Move from FCCT to Butane

This reflects a change in the upstream project. A number of other fixes
have been made.

Makefile

@@ -1,6 +1,6 @@
 # CoreOS options.
 STREAM    := stable
-VERSION   := 33.20210301.3.1
+VERSION   := 33.20210426.3.0
 ARCH      := x86_64
 IMAGE_URI := https://builds.coreos.fedoraproject.org/prod/streams/
 HOST      := $(if $(filter deploy-virtual,$(MAKECMDGOALS)),virtual,$(HOST))
@@ -8,10 +8,10 @@ HOST      := $(if $(filter deploy-virtual,$(MAKECMDGOALS)),virtual,$(HOST))
 # Default Makefile options.
 VERBOSE :=
 ROOTDIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
-TMPDIR  := $(shell ls -d /tmp/fcos-build.???? 2>/dev/null || mktemp -d /tmp/fcos-build.XXXX && chmod 0755 /tmp/fcos-build.????)/
+TMPDIR  := $(shell ls -d /var/tmp/fcos-build.???? 2>/dev/null || mktemp -d /var/tmp/fcos-build.XXXX && chmod 0755 /var/tmp/fcos-build.????)/
 
 # Build-time dependencies.
-FCCT        ?= $(call find-cmd,fcct)
+BUTANE      ?= $(call find-cmd,butane)
 CURL        ?= $(call find-cmd,curl) $(if $(VERBOSE),,--progress-bar)
 GPG         ?= $(call find-cmd,gpg) $(if $(VERBOSE),,-q)
 VIRSH       ?= $(call find-cmd,virsh) --connect=qemu:///system $(if $(VERBOSE),,-q)
@@ -30,7 +30,7 @@ deploy-%: $(TMPDIR)host/%/spec.ign
 ## Prepares and deploys CoreOS release for local, virtual environment.
 deploy-virtual: $(TMPDIR)images/fedora-coreos-$(VERSION)-qemu.$(ARCH).qcow2.xz $(TMPDIR)host/$(HOST)/spec.ign
 	@printf "Preparing virtual environment...\n"
-	$Q $(VIRTINSTALL) --import --name="fcos-$(STREAM)-$(VERSION)-$(ARCH)" --os-variant=fedora32 \
+	$Q $(VIRTINSTALL) --import --name="fcos-$(STREAM)-$(VERSION)-$(ARCH)" --os-variant=fedora33 \
 	                  --graphics=none --vcpus=2 --memory=2048 \
 	                  --disk="size=10,backing_store=$(TMPDIR)images/fedora-coreos-$(VERSION)-qemu.$(ARCH).qcow2" \
 	                  --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=$(TMPDIR)host/$(HOST)/spec.ign"
@@ -75,10 +75,10 @@ $(TMPDIR)config/%/: $(shell find $(ROOTDIR)config/$* -type f -newer $(TMPDIR)con
 $(TMPDIR)config/%: $(ROOTDIR)config/%
 	$Q install $(if $(VERBOSE),-v) -D $< $@
 
-# Compile Ignition file from FCCT file.
-$(TMPDIR)%.ign: $(ROOTDIR)%.fcc
+# Compile Ignition file from Butane configuration file.
+$(TMPDIR)%.ign: $(ROOTDIR)%.bu
 	$Q install -d $(@D)
-	$Q $(FCCT) --pretty --strict --files-dir $(TMPDIR)config -o $@ $<
+	$Q $(BUTANE) --pretty --strict --files-dir $(TMPDIR)config -o $@ $<
 
 # Download and, optionally, extract Fedora CoreOS installation image.
 $(TMPDIR)images/fedora-coreos-$(VERSION)-%:
@@ -90,10 +90,10 @@ $(TMPDIR)images/fedora-coreos-$(VERSION)-%:
 	$Q test $(suffix $(@F)) = .xz && xz --decompress $@ || true
 	$Q touch $@
 
-# Generate Makefile dependencies from `local:` definitions in FCCT files.
-$(TMPDIR)make.depend: $(shell find $(ROOTDIR) -name '*.fcc' -type f 2>/dev/null)
+# Generate Makefile dependencies from `local:` definitions in BUTANE files.
+$(TMPDIR)make.depend: $(shell find $(ROOTDIR) -name '*.bu' -type f 2>/dev/null)
 	@printf "# Automatic prerequisites for Fedora CoreOS configuration." > $@
-	@printf "$(foreach i,$^,\n$(patsubst $(ROOTDIR)%.fcc,$(TMPDIR)%.ign, \
+	@printf "$(foreach i,$^,\n$(patsubst $(ROOTDIR)%.bu,$(TMPDIR)%.ign, \
 	         $(i)): $(addprefix $(TMPDIR)config/, $(shell awk -F '[ ]+local:[ ]*' '/[ ]+local:/ {print $$2}' $(i))))" >> $@
 
 # Show help if empty or invalid target has been given.

README.md

@@ -3,13 +3,35 @@
 This repository contains support files for deploying a simple server setup based on Fedora CoreOS,
 and mainly based around [systemd](https://systemd.io) and [Podman](https://podman.io).
 
+## Pre-requisites
+
+Effective use of the source-files here requires that you have the following dependencies installed
+on your host:
+
+  - `gpg` for secret management and image validation.
+  - `butane` for rendering out host and service configuration.
+  - `virsh` and `virt-install` with `qemu` for virtual host testing.
+
+All of the requirements are checked during the various Makefile invocations, and will return fatal
+errors unless fulfilled. In addition to the aforementioned build-time dependencies, the build host
+needs the following setup procedures performed:
+
+### Import GPG key for image validation:
+
+This is required for validating the signatures for installation media when deploying bare-metal and
+virtual hosts:
+
+```sh
+curl https://getfedora.org/static/fedora.gpg | gpg --import
+```
+
 ## Setup and Deployment
 
 Initial server deployment is managed by the included Makefile, which also allows for testing against
 a virtualized environment. Configuration for virtual and physical servers is managed by [Fedora
-CoreOS configuration](https://coreos.github.io/fcct/) files, which will typically define
-host-specific configuration, and merge in additional, standard configuration; check the [virtual
-host configuration](host/virtual/spec.fcc) for an example.
+CoreOS configuration](https://coreos.github.io/butane/) (*aka* Butane) files, which will typically
+define host-specific configuration, and merge in additional, standard configuration; check the
+[virtual host configuration](host/virtual/spec.bu) for an example.
 
 You can prepare host configuration for consumption by using the `deploy` target for the included
 Makefile, e.g.:
@@ -18,11 +40,11 @@ Makefile, e.g.:
 make deploy HOST=example
 ```
 
-This will compile the host-specific `host/example/spec.fcc` file to its corresponding
-Ignition format via the `fcct` utility (which is expected to be installed on the system), and serve
-the final result over HTTP on the local network. This, of course, assumes that you'll be installing
-on [bare metal](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/) on a system on your
-local network -- support for additional targets may be added in the future.
+This will compile the host-specific `host/example/spec.bu` file to its corresponding Ignition format
+via the `butane` utility (which is expected to be installed on the system), and serve the final
+result over HTTP on the local network. This, of course, assumes that you'll be installing on [bare
+metal](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/) on a system on your local
+network -- support for additional targets may be added in the future.
 
 ## Testing
 
@@ -34,7 +56,7 @@ make deploy-virtual
 ```
 
 This will automatically download the Fedora CoreOS image for the `VERSION` specified in the
-Makefile, compile included FCCT files, and start a virtual machine on the terminal running the
+Makefile, compile included Butane files, and start a virtual machine on the terminal running the
 `make` command. If you want to see the various command run under the hood, add the `VERBOSE=1`
 parameter to the `make` invocation.
 
@@ -51,7 +73,7 @@ The mechanisms for building and deploying services are simple and fairly consist
 containers and systemd services are built and enabled using the included `container-build` systemd
 service. This will read files from `/etc/container-services` (copied onto the server during
 deployment) and build container images and systemd service definitions as needed.
-   
+
 ## License
 
 All code in this repository is covered by the terms of the MIT License, the full text of which can be found in the LICENSE file.

config/service/git/spec.bu

@@ -12,7 +12,7 @@ systemd:
       enabled: true
     - name: git-ssh-ed25519@.service
       enabled: true
-    - name: git-ssh-pubkey@-etc-ssh-ssh_host_rsa_key.service
+    - name: git-ssh-pubkey@-etc-ssh-ssh_host_rsa_key.pub.service
       enabled: true
       dropins:
         - name: wait-for-key.conf

config/service/radicale/systemd/radicale.service

@@ -6,7 +6,8 @@ After=container-build@%N.service dovecot.service
 [Service]
 Restart=always
 ExecStartPre=/bin/install --owner 15232 --group 15232 -d /var/lib/container-service/%N
-ExecStart=/bin/podman run --replace --pull never --net mail --env-file /etc/container-service/%N/%N.env \
+ExecStart=/bin/podman run --replace --pull never --net mail,nginx-ingress \
+                          --env-file /etc/container-service/%N/%N.env \
                           --volume /var/lib/container-service/%N:/var/lib/%N:z \
                           --name %N localhost/%N:latest
 ExecStop=/bin/podman stop --time 10 %N