checkout missing file

reorganization
add quadlet for unifi network application
223 changed files with 1770 additions and 87 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,5 @@
 *.ign
 !fcos.bu
 !overlay.bu
-*/butane.blocklist
+__pycache__/
+.pytest_cache/
--- a/README.md
+++ b/README.md
@ -14,22 +14,22 @@ This repository gathers all the recipes (hence the name "Cookbook") to deploy Op

 ## Available Cookbooks

- [base](base/): base configuration for Fedora CoreOS with fastfetch, tmpfiles setup, and QEMU guest agent.
- [gitea](gitea/): self-hosted Git service, a lightweight GitHub/GitLab alternative.
- [keycloak](keycloak/): open source identity and access management server with PostgreSQL backend.
- [lego](lego/): Let's Encrypt/ACME client for automatic SSL/TLS certificate management and renewal.
- [miniflux](miniflux/): minimalist RSS/Atom feed reader with PostgreSQL backend.
- [nextcloud](nextcloud/): self-hosted file sync and share platform with all its dependencies, handles automated upgrades.
- [nginx](nginx/): Nginx web server with content initialized and updated from a GIT repository.
- [postgresql](postgresql/): PostgreSQL database server with automated major upgrades, periodic backup and restore capabilities.
- [qemu-user-static](qemu-user-static/): multi-architecture container support using QEMU user-mode emulation.
- [restic-server](restic-server/): REST server backend for restic backups with append-only mode and Prometheus metrics.
- [samba](samba/): SMB/CIFS file sharing server for network storage access.
- [seedbox](seedbox/): complete media server stack with Radarr, Sonarr, Lidarr, Prowlarr, qBittorrent, Jellyfin, and FlareSolverr.
- [traefik](traefik/): modern HTTP reverse proxy and load balancer with automatic service discovery.
- [vaultwarden](vaultwarden/): Bitwarden-compatible password manager server with PostgreSQL backend.
- [vmagent](vmagent/): Victoria Metrics agent for collecting and forwarding metrics.
- [vsftpd](vsftpd/): secure FTP server with TLS support and Let's Encrypt certificate integration.
+- [base](cookbooks/base/): base configuration for Fedora CoreOS with fastfetch, tmpfiles setup, and QEMU guest agent.
+- [gitea](cookbooks/gitea/): self-hosted Git service, a lightweight GitHub/GitLab alternative.
+- [keycloak](cookbooks/keycloak/): open source identity and access management server with PostgreSQL backend.
+- [lego](cookbooks/lego/): Let's Encrypt/ACME client for automatic SSL/TLS certificate management and renewal.
+- [miniflux](cookbooks/miniflux/): minimalist RSS/Atom feed reader with PostgreSQL backend.
+- [nextcloud](cookbooks/nextcloud/): self-hosted file sync and share platform with all its dependencies, handles automated upgrades.
+- [nginx](cookbooks/nginx/): Nginx web server with content initialized and updated from a GIT repository.
+- [postgresql](cookbooks/postgresql/): PostgreSQL database server with automated major upgrades, periodic backup and restore capabilities.
+- [qemu-user-static](cookbooks/qemu-user-static/): multi-architecture container support using QEMU user-mode emulation.
+- [restic-server](cookbooks/restic-server/): REST server backend for restic backups with append-only mode and Prometheus metrics.
+- [samba](cookbooks/samba/): SMB/CIFS file sharing server for network storage access.
+- [seedbox](cookbooks/seedbox/): complete media server stack with Radarr, Sonarr, Lidarr, Prowlarr, qBittorrent, Jellyfin, and FlareSolverr.
+- [traefik](cookbooks/traefik/): modern HTTP reverse proxy and load balancer with automatic service discovery.
+- [vaultwarden](cookbooks/vaultwarden/): Bitwarden-compatible password manager server with PostgreSQL backend.
+- [vmagent](cookbooks/vmagent/): Victoria Metrics agent for collecting and forwarding metrics.
+- [vsftpd](cookbooks/vsftpd/): secure FTP server with TLS support and Let's Encrypt certificate integration.

 ## Cookbook layout

@ -53,6 +53,13 @@ This repository gathers all the recipes (hence the name "Cookbook") to deploy Op
 - Fedora / CentOS Stream / RHEL or derivative operating system.
 - Systemd

+## End-to-end testing
+
+```
+pip install -e .
+pytest cookbooks/postgresql/tests/
+```
+
 ## Development

 To develop Podman Quadlets, it is advised to create a Fedora Virtual Machine dedicated to this task.
@ -60,7 +67,7 @@ To develop Podman Quadlets, it is advised to create a Fedora Virtual Machine ded
 You can create a Fedora Virtual Machine with the following command:

 ```sh
-sudo ./create-dev-vm.sh
+sudo ./scripts/create-dev-vm.sh
 ```

 Then, retrieve the IP address of your VM with the following command:
--- a/conftest.py
+++ b/conftest.py
@ -0,0 +1,23 @@
+import subprocess
+from pathlib import Path
+
+import pytest
+
+
+@pytest.fixture(scope="session")
+def test_ssh_key(tmp_path_factory: pytest.TempPathFactory) -> Path:
+    """Generate a temporary SSH key pair (no passphrase) for VM access."""
+    key_dir = tmp_path_factory.mktemp("ssh-key")
+    key_path = key_dir / "id_ed25519"
+    subprocess.run(
+        ["ssh-keygen", "-t", "ed25519", "-N", "", "-f", str(key_path)],
+        check=True,
+        capture_output=True,
+    )
+    return key_path
+
+
+@pytest.fixture(scope="session")
+def test_ssh_pubkey(test_ssh_key: Path) -> str:
+    """Public key string corresponding to test_ssh_key."""
+    return test_ssh_key.with_suffix(".pub").read_text().strip()
--- a/cookbooks/Makefile
+++ b/cookbooks/Makefile
--- a/cookbooks/base/Makefile
+++ b/cookbooks/base/Makefile
@ -1,5 +1,6 @@
-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
+# Include common Makefile
+include ../../scripts/common.mk
+
 SYSTEMD_MAIN_UNIT_NAMES += var-lib-virtiofs-data.mount
 SYSTEMD_MAIN_UNIT_NAMES += rpm-ostree-install-qemu-guest-agent.service
 SYSTEMD_MAIN_UNIT_NAMES += install-fastfetch.service
--- a/cookbooks/base/README.md
+++ b/cookbooks/base/README.md
--- a/cookbooks/base/config/examples/fastfetch.env
+++ b/cookbooks/base/config/examples/fastfetch.env
--- a/cookbooks/base/config/fastfetch.jsonc
+++ b/cookbooks/base/config/fastfetch.jsonc
--- a/cookbooks/base/config/install-fastfetch.sh
+++ b/cookbooks/base/config/install-fastfetch.sh
--- a/cookbooks/base/install-fastfetch.service
+++ b/cookbooks/base/install-fastfetch.service
--- a/cookbooks/base/overlay.bu
+++ b/cookbooks/base/overlay.bu
--- a/cookbooks/base/profile.d/fastfetch.sh
+++ b/cookbooks/base/profile.d/fastfetch.sh
--- a/cookbooks/base/rpm-ostree-install-qemu-guest-agent.service
+++ b/cookbooks/base/rpm-ostree-install-qemu-guest-agent.service
--- a/cookbooks/base/tmpfiles.d/base.conf
+++ b/cookbooks/base/tmpfiles.d/base.conf
--- a/cookbooks/base/var-lib-virtiofs-data.mount
+++ b/cookbooks/base/var-lib-virtiofs-data.mount
--- a/cookbooks/gitea/Makefile
+++ b/cookbooks/gitea/Makefile
@ -8,5 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10009
 PROJECT_GID = 10000

-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
+# Include common Makefile
+include ../../scripts/common.mk
--- a/cookbooks/gitea/README.md
+++ b/cookbooks/gitea/README.md
--- a/cookbooks/gitea/config/examples/app.ini
+++ b/cookbooks/gitea/config/examples/app.ini
--- a/cookbooks/gitea/config/examples/config.env
+++ b/cookbooks/gitea/config/examples/config.env
--- a/cookbooks/gitea/gitea.container
+++ b/cookbooks/gitea/gitea.container
--- a/cookbooks/gitea/gitea.target
+++ b/cookbooks/gitea/gitea.target
--- a/cookbooks/gitea/other/postgresql/gitea.sql
+++ b/cookbooks/gitea/other/postgresql/gitea.sql
--- a/cookbooks/gitea/other/traefik/gitea.yaml
+++ b/cookbooks/gitea/other/traefik/gitea.yaml
--- a/cookbooks/gitea/overlay.bu
+++ b/cookbooks/gitea/overlay.bu
--- a/cookbooks/gitea/tmpfiles.d/gitea.conf
+++ b/cookbooks/gitea/tmpfiles.d/gitea.conf
--- a/cookbooks/keycloak/Makefile
+++ b/cookbooks/keycloak/Makefile
@ -8,6 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10007
 PROJECT_GID = 10000

-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
-
+# Include common Makefile
+include ../../scripts/common.mk
--- a/cookbooks/keycloak/README.md
+++ b/cookbooks/keycloak/README.md
--- a/cookbooks/keycloak/config/container/Containerfile
+++ b/cookbooks/keycloak/config/container/Containerfile
--- a/cookbooks/keycloak/config/examples/config.env
+++ b/cookbooks/keycloak/config/examples/config.env
--- a/cookbooks/keycloak/keycloak-build.timer
+++ b/cookbooks/keycloak/keycloak-build.timer
--- a/cookbooks/keycloak/keycloak.build
+++ b/cookbooks/keycloak/keycloak.build
--- a/cookbooks/keycloak/keycloak.container
+++ b/cookbooks/keycloak/keycloak.container
--- a/cookbooks/keycloak/keycloak.target
+++ b/cookbooks/keycloak/keycloak.target
--- a/cookbooks/keycloak/other/postgresql/keycloak.sql
+++ b/cookbooks/keycloak/other/postgresql/keycloak.sql
--- a/cookbooks/keycloak/other/traefik/keycloak.yaml
+++ b/cookbooks/keycloak/other/traefik/keycloak.yaml
--- a/cookbooks/keycloak/overlay.bu
+++ b/cookbooks/keycloak/overlay.bu
--- a/cookbooks/lego/Makefile
+++ b/cookbooks/lego/Makefile
@ -7,7 +7,5 @@ PROJECT_UID = 10023
 PROJECT_GID = 10000

 # Include common Makefile
-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
-
+include ../../scripts/common.mk

--- a/cookbooks/lego/README.md
+++ b/cookbooks/lego/README.md
--- a/cookbooks/lego/config/examples/config.env
+++ b/cookbooks/lego/config/examples/config.env
--- a/cookbooks/lego/config/hooks/flag-as-renewed.sh
+++ b/cookbooks/lego/config/hooks/flag-as-renewed.sh
--- a/cookbooks/lego/lego-renew.container
+++ b/cookbooks/lego/lego-renew.container
--- a/cookbooks/lego/lego-renew.timer
+++ b/cookbooks/lego/lego-renew.timer
--- a/cookbooks/lego/lego-run.container
+++ b/cookbooks/lego/lego-run.container
--- a/cookbooks/lego/lego.target
+++ b/cookbooks/lego/lego.target
--- a/cookbooks/lego/overlay.bu
+++ b/cookbooks/lego/overlay.bu
--- a/cookbooks/miniflux/Makefile
+++ b/cookbooks/miniflux/Makefile
@ -8,6 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10010
 PROJECT_GID = 10000

-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
-
+# Include common Makefile
+include ../../scripts/common.mk
--- a/cookbooks/miniflux/README.md
+++ b/cookbooks/miniflux/README.md
--- a/cookbooks/miniflux/config/examples/miniflux.conf
+++ b/cookbooks/miniflux/config/examples/miniflux.conf
--- a/cookbooks/miniflux/miniflux.container
+++ b/cookbooks/miniflux/miniflux.container
--- a/cookbooks/miniflux/miniflux.target
+++ b/cookbooks/miniflux/miniflux.target
--- a/cookbooks/miniflux/other/postgresql/miniflux.sql
+++ b/cookbooks/miniflux/other/postgresql/miniflux.sql
--- a/cookbooks/miniflux/other/traefik/miniflux.yaml
+++ b/cookbooks/miniflux/other/traefik/miniflux.yaml
--- a/cookbooks/miniflux/overlay.bu
+++ b/cookbooks/miniflux/overlay.bu
--- a/cookbooks/nextcloud/Makefile
+++ b/cookbooks/nextcloud/Makefile
@ -8,8 +8,8 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10008
 PROJECT_GID = 10000

-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
+# Include common Makefile
+include ../../scripts/common.mk

 # Additional Nextcloud directories and files
 TARGET_FILES += $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json
--- a/cookbooks/nextcloud/README.md
+++ b/cookbooks/nextcloud/README.md
--- a/cookbooks/nextcloud/config/custom-noinit.sh
+++ b/cookbooks/nextcloud/config/custom-noinit.sh
--- a/cookbooks/nextcloud/config/custom-post.sh
+++ b/cookbooks/nextcloud/config/custom-post.sh
--- a/cookbooks/nextcloud/config/custom-pre.sh
+++ b/cookbooks/nextcloud/config/custom-pre.sh
--- a/cookbooks/nextcloud/config/examples/collabora.env
+++ b/cookbooks/nextcloud/config/examples/collabora.env
--- a/cookbooks/nextcloud/config/examples/config.env
+++ b/cookbooks/nextcloud/config/examples/config.env
--- a/cookbooks/nextcloud/config/nginx.conf
+++ b/cookbooks/nextcloud/config/nginx.conf
--- a/cookbooks/nextcloud/config/redis.conf
+++ b/cookbooks/nextcloud/config/redis.conf
--- a/cookbooks/nextcloud/config/www.conf
+++ b/cookbooks/nextcloud/config/www.conf
--- a/cookbooks/nextcloud/nextcloud-app.container
+++ b/cookbooks/nextcloud/nextcloud-app.container
--- a/cookbooks/nextcloud/nextcloud-collabora.container
+++ b/cookbooks/nextcloud/nextcloud-collabora.container
--- a/cookbooks/nextcloud/nextcloud-cron.container
+++ b/cookbooks/nextcloud/nextcloud-cron.container
--- a/cookbooks/nextcloud/nextcloud-cron.timer
+++ b/cookbooks/nextcloud/nextcloud-cron.timer
--- a/cookbooks/nextcloud/nextcloud-init.container
+++ b/cookbooks/nextcloud/nextcloud-init.container
--- a/cookbooks/nextcloud/nextcloud-nginx.container
+++ b/cookbooks/nextcloud/nextcloud-nginx.container
--- a/cookbooks/nextcloud/nextcloud-redis.container
+++ b/cookbooks/nextcloud/nextcloud-redis.container
--- a/cookbooks/nextcloud/nextcloud-upgrade.container
+++ b/cookbooks/nextcloud/nextcloud-upgrade.container
--- a/cookbooks/nextcloud/nextcloud.target
+++ b/cookbooks/nextcloud/nextcloud.target
--- a/cookbooks/nextcloud/other/postgresql/nextcloud.sql
+++ b/cookbooks/nextcloud/other/postgresql/nextcloud.sql
--- a/cookbooks/nextcloud/other/traefik/collabora.yaml
+++ b/cookbooks/nextcloud/other/traefik/collabora.yaml
--- a/cookbooks/nextcloud/other/traefik/nextcloud.yaml
+++ b/cookbooks/nextcloud/other/traefik/nextcloud.yaml
--- a/cookbooks/nextcloud/overlay.bu
+++ b/cookbooks/nextcloud/overlay.bu
--- a/cookbooks/nextcloud/sysctl.d/examples/nextcloud.conf
+++ b/cookbooks/nextcloud/sysctl.d/examples/nextcloud.conf
--- a/cookbooks/nextcloud/tests/witness.txt
+++ b/cookbooks/nextcloud/tests/witness.txt
--- a/cookbooks/nextcloud/tmpfiles.d/nextcloud.conf
+++ b/cookbooks/nextcloud/tmpfiles.d/nextcloud.conf
--- a/cookbooks/nginx/Makefile
+++ b/cookbooks/nginx/Makefile
@ -1,5 +1,5 @@
-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
+# Include common Makefile
+include ../../scripts/common.mk

 .PHONY: test

--- a/cookbooks/nginx/README.md
+++ b/cookbooks/nginx/README.md
--- a/cookbooks/nginx/config/examples/config.env
+++ b/cookbooks/nginx/config/examples/config.env
--- a/cookbooks/nginx/nginx-init.container
+++ b/cookbooks/nginx/nginx-init.container
--- a/cookbooks/nginx/nginx-server.container
+++ b/cookbooks/nginx/nginx-server.container
--- a/cookbooks/nginx/nginx-update.container
+++ b/cookbooks/nginx/nginx-update.container
--- a/cookbooks/nginx/nginx-update.timer
+++ b/cookbooks/nginx/nginx-update.timer
--- a/cookbooks/nginx/nginx.target
+++ b/cookbooks/nginx/nginx.target
--- a/cookbooks/nginx/website/index.html
+++ b/cookbooks/nginx/website/index.html
--- a/cookbooks/postgresql/Makefile
+++ b/cookbooks/postgresql/Makefile
@ -11,8 +11,7 @@ $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d:
 	install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D -d $@

 # Include common Makefile
-TOP_LEVEL_DIR := ..
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk

 .PHONY: test test-set-pgmajor install-config

--- a/cookbooks/postgresql/README.md
+++ b/cookbooks/postgresql/README.md
--- a/cookbooks/postgresql/config/backup.sh
+++ b/cookbooks/postgresql/config/backup.sh
--- a/cookbooks/postgresql/config/examples/config.env
+++ b/cookbooks/postgresql/config/examples/config.env
--- a/cookbooks/postgresql/config/init.sh
+++ b/cookbooks/postgresql/config/init.sh
--- a/cookbooks/postgresql/config/upgrade.sh
+++ b/cookbooks/postgresql/config/upgrade.sh
--- a/cookbooks/postgresql/hooks.mk
+++ b/cookbooks/postgresql/hooks.mk
--- a/cookbooks/postgresql/overlay.bu
+++ b/cookbooks/postgresql/overlay.bu
--- a/cookbooks/postgresql/postgresql-backup.container
+++ b/cookbooks/postgresql/postgresql-backup.container
@ -9,7 +9,7 @@ PartOf=postgresql.target

 [Container]
 ContainerName=postgresql-backup-job
-Image=docker.io/library/postgres:${PG_MAJOR}-alpine
+Image=postgresql.image

 # Network configuration
 Network=host
--- a/cookbooks/postgresql/postgresql-backup.timer
+++ b/cookbooks/postgresql/postgresql-backup.timer
--- a/cookbooks/postgresql/postgresql-init.container
+++ b/cookbooks/postgresql/postgresql-init.container
@ -15,7 +15,7 @@ PartOf=postgresql.target

 [Container]
 ContainerName=postgresql-init-job
-Image=docker.io/library/postgres:${PG_MAJOR}-alpine
+Image=postgresql.image

 # Network configuration
 Network=host
--- a/cookbooks/postgresql/postgresql-pgautoupgrade.image
+++ b/cookbooks/postgresql/postgresql-pgautoupgrade.image
@ -0,0 +1,13 @@
+[Unit]
+Description=podman pull docker.io/pgautoupgrade/pgautoupgrade
+Documentation=https://hub.docker.com/_/postgres/
+
+# Only start if PostgreSQL has been configured
+ConditionPathExists=/etc/quadlets/postgresql/config.env
+
+[Image]
+Image=docker.io/pgautoupgrade/pgautoupgrade:${PG_MAJOR}-alpine
+
+[Service]
+# These environment variables are sourced to be used by systemd in the Exec* commands
+EnvironmentFile=/etc/quadlets/postgresql/config.env
Author	SHA1	Message	Date
Nicolas Massé	3d8c6973a0	checkout missing file	1 month ago
Nicolas Massé	ae524d8850	reorganization	1 month ago
Nicolas Massé	aecb98b83d	add quadlet for unifi network application	1 month ago
Nicolas Massé	9bdd00b193	add tests for postgresql	1 month ago