work in progress

Makefile

@@ -1,7 +1,7 @@
 SUBDIRS := $(wildcard */Makefile)
 SUBDIRS := $(dir $(SUBDIRS))
 
-.PHONY: all help butane clean dryrun fcos-vm $(SUBDIRS)
+.PHONY: all help butane clean dryrun fcos-vm clean-vm uninstall $(SUBDIRS)
 
 all: help
 help:
@@ -11,17 +11,14 @@ help:
 	@echo "  dryrun         - Perform a dry run of the podman systemd generator"
 	@echo "  fcos-vm        - Launch a Fedora CoreOS VM with the generated Butane spec"
 	@echo "  clean-vm       - Clean up the Fedora CoreOS VM and its resources"
+	@echo "  uninstall      - Uninstall the generated resources"
 
 dryrun: $(SUBDIRS)
 butane: $(SUBDIRS)
 clean: $(SUBDIRS)
 fcos-vm: $(SUBDIRS)
 clean-vm: $(SUBDIRS)
+uninstall: $(SUBDIRS)
 
 $(SUBDIRS):
-	@run() { echo $$*; "$$@"; }; \
-	if echo $(MAKECMDGOALS) | grep -Eq 'butane|fcos-vm'; then \
-		run $(MAKE) -C $@ $(MAKECMDGOALS); \
-	else \
-		run $(MAKE) -C $@ $(MAKECMDGOALS); \
-	fi
+	$(MAKE) -C $@ $(MAKECMDGOALS)

Makefile.common

@@ -19,8 +19,8 @@ help:
 TARGET_CHROOT ?= 
 PROJECT_NAME := $(shell basename "$${PWD}")
 QUADLETS_FILES = $(wildcard *.container *.volume *.network *.pod *.build)
-SYSTEMD_FILES = $(wildcard *.service *.target *.timer)
-SYSTEMD_UNIT_NAMES := $(wildcard *.service *.target *.timer)
+SYSTEMD_FILES = $(wildcard *.service *.target *.timer *.mount)
+SYSTEMD_UNIT_NAMES := $(wildcard *.service *.target *.timer *.mount)
 SYSTEMD_TIMER_NAMES := $(wildcard *.timer)
 SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target)
 QUADLET_UNIT_NAMES := $(patsubst %.container, %.service, $(wildcard *.container)) \
@@ -69,30 +69,12 @@ $(TARGET_CHROOT)/etc/tmpfiles.d:
 $(TARGET_CHROOT)/etc/sysctl.d:
 	install -D -d -m 0755 -o root -g root $@
 
-$(TARGET_CHROOT)/etc/containers/systemd/%.container: %.container $(TARGET_CHROOT)/etc/containers/systemd
+$(TARGET_CHROOT)/etc/containers/systemd/%: % $(TARGET_CHROOT)/etc/containers/systemd
 	install -m 0644 -o root -g root $< $@
 
-$(TARGET_CHROOT)/etc/containers/systemd/%.volume: %.volume $(TARGET_CHROOT)/etc/containers/systemd
+$(TARGET_CHROOT)/etc/systemd/system/%: % $(TARGET_CHROOT)/etc/systemd/system
 	install -m 0644 -o root -g root $< $@
 
-$(TARGET_CHROOT)/etc/containers/systemd/%.network: %.network $(TARGET_CHROOT)/etc/containers/systemd
-	install -m 0644 -o root -g root $< $@
-
-$(TARGET_CHROOT)/etc/containers/systemd/%.pod: %.pod $(TARGET_CHROOT)/etc/containers/systemd
-	install -m 0644 -o root -g root $< $@
-
-$(TARGET_CHROOT)/etc/containers/systemd/%.build: %.build $(TARGET_CHROOT)/etc/containers/systemd
-	install -m 0644 -o root -g root $< $@
-
-$(TARGET_CHROOT)/etc/systemd/system/%.service: %.service $(TARGET_CHROOT)/etc/systemd/system
-	install -D -m 0644 -o root -g root $< $@
-
-$(TARGET_CHROOT)/etc/systemd/system/%.target: %.target $(TARGET_CHROOT)/etc/systemd/system
-	install -D -m 0644 -o root -g root $< $@
-
-$(TARGET_CHROOT)/etc/systemd/system/%.timer: %.timer $(TARGET_CHROOT)/etc/systemd/system
-	install -D -m 0644 -o root -g root $< $@
-
 $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)
 	@run() { echo $$*; "$$@"; }; \
 	if [ -x $< ]; then \
@@ -202,27 +184,33 @@ fcos.ign: fcos.bu $(TOP_LEVEL_DIR)/local.ign $(PROJECT_NAME).ign $(DEPENDENCIES_
 	qcow2=$$(ls -1ctr /var/lib/libvirt/images/library/fedora-coreos-*.qcow2 | tail -n 1) ; \
 	run mv "$$qcow2" $@
 
-/var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign: fcos.ign
+/var/lib/libvirt/images/fcos-$(PROJECT_NAME)/fcos.ign: fcos.ign
 	install -D -o root -g root -m 0644 $< $@
 
-/var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2: /var/lib/libvirt/images/library/fedora-coreos.qcow2
+/var/lib/libvirt/images/fcos-$(PROJECT_NAME)/root.qcow2: /var/lib/libvirt/images/library/fedora-coreos.qcow2
 	install -D -o root -g root -m 0644 $< $@
 
-fcos-vm: pre-requisites clean-vm /var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign /var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2
-	virt-install --name=$(PROJECT_NAME) --import --noautoconsole \
+/srv/fcos-$(PROJECT_NAME):
+	install -d -o root -g root -m 0755 $@
+
+fcos-vm: pre-requisites clean-vm /var/lib/libvirt/images/fcos-$(PROJECT_NAME)/fcos.ign /var/lib/libvirt/images/fcos-$(PROJECT_NAME)/root.qcow2 /srv/fcos-$(PROJECT_NAME)
+	virt-install --name=fcos-$(PROJECT_NAME) --import --noautoconsole \
 		--ram=4096 --vcpus=2 --os-variant=fedora-coreos-stable \
-		--disk path=/var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2,format=qcow2,size=50 \
-		--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign" \
+		--disk path=/var/lib/libvirt/images/fcos-$(PROJECT_NAME)/root.qcow2,format=qcow2,size=50 \
+		--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/fcos-$(PROJECT_NAME)/fcos.ign" \
 		--network network=default,model=virtio \
-		--console=pty,target.type=virtio --serial=pty --graphics=none --boot=uefi
+		--console=pty,target.type=virtio --serial=pty --graphics=none --boot=uefi \
+		--memorybacking=access.mode=shared,source.type=memfd \
+		--filesystem=type=mount,accessmode=passthrough,driver.type=virtiofs,driver.queue=1024,source.dir=/srv/fcos-$(PROJECT_NAME),target.dir=data
 
 clean-vm: pre-requisites
-	virsh destroy $(PROJECT_NAME) || true
-	virsh undefine $(PROJECT_NAME) --nvram || true
-	rm -rf /var/lib/libvirt/images/$(PROJECT_NAME)
+	virsh destroy fcos-$(PROJECT_NAME) || true
+	virsh undefine fcos-$(PROJECT_NAME) --nvram || true
+	rm -rf /var/lib/libvirt/images/fcos-$(PROJECT_NAME)
+	rm -rf /srv/fcos-$(PROJECT_NAME)
 
 console: pre-requisites
-	@while sleep 2; do virsh console $(PROJECT_NAME); echo -e "Disconnected. Reconnecting in 2 seconds...\nPress Ctrl-C to abort.\n"; done
+	@while sleep 2; do virsh console fcos-$(PROJECT_NAME); echo -e "Disconnected. Reconnecting in 2 seconds...\nPress Ctrl-C to abort.\n"; done
 
 clean-pre::
 	@run() { echo $$*; "$$@"; }; \

nextcloud/Makefile

@@ -1,3 +1,4 @@
+# Also depends on virtiofs for data storage but is a transitive dependency via postgresql
 DEPENDENCIES = postgresql
 
 TOP_LEVEL_DIR := ..

nextcloud/nextcloud-app.container

@@ -28,6 +28,7 @@ EnvironmentFile=/etc/quadlets/nextcloud/config.env
 
 # Volume mounts
 Volume=/var/lib/quadlets/nextcloud/data:/var/www/html:z
+Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html/data:z
 Volume=/etc/quadlets/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:Z
 Volume=/run/quadlets/nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini:Z
 Volume=/etc/quadlets/nextcloud/custom-noinit.sh:/docker-entrypoint-hooks.d/pre-installation/custom.sh:z,ro

nginx/nginx-update.container

@@ -40,4 +40,4 @@ EnvironmentFile=/etc/quadlets/nginx/config.env
 Type=oneshot
 
 [Install]
-WantedBy=nginx.target
+WantedBy=nginx.target nginx-update.timer

nginx/nginx-update.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Update Nginx root directory from a Git repository - Timer
+Documentation=https://hub.docker.com/r/alpine/git
+PartOf=nginx.target
+
+[Timer]
+OnActiveSec=15min
+RandomizedDelaySec=15s
+
+[Install]
+WantedBy=nginx.target

postgresql/Makefile

@@ -1,3 +1,5 @@
+DEPENDENCIES = virtiofs
+
 TOP_LEVEL_DIR := ..
 include $(TOP_LEVEL_DIR)/Makefile.common
 
@@ -8,10 +10,10 @@ PG_MAJOR_LAST ?= 18
 test-set-pgmajor:
 	sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env
 
-$(TARGET_CHROOT)/var/lib/quadlets/postgresql/backup $(TARGET_CHROOT)/var/lib/quadlets/postgresql:
+$(TARGET_CHROOT)/var/lib/quadlets/postgresql:
 	install -m 0700 -o 70 -g 70 -d $@
 
-install-var: $(TARGET_CHROOT)/var/lib/quadlets/postgresql/backup
+install-var: $(TARGET_CHROOT)/var/lib/quadlets/postgresql
 
 test: uninstall clean test-set-pgmajor install
 	@echo "Running PostgreSQL integration tests..."; \

postgresql/postgresql-backup.container

@@ -25,6 +25,7 @@ User=postgres
 
 # Volume mounts
 Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z
+Volume=/var/lib/virtiofs/data/postgresql/backup:/var/lib/postgresql/backup:z
 Volume=/etc/quadlets/postgresql/backup.sh:/usr/local/bin/backup.sh:z,ro
 
 # Share /run/postgresql/ between containers in the pod for the Unix socket

postgresql/tmpfiles.d/postgresql.conf

@@ -1 +1,3 @@
 d$ /run/quadlets/postgresql 0700 70 70 -
+d$ /var/lib/virtiofs/data/postgresql 0700 70 70 -
+d$ /var/lib/virtiofs/data/postgresql/backup 0700 70 70 -

virtiofs/Makefile

@@ -0,0 +1,3 @@
+TOP_LEVEL_DIR := ..
+include $(TOP_LEVEL_DIR)/Makefile.common
+SYSTEMD_MAIN_UNIT_NAMES := var-lib-virtiofs-data.mount

virtiofs/backup-virtiofs.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Backup the "data" virtio filesystems
+Before=var-lib-virtiofs-data.mount
+RequiresMountsFor=/var
+ConditionPathIsMountPoint=!/var/lib/virtiofs/data
+
+# Unless DefaultDependencies= is set to false, service units will implicitly
+# have dependencies of type Requires= and After= on basic.target as well as
+# dependencies of type Conflicts= and Before= on shutdown.target.
+#
+# So, we need to set DefaultDependencies to "no" to break the ordering cycle.
+DefaultDependencies=no
+
+# Only run on Fedora CoreOS
+ConditionOSRelease=ID=fedora
+ConditionOSRelease=VARIANT_ID=coreos
+
+[Service]
+Type=oneshot
+UMask=077
+ExecStart=/bin/bash -Eeuo pipefail -c 'if grep -q "data /var/lib/virtiofs/data" /proc/mounts; then echo "ERROR: /var/lib/virtiofs/data is mounted!"; exit 1; else tar -cf /var/lib/private/virtiofs.tar -C /var/lib/virtiofs/data .; fi'
+RemainAfterExit=yes

virtiofs/restore-virtiofs.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Restore the "data" virtio filesystems
+After=var-lib-virtiofs-data.mount
+Requires=var-lib-virtiofs-data.mount
+RequiresMountsFor=/var
+ConditionPathIsMountPoint=/var/lib/virtiofs/data
+ConditionPathExists=/var/lib/private/virtiofs.tar
+
+# Only run on Fedora CoreOS
+ConditionOSRelease=ID=fedora
+ConditionOSRelease=VARIANT_ID=coreos
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash -Eeuo pipefail -c 'if ! grep -q "data /var/lib/virtiofs/data" /proc/mounts; then echo "ERROR: /var/lib/virtiofs/data is NOT mounted!"; exit 1; else tar -xf /var/lib/private/virtiofs.tar -C /var/lib/virtiofs/data; rm -f /var/lib/private/virtiofs.tar; fi'
+RemainAfterExit=yes

virtiofs/tmpfiles.d/virtiofs.conf

@@ -0,0 +1,2 @@
+d /var/lib/virtiofs 0755 0 0 -
+d /var/lib/virtiofs/data 0755 0 0 -

virtiofs/var-lib-virtiofs-data.mount

@@ -0,0 +1,19 @@
+[Unit]
+Description=Mount the "data" virtio filesystem
+After=backup-virtiofs.service
+Requires=backup-virtiofs.service
+Before=restore-virtiofs.service
+Wants=restore-virtiofs.service
+
+# Only run on Fedora CoreOS
+ConditionOSRelease=ID=fedora
+ConditionOSRelease=VARIANT_ID=coreos
+
+[Mount]
+What=data
+Where=/var/lib/virtiofs/data
+Type=virtiofs
+Options=context=system_u:object_r:container_file_t:s0
+
+[Install]
+WantedBy=local-fs.target