From a33937d31fbede0e9f7dd7055dcb6ae95d305d59 Mon Sep 17 00:00:00 2001
From: unitexe <unitexe70@gmail.com>
Date: Sun, 11 Jan 2026 00:28:02 -0600
Subject: Rootless banner quadlet

---
 .../classes/fix-home-dir-ownership.bbclass         |  9 +++++++++
 .../banner-quadlet/banner-quadlet.bb               | 23 ++++++++++++++++++++++
 .../banner-quadlet/files/LICENSE                   | 21 ++++++++++++++++++++
 .../banner-quadlet/files/banner.container          | 19 ++++++++++++++++++
 .../recipes-extended/shadow/shadow_%.bbappend      |  7 ++++++-
 .../recipes-users/useradd/add-user-svc.bbappend    |  4 ++++
 .../useradd/add-user-unitexe.bbappend              | 23 ++--------------------
 .../packagegroups/packagegroup-unit-users.bb       |  3 +++
 .../recipes-unit/images/core-image-unit.bb         |  2 ++
 .../recipes-users/useradd/add-user-svc.bb          | 21 ++++++++++++++++++++
 .../classes/enable-linger.bbclass                  | 11 +++++++++++
 .../classes/set-xdg-env.bbclass                    | 14 +++++++++++++
 12 files changed, 135 insertions(+), 22 deletions(-)
 create mode 100644 meta-unit-core/classes/fix-home-dir-ownership.bbclass
 create mode 100644 meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb
 create mode 100644 meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE
 create mode 100644 meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container
 create mode 100644 meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend
 create mode 100644 meta-unit-core/recipes-users/useradd/add-user-svc.bb
 create mode 100644 meta-virtualization-extra/classes/enable-linger.bbclass
 create mode 100644 meta-virtualization-extra/classes/set-xdg-env.bbclass

diff --git a/meta-unit-core/classes/fix-home-dir-ownership.bbclass b/meta-unit-core/classes/fix-home-dir-ownership.bbclass
new file mode 100644
index 0000000..e55c9eb
--- /dev/null
+++ b/meta-unit-core/classes/fix-home-dir-ownership.bbclass
@@ -0,0 +1,9 @@
+ROOTFS_POSTPROCESS_COMMAND:append = " fix_svc_user_home_directory_ownership; fix_unitexe_user_home_directory_ownership;"
+
+fix_svc_user_home_directory_ownership() {
+    chown -R svc:svc ${IMAGE_ROOTFS}/home/svc
+}
+
+fix_unitexe_user_home_directory_ownership() {
+    chown -R unitexe:unitexe ${IMAGE_ROOTFS}/home/unitexe
+}
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb
new file mode 100644
index 0000000..67c2246
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/banner-quadlet.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Banner quadlet"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${UNPACKDIR}/LICENSE;md5=a0e6886d263a557228f8d3c5bef21837"
+
+SRC_URI = "\
+    file://banner.container \
+    file://LICENSE \
+"
+
+RDEPENDS:${PN}:append = " podman"
+RDEPENDS:${PN}:append = " add-user-svc"
+
+S = "${UNPACKDIR}"
+
+ROOTLESS_USER_NAME ?= "svc"
+
+do_install() {
+    install -D -m 0644 ${UNPACKDIR}/banner.container ${D}/home/${ROOTLESS_USER_NAME}/.config/containers/systemd/banner.container
+}
+
+FILES:${PN} = "\
+    /home/${ROOTLESS_USER_NAME}/.config/containers/systemd/banner.container \
+"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE
new file mode 100644
index 0000000..9ec8d09
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Closed Circuit Consulting
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container
new file mode 100644
index 0000000..68478a8
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-containers/banner-quadlet/files/banner.container
@@ -0,0 +1,19 @@
+[Unit]
+Description=Serves a custom ASCII banner
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+ContainerName=banner
+Image=ghcr.io/closedcircuitconsulting/banner:0.1.0
+PublishPort=8093:8080
+
+[Service]
+Restart=on-failure
+RestartSec=10s
+RestartSteps=5
+RestartMaxDelaySec=1min
+TimeoutStartSec=15min
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
index cb2beaa..6b57651 100644
--- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-extended/shadow/shadow_%.bbappend
@@ -1,5 +1,5 @@
 #
-# Support rootless podman for unitexe user.
+# Support rootless podman for users.
 #
 # This is explained at:
 #   https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
@@ -9,4 +9,9 @@ do_install:append() {
     echo "" >> ${D}${sysconfdir}/subuid
     echo "unitexe:100000:65536" >> ${D}${sysconfdir}/subgid
     echo "" >> ${D}${sysconfdir}/subgid
+
+    echo "svc:200000:65536" >> ${D}${sysconfdir}/subuid
+    echo "" >> ${D}${sysconfdir}/subuid
+    echo "svc:200000:65536" >> ${D}${sysconfdir}/subgid
+    echo "" >> ${D}${sysconfdir}/subgid
 }
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend
new file mode 100644
index 0000000..6c79ab4
--- /dev/null
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-svc.bbappend
@@ -0,0 +1,4 @@
+inherit enable-linger
+inherit set-xdg-env
+
+RDEPENDS:${PN}:append = " banner-quadlet"
diff --git a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
index 5fab9f0..23fe467 100644
--- a/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
+++ b/meta-unit-core/dynamic-layers/virtualization-layer/recipes-users/useradd/add-user-unitexe.bbappend
@@ -1,21 +1,2 @@
-do_install:append() {
-    # If linger is not enabled then rootless podman 
-    # commands will complain with number of warnings.
-    # Enabling linger does two effects for systemd user units:
-    #   1. Units are automatically started after a reboot
-    #   2. Units are not automatically stopped after a log out
-    install -d ${D}${localstatedir}/lib/systemd/linger
-    touch ${D}${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}
-
-    # Note: Use of .profile here assumes busybox shell.
-    # Podman uses these (if defined) for overriding
-    # default configuration file locations. This is
-    # explained here:
-    #   https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#user-configuration-files
-    cat > ${D}/home/${USER_TO_ADD_NAME}/.profile << 'EOF'
-export XDG_RUNTIME_DIR=/run/user/$(id -u)
-export XDG_CONFIG_HOME=$HOME/.config
-EOF
-}
-
-FILES:${PN}:append = " ${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}"
+inherit enable-linger
+inherit set-xdg-env
diff --git a/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb b/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
index 8cc7faf..f5dcc04 100644
--- a/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
+++ b/meta-unit-core/recipes-core/packagegroups/packagegroup-unit-users.bb
@@ -8,3 +8,6 @@ RDEPENDS:${PN}:append = " libpam"
 
 # Add admin user.
 RDEPENDS:${PN}:append = " add-user-unitexe"
+
+# Add service user.
+RDEPENDS:${PN}:append = " add-user-svc"
diff --git a/meta-unit-core/recipes-unit/images/core-image-unit.bb b/meta-unit-core/recipes-unit/images/core-image-unit.bb
index ea7a7c1..d133554 100644
--- a/meta-unit-core/recipes-unit/images/core-image-unit.bb
+++ b/meta-unit-core/recipes-unit/images/core-image-unit.bb
@@ -2,4 +2,6 @@ SUMMARY = "Unit image"
 
 LICENSE = "MIT"
 
+inherit fix-home-dir-ownership
+
 require unit-image-base.inc
diff --git a/meta-unit-core/recipes-users/useradd/add-user-svc.bb b/meta-unit-core/recipes-users/useradd/add-user-svc.bb
new file mode 100644
index 0000000..b156019
--- /dev/null
+++ b/meta-unit-core/recipes-users/useradd/add-user-svc.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Add service user"
+LICENSE = "MIT"
+
+EXCLUDE_FROM_WORLD = "1"
+
+inherit useradd
+inherit extrausers
+
+S = "${UNPACKDIR}"
+
+RDEPENDS:${PN}:append = " shadow"
+
+USERADD_PACKAGES = "${PN}"
+
+USER_TO_ADD_NAME ?= "svc"
+USER_TO_ADD_UID ?= "2000"
+USER_TO_ADD_PASSWORD_HASHED ?= "\$6\$1TQs7iLskyTyCjoL\$xhngcFWaPRsoaZCwLSsYXUrRcVdR19zV2vBEzrzSEVu8zbqDlfKu4HLwzsZfiqJCiWqiu9qirD4Ym12CMf7D7."
+
+USERADD_PARAM:${PN} = "--uid ${USER_TO_ADD_UID} --home-dir /home/${USER_TO_ADD_NAME} --shell ${base_bindir}/sh --password '${USER_TO_ADD_PASSWORD_HASHED}' ${USER_TO_ADD_NAME}"
+
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
diff --git a/meta-virtualization-extra/classes/enable-linger.bbclass b/meta-virtualization-extra/classes/enable-linger.bbclass
new file mode 100644
index 0000000..cfb21e7
--- /dev/null
+++ b/meta-virtualization-extra/classes/enable-linger.bbclass
@@ -0,0 +1,11 @@
+do_install:append() {
+    # If linger is not enabled then rootless podman 
+    # commands will complain with number of warnings.
+    # Enabling linger does two effects for systemd user units:
+    #   1. Units are automatically started after a reboot
+    #   2. Units are not automatically stopped after a log out
+    install -d ${D}${localstatedir}/lib/systemd/linger
+    touch ${D}${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}
+}
+
+FILES:${PN}:append = " ${localstatedir}/lib/systemd/linger/${USER_TO_ADD_NAME}"
diff --git a/meta-virtualization-extra/classes/set-xdg-env.bbclass b/meta-virtualization-extra/classes/set-xdg-env.bbclass
new file mode 100644
index 0000000..4835e93
--- /dev/null
+++ b/meta-virtualization-extra/classes/set-xdg-env.bbclass
@@ -0,0 +1,14 @@
+do_install:append() {
+    # Note: Use of .profile here assumes busybox shell.
+    # Podman uses these (if defined) for overriding
+    # default configuration file locations. This is
+    # explained here:
+    #   https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#user-configuration-files
+    install -D -m 0644 /dev/null ${D}/home/${USER_TO_ADD_NAME}/.profile
+    cat > ${D}/home/${USER_TO_ADD_NAME}/.profile << 'EOF'
+export XDG_RUNTIME_DIR=/run/user/$(id -u)
+export XDG_CONFIG_HOME=$HOME/.config
+EOF
+}
+
+FILES:${PN}:append = " /home/${USER_TO_ADD_NAME}/.profile"
-- 
cgit v1.2.3