -fi - -# r[verify image.snapper.postgres] -SNAPPER_PG_CFG="$MNT/etc/snapper/configs/postgres" -check "snapper postgres config exists" test -f "$SNAPPER_PG_CFG" -if [ -f "$SNAPPER_PG_CFG" ]; then - check "snapper postgres: TIMELINE_CREATE=yes" grep -q '^TIMELINE_CREATE="yes"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_CLEANUP=yes" grep -q '^TIMELINE_CLEANUP="yes"' "$SNAPPER_PG_CFG" - check "snapper postgres: NUMBER_CLEANUP=yes" grep -q '^NUMBER_CLEANUP="yes"' "$SNAPPER_PG_CFG" - check "snapper postgres: NUMBER_LIMIT=10" grep -q '^NUMBER_LIMIT="10"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_LIMIT_HOURLY=6" grep -q '^TIMELINE_LIMIT_HOURLY="6"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_LIMIT_DAILY=0" grep -q '^TIMELINE_LIMIT_DAILY="0"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_LIMIT_WEEKLY=0" grep -q '^TIMELINE_LIMIT_WEEKLY="0"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_LIMIT_MONTHLY=0" grep -q '^TIMELINE_LIMIT_MONTHLY="0"' "$SNAPPER_PG_CFG" - check "snapper postgres: TIMELINE_LIMIT_YEARLY=0" grep -q '^TIMELINE_LIMIT_YEARLY="0"' "$SNAPPER_PG_CFG" -fi - # ============================================================ # UFW firewall rules # ============================================================ @@ -721,10 +685,6 @@ check_service_enabled "bes-tailscale-firstboot-auth.service" "bes-tailscale-firs # r[verify image.firstboot.script] check_service_enabled "bes-firstboot-script.service" "bes-firstboot-script is enabled" -# r[verify image.snapper.timers] -check_service_enabled "snapper-timeline.timer" "snapper-timeline.timer is enabled" -check_service_enabled "snapper-cleanup.timer" "snapper-cleanup.timer is enabled" - # r[verify image.growth.service+3] check_service_enabled "grow-root-filesystem.service" "grow-root-filesystem is enabled"