implement examples

.gitignore

@@ -1,3 +1,4 @@
 *.bu
 *.ign
 !fcos.bu
+*/butane.blocklist

Makefile.common

@@ -1,4 +1,4 @@
-.PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun
+.PHONY: all install install-config install-examples uninstall pre-requisites clean dryrun
 .PHONY: tail-logs butane help fcos-vm clean-vm console units units-pre
 .PHONY: clean-pre clean-post install-pre install-post uninstall-pre uninstall-post
 .PHONY: install-files install-files-pre install-files-post install-actions
@@ -30,15 +30,22 @@ QUADLET_UNIT_NAMES := $(patsubst %.container, %.service, $(wildcard *.container)
 					 $(patsubst %.network, %-network.service, $(wildcard *.network)) \
 					 $(patsubst %.pod, %-pod.service, $(wildcard *.pod)) \
 					 $(patsubst %.build, %-build.service, $(wildcard *.build))
-CONFIG_FILES = $(wildcard config/*)
-TMPFILESD_FILES = $(wildcard tmpfiles.d/*)
-SYSCTLD_FILES = $(wildcard sysctl.d/*)
-TARGET_QUADLETS_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES))
-TARGET_SYSTEMD_FILES = $(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES))
+CONFIG_FILES = $(filter-out %/examples, $(wildcard config/*))
+TMPFILESD_FILES = $(filter-out %/examples, $(wildcard tmpfiles.d/*))
+SYSCTLD_FILES = $(filter-out %/examples, $(wildcard sysctl.d/*))
+EXAMPLES_CONFIG_FILES = $(wildcard config/examples/*)
+EXAMPLES_TMPFILESD_FILES = $(wildcard tmpfiles.d/examples/*)
+EXAMPLES_SYSCTLD_FILES = $(wildcard sysctl.d/examples/*)
 TARGET_CONFIG_FILES = $(patsubst config/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES))
-TARGET_FILES = $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES)
 TARGET_TMPFILESD_FILES = $(patsubst tmpfiles.d/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(TMPFILESD_FILES))
 TARGET_SYSCTLD_FILES = $(patsubst sysctl.d/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(SYSCTLD_FILES))
+TARGET_EXAMPLES_CONFIG_FILES = $(patsubst config/examples/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(EXAMPLES_CONFIG_FILES))
+TARGET_EXAMPLES_TMPFILESD_FILES = $(patsubst tmpfiles.d/examples/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(EXAMPLES_TMPFILESD_FILES))
+TARGET_EXAMPLES_SYSCTLD_FILES = $(patsubst sysctl.d/examples/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(EXAMPLES_SYSCTLD_FILES))
+TARGET_EXAMPLE_FILES = $(TARGET_EXAMPLES_CONFIG_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES)
+TARGET_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES)) \
+				$(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES)) \
+				$(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES)
 DEPENDENCIES ?= 
 I_KNOW_WHAT_I_AM_DOING ?= 
 DEPENDENCIES_IGNITION_FILES = $(shell for dep in $(DEPENDENCIES); do echo $(TOP_LEVEL_DIR)/$$dep/$$dep.ign; done)
@@ -79,7 +86,9 @@ $(TARGET_CHROOT)/etc/containers/systemd/%: % $(TARGET_CHROOT)/etc/containers/sys
 $(TARGET_CHROOT)/etc/systemd/system/%: % $(TARGET_CHROOT)/etc/systemd/system
 	install -m 0644 -o root -g root $< $@
 
-$(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)
+$(TARGET_CONFIG_FILES): $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)
+$(TARGET_EXAMPLES_CONFIG_FILES): $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/examples/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)
+$(filter-out %.env, $(TARGET_CONFIG_FILES) $(TARGET_EXAMPLES_CONFIG_FILES)):
 	@run() { echo $$*; "$$@"; }; \
 	if [ -x $< ]; then \
 		run install -D -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $< $@; \
@@ -87,24 +96,31 @@ $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/q
 		run install -D -m 0644 -o $(PROJECT_UID) -g $(PROJECT_GID) $< $@; \
 	fi
 
-$(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME):
-	install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@
+$(filter %.env, $(TARGET_CONFIG_FILES) $(TARGET_EXAMPLES_CONFIG_FILES)):
+	install -m 0600 -o root -g root -D $< $@
 
-$(TARGET_CHROOT)/etc/tmpfiles.d/%: tmpfiles.d/% $(TARGET_CHROOT)/etc/tmpfiles.d
+$(TARGET_TMPFILESD_FILES): $(TARGET_CHROOT)/etc/tmpfiles.d/%: tmpfiles.d/% $(TARGET_CHROOT)/etc/tmpfiles.d
+$(TARGET_EXAMPLES_TMPFILESD_FILES): $(TARGET_CHROOT)/etc/tmpfiles.d/%: tmpfiles.d/examples/% $(TARGET_CHROOT)/etc/tmpfiles.d
+$(TARGET_TMPFILESD_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES):
 	install -D -m 0644 -o root -g root $< $@
 
-$(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/% $(TARGET_CHROOT)/etc/sysctl.d
+$(TARGET_SYSCTLD_FILES): $(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/% $(TARGET_CHROOT)/etc/sysctl.d
+$(TARGET_EXAMPLES_SYSCTLD_FILES): $(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/examples/% $(TARGET_CHROOT)/etc/sysctl.d
+$(TARGET_SYSCTLD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES):
 	install -D -m 0644 -o root -g root $< $@
 
-install-etc: $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES)
-install-var: $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME)
+$(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME):
+	install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@
+
+install-config: $(TARGET_FILES) $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME)
+install-examples: $(TARGET_EXAMPLE_FILES) $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME)
 
 install-files-pre::
 	@run() { echo $$*; "$$@"; }; \
 	for dep in $(DEPENDENCIES); do \
 		run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep install-files; \
 	done
-install-files: install-files-pre install-etc install-var
+install-files: install-files-pre install-config install-examples
 	$(MAKE) install-files-post
 install-files-post::
 
@@ -148,7 +164,7 @@ uninstall: pre-requisites uninstall-pre
 	if [ -f /etc/tmpfiles.d/$(PROJECT_NAME).conf ]; then \
 		run systemd-tmpfiles --purge /etc/tmpfiles.d/$(PROJECT_NAME).conf; \
 	fi
-	rm -f $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES)
+	rm -f $(TARGET_FILES) $(TARGET_EXAMPLE_FILES)
 	systemctl daemon-reload
 	$(MAKE) uninstall-post
 
@@ -160,21 +176,41 @@ tail-logs: pre-requisites
 	done; \
 	run journalctl "$${journalctl_args[@]}"
 
-$(PROJECT_NAME).bu: install-files
+$(PROJECT_NAME).bu: install-config
+	@if [ -z "$(TARGET_CHROOT)" ]; then \
+		echo "TARGET_CHROOT is not set!"; exit 1; \
+	fi
+	$(TOP_LEVEL_DIR)/generate-butane-spec.sh $(TARGET_CHROOT) $(TOP_LEVEL_DIR)/butane.blocklist $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) > $(PROJECT_NAME).bu
+
+$(PROJECT_NAME)-examples.bu: install-examples
 	@if [ -z "$(TARGET_CHROOT)" ]; then \
 		echo "TARGET_CHROOT is not set!"; exit 1; \
 	fi
-	$(TOP_LEVEL_DIR)/generate-butane-spec.sh $(TARGET_CHROOT) $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) > $(PROJECT_NAME).bu
+	$(TOP_LEVEL_DIR)/generate-butane-spec.sh $(TARGET_CHROOT) butane.blocklist > $(PROJECT_NAME)-examples.bu
 
 $(PROJECT_NAME).ign: butane
 	butane --strict -o $(PROJECT_NAME).ign $(PROJECT_NAME).bu
+	butane --strict -o $(PROJECT_NAME)-examples.ign $(PROJECT_NAME)-examples.bu
 
 butane:
 	@run() { echo $$*; "$$@"; }; \
+	init_butane_blocklist() { \
+		(cat $(TOP_LEVEL_DIR)/butane.blocklist; echo; for file in $$(find "$$TARGET_CHROOT"); do echo "$${file#$$TARGET_CHROOT}"; done) | sort -u | grep -v -E '^$$' > butane.blocklist; \
+	}; \
 	if [ -z "$(TARGET_CHROOT)" ]; then \
-		run $(MAKE) TARGET_CHROOT=$$(mktemp -d /tmp/butane-XXXXXX) $(PROJECT_NAME).bu; \
+		TARGET_CHROOT=$$(mktemp -d /tmp/butane-XXXXXX); \
 	else \
-		run $(MAKE) $(PROJECT_NAME).bu; \
+		TARGET_CHROOT="$(TARGET_CHROOT)"; \
+	fi; \
+	for dep in $(DEPENDENCIES); do \
+		run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep TARGET_CHROOT="$$TARGET_CHROOT" butane ; \
+	done ; \
+	run init_butane_blocklist ; \
+	run $(MAKE) TARGET_CHROOT="$$TARGET_CHROOT" $(PROJECT_NAME).bu; \
+	run init_butane_blocklist ; \
+	run $(MAKE) TARGET_CHROOT="$$TARGET_CHROOT" $(PROJECT_NAME)-examples.bu; \
+	if [ -z "$(TARGET_CHROOT)" ]; then \
+		run rm -rf "$$TARGET_CHROOT"; \
 	fi
 
 $(TOP_LEVEL_DIR)/local.ign: $(TOP_LEVEL_DIR)/local.bu

butane.blocklist

@@ -0,0 +1,11 @@
+/var
+/var/lib
+/var/lib/quadlets
+/etc
+/etc/quadlets
+/etc/systemd
+/etc/systemd/system
+/etc/containers
+/etc/containers/systemd
+/etc/tmpfiles.d
+/etc/sysctl.d

generate-butane-spec.sh

@@ -17,7 +17,8 @@
 set -Eeuo pipefail
 
 TARGET_CHROOT="$1"
-SYSTEMD_MAIN_UNIT_NAMES="${@:2}"
+IGNORE_LIST_FILE="$2"
+SYSTEMD_MAIN_UNIT_NAMES="${@:3}"
 
 cat <<"EOF"
 variant: fcos
@@ -27,6 +28,11 @@ storage:
 EOF
 for file in $(find "$TARGET_CHROOT" \! -type d); do
     rel_path="${file#$TARGET_CHROOT}"
+    if grep -qxF "$rel_path" "$IGNORE_LIST_FILE"; then
+
+      # Skip files & directories that are already part of the CoreOS default installation
+      continue
+    fi
     cat <<EOF
   - path: "${rel_path}"
     mode: 0$(stat -c '%a' "$file")
@@ -44,9 +50,7 @@ cat <<"EOF"
 EOF
 for dir in $(find "$TARGET_CHROOT" -type d); do
     rel_path="${dir#$TARGET_CHROOT}"
-    if [[ "$rel_path" != "/var/lib/quadlets/"* ]] && [[ "$rel_path" != "/etc/quadlets/"* ]] \
-        && [[ "$rel_path" != "/etc/systemd/system/"* ]] && [[ "$rel_path" != "/etc/containers/systemd/"* ]] \
-        && [[ "$rel_path" != "/etc/tmpfiles.d/"* ]] && [[ "$rel_path" != "/etc/sysctl.d/"* ]]; then
+    if [ -z "$rel_path" ] || grep -qxF "$rel_path" "$IGNORE_LIST_FILE"; then
 
       # Skip files & directories that are already part of the CoreOS default installation
       continue

nextcloud-aio/Makefile

@@ -1,8 +0,0 @@
-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/Makefile.common
-
-# TODO fix permissions and ownerships
-$(TARGET_CHROOT)/var/lib/quadlets/nextcloud-aio/data:
-	install -m 0777 -o 0 -g 0 -d $@
-
-install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud-aio/data

nextcloud-aio/fcos.bu

@@ -1,7 +0,0 @@
-variant: fcos
-version: 1.4.0
-ignition:
-  config:
-    merge:
-    - local: nextcloud-aio.ign
-    - local: local.ign

nextcloud-aio/nextcloud-aio-mastercontainer.container

@@ -1,39 +0,0 @@
-[Unit]
-Description=Nextcloud All-in-One
-Documentation=https://github.com/nextcloud/all-in-one
-After=network.target podman.socket nextcloud_aio_mastercontainer-volume.service
-Requires=podman.socket nextcloud_aio_mastercontainer-volume.service
-
-# Only start if Nextcloud has been configured
-ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env
-
-[Container]
-ContainerName=nextcloud-aio-mastercontainer
-Image=ghcr.io/nextcloud-releases/all-in-one:latest
-PodmanArgs=--privileged --sig-proxy=false
-
-# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
-# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-PublishPort=80:80
-
-# This is the AIO interface, served via https and self-signed certificate.
-# See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
-PublishPort=8080:8080
-
-# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
-# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-PublishPort=8443:8443
-
-RunInit=true
-Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-Volume=/run/podman/podman.sock:/var/run/docker.sock:ro,z
-EnvironmentFile=/etc/quadlets/nextcloud-aio/config.env
-
-[Service]
-Restart=always
-RestartSec=10
-TimeoutStartSec=600
-TimeoutStopSec=30
-
-[Install]
-WantedBy=nextcloud-aio.target

nextcloud-aio/nextcloud-aio.target

@@ -1,13 +0,0 @@
-[Unit]
-Description=Nextcloud Service Target
-Documentation=man:systemd.target(5)
-Requires=nextcloud-aio-mastercontainer.service nextcloud_aio_mastercontainer-volume.service
-After=nextcloud-aio-mastercontainer.service nextcloud_aio_mastercontainer-volume.service
-
-# Allow isolation - can stop/start this target independently
-AllowIsolate=yes
-# Only start if Nextcloud All-in-One has been configured
-ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env
-
-[Install]
-WantedBy=multi-user.target

nextcloud-aio/nextcloud_aio_mastercontainer.volume

@@ -1,11 +0,0 @@
-[Unit]
-Description=Nextcloud All-in-One - Configuration volume
-Documentation=https://github.com/nextcloud/all-in-one
-
-# Only start if Nextcloud has been configured
-ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env
-
-[Volume]
-
-[Install]
-WantedBy=nextcloud-aio.target

nextcloud/Makefile

@@ -17,7 +17,7 @@ include $(TOP_LEVEL_DIR)/Makefile.common
 NEXTCLOUD_MAJOR_START ?= 25
 NEXTCLOUD_MAJOR_LAST ?= 31
 test-set-nextcloud-major:
-	sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/config.env
+	sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/examples/config.env
 
 $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis:
 	install -m 0700 -o $(PROJECT_UID) -g $(PROJECT_GID) -d $@
@@ -29,12 +29,11 @@ $(TARGET_CHROOT)/etc/quadlets/nextcloud/www.conf: config/www.conf
 	install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D $< $@
 
 $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json:
-	curl -sSfL -o $@ https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
+	curl -sSfL -o $@ https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/main/docker/cool-seccomp-profile.json
 
-install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config
-install-etc: $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json
+install-config: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json
 
-install-files: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/nextcloud.sql
+install-examples: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/nextcloud.sql
 $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/nextcloud.sql: other/nextcloud.sql
 	install -m 0644 -o 10004 -g 10000 $< $@
 

nextcloud/config/collabora.env → nextcloud/config/examples/collabora.env

@@ -1,3 +1,7 @@
+##
+## Collabora Configuration Environment Variables
+##
+
 # User name for the admin console
 username=admin
 # Password for the admin console

nextcloud/fcos.bu

@@ -5,5 +5,7 @@ ignition:
     merge:
     - local: virtiofs.ign
     - local: nextcloud.ign
+    - local: nextcloud-examples.ign
     - local: postgresql.ign
+    - local: postgresql-examples.ign
     - local: local.ign

nginx/fcos.bu

@@ -4,4 +4,5 @@ ignition:
   config:
     merge:
     - local: nginx.ign
+    - local: nginx-examples.ign
     - local: local.ign

postgresql/Makefile

@@ -13,17 +13,17 @@ PROJECT_GID = 10000
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 
-.PHONY: test test-set-pgmajor install-var
+.PHONY: test test-set-pgmajor install-config
 
 PG_MAJOR_START ?= 14
 PG_MAJOR_LAST ?= 18
 test-set-pgmajor:
-	sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env
+	sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/examples/config.env
 
 $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d:
 	install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D -d $@
 
-install-etc: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d
+install-config: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d
 
 # Integration tests for PostgreSQL quadlet: backup, restore + major version upgrade (14 to 18)
 test: uninstall clean test-set-pgmajor install

postgresql/fcos.bu

@@ -5,4 +5,5 @@ ignition:
     merge:
     - local: virtiofs.ign
     - local: postgresql.ign
+    - local: postgresql-examples.ign
     - local: local.ign