Containerfile: cache dnf folder

Containerfile

@@ -1,11 +1,21 @@
 FROM quay.io/fedora/fedora-bootc:44
 
 # Install ZFS
-RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
-RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
-RUN dnf install -y zfs
+# we want to keep ALL dnf downloaded packages in dnf cache,
+# this is not the default, hackily add it to the config,
+# assume there is not much in it. should be improved
+RUN echo 'keepcache=True' >> /etc/dnf/dnf.conf
 
-RUN useradd -m -d /var/home/backup backup
+# deps
+RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
+# dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
+dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
+dnf install -y zfs
+EOF
+
+RUN useradd -m -d /var/home/backup -G wheel backup
+ARG PASSWORD
+RUN echo "backup:${PASSWORD}" | chpasswd
 RUN mkdir /backups && chown backup:backup /backups
 
 COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys

commands.sh

@@ -2,30 +2,35 @@ REPO="gitea.wefers.page/julian/backup-server"
 TAG="latest"
 
 build() {
+    read -srp "Desired password for user 'backup' in resulting container image: " password
     # ABSOLUTELY DO NOT USE --squash, as ostree NEEDS the layers
-    buildah build \
+    sudo buildah build \
         -t ${REPO}:${TAG} \
+        --build-arg PASSWORD="${password}" \
         --pull \
         --layers \
         --format oci \
         .
 
     if [ $? -eq 0 ]; then
-        buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
-        buildah push \
-            --compression-format zstd \
+        sudo buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
+        sudo buildah push \
+            --compression-format zstd:chunked \
             "${REPO}:${TAG}"
     fi
 
 }
 
 mkImage() {
+    # set -euo
+    # echo "current partitions:"
+    # lsblk
+    # read -p "target USB stick device to write image to: /dev/" dev
     sudo podman run \
         --rm \
         -it \
         --privileged \
         --pull=newer \
-        --network=host \
         --security-opt label=type:unconfined_t \
         -v ./config.toml:/config.toml:ro \
         -v ./output:/output \
@@ -33,8 +38,12 @@ mkImage() {
         -v /var/lib/containers/storage:/var/lib/containers/storage \
         quay.io/centos-bootc/bootc-image-builder:latest \
         --type anaconda-iso \
-        --use-librepo=True \
+        --use-librepo=true \
+        --rootfs ext4 \
         ${REPO}:${TAG}
+
+        # --in-vm \
+    # sudo dd if=output/bootiso/install.iso of=/dev/${dev} bs=4M
 }
 
 $1

config.toml

@@ -10,3 +10,24 @@ publisher = "Julian"
 #     org.fedoraproject.Anaconda.Modules.Security
 # ]
 # disable = ["org.fedoraproject.Anaconda.Modules.Users"]
+
+[customizations.installer.kickstart]
+contents = """
+# Basic setup
+text
+lang en_US
+keyboard de
+timezone Europe/Berlin
+network --device=enp1s0 --bootproto=static --ip=192.168.178.3 --netmask=255.255.255.0 --gateway=192.168.178.1 --nameserver=1192.168.178.8
+# Basic partitioning
+clearpart --all --initlabel --disklabel=gpt --drives=sda
+reqpart --add-boot
+part / --grow --fstype ext4
+
+# Here's where we reference the container image to install - notice the kickstart
+# has no `%packages` section!  What's being installed here is a container image.
+# ostreecontainer --url gitea.wefers.page/julian/backup-server:latest
+
+firewall --disabled
+services --enabled=sshd
+"""