-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
98 lines (80 loc) · 3.08 KB
/
Copy pathContainerfile
File metadata and controls
98 lines (80 loc) · 3.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
FROM quay.io/fedora/fedora-bootc:44
ARG K0S_VERSION=v1.36.1+k0s.0
ARG TARGETARCH
COPY fs/ /
RUN <<EORUN
# Build script
set -e # Exit build if any subcommand fails
echo "■■■■■ Install packages ■■■■■"
dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/F-$(rpm -E %fedora)-x86_64/pgdg-fedora-repo-latest.noarch.rpm
dnf install -y \
postgresql18-server \
tailscale \
wireguard-tools \
cloud-init qemu-guest-agent \
systemd-networkd \
dracut-network dracut-sshd \
ufw \
zsh fish \
tmux screen \
neovim jq yq prename \
rsync tcpdump wget \
htop plocate tree \
btrfs-progs snapper \
nut \
smartmontools gdisk \
cockpit cockpit-selinux cockpit-ostree cockpit-kdump cockpit-sosreport \
cri-tools kubernetes1.36-client \
toolbox \
cowsay figlet lolcat \
"https://github.com/derailed/k9s/releases/latest/download/k9s_linux_$TARGETARCH.rpm"
[[ $TARGETARCH == "amd64" ]] && curl -L https://github.com/CyberShadow/btdu/releases/latest/download/btdu-static-x86_64 -o /usr/bin/btdu && chmod +x /usr/bin/btdu
echo "■■■■■ Install packages from RPM fusion ■■■■■"
dnf install -y "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm"
dnf install -y \
ffmpeg
echo "■■■■■ Install k0s ■■■■■"
curl -sSLf https://get.k0s.sh | K0S_VERSION=$K0S_VERSION sh
echo "■■■■■ DNF clean up ■■■■■"
dnf clean all
rm -rf /var/cache/* /var/log/* /var/lib/dnf
# Enable and disable systemd units
echo "■■■■■ Setup services ■■■■■"
systemctl enable dracut-sshd-copy-keys.path
systemctl mask bootc-fetch-apply-updates.timer # unsupervised updates not recommended with encryption layer
systemctl disable NetworkManager
systemctl enable systemd-networkd
ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
echo "■■■■■ Setup utilities ■■■■■"
# Set fish as default shell
usermod -s /usr/bin/fish root
echo "■■■■■ Setup readonly paths ■■■■■"
# Make some paths needed by k0s writable
ln -s /var/libexec/k0s /usr/libexec/k0s
ln -s /var/opt/cni /opt/cni
ln -s /var/local/lib/local-path-provisioner /opt/local-path-provisioner
echo "■■■■■ Setup initramfs ■■■■■"
# Create dummy dracut ssh host key to prevent dracut installation failing
touch /etc/ssh/dracut_ssh_host_ecdsa_key{,.pub}
touch /etc/dracut-sshd/authorized_keys
# Regenerate initramfs
set -x
kernel_version=$(cd /usr/lib/modules && echo *)
dracut -vf /usr/lib/modules/$kernel_version/initramfs.img $kernel_version
set +x
# Remove files required only for initramfs
rm -rf \
/etc/dracut-sshd/ /etc/dracut.conf.d/* \
/etc/systemd/system/sshd.service.d/*
echo "■■■■■ /var clean up ■■■■■"
# Remove unrequired file from /var
rm -rf \
/var/lib/plocate/CACHEDIR.TAG \
/var/lib/ufw/user*.rules \
/var/lib/pgsql \
/var/lib/selinux \
/var/lib/cloud \
/var/lib/dhcpcd
echo "■■■■■ Build complete ■■■■■"
EORUN
RUN bootc container lint --no-truncate