ben/silverblue-images
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
15439af360b7c96ef285e34887e78ece24066b31
silverblue-images/Containerfile-supermicro-x10drh
T
Ben Radey 15439af360
Build / supermicro-x10drh (push) Has been cancelled
Details
Build / workstation-nvidia-base (push) Has been cancelled
Details
Build / asrock-x570 (push) Has been cancelled
Details
Build / lenovo-16arh7h (push) Has been cancelled
Details
Resetting 'from' directives
2026-06-06 11:34:33 -04:00

109 lines
3.7 KiB
Plaintext
Raw Blame History

# ====== Stage 1: Builder image ======
FROM registry.fedoraproject.org/fedora:latest AS builder
RUN dnf5 update -y && dnf install -y git golang
RUN git clone https://github.com/rfjakob/gocryptfs.git
WORKDIR /gocryptfs
RUN ./build-without-openssl.bash
# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:43
COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
COPY gpg-keys/* /keys/
# Import keys, install ZFS repository & build deps & zfs
RUN rpm --import \
/keys/nvidia-gpgkey \
/keys/OpenZFS \
/keys/Smallstep \
/keys/zrepl-rpm-pkgs \
/keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 \
/keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 \
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-43-x86_64 && \
rm -rf /keys && \
dnf5 install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-3-0$(rpm --eval "%{dist}").noarch.rpm \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \
dnf5 install -y \
kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
dnf5 install -y zfs && \
dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
dnf5 clean all
# Install smallstep, nvidia & zrepl repository
COPY supermicro-x10drh/*.repo /etc/yum.repos.d/
RUN dnf5 install -y \
akmods \
ansible \
borgbackup \
certbot \
cockpit \
cockpit-podman \
distrobox \
fail2ban \
fuse-encfs \
fuse-sshfs \
hddtemp \
htop \
iftop \
igt-gpu-tools \
iotop \
ipmitool \
libnvidia-container-tools \
libnvidia-container1 \
libvirt \
lm_sensors \
net-tools \
netcat \
nginx \
nut \
nvidia-container-toolkit \
nvidia-container-toolkit-base \
nvtop \
pv \
python3-certbot-nginx \
qemu-kvm \
rclone \
screen \
smartmontools \
step-cli \
strace \
stress-ng \
telnet \
vim \
zrepl-v0.6.0-1.x86_64 && \
dnf5 clean all
# TODO: Remove this `|| true` hack once post scriptlets no longer make dnf exit with non-zero
RUN dnf5 install -y \
akmod-nvidia \
xorg-x11-drv-nvidia-cuda || true && \
dnf5 clean all
# TODO: Remove these unnecessary checks to make sure the packages above actually got installed. rpm exits non-zero if the package is not installed and aborts the Containerfile build
RUN rpm -q akmod-nvidia && \
rpm -q xorg-x11-drv-nvidia-cuda
# Build nvidia akmod with no special arguments - defaults to open kernel driver for newer hardware
RUN mkdir -p /var/log/akmods /var/cache/akmods/nvidia /var/tmp && \
chmod 777 /var/tmp && \
/usr/sbin/akmods --force --kernels "$(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
# Cleanup image for linting
RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf
# The first check makes sure that we have exactly 7 gpg pubkeys trusted in the rpmdb (the ones from the base image).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
# FIXME - remove the `--skip nonempty-run-tmp` when it's no longer needed
RUN [[ 7 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
rm -rf /var /boot && mkdir /var /boot && \
bootc container lint --fatal-warnings --skip nonempty-run-tmp
Reference in New Issue View Git Blame Copy Permalink