From 68e798b8815194c9aa5cf5b1854820dcc096f34a Mon Sep 17 00:00:00 2001
From: Julian Wefers <julian@wefers.page>
Date: Sun, 31 May 2026 14:10:21 +0200
Subject: [PATCH] container: add password and wheel group membership

---
 Containerfile |  4 +++-
 commands.sh   | 17 +++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/Containerfile b/Containerfile
index dde0f83..13ab3e2 100644
--- a/Containerfile
+++ b/Containerfile
@@ -5,7 +5,9 @@ RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
 RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
 RUN dnf install -y zfs
 
-RUN useradd -m -d /var/home/backup backup
+RUN useradd -m -d /var/home/backup -G wheel backup
+ARG PASSWORD
+RUN echo "backup:${PASSWORD}" | chpasswd
 RUN mkdir /backups && chown backup:backup /backups
 
 COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys
diff --git a/commands.sh b/commands.sh
index 1ea8260..bd0da23 100755
--- a/commands.sh
+++ b/commands.sh
@@ -2,9 +2,11 @@ REPO="gitea.wefers.page/julian/backup-server"
 TAG="latest"
 
 build() {
+    read -srp "Desired password for user 'backup' in resulting container image: " password
     # ABSOLUTELY DO NOT USE --squash, as ostree NEEDS the layers
     buildah build \
         -t ${REPO}:${TAG} \
+        --build-arg PASSWORD="${password}" \
         --pull \
         --layers \
         --format oci \
@@ -13,28 +15,35 @@ build() {
     if [ $? -eq 0 ]; then
         buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
         buildah push \
-            --compression-format zstd \
+            --compression-format zstd:chunked \
             "${REPO}:${TAG}"
     fi
 
 }
 
 mkImage() {
-    sudo podman run \
+    # set -euo
+    # echo "current partitions:"
+    # lsblk
+    # read -p "target USB stick device to write image to: /dev/" dev
+    podman run \
         --rm \
         -it \
         --privileged \
         --pull=newer \
-        --network=host \
         --security-opt label=type:unconfined_t \
         -v ./config.toml:/config.toml:ro \
         -v ./output:/output \
         -v /etc/containers/storage.conf:/etc/containers/storage.conf \
-        -v /var/lib/containers/storage:/var/lib/containers/storage \
+        -v ~/.local/share/containers/storage:/var/lib/containers/storage \
         quay.io/centos-bootc/bootc-image-builder:latest \
+        --in-vm \
         --type anaconda-iso \
         --use-librepo=True \
+        --rootfs ex4 \
         ${REPO}:${TAG}
+
+    # sudo dd if=output/bootiso/install.iso of=/dev/${dev} bs=4M
 }
 
 $1