init

.gitignore

@@ -0,0 +1 @@
+output

Containerfile

@@ -0,0 +1,12 @@
+FROM quay.io/fedora/fedora-coreos:stable
+
+# Install ZFS
+RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
+RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
+RUN dnf install -y zfs
+
+RUN useradd -m -d /var/home/backup backup
+RUN mkdir /backups && chown backup:backup /backups
+
+COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys
+COPY --chown=backup:backup --chmod=600 id_ed25519.pub /var/home/backup/.ssh/authorized_keys

commands.sh

@@ -0,0 +1,40 @@
+REPO="gitea.wefers.page/julian/backup-server"
+TAG="latest"
+
+build() {
+    buildah build \
+        -t ${REPO}:${TAG} \
+        --pull \
+        --layers \
+        --squash \
+        --format oci \
+        .
+
+    if [ $? -eq 0 ]; then
+        buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
+        buildah push \
+            --compression-format zstd:chunked  \
+            "${REPO}:${TAG}"
+    fi
+
+}
+
+mkImage() {
+    sudo podman run \
+        --rm \
+        -it \
+        --privileged \
+        --pull=newer \
+        --network=host \
+        --security-opt label=type:unconfined_t \
+        -v ./config.toml:/config.toml:ro \
+        -v ./output:/output \
+        -v /etc/containers/storage.conf:/etc/containers/storage.conf \
+        -v /var/lib/containers/storage:/var/lib/containers/storage \
+        quay.io/centos-bootc/bootc-image-builder:latest \
+        --type anaconda-iso \
+        --use-librepo=True \
+        ${REPO}:${TAG}
+}
+
+$1

config.toml

@@ -0,0 +1,12 @@
+[customizations.iso]
+volume_id = "JuliansBackupServer"
+application_id = "JuliansBackupServer"
+publisher = "Julian"
+
+# [customizations.installer.modules]
+# enable = [
+#     "org.fedoraproject.Anaconda.Modules.Localization",
+#     "org.fedoraproject.Anaconda.Modules.Network",
+#     org.fedoraproject.Anaconda.Modules.Security
+# ]
+# disable = ["org.fedoraproject.Anaconda.Modules.Users"]

id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local

kickstart.ks

@@ -0,0 +1,20 @@
+# Basic setup
+text
+network --device=enp1s0 --bootproto=static --ip=192.168.178.3 --netmask=255.255.255.0 --gateway=192.168.178.1 --nameserver=1192.168.178.8
+# Basic partitioning
+clearpart --all --initlabel --disklabel=gpt --drives=sda
+reqpart --add-boot
+part / --grow --fstype ext4
+
+# Here's where we reference the container image to install - notice the kickstart
+# has no `%packages` section!  What's being installed here is a container image.
+ostreecontainer --url gitea.wefers.page/julian/backup-server:latest
+
+firewall --disabled
+services --enabled=sshd
+
+# Only inject a SSH key for root
+rootpw --iscrypted locked
+sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local"
+sshkey --username backup "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local"
+reboot