68 lines
2.1 KiB
YAML
68 lines
2.1 KiB
YAML
# services/maintenance/oneoffs/titan-24-lesavka-desktop-helper-cleanup-job.yaml
|
|
# One-off cleanup for the temporary Lesavka paste-test desktop on titan-24.
|
|
# Run by setting spec.suspend to false, reconcile, then set it back to true.
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: titan-24-lesavka-desktop-helper-cleanup
|
|
namespace: maintenance
|
|
annotations:
|
|
kustomize.toolkit.fluxcd.io/force: "true"
|
|
spec:
|
|
suspend: true
|
|
backoffLimit: 1
|
|
ttlSecondsAfterFinished: 3600
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: titan-24-lesavka-desktop-helper-cleanup
|
|
spec:
|
|
restartPolicy: Never
|
|
nodeSelector:
|
|
kubernetes.io/hostname: titan-24
|
|
tolerations:
|
|
- key: node.kubernetes.io/not-ready
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
- key: node.kubernetes.io/unreachable
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
- key: node.kubernetes.io/not-ready
|
|
operator: Exists
|
|
effect: NoExecute
|
|
tolerationSeconds: 300
|
|
- key: node.kubernetes.io/unreachable
|
|
operator: Exists
|
|
effect: NoExecute
|
|
tolerationSeconds: 300
|
|
hostPID: true
|
|
containers:
|
|
- name: cleanup
|
|
image: debian:13-slim
|
|
securityContext:
|
|
privileged: true
|
|
runAsUser: 0
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
set -euo pipefail
|
|
chroot /host /usr/bin/env bash <<'EOS'
|
|
set -euo pipefail
|
|
username="lesavka-test"
|
|
rm -f /etc/sddm.conf.d/60-lesavka-test-autologin.conf
|
|
if id "${username}" >/dev/null 2>&1; then
|
|
loginctl terminate-user "${username}" >/dev/null 2>&1 || true
|
|
userdel -r "${username}" >/dev/null 2>&1 || true
|
|
fi
|
|
EOS
|
|
|
|
nsenter -t 1 -m -u -i -n -p -- systemctl restart sddm || \
|
|
nsenter -t 1 -m -u -i -n -p -- systemctl restart display-manager
|
|
volumeMounts:
|
|
- name: host-root
|
|
mountPath: /host
|
|
volumes:
|
|
- name: host-root
|
|
hostPath:
|
|
path: /
|