[15:40] <falz> looking for the 'proper' way to adjust `net.netfilter.nf_conntrack_` stuff at boot. systemctl.conf values arent being loaded. I see there's some 'conntrackd' package with its own config file - is this "the way"? or is there a "clean way" to just KISS and load the values i want from sysctl.conf?
[15:46] <sdeziel> falz: to set those (`net.netfilter.nf_conntrack_tcp_loose` in my case), I make sure the `nf_conntrack` module is loaded on boot by putting such directive in `/etc/modules-load.d/nf-conntrack.conf`
[15:51] <falz> nf_conntrack is loaded (I didnt do anything special to load it) but i created that file with values and still no love. hmm
[15:52] <falz> is the contents of your .conf file just key=val stuff?
[15:52] <sdeziel> falz: did you rebuild the initramfs?
[15:53] <falz> nope
[15:53] <falz> that's required?
[15:55] <sdeziel> falz: this ensures the module is loaded prior to the sysctl keys being applied. As for the file content: https://termbin.com/6kke
[15:57] <falz> ok so listing the module name in there somehow ensures that the module is built into initrd, and the values only take if the module is built into initrd?
[15:59] <falz> oh wait you have two files in your pastebin
[16:07] <sdeziel> falz: correct, there is the sysctl that will apply only if the module is loaded and there is the `modules-load.d` snippet to ensure the module gets added into the initramfs to be loaded early on boot.
[16:07] <sdeziel> falz: to rebuild the initramfs: `sudo update-initramfs -ukall`
[16:17] <falz> roger this seems to work, ty! so 'some' modules on this dont take sysctl values because kernel module not yet loaded when sysctl.conf is parsed, bascially
[17:55] <MTecknology> I'm trying to install ubuntu-server using a fairly standard partition layout (based on https://github.com/MTecknology/teckhost/blob/master/iso/debian12/preseed.cfg). I walked through the installer and wound up with https://dpaste.com/DGJG9BU5Y, which the installer seemed happy with; however, the result was failing to boot. Grub seems to load fine, which makes me think it's finding the EFI volume, but it's not getting any further.
[18:11] <MTecknology> hm.. Debian had a bug a long time ago where it wouldn't add the crypto module to the MBR. This "feels" similar, but I'm struggling to figure out how to troubleshoot.
[18:12] <patdk-lap> how do you add a crypto module to mbr?
[18:12] <patdk-lap> mbr can only fit a few bytes
[18:14] <MTecknology> GRUB_ENABLE_CRYPTODISK="y" ; GRUB_RELOAD_MODULES="lvm cryptodisk" ; update-grub ; grub-install --recheck /dev/sda
[18:15] <MTecknology> With that, you could have the entire remainder of the disk dedicated to luks
[18:15] <patdk-lap> ya, that has nothing to do with mbr, but stage2
[18:16] <MTecknology> (no /boot/efi, and /boot was on top of luks)
[18:22] <MTecknology> I'm pretty sure stage2 is the bit on /boot, so it definitely impacted more than just stage2, but it's moot now with EFI. I'm sure this is much easier to work with, but I'm starting from scratch.
[18:45] <patdk-lap> ah, I thought stage2 was on efi, only stage1 is heh
[20:37] <MTecknology> I'm using this same partition layout and grub config for debian and centos ... I can't figure out what's different. :/
[20:54]  * MTecknology takes a guess at moving /boot off luks
[20:55] <sarnold> heya MTecknology :)
[20:55] <MTecknology> sarnold: Hi!
[20:59] <MTecknology> How can I install to /dev/sda if no /dev/nvme0n1 exists?
[21:18] <MTecknology> oooooh .... I need to choose "use as boot device" to let it create the efi partition /and/ /boot needs to be unencrypted ... I think?  ... hmmm
[21:56] <MTecknology> This whole cloud-init-autoinstall thing is one interesting pile of spaghetti ... back and forth between which is capable of what and which is doing what specific bit of configuration and what is left to be handled on firstboot ... making it more like a windows install than linux.
[22:21] <MTecknology> All of my deployment stuff assumes installation is done, so it uses the firstboot as a safe time to kick off device provisioning.
[22:22] <MTecknology> I'm struggling to figure out what autoinstall leaves for cloud-init to finish at first boot. So far it looks like that's when it sets up the hostname and generates ssh keys, so maybe it's possible to remove cloud-init and do that that manually? :/
[22:26] <MTecknology> ... and apparently locale-gen, for some reason