examples: New directory

examples/README.md

@@ -0,0 +1,15 @@
+# Example containers
+
+This repository contains example bootable containers.
+
+## Examples
+
+- [nvidia](nvidia/): Install the nvidia driver
+- [tailscale](tailscale/): Demos <https://tailscale.com/download/linux/fedora>
+- [wifi](wifi/): Install support for wireless networks along with pre-baked
+  configuration to join a network
+
+## Other useful repositories
+
+- <https://github.com/coreos/layering-examples>
+- <https://github.com/openshift/rhcos-image-layering-examples/>

examples/nvidia/Containerfile

@@ -0,0 +1,9 @@
+# In practice you will need a base image with
+# a compatible kernel+driver
+FROM quay.io/centos-bootc/centos-bootc:stream9
+# Add our configuration
+COPY etc/ /etc/
+COPY usr/ /usr/
+RUN dnf -y module install nvidia-driver:545 && \
+    dnf install -y nvidia-container-toolkit && \
+    rm /var/log/*.log /var/lib/dnf -rf

examples/nvidia/etc/systemd/system/nvidia-toolkit-firstboot.service

@@ -0,0 +1,13 @@
+[Unit]
+# For more information see https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/cdi-support.html
+# It looks like the podman/CDI integration wants a pre-generated list of hardware
+Description=Generate /etc/cdi/nvidia.yaml
+
+[Service]
+Type=oneshot
+ExecStart=nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml
+RemainAfterExit=yes
+
+[Install]
+# TODO: Ensure we have a target that is like "container setup"
+WantedBy=multi-user.target

examples/nvidia/etc/yum.repos.d/cuda-rhel9.repo

@@ -0,0 +1,12 @@
+[cuda-rhel9-x86_64]
+name=cuda-rhel9-x86_64
+baseurl=https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64
+enabled=1
+gpgcheck=1
+gpgkey=https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64/D42D0685.pub
+
+[epel]
+name=epel 9
+baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/
+enabled=1
+gpgcheck=0

examples/nvidia/etc/yum.repos.d/nvidia-container-toolkit.repo

@@ -0,0 +1,19 @@
+[nvidia-container-toolkit]
+name=nvidia-container-toolkit
+baseurl=https://nvidia.github.io/libnvidia-container/stable/rpm/$basearch
+repo_gpgcheck=1
+gpgcheck=0
+enabled=1
+gpgkey=https://nvidia.github.io/libnvidia-container/gpgkey
+sslverify=1
+sslcacert=/etc/pki/tls/certs/ca-bundle.crt
+
+[nvidia-container-toolkit-experimental]
+name=nvidia-container-toolkit-experimental
+baseurl=https://nvidia.github.io/libnvidia-container/experimental/rpm/$basearch
+repo_gpgcheck=1
+gpgcheck=0
+enabled=0
+gpgkey=https://nvidia.github.io/libnvidia-container/gpgkey
+sslverify=1
+sslcacert=/etc/pki/tls/certs/ca-bundle.crt

examples/nvidia/etc/yum.repos.d/rhel-9.3.repo

@@ -0,0 +1,17 @@
+[rhel-9.3-baseos]
+baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9.3/$basearch/baseos/os/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel-9.3-appstream]
+baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9.3/$basearch/appstream/os/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel-9.3-nfv]
+baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9.3/x86_64/nfv/os/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

examples/nvidia/usr/lib/systemd/system/basic.target.wants/nvidia-toolkit-firstboot.service

@@ -0,0 +1 @@
+../nvidia-toolkit-firstboot.service

examples/nvidia/usr/lib/systemd/system/nvidia-toolkit-firstboot.service

@@ -0,0 +1,15 @@
+[Unit]
+# For more information see https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/cdi-support.html
+# It looks like the podman/CDI integration wants a pre-generated list of hardware
+Description=Generate /etc/cdi/nvidia.yaml
+# Ensure that we're set up before containers may run
+Before=basic.target
+
+[Service]
+Type=oneshot
+ExecStart=nvidia-ctk cdi generate
+RemainAfterExit=yes
+StandardOutput=/etc/cdi/nvidia.yaml
+
+[Install]
+WantedBy=basic.target

examples/tailscale/Containerfile

@@ -0,0 +1,8 @@
+# This is like https://tailscale.com/download/linux/centos-stream-9
+# except it happens as part of a container build!  You then need to do
+# `tailscale up` via some other mechanism.
+FROM quay.io/centos-bootc/centos-bootc:stream9
+RUN dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/9/tailscale.repo && \
+    dnf -y install tailscale && \
+    dnf clean all && \
+    ln -s ../tailscaled.service /usr/lib/systemd/system/default.target.wants

examples/wifi/Containerfile

@@ -0,0 +1,7 @@
+# Install wireless support along with a static configuration file.
+FROM quay.io/centos-bootc/centos-bootc:stream9
+RUN dnf -y install NetworkManager-wifi NetworkManager-wwan wpa_supplicant wireless-regdb && dnf clean all
+# And also inject a config file.  This pattern of using the COPY command
+# to inject an "overlay" for /etc can easily be extended to add multiple
+# config files.
+COPY etc /etc

examples/wifi/etc/NetworkManager/system-connections/ExampleCorpWifi.ini

@@ -0,0 +1,29 @@
+[connection]
+id=ExampleCorpWiFi
+uuid=6ad20506-0f78-4060-980b-820b7508efba
+type=wifi
+interface-name=wlp4s0
+permissions=
+
+[wifi]
+mac-address-blacklist=
+mode=infrastructure
+ssid=ExampleCorpWiFi
+
+[wifi-security]
+auth-alg=open
+key-mgmt=wpa-psk
+# TODO: see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/106
+# We should also have an opinionated story for managing secrets in Ignition + derivation.
+psk=examplekeyhere
+
+[ipv4]
+dns-search=
+method=auto
+
+[ipv6]
+addr-gen-mode=stable-privacy
+dns-search=
+method=auto
+
+[proxy]