remove backup user from dockerfile

Containerfile

@@ -1,14 +1,17 @@
 FROM quay.io/fedora/fedora-bootc:44
 
 # Install ZFS
-RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
+# we want to keep ALL dnf downloaded packages in dnf cache,
-RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
+# this is not the default, hackily add it to the config,
-RUN dnf install -y zfs
+# assume there is not much in it. should be improved
+RUN echo 'keepcache=True' >> /etc/dnf/dnf.conf
 
-RUN useradd -m -d /var/home/backup backup
+# deps
-RUN mkdir /backups && chown backup:backup /backups
+RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
-
+# dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
-COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys
+dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
-COPY --chown=backup:backup --chmod=600 id_ed25519.pub /var/home/backup/.ssh/authorized_keys
+dnf install -y zfs btop borgbackup
+dnf clean all && rm -rf /run/dnf && rm -rf /tmp/*
+EOF
 
 RUN bootc container lint

commands.sh

@@ -3,23 +3,28 @@ TAG="latest"
 
 build() {
     # ABSOLUTELY DO NOT USE --squash, as ostree NEEDS the layers
-    buildah build \
+    sudo buildah build \
         -t ${REPO}:${TAG} \
         --pull \
         --layers \
         --format oci \
+        --network=host \
         .
 
     if [ $? -eq 0 ]; then
-        buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
+        sudo buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
-        buildah push \
+        sudo buildah push \
-            --compression-format zstd \
+            --compression-format zstd:chunked \
             "${REPO}:${TAG}"
     fi
 
 }
 
 mkImage() {
+    # set -euo
+    # echo "current partitions:"
+    # lsblk
+    # read -p "target USB stick device to write image to: /dev/" dev
     sudo podman run \
         --rm \
         -it \
@@ -33,8 +38,12 @@ mkImage() {
         -v /var/lib/containers/storage:/var/lib/containers/storage \
         quay.io/centos-bootc/bootc-image-builder:latest \
         --type anaconda-iso \
-        --use-librepo=True \
+        --use-librepo=true \
+        --rootfs ext4 \
         ${REPO}:${TAG}
+
+        # --in-vm \
+    # sudo dd if=output/bootiso/install.iso of=/dev/${dev} bs=4M
 }
 
 $1

config.toml

@@ -1,3 +1,18 @@
+[customizations]
+hostname = "backupserver"
+
+[[customizations.user]]
+name = "backup"
+description = "Default user account"
+password = "$6$CHO2$3rN8eviE2t50lmVyBYihTgVRHcaecmeCk31L..."
+key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPAWtzq2/cuv+zPzdDSCe/5pc0HRCxmwFiI5Fu3sEok julian@local"
+home = "/srv/widget/"
+shell = "/usr/bin/bash"
+groups = ["widget", "users", "wheel"]
+uid = 1200
+gid = 1200
+expiredate = 12345
+
 [customizations.iso]
 volume_id = "JuliansBackupServer"
 application_id = "JuliansBackupServer"
@@ -10,3 +25,20 @@ publisher = "Julian"
 #     org.fedoraproject.Anaconda.Modules.Security
 # ]
 # disable = ["org.fedoraproject.Anaconda.Modules.Users"]
+
+[customizations.installer.kickstart]
+contents = """
+# Basic setup
+text
+lang en_US
+keyboard de
+timezone Europe/Berlin
+network --device=enp1s0 --bootproto=static --ip=192.168.178.3 --netmask=255.255.255.0 --gateway=192.168.178.1 --nameserver=1192.168.178.8
+
+# Here's where we reference the container image to install - notice the kickstart
+# has no `%packages` section!  What's being installed here is a container image.
+# ostreecontainer --url gitea.wefers.page/julian/backup-server:latest
+
+firewall --disabled
+services --enabled=sshd
+"""