- Add nullpoint branding to /etc/os-release PRETTY_NAME field
- Preserve original OS information as base system reference
- Create backup of original os-release file
- Display updated branding information during installation
Remote nodes are now true GlusterFS clients:
- Only install glusterfs-client packages (not server)
- Don't run glusterd service
- Don't contribute storage bricks
- Mount volume as client from full nodes
- Perfect for edge locations with high latency
Full nodes are GlusterFS servers:
- Install and run glusterfs-server
- Contribute storage bricks
- Participate in replication
- Must be used in low-latency environments
This prevents replication delays - writes only wait for full nodes,
not remote clients. Remote nodes get eventual consistency.
- Full nodes: contribute storage, act as lighthouses
- Remote nodes: don't contribute storage, not lighthouses, but have full read/write access
- Expanded README with clearer feature descriptions
- Interactive node type selection during join
- Remote nodes useful for edge locations or low-storage devices
Keep it simple - just the essentials:
- What it is: distributed storage with mesh networking
- How to run it: wget command
- How it works: preshared secret + lighthouse
- Where data goes: /data/storage/
- Accept list of lighthouse endpoints (DNS names or IPs)
- Remove specific HA setup references from README
- Add recommendation for redundant DNS in script prompts
- Add links to Nebula and GlusterFS documentation
- Support multiple lighthouse endpoints separated by commas
- More generic language suitable for any infrastructure setup
- Use DNS domain for lighthouse discovery (works with HAProxy/Keepalived)
- All nodes are lighthouses by default for full redundancy
- Remove static_host_map complexity - DNS handles everything
- Ask for lighthouse domain during setup
- Allow disabling lighthouse mode for remote/edge nodes
- Simplified cluster secret: domain:port:ca_cert
This allows using existing HA infrastructure (DNS pointing to alive nodes)
instead of complex IP tracking and manual updates.
- Switch from WireGuard point-to-point to Nebula overlay network
- Certificate-based trust with single CA for cluster authentication
- True mesh networking - all nodes can communicate directly
- Simplified joining process with lighthouse-based discovery
- Network range: 192.168.100.0/24 (lighthouse at .1)
- Auto-downloads and installs Nebula binaries
- Maintains GlusterFS replication across mesh nodes
Note: Certificate distribution requires manual step for security
Change from /32 single-IP restrictions to full network range for all peers.
This enables proper all-to-all mesh communication while maintaining
security through preshared keys.
- New cluster-setup.sh script for creating/joining distributed storage clusters
- Interactive menu: create new cluster or join existing
- WireGuard mesh networking with automatic IP allocation
- GlusterFS with full replication across all nodes
- Single-node start capability, scales up as nodes join
- Storage mounted at /data/storage/ with automatic firewall config
- Simple wget installer for post-nullpoint-install usage
- Add python3.13-pip package for pip support
- Move Claude Code and bpytop to user-only installations
- Add pip alias to use Python 3.13
- Add empty line to MOTD for better spacing
- Add dnf upgrade at start for latest packages/kernel
- Install real Docker CE from official repository
- Install bpytop via Python 3.13
- Add bash-completion package and zsh compatibility
- Add user to docker group for permission
- Install python3.13 package to match dotfiles alias
- Ensures 'python' alias points to working Python 3.13
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install npm package via dnf
- Install Claude Code globally via npm
- Add proper error handling for both installations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Clear numbered steps for first boot process
- Emphasize entering passphrase twice (RAID1 setup)
- Mention automatic reboot after installation
- Cleaner, more actionable instructions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Compare fingerprints and show if they're the same
- Clear indication when keys are shared vs different
- Better user experience for host key verification
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Show SHA256 fingerprints for both normal and rescue SSH keys
- Helps distinguish between dropbear (rescue) and OpenSSH (normal)
- Makes it easy to verify host keys on first connection
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Single loop handles both user and root setup
- Install oh-my-zsh, powerlevel10k, and dotfiles for both
- Fix shell change using sed instead of chsh command
- Cleaner, more maintainable code structure
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install oh-my-zsh and powerlevel10k for both user and root
- Copy dotfiles to both user and root home directories
- Set zsh as default shell for root
- Root now has same terminal experience as user
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Disable root login
- Disable password authentication entirely
- Disable PAM authentication
- Only allow specific user via AllowUsers
- Add clear status messages
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Configure NOPASSWD: ALL for the created user
- Create proper sudoers.d file with correct permissions
- User no longer needs to enter password for sudo commands
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add missing source line for ~/.p10k.zsh in .zshrc
- This prevents the p10k configuration wizard from running
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Make unlock-luks work in minimal initramfs environment
- Handle missing lsblk and systemd-ask-password --list
- Try to use same SSH host key for dropbear and OpenSSH
- Add clear documentation about fingerprint differences
- Better error handling and debugging output
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove RSA and ECDSA key generation (legacy crypto)
- Only generate and use ED25519 keys (most secure)
- Simplify both main script and dracut module
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Show SHA256 fingerprint for ed25519 key (modern standard)
- Keep SHA1 output from dropbearkey for other keys
- Clean up key generation output
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update from port 2222 to port 22 for dropbear
- Remove redundant -p flag since 22 is default SSH port
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Properly handle . and .. in dotfile copy loop
- Change directory before listing to avoid path issues
- Explicitly exclude . and .. from file copying
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
