summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-unit-core/classes/fix-home-dir-ownership.bbclass9
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb23
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE21
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container19
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend7
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend4
-rw-r--r--meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend23
-rw-r--r--meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb3
-rw-r--r--meta-unit-core/recipes-unit/images/core-image-unit.bb2
-rw-r--r--meta-unit-core/recipes-users/useradd/add-user-svc.bb21
-rw-r--r--meta-virtualization-extra/classes/enable-linger.bbclass11
-rw-r--r--meta-virtualization-extra/classes/set-xdg-env.bbclass14
12 files changed, 135 insertions, 22 deletions
diff --git a/meta-unit-core/classes/fix-home-dir-ownership.bbclass b/meta-unit-core/classes/fix-home-dir-ownership.bbclass
new file mode 100644
index 0000000..e55c9eb
--- /dev/null
+++ b/meta-unit-core/classes/fix-home-dir-ownership.bbclass
@@ -0,0 +1,9 @@
+ROOTFS_POSTPROCESS_COMMAND:append = " fix_svc_user_home_directory_ownership; fix_unitexe_user_home_directory_ownership;"
+
+fix_svc_user_home_directory_ownership() {
+ chown -R svc:svc ${IMAGE_ROOTFS}/home/svc
+}
+
+fix_unitexe_user_home_directory_ownership() {
+ chown -R unitexe:unitexe ${IMAGE_ROOTFS}/home/unitexe
+}
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb
new file mode 100644
index 0000000..67c2246
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Banner quadlet"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${UNPACKDIR}/LICENSE;md5=a0e6886d263a557228f8d3c5bef21837"
+
+SRC_URI = "\
+ file://banner.container \
+ file://LICENSE \
+"
+
+RDEPENDS:${PN}:append = " podman"
+RDEPENDS:${PN}:append = " add-user-svc"
+
+S = "${UNPACKDIR}"
+
+ROOTLESS_USER_NAME ?= "svc"
+
+do_install() {
+ install -D -m 0644 ${UNPACKDIR}/banner.container ${D}/home/${ROOTLESS_USER_NAME}/.config/containers/systemd/banner.container
+}
+
+FILES:${PN} = "\
+ /home/${ROOTLESS_USER_NAME}/.config/containers/systemd/banner.container \
+"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE
new file mode 100644
index 0000000..9ec8d09
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Closed Circuit Consulting
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container
new file mode 100644
index 0000000..68478a8
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container
@@ -0,0 +1,19 @@
+[Unit]
+Description=Serves a custom ASCII banner
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+ContainerName=banner
+Image=ghcr.io/closedcircuitconsulting/banner:0.1.0
+PublishPort=8093:8080
+
+[Service]
+Restart=on-failure
+RestartSec=10s
+RestartSteps=5
+RestartMaxDelaySec=1min
+TimeoutStartSec=15min
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
index cb2beaa..6b57651 100644
--- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
@@ -1,5 +1,5 @@
#
-# Support rootless podman for unitexe user.
+# Support rootless podman for users.
#
# This is explained at:
# https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
@@ -9,4 +9,9 @@ do_install:append() {
echo "" >> ${D}${sysconfdir}/subuid
echo "unitexe:100000:65536" >> ${D}${sysconfdir}/subgid
echo "" >> ${D}${sysconfdir}/subgid
+
+ echo "svc:200000:65536" >> ${D}${sysconfdir}/subuid
+ echo "" >> ${D}${sysconfdir}/subuid
+ echo "svc:200000:65536" >> ${D}${sysconfdir}/subgid
+ echo "" >> ${D}${sysconfdir}/subgid
}
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend
new file mode 100644
index 0000000..6c79ab4
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend
@@ -0,0 +1,4 @@
+inherit enable-linger
+inherit set-xdg-env
+
+RDEPENDS:${PN}:append = " banner-quadlet"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
index 5fab9f0..23fe467 100644
--- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
@@ -1,21 +1,2 @@
-do_install:append() {
- # If linger is not enabled then rootless podman
- # commands will complain with number of warnings.
- # Enabling linger does two effects for systemd user units:
- # 1. Units are automatically started after a reboot
- # 2. Units are not automatically stopped after a log out
- install -d ${D}${localstatedir}/lib/systemd/linger
- touch ${D}${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}
-
- # Note: Use of .profile here assumes busybox shell.
- # Podman uses these (if defined) for overriding
- # default configuration file locations. This is
- # explained here:
- # https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#user-configuration-files
- cat > ${D}/home/${USER_TO_ADD_NAME}/.profile << 'EOF'
-export XDG_RUNTIME_DIR=/run/user/$(id -u)
-export XDG_CONFIG_HOME=$HOME/.config
-EOF
-}
-
-FILES:${PN}:append = " ${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}"
+inherit enable-linger
+inherit set-xdg-env
diff --git a/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb b/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
index 8cc7faf..f5dcc04 100644
--- a/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
+++ b/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
@@ -8,3 +8,6 @@ RDEPENDS:${PN}:append = " libpam"
# Add admin user.
RDEPENDS:${PN}:append = " add-user-unitexe"
+
+# Add service user.
+RDEPENDS:${PN}:append = " add-user-svc"
diff --git a/meta-unit-core/recipes-unit/images/core-image-unit.bb b/meta-unit-core/recipes-unit/images/core-image-unit.bb
index ea7a7c1..d133554 100644
--- a/meta-unit-core/recipes-unit/images/core-image-unit.bb
+++ b/meta-unit-core/recipes-unit/images/core-image-unit.bb
@@ -2,4 +2,6 @@ SUMMARY = "Unit image"
LICENSE = "MIT"
+inherit fix-home-dir-ownership
+
require unit-image-base.inc
diff --git a/meta-unit-core/recipes-users/useradd/add-user-svc.bb b/meta-unit-core/recipes-users/useradd/add-user-svc.bb
new file mode 100644
index 0000000..b156019
--- /dev/null
+++ b/meta-unit-core/recipes-users/useradd/add-user-svc.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Add service user"
+LICENSE = "MIT"
+
+EXCLUDE_FROM_WORLD = "1"
+
+inherit useradd
+inherit extrausers
+
+S = "${UNPACKDIR}"
+
+RDEPENDS:${PN}:append = " shadow"
+
+USERADD_PACKAGES = "${PN}"
+
+USER_TO_ADD_NAME ?= "svc"
+USER_TO_ADD_UID ?= "2000"
+USER_TO_ADD_PASSWORD_HASHED ?= "\$6\$1TQs7iLskyTyCjoL\$xhngcFWaPRsoaZCwLSsYXUrRcVdR19zV2vBEzrzSEVu8zbqDlfKu4HLwzsZfiqJCiWqiu9qirD4Ym12CMf7D7."
+
+USERADD_PARAM:${PN} = "--uid ${USER_TO_ADD_UID} --home-dir /home/${USER_TO_ADD_NAME} --shell ${base_bindir}/sh --password '${USER_TO_ADD_PASSWORD_HASHED}' ${USER_TO_ADD_NAME}"
+
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
diff --git a/meta-virtualization-extra/classes/enable-linger.bbclass b/meta-virtualization-extra/classes/enable-linger.bbclass
new file mode 100644
index 0000000..cfb21e7
--- /dev/null
+++ b/meta-virtualization-extra/classes/enable-linger.bbclass
@@ -0,0 +1,11 @@
+do_install:append() {
+ # If linger is not enabled then rootless podman
+ # commands will complain with number of warnings.
+ # Enabling linger does two effects for systemd user units:
+ # 1. Units are automatically started after a reboot
+ # 2. Units are not automatically stopped after a log out
+ install -d ${D}${localstatedir}/lib/systemd/linger
+ touch ${D}${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}
+}
+
+FILES:${PN}:append = " ${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}"
diff --git a/meta-virtualization-extra/classes/set-xdg-env.bbclass b/meta-virtualization-extra/classes/set-xdg-env.bbclass
new file mode 100644
index 0000000..4835e93
--- /dev/null
+++ b/meta-virtualization-extra/classes/set-xdg-env.bbclass
@@ -0,0 +1,14 @@
+do_install:append() {
+ # Note: Use of .profile here assumes busybox shell.
+ # Podman uses these (if defined) for overriding
+ # default configuration file locations. This is
+ # explained here:
+ # https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#user-configuration-files
+ install -D -m 0644 /dev/null ${D}/home/${USER_TO_ADD_NAME}/.profile
+ cat > ${D}/home/${USER_TO_ADD_NAME}/.profile << 'EOF'
+export XDG_RUNTIME_DIR=/run/user/$(id -u)
+export XDG_CONFIG_HOME=$HOME/.config
+EOF
+}
+
+FILES:${PN}:append = " /home/${USER_TO_ADD_NAME}/.profile"
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-04 13:09:23 +0000