agrif · January 27, 2026 05:07
diff --git a/upgrade-13-trixie.notes b/upgrade-13-trixie.notes
 Upgrades started January 24, 2026.

 [x] babel
 [x] bifrost
 [x] cartas
 [x] erasmus
 [ ] hyperion
 [x] nara
 [ ] zagreus

 Pis will need reinstalling, not upgrading:

 [ ] forgevat
 [ ] maxwell
 [ ] shattrath

 Decommissioned until further notice:

 [ ] madeline
 [ ] sherkaner

 Overall notes:
 * Raspbian changes are now untenably bad. Reinstall Pis.
   * hyperion and zagreus already reinstalled, upgrade those.
 * babel ssd is iffy.

 Checks for existing trixie installs:
 * Add header to debian.sources
 * use /root/.gitconfig, etckeeper, /etc/.gitignore

 Steps:

 * backups
   * virtualenvs
 * /usr/local/bin, ~/.bin, etc.
 * is wireguard set up?

 * /etc/sysctl.conf no longer honored, use sysctl.d/
 * ensure /boot is >768M, has at least 300M free (shoot for 2G total)

 * screen -S upgrade
 * cat /etc/debian_version (should read 12.12 or later, ideally 12.13)
 * remove obsolete packages
   * apt list '~o'
   * apt purge '~o'
 * remove (potentially) non-debian packages
   * apt list '?narrow(?installed, ?not(?origin(Debian)))'
   * rpi: apt list "?narrow(?installed, ?not(?or(?origin(Raspbian), ?origin(Raspberry Pi Foundation))))"
 * find and clean up leftover config backups
   * find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'
 * install /root/.gitconfig
 * apt install etckeeper
 * modify /etc/.gitignore
 * check pins in /etc/apt/preferences(.d)
 * check for half-installed or failed-config or errors or holds
   * dpkg --audit
   * apt-mark showhold
   * apt-mark unhold <pkg>
 * update sources.list.d to point to trixie
   * sources.list is deprecated, use deb822 debian.sources in list.d
     * grab it from nara or use the debian manual
   * add "This machine started as Debian N (NN) in YYYY." to apt sources
   * remove backports if present, probably
   * change other sources to deb822 if not managed externally (!!)
 * commit /etc

 * make sure /boot is rw

 * script -t 2>~/upgrade-trixie0.time -a ~/upgrade-trixie0.script
 * apt update
 * make sure you have space
   * apt -o APT::Get::Trivial-Only=true full-upgrade
 * apt upgrade --without-new-pkgs
 * apt full-upgrade

 * make sure a kernel metapackage is installed
   * dpkg -l 'linux-image*' | grep ^ii | grep -i meta
   * rpi: dpkg -l 'raspberrypi-kernel' | grep ^ii
 * find and clean up leftover config backups
   * find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error'
 * check 50unattended-upgrades for codename changes
   * apt-cache policy
   * for influx: "site=repos.influxdata.com";
   * unattended-upgrades --dry-run --debug --verbose
 * rm /etc/tmpfiles.d/tmp.conf after upgrade to opt-in to tmp clean
 * commit /etc
 * reboot ( https://butt.holdings/ )

 * remove any packages no longer depended-upon:
   * apt autoremove (check carefully, also run after purges)
 * remove obsolete packages
   * apt list '~o'
   * apt purge '~o' (careful, telegraf might be in here!)
 * purge removed packages (possibly)
   * apt list '~c'
   * apt purge '~c' (careful)
 * make sure tooling still works
   * wireguard, msmtp, telegraf, other services
 * fix virtualenvs
 * reboot again
 * remove upgrade-bookworm#.{time,script}

 Notes for nara:

  *  installed *as* trixie

 Notes for bifrost (2026-01-24):

  *  printer drivers: hll5200dwcupswrapper, hll5200dwlpr
 [x] linode-cli virtualenv, linode-dns-update
 [x] keep old 50unattended-upgrades, merge in comment changes
 [x] keep old nut.conf, merge in comment changes
 [x] keep old upsmon.conf, merge in changes (some non-comment but non-critical)
 [x] keep old ups.conf, merge in comment changes
 [x] keep old upsd.conf, merge in comment changes
 [x] keep old upsd.users, merge in comment changes
 [x] keep old postfix/main.cf.proto, maybe revisit? complicated but ok.
 [x] keep old postfix/master.cf.proto, maybe revisit? some warnings
 [x] install new lvm.conf, set issue_discards = 1
  *  autoremove removed usrmerge, probably ok
  *  to move /boot to lvm (bifrost):
    * sudo lvcreate -L 2G -n boot bifrost-vg
    * sudo mount -o remount,ro /boot
    * sudo dd if=/dev/boot-device-here of=/dev/bifrost-vg/boot bs=512
    * sudo tune2fs -O extents,uninit_bg,dir_index,has_journal /dev/bifrost-vg/boot
    * sudo e2fsck -f /dev/bifrost-vg/boot
    * sudo resize2fs /dev/bifrost-vg/boot
    * modify /etc/fstab to point to /dev/bifrost-vg/boot, use ext4
    * reboot to make fstab active (check!)
    * mount | grep efi
    * sudo grub-install /dev/sda
    * sudo update-grub
    * sudo less /boot/efi/EFI/debian/grub.cfg
    * reboot to check
    * (!!!) sudo dd if=/dev/zero of=/dev/boot-device-here bs=512
    * reboot (https://butt.holdings/)

 Notes for babel (2026-01-25):

  *  do /boot expansion (see bifrost)
  *  update to 12.13
 [x] keep old 50unattended-upgrades, remove plex, migrate comments
 [x] keep old nut.conf, merge comments
 [x] keep old upsmon.conf, merge differences (non-comment but nonimportant)
 [x] keep old smb.conf
 [x] install new default/nfs-common, (was: NEED_STATD="no" NEED_IDMAPD="yes")
 [x] install new nfs-kernel-server (was: --manage-gids, -N <some-num-low>)
 [x] install new lvm.conf, set issue_discards = 1
 [x] check gw_sh works
 [x] check quartus_sh
 [x] check unison
 [x] check media.rakeri.net
 [x] check cloudlog
 [x] check platformio
 [x] check rustup

 Notes for erasmus (2026-01-25):

  *  upgrade to 12.13
  *  point tor repo to key installed by package
 [x] keep old 50unattended-upgrades, merge comments
 [x] install new default/grub, add linode stuff to grub.d/20-linode.cfg
    *  run update-grub to be sure
 [x] check znc
   [x] check znc-push
   [x] check znc-logviewer
 [x] check erasmus., osubus., znc., rakeri.net
 [x] check bifrost0, bifrost-1.rakeri.net

 Notes for cartas (2026-01-25):

 [x] use new issue.net (sorry CP)
 [x] use new 50unattended-upgrades, set Unattended-Upgrade::Mail "root";
 [x] use new journald.conf, set SystemMaxUse=400M
 [x] use new nginx/mime.types
 [x] use new resolved.conf, merge in old config
 [x] use new default/saslauthd (old: START=yes)
   * does saslauthd start at boot?. no. ask achin.
   * achin says postfix, achin/agrif passwords set in file
   * /var/spool/postfix/etc/sasldb2
   * consensus: don't give a shit
 [x] use new iscsid.conf
 [x] use new sshd_config, add no-root and no-passwords to sshd_config.d
 [x] use new default/grub
   [x] check /proc/cmdline for nomodeset (it should be absent)
 [x] keep old postfix/main.cf.proto
 [x] keep old postfix/master.cf.proto
 [x] circle back on https://borgbackup.readthedocs.io/en/1.2.6/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811
 [x] check website
 [x] check sprunk
 [x] emceeoverviewer
 [x] box-bot
 [x] email
	Upgrades started January 24, 2026.

	[x] babel
	[x] bifrost
	[x] cartas
	[x] erasmus
	[ ] hyperion
	[x] nara
	[ ] zagreus

	Pis will need reinstalling, not upgrading:

	[ ] forgevat
	[ ] maxwell
	[ ] shattrath

	Decommissioned until further notice:

	[ ] madeline
	[ ] sherkaner

	Overall notes:
	* Raspbian changes are now untenably bad. Reinstall Pis.
	* hyperion and zagreus already reinstalled, upgrade those.
	* babel ssd is iffy.

	Checks for existing trixie installs:
	* Add header to debian.sources
	* use /root/.gitconfig, etckeeper, /etc/.gitignore

	Steps:

	* backups
	* virtualenvs
	* /usr/local/bin, ~/.bin, etc.
	* is wireguard set up?

	* /etc/sysctl.conf no longer honored, use sysctl.d/
	* ensure /boot is >768M, has at least 300M free (shoot for 2G total)

	* screen -S upgrade
	* cat /etc/debian_version (should read 12.12 or later, ideally 12.13)
	* remove obsolete packages
	* apt list '~o'
	* apt purge '~o'
	* remove (potentially) non-debian packages
	* apt list '?narrow(?installed, ?not(?origin(Debian)))'
	* rpi: apt list "?narrow(?installed, ?not(?or(?origin(Raspbian), ?origin(Raspberry Pi Foundation))))"
	* find and clean up leftover config backups
	* find /etc -name '.dpkg-' -o -name '.ucf-' -o -name '*.merge-error'
	* install /root/.gitconfig
	* apt install etckeeper
	* modify /etc/.gitignore
	* check pins in /etc/apt/preferences(.d)
	* check for half-installed or failed-config or errors or holds
	* dpkg --audit
	* apt-mark showhold
	* apt-mark unhold <pkg>
	* update sources.list.d to point to trixie
	* sources.list is deprecated, use deb822 debian.sources in list.d
	* grab it from nara or use the debian manual
	* add "This machine started as Debian N (NN) in YYYY." to apt sources
	* remove backports if present, probably
	* change other sources to deb822 if not managed externally (!!)
	* commit /etc

	* make sure /boot is rw

	* script -t 2>~/upgrade-trixie0.time -a ~/upgrade-trixie0.script
	* apt update
	* make sure you have space
	* apt -o APT::Get::Trivial-Only=true full-upgrade
	* apt upgrade --without-new-pkgs
	* apt full-upgrade

	* make sure a kernel metapackage is installed
	* dpkg -l 'linux-image*' \| grep ^ii \| grep -i meta
	* rpi: dpkg -l 'raspberrypi-kernel' \| grep ^ii
	* find and clean up leftover config backups
	* find /etc -name '.dpkg-' -o -name '.ucf-' -o -name '*.merge-error'
	* check 50unattended-upgrades for codename changes
	* apt-cache policy
	* for influx: "site=repos.influxdata.com";
	* unattended-upgrades --dry-run --debug --verbose
	* rm /etc/tmpfiles.d/tmp.conf after upgrade to opt-in to tmp clean
	* commit /etc
	* reboot ( https://butt.holdings/ )

	* remove any packages no longer depended-upon:
	* apt autoremove (check carefully, also run after purges)
	* remove obsolete packages
	* apt list '~o'
	* apt purge '~o' (careful, telegraf might be in here!)
	* purge removed packages (possibly)
	* apt list '~c'
	* apt purge '~c' (careful)
	* make sure tooling still works
	* wireguard, msmtp, telegraf, other services
	* fix virtualenvs
	* reboot again
	* remove upgrade-bookworm#.{time,script}

	Notes for nara:

	* installed as trixie

	Notes for bifrost (2026-01-24):

	* printer drivers: hll5200dwcupswrapper, hll5200dwlpr
	[x] linode-cli virtualenv, linode-dns-update
	[x] keep old 50unattended-upgrades, merge in comment changes
	[x] keep old nut.conf, merge in comment changes
	[x] keep old upsmon.conf, merge in changes (some non-comment but non-critical)
	[x] keep old ups.conf, merge in comment changes
	[x] keep old upsd.conf, merge in comment changes
	[x] keep old upsd.users, merge in comment changes
	[x] keep old postfix/main.cf.proto, maybe revisit? complicated but ok.
	[x] keep old postfix/master.cf.proto, maybe revisit? some warnings
	[x] install new lvm.conf, set issue_discards = 1
	* autoremove removed usrmerge, probably ok
	* to move /boot to lvm (bifrost):
	* sudo lvcreate -L 2G -n boot bifrost-vg
	* sudo mount -o remount,ro /boot
	* sudo dd if=/dev/boot-device-here of=/dev/bifrost-vg/boot bs=512
	* sudo tune2fs -O extents,uninit_bg,dir_index,has_journal /dev/bifrost-vg/boot
	* sudo e2fsck -f /dev/bifrost-vg/boot
	* sudo resize2fs /dev/bifrost-vg/boot
	* modify /etc/fstab to point to /dev/bifrost-vg/boot, use ext4
	* reboot to make fstab active (check!)
	* mount \| grep efi
	* sudo grub-install /dev/sda
	* sudo update-grub
	* sudo less /boot/efi/EFI/debian/grub.cfg
	* reboot to check
	* (!!!) sudo dd if=/dev/zero of=/dev/boot-device-here bs=512
	* reboot (https://butt.holdings/)

	Notes for babel (2026-01-25):

	* do /boot expansion (see bifrost)
	* update to 12.13
	[x] keep old 50unattended-upgrades, remove plex, migrate comments
	[x] keep old nut.conf, merge comments
	[x] keep old upsmon.conf, merge differences (non-comment but nonimportant)
	[x] keep old smb.conf
	[x] install new default/nfs-common, (was: NEED_STATD="no" NEED_IDMAPD="yes")
	[x] install new nfs-kernel-server (was: --manage-gids, -N <some-num-low>)
	[x] install new lvm.conf, set issue_discards = 1
	[x] check gw_sh works
	[x] check quartus_sh
	[x] check unison
	[x] check media.rakeri.net
	[x] check cloudlog
	[x] check platformio
	[x] check rustup

	Notes for erasmus (2026-01-25):

	* upgrade to 12.13
	* point tor repo to key installed by package
	[x] keep old 50unattended-upgrades, merge comments
	[x] install new default/grub, add linode stuff to grub.d/20-linode.cfg
	* run update-grub to be sure
	[x] check znc
	[x] check znc-push
	[x] check znc-logviewer
	[x] check erasmus., osubus., znc., rakeri.net
	[x] check bifrost0, bifrost-1.rakeri.net

	Notes for cartas (2026-01-25):

	[x] use new issue.net (sorry CP)
	[x] use new 50unattended-upgrades, set Unattended-Upgrade::Mail "root";
	[x] use new journald.conf, set SystemMaxUse=400M
	[x] use new nginx/mime.types
	[x] use new resolved.conf, merge in old config
	[x] use new default/saslauthd (old: START=yes)
	* does saslauthd start at boot?. no. ask achin.
	* achin says postfix, achin/agrif passwords set in file
	* /var/spool/postfix/etc/sasldb2
	* consensus: don't give a shit
	[x] use new iscsid.conf
	[x] use new sshd_config, add no-root and no-passwords to sshd_config.d
	[x] use new default/grub
	[x] check /proc/cmdline for nomodeset (it should be absent)
	[x] keep old postfix/main.cf.proto
	[x] keep old postfix/master.cf.proto
	[x] circle back on https://borgbackup.readthedocs.io/en/1.2.6/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811
	[x] check website
	[x] check sprunk
	[x] emceeoverviewer
	[x] box-bot
	[x] email
No results found