commit e3eae265f7517ea458a61b7470869133c723b258 Author: Julian Wefers Date: Sat May 30 21:21:42 2026 +0200 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..53752db --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +output diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..c2698de --- /dev/null +++ b/Containerfile @@ -0,0 +1,12 @@ +FROM quay.io/fedora/fedora-coreos:stable + +# Install ZFS +RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}') +RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm +RUN dnf install -y zfs + +RUN useradd -m -d /var/home/backup backup +RUN mkdir /backups && chown backup:backup /backups + +COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys +COPY --chown=backup:backup --chmod=600 id_ed25519.pub /var/home/backup/.ssh/authorized_keys diff --git a/commands.sh b/commands.sh new file mode 100755 index 0000000..4b97b1c --- /dev/null +++ b/commands.sh @@ -0,0 +1,40 @@ +REPO="gitea.wefers.page/julian/backup-server" +TAG="latest" + +build() { + buildah build \ + -t ${REPO}:${TAG} \ + --pull \ + --layers \ + --squash \ + --format oci \ + . + + if [ $? -eq 0 ]; then + buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0 + buildah push \ + --compression-format zstd:chunked \ + "${REPO}:${TAG}" + fi + +} + +mkImage() { + sudo podman run \ + --rm \ + -it \ + --privileged \ + --pull=newer \ + --network=host \ + --security-opt label=type:unconfined_t \ + -v ./config.toml:/config.toml:ro \ + -v ./output:/output \ + -v /etc/containers/storage.conf:/etc/containers/storage.conf \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ + quay.io/centos-bootc/bootc-image-builder:latest \ + --type anaconda-iso \ + --use-librepo=True \ + ${REPO}:${TAG} +} + +$1 diff --git a/config.toml b/config.toml new file mode 100644 index 0000000..88f6caf --- /dev/null +++ b/config.toml @@ -0,0 +1,12 @@ +[customizations.iso] +volume_id = "JuliansBackupServer" +application_id = "JuliansBackupServer" +publisher = "Julian" + +# [customizations.installer.modules] +# enable = [ +# "org.fedoraproject.Anaconda.Modules.Localization", +# "org.fedoraproject.Anaconda.Modules.Network", +# org.fedoraproject.Anaconda.Modules.Security +# ] +# disable = ["org.fedoraproject.Anaconda.Modules.Users"] diff --git a/id_ed25519.pub b/id_ed25519.pub new file mode 100644 index 0000000..e49643b --- /dev/null +++ b/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local diff --git a/kickstart.ks b/kickstart.ks new file mode 100644 index 0000000..a8b870d --- /dev/null +++ b/kickstart.ks @@ -0,0 +1,20 @@ +# Basic setup +text +network --device=enp1s0 --bootproto=static --ip=192.168.178.3 --netmask=255.255.255.0 --gateway=192.168.178.1 --nameserver=1192.168.178.8 +# Basic partitioning +clearpart --all --initlabel --disklabel=gpt --drives=sda +reqpart --add-boot +part / --grow --fstype ext4 + +# Here's where we reference the container image to install - notice the kickstart +# has no `%packages` section! What's being installed here is a container image. +ostreecontainer --url gitea.wefers.page/julian/backup-server:latest + +firewall --disabled +services --enabled=sshd + +# Only inject a SSH key for root +rootpw --iscrypted locked +sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local" +sshkey --username backup "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local" +reboot