images/Dockerfile.kairos-opensuse

# This file is auto-generated with the command: earthly +kairos-dockerfile --FAMILY=opensuse

###############################################################
####                           ARGS                        ####
###############################################################
# TARGETARCH is used to determine the architecture of the image, it is already set by Docker so it doesn't need to be defined here
ARG FAMILY=opensuse
ARG FLAVOR
ARG FLAVOR_RELEASE
ARG MODEL=generic
ARG BASE_IMAGE
ARG VARIANT
ARG VERSION
ARG FRAMEWORK_VERSION=main

FROM $BASE_IMAGE AS base

FROM base AS leap-15.6-repo
RUN zypper ar -G https://download.opensuse.org/repositories/utilities/15.6/utilities.repo || true && \
    zypper ref

FROM base AS tumbleweed-repo-amd64
RUN zypper removerepo repo-openh264 && \
    zypper ref

FROM base AS tumbleweed-repo-arm64
RUN zypper ar https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/ aarch64 || true && \
    zypper ref

FROM tumbleweed-repo-${TARGETARCH} AS tumbleweed-repo
RUN zypper ar -G https://download.opensuse.org/repositories/utilities/openSUSE_Factory/utilities.repo || true && \
    zypper ref

FROM ${FLAVOR_RELEASE}-repo AS common
RUN zypper in --force-resolution -y \
    bash-completion \
    conntrack-tools \
    cryptsetup \
    coreutils \
    curl \
    device-mapper \
    dhcp-client \
    dosfstools \
    dracut \
    e2fsprogs \
    fail2ban \
    findutils \
    gawk \
    growpart \
    gptfdisk \
    haveged \
    htop \
    iproute2 \
    iptables \
    iputils \
    issue-generator \
    jq \
    less \
    logrotate \
    lsscsi \
    lvm2 \
    mdadm \
    multipath-tools \
    nano \
    nfs-utils \
    nohang \
    open-iscsi \
    openssh \
    open-vm-tools \
    parted \
    pigz \
    policycoreutils \
    polkit \
    procps \
    rsync \
    shim \
    squashfs \
    strace \
    sudo \
    systemd \
    systemd-network \
    tar \
    timezone \
    tmux \
    vim \
    which \
    tpm2* \
    && zypper cc

FROM common as amd64
RUN zypper in --force-resolution -y \
    grub2-i386-pc \
    grub2-x86_64-efi \
    kernel-firmware-all \
    nethogs \
    patch \
    systemd-sysvinit \
    && zypper cc

FROM common as arm64
RUN zypper in --force-resolution -y \
    bcm43xx-firmware \
    grub2-arm64-efi \
    iw \
    kernel-firmware-ath10k \
    kernel-firmware-ath11k \
    kernel-firmware-atheros \
    kernel-firmware-bluetooth \
    kernel-firmware-brcm \
    kernel-firmware-iwlwifi \
    kernel-firmware-network \
    kernel-firmware-realtek \
    kernel-firmware-serial \
    kernel-firmware-usb-network \
    nethogs \
    && zypper cc

###############################################################
####                          Model                        ####
###############################################################
FROM ${TARGETARCH} AS generic
RUN zypper in --force-resolution -y \
    lldpd \
    qemu-guest-agent \
    && zypper cc

FROM ${TARGETARCH} AS rpicommon
RUN zypper in --force-resolution -y \
    raspberrypi-eeprom \
    raspberrypi-firmware \
    raspberrypi-firmware-dt \
    sysconfig \
    sysconfig-netconfig \
    sysvinit-tools \
    wireless-tools \
    wpa_supplicant \
    && zypper cc
COPY rpi/config.txt /boot/config.txt

FROM rpicommon AS rpi-leap-15.6
# somehow these two are needed in leap
RUN zypper in --force-resolution -y \
    grub2-i386-pc \
    grub2-x86_64-efi \
    && zypper cc

FROM rpicommon AS rpi-tumbleweed

FROM rpi-${FLAVOR_RELEASE} AS rpi3
FROM rpi-${FLAVOR_RELEASE} AS rpi4

###############################################################
####               Post-Process Common to All              ####
###############################################################
FROM ${MODEL} AS all
# Not sure why but if I install kernel-defult at the common stage, it doesn't populate /boot so it's done here. Should
# be investigated further.
RUN zypper in --force-resolution -y \
    kernel-default \
    && zypper cc

FROM --platform="linux/${TARGETARCH}" quay.io/kairos/framework:${FRAMEWORK_VERSION} AS framework

FROM all AS base-kairos

# Symlinks to make elemental installer work
RUN ORIG=/usr/sbin/grub-install; DEST=/usr/sbin/grub2-install; [ -e $ORIG ] && [ ! -e $DEST ] && ln -s $ORIG $DEST || true
RUN ORIG=/usr/bin/grub-editenv; DEST=/usr/sbin/grub2-editenv; [ -e $ORIG ] && [ ! -e $DEST ] && ln -s $ORIG $DEST || true

# here we add 100Mb aprox
COPY --from=framework / /

RUN rm -rf /etc/ssh/ssh_host_*

COPY which-init.sh /usr/local/bin/which-init.sh

RUN if [ -f "/etc/kairos-release" ]; then sed -i -n '/KAIROS_/!p' /etc/kairos-release; fi

# need to be defined after FROM for them to be replaced in the RUN bellow
ARG HOME_URL="https://github.com/kairos-io/kairos"
ARG BUG_REPORT_URL="https://github.com/kairos-io/kairos/issues"
ARG GITHUB_REPO="kairos-io/kairos"
ARG ID=kairos
ARG REGISTRY_AND_ORG="quay.io/kairos"

ARG RELEASE
ARG FLAVOR
ARG FLAVOR_RELEASE
ARG VARIANT
ARG FAMILY
ARG MODEL
ARG TARGETARCH
ARG SOFTWARE_VERSION
ARG SOFTWARE_VERSION_PREFIX
ARG SOFTWARE_LUET_VERSION=""

RUN rm -rf /etc/machine-id

FROM base-kairos AS kairos-core

FROM base-kairos AS kairos-standard
ARG SOFTWARE_VERSION
LABEL io.kairos.k3s_version="${SOFTWARE_VERSION}"
RUN luet install -y system/provider-kairos
RUN luet install -y "k8s/k3s-$(which-init.sh)@${SOFTWARE_LUET_VERSION:-$SOFTWARE_VERSION}" utils/edgevpn utils/k9s utils/nerdctl container/kubectl utils/kube-vip

FROM kairos-${VARIANT} AS kairos-final
ARG BASE_IMAGE
ARG FRAMEWORK_VERSION
ARG RELEASE
ARG FLAVOR
ARG FLAVOR_RELEASE
ARG VARIANT
ARG FAMILY
ARG MODEL
ARG TARGETARCH
ARG SOFTWARE_VERSION
ARG SOFTWARE_VERSION_PREFIX

LABEL org.opencontainers.image.authors="Kairos Maintainers <team@kairos.io>"
LABEL org.opencontainers.image.licenses="Apache-2.0"
LABEL org.opencontainers.image.url="https://github.com/kairos-io/kairos"
LABEL org.opencontainers.image.source="https://github.com/kairos-io/kairos.git"
LABEL io.kairos.base_image="${BASE_IMAGE}"
LABEL io.kairos.variant="${VARIANT}"
LABEL io.kairos.family="${FAMILY}"
LABEL io.kairos.flavor="${FLAVOR}"
LABEL io.kairos.flavor_release="${FLAVOR_RELEASE}"
LABEL io.kairos.model="${MODEL}"
LABEL io.kairos.release="${RELEASE}"
LABEL io.kairos.framework-version="${FRAMEWORK_VERSION}"
LABEL io.kairos.software-version="${SOFTWARE_VERSION}"
LABEL io.kairos.software-version-prefix="${SOFTWARE_VERSION_PREFIX}"
LABEL io.kairos.targetarch="${TARGETARCH}"

RUN kairos-agent versioneer os-release-variables > /etc/kairos-release
RUN kairos-agent versioneer container-artifact-name > /IMAGE

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN luet database get-all-installed --output /etc/kairos/versions.yaml

# TODO what about caches?
RUN kernel=$(ls /lib/modules | head -n1) && depmod -a "${kernel}"

# Set empty machine-id
# This prevents systemd from thinking that the machine is on first boot
# and recreating /etc/ dependencies in services and such
# do this before initramfs so its in the initramfs
RUN echo "" > /etc/machine-id || true
# Regenerate initrd if necessary, proper config files with immucore and custom initrd should already be in there installed by framework
# for systemd distros
RUN if [ -f "/usr/bin/dracut" ]; then \
      kernel=$(ls /lib/modules | head -n1) && \
      dracut -f "/boot/initrd-${kernel}" "${kernel}" && \
      ln -sf "initrd-${kernel}" /boot/initrd; \
    fi
# for alpine (openrc based)
RUN if [ -f "/sbin/mkinitfs" ]; then \
      kernel=$(ls /lib/modules | head -n1) && \
      mkinitfs -o /boot/initrd "${kernel}"; \
    fi

# symlink kernel to /boot/vmlinuz
RUN kernel=$(ls /boot/vmlinuz-* 2>/dev/null | head -n1) && if [ -e "$kernel" ]; then ln -sf "$kernel" /boot/vmlinuz; fi || true
RUN kernel=$(ls /boot/Image* 2>/dev/null | head -n1) && if [ -e "$kernel" ]; then ln -sf "$kernel" /boot/vmlinuz; fi || true

# this is generally present on rhel based systems, but it doesn't hurt to remove in any case
RUN rm -rf /boot/initramfs-* || true

RUN rm /var/lib/dbus/machine-id || true
RUN rm /etc/hostname || true

# Disable the make-policy service that its on by default on some systemd versions
# it creates a pcrlock.json policy that conflicts with our mesurements when trying to enroll it
RUN if [ "$(which-init.sh)" = "systemd" ]; then \
      systemctl disable systemd-pcrlock-make-policy || true; \
      systemctl mask systemd-pcrlock-make-policy || true; \
      journalctl --vacuum-size=1K || true; \
    fi

RUN rm -rf /tmp/*
RUN luet cleanup
RUN rm -rf /var/luet