Deploying a demo amd64 debian-based OS via ostree

This is a prototype outline for building and deploying a debian based OS
with ostree.  For purposes of demonstration, the OS runs from a bootable
USB device on a UEFI capable amd64 machine.  Once a USB device is
created and booted, the OS can be updated using a simple shell script.

<https://ostreedev.github.io/ostree/>
<https://www.nin.wiki/Halo_numbers>

6 files changed, 97 insertions, 0 deletions

diff --git a/hooks/build-os/10-apt b/hooks/build-os/10-apt
new file mode 100755
index 0000000..65c7056
--- /dev/null
+++ b/hooks/build-os/10-apt
@@ -0,0 +1,15 @@
+#!/bin/bash -xe
+set -o pipefail
+
+# Enable additional sources
+cat > "${root:?}"/etc/apt/sources.list << EOF
+deb https://deb.debian.org/debian trixie main contrib non-free non-free-firmware
+
+deb https://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
+
+deb https://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+EOF
+
+# update/upgrade system
+chroot "${root:?}" apt-get update
+chroot "${root:?}" apt-get upgrade
diff --git a/hooks/build-os/20-kernel-boot b/hooks/build-os/20-kernel-boot
new file mode 100755
index 0000000..8aca938
--- /dev/null
+++ b/hooks/build-os/20-kernel-boot
@@ -0,0 +1,5 @@
+#!/bin/bash -xe
+set -o pipefail
+
+chroot "${root:?}" apt-get --assume-yes install firmware-linux grub-efi-amd64 \
+	linux-image-amd64 ostree-boot
diff --git a/hooks/build-os/50-network b/hooks/build-os/50-network
new file mode 100755
index 0000000..c2cb6ee
--- /dev/null
+++ b/hooks/build-os/50-network
@@ -0,0 +1,16 @@
+#!/bin/bash -xe
+set -o pipefail
+
+# Append motd
+
+cat >> "${root:?}"/etc/motd << EOF
+
+${osname:?}/${osversion:?} (${osdesc:?}) v${version:?}
+EOF
+
+# Set hostname
+echo "${osname:?}-${osversion:?}" > "${root:?}"/etc/hostname
+echo "127.0.1.1 ${osname:?}-${osversion:?}" >> "${root:?}"/etc/hosts
+
+# Install network manager
+chroot "${root:?}" apt-get install -y network-manager
diff --git a/hooks/build-os/70-system-config b/hooks/build-os/70-system-config
new file mode 100755
index 0000000..0fc5bde
--- /dev/null
+++ b/hooks/build-os/70-system-config
@@ -0,0 +1,10 @@
+#!/bin/bash -xe
+set -o pipefail
+
+# Set a root password
+echo "root:guest" | chroot "${root:?}" chpasswd
+
+# Make console quieter
+cat > "${root:?}"/etc/sysctl.d/printk.conf << EOF
+kernel.printk = 3	4	1	3
+EOF
diff --git a/hooks/build-os/80-firstboot-repart-growfs b/hooks/build-os/80-firstboot-repart-growfs
new file mode 100755
index 0000000..78648cc
--- /dev/null
+++ b/hooks/build-os/80-firstboot-repart-growfs
@@ -0,0 +1,47 @@
+#!/bin/bash -xe
+
+set -o pipefail
+
+# Configure systemd-growfs-root
+mkdir "${root:?}"/etc/systemd/system/systemd-growfs-root.service.d
+
+cat > "${root:?}"/etc/systemd/system/systemd-growfs-root.service.d/override.conf << EOF
+[Unit]
+ConditionFirstBoot=yes
+
+[Service]
+ExecStart=/usr/lib/systemd/systemd-growfs /sysroot
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+chroot "${root:?}" systemctl enable systemd-growfs-root.service
+
+# Configure systemd-repart
+
+mkdir "${root:?}"/etc/repart.d
+
+cat > "${root:?}"/etc/repart.d/50-root.conf << EOF
+[Partition]
+Type=linux-generic
+GrowFileSystem=yes
+EOF
+
+chroot "${root:?}" apt-get install -y systemd-repart
+
+# Configure systemd-firstboot
+
+mkdir "${root:?}"/etc/systemd/system/systemd-firstboot.service.d
+cat > "${root:?}"/etc/systemd/system/systemd-firstboot.service.d/install.conf << EOF
+[Service]
+ExecStart=
+ExecStart=/usr/bin/systemd-firstboot --prompt
+
+[Install]
+WantedBy=sysinit.target
+EOF
+
+chroot "${root:?}" systemctl enable systemd-firstboot.service
+
+rm "${root:?}"/etc/{machine-id,localtime}
diff --git a/hooks/build-os/90-cleanup b/hooks/build-os/90-cleanup
new file mode 100755
index 0000000..d0b7b6f
--- /dev/null
+++ b/hooks/build-os/90-cleanup
@@ -0,0 +1,4 @@
+#!/bin/bash -xe
+set -o pipefail
+
+chroot "${root:?}" apt-get clean