Latest development (#1)

* Update install.bu

* Update create-ipxe-iso.sh

* Update coreos-install.ipxe

* Update create-ipxe-iso.sh

* temporary sample

* triggering action

* Update docker-image.yml

* Automate ignition file generation from butane

* restores previous butane

* Automate ignition file generation from butane

* Tries to keep var partition

* Automate ignition file generation from butane

* Adds compose files for apps

* Automate ignition file generation from butane

* Update coreos-install.ipxe

* Automate ignition file generation from butane

* Update coreos.bu

* Automate ignition file generation from butane

* Update coreos-install.ipxe

* Automate ignition file generation from butane

* Upgrades version

* Automate ignition file generation from butane

* Adds vim and docker compose

* Automate ignition file generation from butane

* Update coreos-install.ipxe

* Automate ignition file generation from butane

* Update README.md

* Automate ignition file generation from butane

* Automates containers creation

* Automate ignition file generation from butane

* UID and GID in NFS

* Automate ignition file generation from butane

* remove binding

* Automate ignition file generation from butane

* Update coreos.bu

* Automate ignition file generation from butane

* adds guid

* group

* removes pcloud due to issues

* fixes uid and guid

* Fixes group and user

* Automate ignition file generation from butane

* fixes port

* Automate ignition file generation from butane

* mariadb install and enable (prototype)

* Automate ignition file generation from butane

* removes mariadb, changes guid to 1000

* Automate ignition file generation from butane

* fixes

* Automate ignition file generation from butane

* fixes z2mqtt permission, adds dialout group

* Automate ignition file generation from butane

* no need to create dialout (ignition would fail

* Automate ignition file generation from butane

* testing group without name

* Automate ignition file generation from butane

* removing due to coreos bug:
coreos/fedora-coreos-tracker#155

* Automate ignition file generation from butane

* depends

* Automate ignition file generation from butane

* jellyfin folders

* Automate ignition file generation from butane

* rename

* Automate ignition file generation from butane

* removes old option

* Automate ignition file generation from butane

* password not needed anymore (was temporary)

* Automate ignition file generation from butane

* new github action for multiple butane files

* fixes paths

* action

* fixes action

* Automate ignition file generation from butane

* Splits butane into multiple configs

* fixes butane

* Fixes remote butanes

* Automate ignition file generation from butane

.github/workflows/docker-image.yml

@@ -1,4 +1,4 @@
-name: Docker Buton to Ignite
+name: Docker Butane to Ignite
 
 on:
   push:
@@ -16,12 +16,12 @@ jobs:
     - uses: actions/checkout@v3
     - name: Build the Docker image
       run: |
-        rm -f coreos.ign
-        rm -f install.ign
-        docker run -i --rm quay.io/coreos/butane:release --pretty --strict < coreos.bu > coreos.ign
-        docker run -i --rm quay.io/coreos/butane:release --pretty --strict < install.bu > install.ign
-        docker run -i --rm quay.io/coreos/ignition-validate:release - < coreos.ign
-        docker run -i --rm quay.io/coreos/ignition-validate:release - < install.ign
+        for entry in "butane"/*
+        do
+          filename=$(basename $entry .bu)
+          docker run -i --rm quay.io/coreos/butane:release --pretty --strict < butane/$filename.bu > ignition/$filename.ign
+          docker run -i --rm quay.io/coreos/ignition-validate:release - < ignition/$filename.ign
+        done
         git config --global user.name 'UnconventionalMindset'
         git config --global user.email '11658632+UnconventionalMindset@users.noreply.github.com'
         git commit --allow-empty -am "Automate ignition file generation from butane"

README.md

@@ -4,4 +4,3 @@
 
 - [x] Github action to convert Butane to Ignite.
 - [x] Creation of ISO image that automatically install Fedora Core OS using the `coreos.ign` present in this repo from its url. Used for provisioning in my Proxmox.
-Current script to embed the ignite to the iso is here: https://gist.github.com/UnconventionalMindset/632f3892e2149ac826af90892d0cca13

apps/hass/docker-compose.yml

@@ -0,0 +1,17 @@
+---
+version: "3"
+services:
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: hass
+    network_mode: host
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Zurich
+    volumes:
+      - /var/mnt/shared/apps/docker/homeassistant/config:/config
+    # ports:
+    #   - 8123:8123
+    restart: unless-stopped
+    privileged: true

apps/jellyfin/docker-compose.yml

@@ -0,0 +1,22 @@
+---
+version: "3.3"
+services:
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Zurich
+      - JELLYFIN_PublishedServerUrl=192.168.31.200 #optional
+    volumes:
+      - /var/mnt/shared/apps/docker/jellyfin/config:/config
+      - /var/mnt/shared/apps/files/series:/data/tvshows
+      - /var/mnt/shared/apps/files/films:/data/movies
+    ports:
+      - 8096:8096
+      - 8920:8920
+      - 7359:7359/udp
+      - 1901:1900/udp
+    restart: unless-stopped
+    privileged: true

apps/mosquitto/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  mosquitto:
+    container_name: mosquitto
+    image: eclipse-mosquitto:2
+    volumes:
+      - /var/mnt/shared/apps/docker/mosquitto/config/:/mosquitto/config/:rw
+      - /var/mnt/shared/apps/docker/mosquitto/log/:/mosquitto/log/
+      - /var/mnt/shared/apps/docker/mosquitto/data/:/mosquitto/data/
+    ports:
+      - 1883:1883
+      - 9002:9001
+    privileged: true
+
+volumes:
+  data: ~

apps/zigbee2mqtt/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3.8'
+services:
+  zigbee2mqtt:
+    container_name: zigbee2mqtt
+    image: koenkk/zigbee2mqtt
+    restart: unless-stopped
+    user: 1000:1000
+    depends_on:
+      - mosquitto
+    volumes:
+      - /var/mnt/shared/apps/docker/z2mqtt/config:/app/data
+      - /run/udev:/run/udev:ro
+    ports:
+      # Frontend port
+      - 8080:8080
+    environment:
+      - TZ=Europe/Zurich
+    devices:
+      - /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_22fe32bb2286ec118b52631719c2d21c-if00-port0:/dev/ttyUSB0

butane/apps.bu

@@ -0,0 +1,109 @@
+variant: fcos
+version: 1.4.0
+storage:
+  files:
+    - path: /var/home/core/download-apps-docker-composes.sh
+      overwrite: true
+      contents:
+        inline: |
+          #!/usr/bin/bash
+          git clone --filter=blob:none --branch dev --no-checkout --depth 1 --sparse https://github.com/UnconventionalMindset/coreos-setup.git /var/home/core/coreos-setup
+          cd /var/home/core/coreos-setup
+          git sparse-checkout set apps
+          git checkout
+          mkdir /etc/docker/compose/
+          mv /var/home/core/coreos-setup/apps/* /etc/docker/compose/
+          rm -rf /var/home/core/coreos-setup
+    - path: /var/home/core/deploy-stack.sh
+      overwrite: true
+      contents:
+        inline: |
+          #!/usr/bin/bash
+          composes=($(ls /etc/docker/compose/))
+          for (( i = 0; i < ${#composes[@]} ; i++ )); do
+            systemctl start docker-compose@${composes[$i]}
+          done
+
+systemd:
+  units:
+    - name: download-apps-docker-composes.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Downloads apps docker composes
+        Wants=network-online.target
+        After=network-online.target
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/usr/bin/bash /var/home/core/download-apps-docker-composes.sh
+        ExecStart=/bin/touch /var/lib/%N.stamp
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: docker-compose@.service
+      contents: |
+        [Unit]
+        Description=%i service with docker compose
+        PartOf=docker.service
+        Wants=network-online.target docker.service rpm-ostree-install-docker-compose.service
+        After=network-online.target rpm-ostree-install-docker-compose.service
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        WorkingDirectory=/etc/docker/compose/%i
+        ExecStart=/usr/bin/docker-compose up -d --remove-orphans
+        ExecStop=/usr/bin/docker-compose down
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: deploy-stack.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Deploy stack with docker compose
+        Wants=network-online.target docker.service rpm-ostree-install-docker-compose.service download-apps-docker-composes.service
+        After=network-online.target rpm-ostree-install-docker-compose.service download-apps-docker-composes.service
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=/usr/bin/bash /var/home/core/deploy-stack.sh
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: docker.portainer.service
+      enabled: true
+      contents: |-
+        [Unit]
+        Description=Portainer Admin Container
+        After=docker.service var-mnt-shared.mount
+        Requires=docker.service network.target network-online.target
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        TimeoutStartSec=0
+        ExecStartPre=-/usr/bin/docker stop %n
+        ExecStartPre=-/usr/bin/docker rm %n
+        ExecStartPre=/usr/bin/docker pull portainer/portainer-ce:latest
+        ExecStart=-/usr/bin/mkdir -p /mnt/shared/apps/docker/portainer
+        # Privileged mode is required for binding to local socket to work due to SELINUX (https://github.com/portainer/portainer/issues/849)
+        ExecStart=/usr/bin/docker run \
+          --privileged=true \
+          -d \
+          -p 9000:9000 \
+          --name %n \
+          --restart always \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          -v /mnt/shared/apps/docker/portainer:/data \
+          portainer/portainer-ce:latest \
+            --templates https://raw.githubusercontent.com/UnconventionalMindset/portainer/main/template.json \
+            --admin-password-file /data/.secrets/portainer_pass
+        ExecStop=/usr/bin/docker stop -t 15 %n
+
+        [Install]
+        WantedBy=multi-user.target

butane/coreos.bu

@@ -0,0 +1,75 @@
+variant: fcos
+version: 1.4.0
+ignition:
+  config:
+    merge:
+      - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/apps.ign
+      - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/install-programs.ign
+      - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/network.ign
+      - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/nfs.ign
+      - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/users_and_groups.ign
+
+storage:
+  files:
+    - path: /etc/profile.d/systemd-pager.sh
+      mode: 0644
+      contents:
+        inline: |
+          # Tell systemd to not use a pager when printing information
+          export SYSTEMD_PAGER=cat
+    - path: /etc/sysctl.d/20-silence-audit.conf
+      mode: 0644
+      contents:
+        inline: |
+          # Raise console message logging level from DEBUG (7) to WARNING (4)
+          # to hide audit messages from the interactive console
+          kernel.printk=4
+
+systemd:
+  units:
+    - name: serial-getty@ttyS0.service
+      dropins:
+      - name: autologin-core.conf
+        contents: |
+          [Service]
+          # Override Execstart in main unit
+          ExecStart=
+          # Add new Execstart with `-` prefix to ignore failure
+          ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM
+          TTYVTDisallocate=no
+    - name: failure.service
+      enabled: true
+      contents: |
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/false
+        RemainAfterExit=yes
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: etcd-member.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Run a single node etcd
+        After=network-online.target
+        Wants=network-online.target
+
+        [Service]
+        ExecStartPre=mkdir -p /var/lib/etcd
+        ExecStartPre=-/bin/podman kill etcd
+        ExecStartPre=-/bin/podman rm etcd
+        ExecStartPre=-/bin/podman pull quay.io/coreos/etcd
+        ExecStart=/bin/podman run --name etcd --net=host \
+                    --volume /var/lib/etcd:/etcd-data:z  \
+                    quay.io/coreos/etcd:latest /usr/local/bin/etcd              \
+                            --data-dir /etcd-data --name node1                  \
+                            --initial-advertise-peer-urls http://127.0.0.1:2380 \
+                            --listen-peer-urls http://127.0.0.1:2380            \
+                            --advertise-client-urls http://127.0.0.1:2379       \
+                            --listen-client-urls http://127.0.0.1:2379          \
+                            --initial-cluster node1=http://127.0.0.1:2380
+        ExecStop=/bin/podman stop etcd
+
+        [Install]
+        WantedBy=multi-user.target

butane/install-programs.bu

@@ -0,0 +1,64 @@
+variant: fcos
+version: 1.4.0
+storage:
+  files:
+    # Set vim as default editor
+    # We use `zz-` as prefix to make sure this is processed last in order to
+    # override any previously set defaults.
+    - path: /etc/profile.d/zz-default-editor.sh
+      overwrite: true
+      contents:
+        inline: |
+          export EDITOR=vim
+systemd:
+  units:
+    # Installing vim as a layered package with rpm-ostree
+    - name: rpm-ostree-install-vim.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Layer vim with rpm-ostree
+        Wants=network-online.target
+        After=network-online.target
+        # We run before `zincati.service` to avoid conflicting rpm-ostree
+        # transactions.
+        Before=zincati.service rpm-ostree-install-docker-compose.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        # `--allow-inactive` ensures that rpm-ostree does not return an error
+        # if the package is already installed. This is useful if the package is
+        # added to the root image in a future Fedora CoreOS release as it will
+        # prevent the service from failing.
+        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim
+        ExecStart=/bin/touch /var/lib/%N.stamp
+
+        [Install]
+        WantedBy=multi-user.target
+    # Installing docker-compose as a layered package with rpm-ostree
+    - name: rpm-ostree-install-docker-compose.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Layer docker-compose with rpm-ostree
+        Wants=network-online.target
+        After=network-online.target
+        # We run before `zincati.service` to avoid conflicting rpm-ostree
+        # transactions.
+        Before=zincati.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        # `--allow-inactive` ensures that rpm-ostree does not return an error
+        # if the package is already installed. This is useful if the package is
+        # added to the root image in a future Fedora CoreOS release as it will
+        # prevent the service from failing.
+        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive docker-compose
+        ExecStart=/bin/touch /var/lib/%N.stamp
+
+        [Install]
+        WantedBy=multi-user.target

install.bu → butane/install.bu

@@ -5,5 +5,5 @@ storage:
     - path: /etc/coreos/installer.d/custom.yaml
       contents:
         inline: |
-          ignition-url: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/main/coreos.ign
+          ignition-url: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/coreos.ign
           dest-device: /dev/sda