From 1c245a593ab4859a4b32ed093029ba85d8536035 Mon Sep 17 00:00:00 2001
From: ducoterra <git@ducoterra.net>
Date: Mon, 5 Jan 2026 10:00:35 -0500
Subject: [PATCH] image_builder checkpoint

---
 ...fedora-42-base.toml => fedora42-base.toml} |  0
 ...fedora-43-base.toml => fedora43-base.toml} | 17 ++++-------
 active/software_osbuild/image_builder.md      | 28 +++++++++++++------
 3 files changed, 26 insertions(+), 19 deletions(-)
 rename active/software_osbuild/{fedora-42-base.toml => fedora42-base.toml} (100%)
 rename active/software_osbuild/{fedora-43-base.toml => fedora43-base.toml} (85%)

diff --git a/active/software_osbuild/fedora-42-base.toml b/active/software_osbuild/fedora42-base.toml
similarity index 100%
rename from active/software_osbuild/fedora-42-base.toml
rename to active/software_osbuild/fedora42-base.toml
diff --git a/active/software_osbuild/fedora-43-base.toml b/active/software_osbuild/fedora43-base.toml
similarity index 85%
rename from active/software_osbuild/fedora-43-base.toml
rename to active/software_osbuild/fedora43-base.toml
index 7d8a815..8456507 100644
--- a/active/software_osbuild/fedora-43-base.toml
+++ b/active/software_osbuild/fedora43-base.toml
@@ -9,16 +9,11 @@ groups = []
 hostname = "f43-base"
 
 [[customizations.disk.partitions]]
-type = "btrfs"
-minsize = "32 GiB"
-
-[[customizations.disk.partitions.subvolumes]]
-name = "root"
+type = "plain"
+label = "root"
 mountpoint = "/"
-
-[[customizations.disk.partitions.subvolumes]]
-name = "home"
-mountpoint = "/home"
+fs_type = "ext4"
+minsize = "128 GiB"
 
 [customizations.timezone]
 timezone = "America/New_York"
@@ -70,8 +65,8 @@ data = """
 [[customizations.files]]
 path = "/home/ducoterra/.inputrc"
 mode = "0644"
-user = "root"
-group = "root"
+user = "ducoterra"
+group = "ducoterra"
 data = """
 "\\C-h": backward-kill-word
 """
diff --git a/active/software_osbuild/image_builder.md b/active/software_osbuild/image_builder.md
index 3cda8a2..47e252e 100644
--- a/active/software_osbuild/image_builder.md
+++ b/active/software_osbuild/image_builder.md
@@ -33,18 +33,21 @@ sudo usermod -aG weldr $USER
 
 # Optional: cockpit dependency
 dnf install -y cockpit-composer
+
+# Optional: allow security profiles
+dnf install openscap-scanner scap-security-guide
 ```
 
 ## Building Images
 
 1. Create a toml file describing your image
 
-    See `fedora-42-base.toml` for an example.
+    See `fedora42-base.toml` for an example.
 
 2. Push the toml to composer
 
     ```bash
-    composer-cli blueprints push active/software_osbuild/fedora-42-base.toml
+    composer-cli blueprints push active/software_osbuild/fedora42-base.toml
     
     # List blueprints
     composer-cli blueprints list
@@ -57,13 +60,13 @@ dnf install -y cockpit-composer
     composer-cli compose types
 
     # Build the image
-    composer-cli compose start fedora-42-base qcow2
+    composer-cli compose start fedora42-base qcow2
 
     # Check status
     watch composer-cli compose status
 
     # Download logs if error
-    cd /tmp && composer-cli compose logs f91a12b6-01fd-4f94-91cc-9d5fb68b8129
+    cd /tmp && composer-cli compose logs 52963ac9-b680-4def-baaf-252845f0e3fe
 
     # Delete failed images
     composer-cli compose list failed -j | jq '.[].body.failed.[]?.id' | xargs -I '%' composer-cli compose delete '%'
@@ -79,16 +82,25 @@ dnf install -y cockpit-composer
     composer-cli compose list finished
 
     # Download the image
-    composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-base.qcow2 image-uuid
+    composer-cli compose image --filename active/software_osbuild/secrets/fedora43-base.qcow2 image-uuid
 
     # Test with qemu
-    qemu-kvm --name test-fedora-42-base -m 4096 -hda ~/Downloads/fedora-42-base.qcow2
+    virt-install \
+    --name "fedora43-base" \
+    --boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
+    --cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
+    --ram=8192 \
+    --os-variant=fedora41 \
+    --network bridge:virbr0 \
+    --graphics none \
+    --console pty,target.type=virtio \
+    --import --disk "path=active/software_osbuild/secrets/fedora43-base.qcow2,bus=virtio"
     ```
 
 ### Image Build and Watch One Liner
 
 ```bash
-composer-cli blueprints push active/software_osbuild/fedora-43-base.toml && \
-composer-cli compose start fedora-43-base qcow2 && \
+composer-cli blueprints push active/software_osbuild/fedora43-base.toml && \
+composer-cli compose start fedora43-base qcow2 && \
 watch composer-cli compose status
 ```
\ No newline at end of file