checkout missing file

.gitignore

@@ -2,4 +2,5 @@
 *.ign
 !fcos.bu
 !overlay.bu
-*/butane.blocklist
+__pycache__/
+.pytest_cache/

README.md

@@ -14,22 +14,22 @@ This repository gathers all the recipes (hence the name "Cookbook") to deploy Op
 
 ## Available Cookbooks
 
-- [base](base/): base configuration for Fedora CoreOS with fastfetch, tmpfiles setup, and QEMU guest agent.
+- [base](cookbooks/base/): base configuration for Fedora CoreOS with fastfetch, tmpfiles setup, and QEMU guest agent.
-- [gitea](gitea/): self-hosted Git service, a lightweight GitHub/GitLab alternative.
+- [gitea](cookbooks/gitea/): self-hosted Git service, a lightweight GitHub/GitLab alternative.
-- [keycloak](keycloak/): open source identity and access management server with PostgreSQL backend.
+- [keycloak](cookbooks/keycloak/): open source identity and access management server with PostgreSQL backend.
-- [lego](lego/): Let's Encrypt/ACME client for automatic SSL/TLS certificate management and renewal.
+- [lego](cookbooks/lego/): Let's Encrypt/ACME client for automatic SSL/TLS certificate management and renewal.
-- [miniflux](miniflux/): minimalist RSS/Atom feed reader with PostgreSQL backend.
+- [miniflux](cookbooks/miniflux/): minimalist RSS/Atom feed reader with PostgreSQL backend.
-- [nextcloud](nextcloud/): self-hosted file sync and share platform with all its dependencies, handles automated upgrades.
+- [nextcloud](cookbooks/nextcloud/): self-hosted file sync and share platform with all its dependencies, handles automated upgrades.
-- [nginx](nginx/): Nginx web server with content initialized and updated from a GIT repository.
+- [nginx](cookbooks/nginx/): Nginx web server with content initialized and updated from a GIT repository.
-- [postgresql](postgresql/): PostgreSQL database server with automated major upgrades, periodic backup and restore capabilities.
+- [postgresql](cookbooks/postgresql/): PostgreSQL database server with automated major upgrades, periodic backup and restore capabilities.
-- [qemu-user-static](qemu-user-static/): multi-architecture container support using QEMU user-mode emulation.
+- [qemu-user-static](cookbooks/qemu-user-static/): multi-architecture container support using QEMU user-mode emulation.
-- [restic-server](restic-server/): REST server backend for restic backups with append-only mode and Prometheus metrics.
+- [restic-server](cookbooks/restic-server/): REST server backend for restic backups with append-only mode and Prometheus metrics.
-- [samba](samba/): SMB/CIFS file sharing server for network storage access.
+- [samba](cookbooks/samba/): SMB/CIFS file sharing server for network storage access.
-- [seedbox](seedbox/): complete media server stack with Radarr, Sonarr, Lidarr, Prowlarr, qBittorrent, Jellyfin, and FlareSolverr.
+- [seedbox](cookbooks/seedbox/): complete media server stack with Radarr, Sonarr, Lidarr, Prowlarr, qBittorrent, Jellyfin, and FlareSolverr.
-- [traefik](traefik/): modern HTTP reverse proxy and load balancer with automatic service discovery.
+- [traefik](cookbooks/traefik/): modern HTTP reverse proxy and load balancer with automatic service discovery.
-- [vaultwarden](vaultwarden/): Bitwarden-compatible password manager server with PostgreSQL backend.
+- [vaultwarden](cookbooks/vaultwarden/): Bitwarden-compatible password manager server with PostgreSQL backend.
-- [vmagent](vmagent/): Victoria Metrics agent for collecting and forwarding metrics.
+- [vmagent](cookbooks/vmagent/): Victoria Metrics agent for collecting and forwarding metrics.
-- [vsftpd](vsftpd/): secure FTP server with TLS support and Let's Encrypt certificate integration.
+- [vsftpd](cookbooks/vsftpd/): secure FTP server with TLS support and Let's Encrypt certificate integration.
 
 ## Cookbook layout
 
@@ -53,6 +53,13 @@ This repository gathers all the recipes (hence the name "Cookbook") to deploy Op
 - Fedora / CentOS Stream / RHEL or derivative operating system.
 - Systemd
 
+## End-to-end testing
+
+```
+pip install -e .
+pytest cookbooks/postgresql/tests/
+```
+
 ## Development
 
 To develop Podman Quadlets, it is advised to create a Fedora Virtual Machine dedicated to this task.
@@ -60,7 +67,7 @@ To develop Podman Quadlets, it is advised to create a Fedora Virtual Machine ded
 You can create a Fedora Virtual Machine with the following command:
 
 ```sh
-sudo ./create-dev-vm.sh
+sudo ./scripts/create-dev-vm.sh
 ```
 
 Then, retrieve the IP address of your VM with the following command:

conftest.py

@@ -0,0 +1,23 @@
+import subprocess
+from pathlib import Path
+
+import pytest
+
+
+@pytest.fixture(scope="session")
+def test_ssh_key(tmp_path_factory: pytest.TempPathFactory) -> Path:
+    """Generate a temporary SSH key pair (no passphrase) for VM access."""
+    key_dir = tmp_path_factory.mktemp("ssh-key")
+    key_path = key_dir / "id_ed25519"
+    subprocess.run(
+        ["ssh-keygen", "-t", "ed25519", "-N", "", "-f", str(key_path)],
+        check=True,
+        capture_output=True,
+    )
+    return key_path
+
+
+@pytest.fixture(scope="session")
+def test_ssh_pubkey(test_ssh_key: Path) -> str:
+    """Public key string corresponding to test_ssh_key."""
+    return test_ssh_key.with_suffix(".pub").read_text().strip()

base/Makefile → cookbooks/base/Makefile

@@ -1,5 +1,6 @@
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk
+
 SYSTEMD_MAIN_UNIT_NAMES += var-lib-virtiofs-data.mount
 SYSTEMD_MAIN_UNIT_NAMES += rpm-ostree-install-qemu-guest-agent.service
 SYSTEMD_MAIN_UNIT_NAMES += install-fastfetch.service

gitea/Makefile → cookbooks/gitea/Makefile

@@ -8,5 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10009
 PROJECT_GID = 10000
 
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk

keycloak/Makefile → cookbooks/keycloak/Makefile

@@ -8,6 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10007
 PROJECT_GID = 10000
 
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk
-

lego/Makefile → cookbooks/lego/Makefile

@@ -7,7 +7,5 @@ PROJECT_UID = 10023
 PROJECT_GID = 10000
 
 # Include common Makefile
-TOP_LEVEL_DIR := ..
+include ../../scripts/common.mk
-include $(TOP_LEVEL_DIR)/common.mk
-
 

miniflux/Makefile → cookbooks/miniflux/Makefile

@@ -8,6 +8,5 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10010
 PROJECT_GID = 10000
 
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk
-

nextcloud/Makefile → cookbooks/nextcloud/Makefile

@@ -8,8 +8,8 @@ DEPENDENCIES = postgresql traefik
 PROJECT_UID = 10008
 PROJECT_GID = 10000
 
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk
 
 # Additional Nextcloud directories and files
 TARGET_FILES += $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json

nginx/Makefile → cookbooks/nginx/Makefile

@@ -1,5 +1,5 @@
-TOP_LEVEL_DIR := ..
+# Include common Makefile
-include $(TOP_LEVEL_DIR)/common.mk
+include ../../scripts/common.mk
 
 .PHONY: test
 

postgresql/Makefile → cookbooks/postgresql/Makefile

@@ -11,8 +11,7 @@ $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d:
 	install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D -d $@
 
 # Include common Makefile
-TOP_LEVEL_DIR := ..
+include ../../scripts/common.mk
-include $(TOP_LEVEL_DIR)/common.mk
 
 .PHONY: test test-set-pgmajor install-config
 

postgresql/postgresql-backup.container → cookbooks/postgresql/postgresql-backup.container

@@ -9,7 +9,7 @@ PartOf=postgresql.target
 
 [Container]
 ContainerName=postgresql-backup-job
-Image=docker.io/library/postgres:${PG_MAJOR}-alpine
+Image=postgresql.image
 
 # Network configuration
 Network=host

postgresql/postgresql-init.container → cookbooks/postgresql/postgresql-init.container

@@ -15,7 +15,7 @@ PartOf=postgresql.target
 
 [Container]
 ContainerName=postgresql-init-job
-Image=docker.io/library/postgres:${PG_MAJOR}-alpine
+Image=postgresql.image
 
 # Network configuration
 Network=host

cookbooks/postgresql/postgresql-pgautoupgrade.image

@@ -0,0 +1,13 @@
+[Unit]
+Description=podman pull docker.io/pgautoupgrade/pgautoupgrade
+Documentation=https://hub.docker.com/_/postgres/
+
+# Only start if PostgreSQL has been configured
+ConditionPathExists=/etc/quadlets/postgresql/config.env
+
+[Image]
+Image=docker.io/pgautoupgrade/pgautoupgrade:${PG_MAJOR}-alpine
+
+[Service]
+# These environment variables are sourced to be used by systemd in the Exec* commands
+EnvironmentFile=/etc/quadlets/postgresql/config.env