Add renovate.json

Containerfile

@@ -1,21 +1,11 @@
 FROM quay.io/fedora/fedora-bootc:44
 
 # Install ZFS
-# we want to keep ALL dnf downloaded packages in dnf cache,
-# this is not the default, hackily add it to the config,
-# assume there is not much in it. should be improved
-RUN echo 'keepcache=True' >> /etc/dnf/dnf.conf
+RUN dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
+RUN dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
+RUN dnf install -y zfs
 
-# deps
-RUN --mount=type=cache,target=/var/cache/libdnf5 <<EOF
-# dnf install -y kernel-devel-$(uname -r | awk -F'-' '{print $1}')
-dnf install -y https://zfsonlinux.org/fedora/zfs-release-3-1$(rpm --eval "%{dist}").noarch.rpm
-dnf install -y zfs
-EOF
-
-RUN useradd -m -d /var/home/backup -G wheel backup
-ARG PASSWORD
-RUN echo "backup:${PASSWORD}" | chpasswd
+RUN useradd -m -d /var/home/backup backup
 RUN mkdir /backups && chown backup:backup /backups
 
 COPY --chown=root:root --chmod=600 id_ed25519.pub /root/.ssh/authorized_keys

commands.sh

@@ -2,35 +2,30 @@ REPO="gitea.wefers.page/julian/backup-server"
 TAG="latest"
 
 build() {
-    read -srp "Desired password for user 'backup' in resulting container image: " password
     # ABSOLUTELY DO NOT USE --squash, as ostree NEEDS the layers
-    sudo buildah build \
+    buildah build \
         -t ${REPO}:${TAG} \
-        --build-arg PASSWORD="${password}" \
         --pull \
         --layers \
         --format oci \
         .
 
     if [ $? -eq 0 ]; then
-        sudo buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
-        sudo buildah push \
-            --compression-format zstd:chunked \
+        buildah login gitea.wefers.page -u julian -p 278b81490079574229dce45b66b726d2ae7e83c0
+        buildah push \
+            --compression-format zstd \
             "${REPO}:${TAG}"
     fi
 
 }
 
 mkImage() {
-    # set -euo
-    # echo "current partitions:"
-    # lsblk
-    # read -p "target USB stick device to write image to: /dev/" dev
     sudo podman run \
         --rm \
         -it \
         --privileged \
         --pull=newer \
+        --network=host \
         --security-opt label=type:unconfined_t \
         -v ./config.toml:/config.toml:ro \
         -v ./output:/output \
@@ -38,12 +33,8 @@ mkImage() {
         -v /var/lib/containers/storage:/var/lib/containers/storage \
         quay.io/centos-bootc/bootc-image-builder:latest \
         --type anaconda-iso \
-        --use-librepo=true \
-        --rootfs ext4 \
+        --use-librepo=True \
         ${REPO}:${TAG}
-
-        # --in-vm \
-    # sudo dd if=output/bootiso/install.iso of=/dev/${dev} bs=4M
 }
 
 $1

config.toml

@@ -10,24 +10,3 @@ publisher = "Julian"
 #     org.fedoraproject.Anaconda.Modules.Security
 # ]
 # disable = ["org.fedoraproject.Anaconda.Modules.Users"]
-
-[customizations.installer.kickstart]
-contents = """
-# Basic setup
-text
-lang en_US
-keyboard de
-timezone Europe/Berlin
-network --device=enp1s0 --bootproto=static --ip=192.168.178.3 --netmask=255.255.255.0 --gateway=192.168.178.1 --nameserver=1192.168.178.8
-# Basic partitioning
-clearpart --all --initlabel --disklabel=gpt --drives=sda
-reqpart --add-boot
-part / --grow --fstype ext4
-
-# Here's where we reference the container image to install - notice the kickstart
-# has no `%packages` section!  What's being installed here is a container image.
-# ostreecontainer --url gitea.wefers.page/julian/backup-server:latest
-
-firewall --disabled
-services --enabled=sshd
-"""

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>julian/renovate-config"
+  ]
+}