packages/apricot-health
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apricot-health/install.sh
Natalie dafbabee41 feat(@packages/apricot-health): add power-fault monitoring and mitigation tools 
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-04-17 23:18:47 -07:00

105 lines
4.5 KiB
Bash
Executable file
Raw Permalink Blame History

#!/usr/bin/env bash
# Install apricot-health on the target host (default: apricot).
#
# Layout on target:
# /var/home/lilith/bin/ user-runnable scripts
# /var/opt/apricot-health/sbin/ root-only entrypoints (ostree-safe)
# /etc/modprobe.d/it87.conf IT8628E force_id
# /etc/modules-load.d/it87.conf load it87 at boot
# /etc/sudoers.d/apricot-health NOPASSWD shim for mitigation
# /etc/systemd/system/apricot-cstate-tune.service root systemd unit
# /var/home/lilith/.config/systemd/user/*.service user systemd units
#
# Idempotent: re-running copies updates and daemon-reloads.
set -euo pipefail
HOST="${HOST:-apricot}"
PKG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "==> apricot-health install to $HOST (pkg=$PKG_DIR)"
# --- stage tarball locally so we upload in one round-trip ---------------
stage=$(mktemp -d)
trap 'rm -rf "$stage"' EXIT
mkdir -p "$stage"/{bin,root-sbin,etc-modprobe,etc-modules-load,etc-sudoers,etc-systemd,user-systemd}
cp "$PKG_DIR/scripts/apricot-crash-logger" "$stage/bin/"
cp "$PKG_DIR/scripts/apricot-rail-watchdog" "$stage/bin/"
cp "$PKG_DIR/scripts/apricot-rail-mitigate-trigger" "$stage/bin/"
cp "$PKG_DIR/scripts/apricot-rasdaemon-setup" "$stage/bin/"
cp "$PKG_DIR/scripts/apricot-rail-mitigate" "$stage/root-sbin/"
cp "$PKG_DIR/scripts/apricot-cstate-tune" "$stage/root-sbin/"
cp "$PKG_DIR/modprobe.d/it87.conf" "$stage/etc-modprobe/"
cp "$PKG_DIR/modules-load.d/it87.conf" "$stage/etc-modules-load/"
cp "$PKG_DIR/sudoers.d/apricot-health" "$stage/etc-sudoers/"
cp "$PKG_DIR/systemd/apricot-cstate-tune.service" "$stage/etc-systemd/"
cp "$PKG_DIR/systemd/apricot-crash-monitor.service" "$stage/user-systemd/"
cp "$PKG_DIR/systemd/apricot-rail-watchdog.service" "$stage/user-systemd/"
tar -czf "$stage/pkg.tar.gz" -C "$stage" bin root-sbin etc-modprobe etc-modules-load etc-sudoers etc-systemd user-systemd
echo "==> staged $(du -h "$stage/pkg.tar.gz" | cut -f1)"
# --- ship it ------------------------------------------------------------
scp -q "$stage/pkg.tar.gz" "$HOST:/tmp/apricot-health.tar.gz"
ssh "$HOST" bash -s <<'REMOTE'
set -euo pipefail
echo "==> remote install"
t=$(mktemp -d)
tar -xzf /tmp/apricot-health.tar.gz -C "$t"
# User-runnable scripts
mkdir -p /var/home/lilith/bin
install -m 0755 -o lilith -g lilith "$t"/bin/* /var/home/lilith/bin/
# Root-only entrypoints (ostree-safe path under /var)
sudo mkdir -p /var/opt/apricot-health/sbin
sudo install -m 0755 -o root -g root "$t"/root-sbin/* /var/opt/apricot-health/sbin/
# Kernel module config
sudo install -m 0644 "$t"/etc-modprobe/it87.conf /etc/modprobe.d/it87.conf
sudo install -m 0644 "$t"/etc-modules-load/it87.conf /etc/modules-load.d/it87.conf
# Sudoers (visudo-check first — malformed sudoers can lock the user out)
tmp_sudo=$(mktemp)
cp "$t"/etc-sudoers/apricot-health "$tmp_sudo"
if sudo visudo -cf "$tmp_sudo" >/dev/null 2>&1; then
sudo install -m 0440 -o root -g root "$tmp_sudo" /etc/sudoers.d/apricot-health
echo " sudoers: installed"
else
echo " sudoers: SYNTAX ERROR — not installing" >&2
exit 1
fi
rm -f "$tmp_sudo"
# Root systemd units
sudo install -m 0644 "$t"/etc-systemd/apricot-cstate-tune.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now apricot-cstate-tune.service
echo " apricot-cstate-tune.service: enabled + started"
# User systemd units (under lilith)
sudo -u lilith mkdir -p /var/home/lilith/.config/systemd/user
sudo -u lilith install -m 0644 "$t"/user-systemd/apricot-crash-monitor.service /var/home/lilith/.config/systemd/user/
sudo -u lilith install -m 0644 "$t"/user-systemd/apricot-rail-watchdog.service /var/home/lilith/.config/systemd/user/
sudo loginctl enable-linger lilith 2>/dev/null || true
sudo systemctl --user -M lilith@.host daemon-reload
sudo systemctl --user -M lilith@.host enable --now apricot-crash-monitor.service
sudo systemctl --user -M lilith@.host restart apricot-rail-watchdog.service 2>/dev/null \
|| sudo systemctl --user -M lilith@.host enable --now apricot-rail-watchdog.service
echo " user units: enabled + started"
# Load it87 now if not yet loaded
if ! lsmod | grep -q '^it87 '; then
sudo modprobe it87 force_id=0x8628 ignore_resource_conflict=1 \
&& echo " it87 module: loaded" \
|| echo " it87 module: load FAILED (try reboot)"
fi
rm -rf "$t" /tmp/apricot-health.tar.gz
echo "==> install complete"
REMOTE
echo "==> done"
Reference in a new issue View git blame Copy permalink