From fbebc17f8be7a3ca6c45c3c84d306e52c47d441d Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Date: Tue, 27 Jun 2023 15:44:44 +0400
Subject: [PATCH] fix: disable LVM backups/archive

Fixes #3129

Talos does not have a good location to keep LVM metadata backups.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
---
 Dockerfile    | 2 ++
 hack/lvm.conf | 8 ++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 hack/lvm.conf

diff --git a/Dockerfile b/Dockerfile
index 37977a29a..04bb72a30 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -562,6 +562,7 @@ COPY --chmod=0644 hack/containerd.toml /rootfs/etc/containerd/config.toml
 COPY --chmod=0644 hack/cri-containerd.toml /rootfs/etc/cri/containerd.toml
 COPY --chmod=0644 hack/cri-plugin.part /rootfs/etc/cri/conf.d/00-base.part
 COPY --chmod=0644 hack/udevd/80-net-name-slot.rules /rootfs/usr/lib/udev/rules.d/
+COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf
 RUN touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part}
 RUN ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt
 RUN ln -s /etc/ssl /rootfs/etc/pki
@@ -619,6 +620,7 @@ COPY --chmod=0644 hack/containerd.toml /rootfs/etc/containerd/config.toml
 COPY --chmod=0644 hack/cri-containerd.toml /rootfs/etc/cri/containerd.toml
 COPY --chmod=0644 hack/cri-plugin.part /rootfs/etc/cri/conf.d/00-base.part
 COPY --chmod=0644 hack/udevd/80-net-name-slot.rules /rootfs/usr/lib/udev/rules.d/
+COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf
 RUN touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part}
 RUN ln -s /etc/ssl /rootfs/etc/pki
 RUN ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt
diff --git a/hack/lvm.conf b/hack/lvm.conf
new file mode 100644
index 000000000..445b65752
--- /dev/null
+++ b/hack/lvm.conf
@@ -0,0 +1,8 @@
+# Disable LVM backups as Talos rootfs is read-only, and ephemeral partition is not a safe place to store
+# metadata backups.
+#
+# See https://github.com/siderolabs/talos/issues/3129
+backup {
+    backup = 0
+    archive = 0
+}