commit ff19688dd228645b3d519adedea560dc006328b9
Author: Ben Vincent <ben@unkin.net>
Date:   Sat Jan 11 20:50:07 2025 +1100

    feat: first commit
    
    - add base image for docker and incus
    - manage images for almalinux 8.10 and 9.5
    - replace all existing docker build repos

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2dbec00
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+images/**/library_*
+env
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1b189fe
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,107 @@
+# Base directories
+IMAGES_PATH := images
+LIBRARY_PATH := library
+SYMLINK_PREFIX := library_
+
+# Docker registry variables
+REGISTRY := git.query.consul
+OWNER := unkin
+#GIT_COMMIT := $(shell git rev-parse --short HEAD)
+DATE_TAG := $(shell date +%Y%m%d)
+BRANCH=$(shell git branch --show-current)
+
+# Find all subdirectories under the IMAGES_PATH
+DIRS := $(shell find $(IMAGES_PATH) -mindepth 3 -maxdepth 3 -type d | sed 's|$(IMAGES_PATH)/||')
+TAGS := $(shell find $(IMAGES_PATH) -mindepth 3 -maxdepth 3 -type d | sed 's|$(IMAGES_PATH)/|tag-|')
+PUSH := $(shell find $(IMAGES_PATH) -mindepth 3 -maxdepth 3 -type d | sed 's|$(IMAGES_PATH)/|push-|')
+
+.PHONY: list $(DIRS)
+
+# List all directories
+list:
+	@echo "Images:"
+	@for dir in $(DIRS); do \
+		echo "  '$$dir'"; \
+	done
+
+# Dynamically create targets for each directory
+.ONESHELL:
+$(DIRS):
+	@echo "Building for $@"
+
+	# Check if on master branch
+	@if [ "$(BRANCH)" = "master" ]; then \
+		echo "Current branch is $(BRANCH), checking latest timestamp in consul."; \
+		LAST_BUILD_TIMESTAMP=$$(consul kv get infra/packer/$@/timestamp || echo "0"); \
+		CURRENT_TIME=$$(date +%s); \
+		if [ $$((CURRENT_TIME - LAST_BUILD_TIMESTAMP)) -lt 86400 ]; then \
+			echo "Skipping build for $@ (built within the last 24 hours)"; \
+			exit 0; \
+		fi; \
+	fi
+
+	# Link .hcl files
+	@find $(LIBRARY_PATH) -name '*.hcl' -exec sh -c 'ln -sf $$PWD/{} $(IMAGES_PATH)/$@/$(SYMLINK_PREFIX)$$(basename {})' \;
+
+	# Link builds
+	@for build in $$(cat $(IMAGES_PATH)/$@/builds); do \
+		ln -sf ../../../../builds/$${build}.pkr.hcl $(IMAGES_PATH)/$@/library_$${build}.build.pkr.hcl; \
+	done
+
+	# Build the image
+	@(cd $(IMAGES_PATH)/$@ && \
+	export DATE=$(DATE_TAG) && \
+	export OS_NAME=$$(echo $@ | cut -d'/' -f1) && \
+	export OS_VERSION_FULL=$$(echo $@ | cut -d'/' -f2) && \
+	export OS_IMAGE=$$(echo $@ | cut -d'/' -f3) && \
+	export OS_VERSION_MAJOR=$$(echo $$OS_VERSION_FULL | cut -d'.' -f1) && \
+	export DOCKER_SOURCE=$$OS_NAME:$$OS_VERSION_FULL && \
+	export DOCKER_SERVER='git.query.consul' && \
+	export INCUS_SOURCE="images:$$OS_NAME/$$OS_VERSION_MAJOR" && \
+	export SUFFIX=$$(basename $$(mktemp -u) | cut -d . -f 2) && \
+	export GIT_BRANCH=$(BRANCH) && \
+	packer init . && \
+	packer build . )
+
+	# Update build timestamp and date in Consul if on master branch
+	@if [ "$(BRANCH)" = "master" ]; then \
+		echo "Current branch is $(BRANCH), updating consul."; \
+		CURRENT_TIMESTAMP=$$(date +%s); \
+		READABLE_DATE=$$(date '+%Y-%m-%d %H:%M:%S %Z'); \
+		consul kv put infra/packer/$@/timestamp $$CURRENT_TIMESTAMP; \
+		consul kv put infra/packer/$@/date "$$READABLE_DATE"; \
+	fi
+
+.PHONY: $(DIRS) $(TAGS) $(PUSH)
+
+# Tag Docker images
+$(TAGS):
+	@echo "Tagging Docker image for $$(echo $@ | sed 's|tag-||')"
+	@OS_NAME=$$(echo "$@" | sed 's|tag-||' | cut -d'/' -f1); \
+	OS_VERSION_FULL=$$(echo "$@" | sed 's|tag-||' | cut -d'/' -f2); \
+	OS_IMAGE=$$(echo "$@" | sed 's|tag-||' | cut -d'/' -f3); \
+	OS_VERSION_MAJOR=$$(echo $$OS_VERSION_FULL | cut -d'.' -f1); \
+	IMAGE_NAME="$(REGISTRY)/$(OWNER)/$$OS_NAME$$OS_VERSION_MAJOR-$$OS_IMAGE"; \
+	echo "Tagging Image Name: $$IMAGE_NAME:$(DATE_TAG)"; \
+	docker tag $$IMAGE_NAME $$IMAGE_NAME:$(DATE_TAG); \
+	echo "Tagging Image Name: $$IMAGE_NAME:latest"; \
+	docker tag $$IMAGE_NAME $$IMAGE_NAME:latest
+
+# Push Docker images
+$(PUSH):
+	@echo "Pushing Docker image for $$(echo $@ | sed 's|push-||')"
+	@OS_NAME=$$(echo "$@" | sed 's|push-||' | cut -d'/' -f1); \
+	OS_VERSION_FULL=$$(echo "$@" | sed 's|push-||' | cut -d'/' -f2); \
+	OS_IMAGE=$$(echo "$@" | sed 's|push-||' | cut -d'/' -f3); \
+	OS_VERSION_MAJOR=$$(echo $$OS_VERSION_FULL | cut -d'.' -f1); \
+	IMAGE_NAME="$(REGISTRY)/$(OWNER)/$$OS_NAME$$OS_VERSION_MAJOR-$$OS_IMAGE"; \
+	echo "Pushing Image Name: $$IMAGE_NAME:$(DATE_TAG)"; \
+	docker push $$IMAGE_NAME:$(DATE_TAG); \
+	echo "Pushing Image Name: $$IMAGE_NAME:latest"; \
+	docker push $$IMAGE_NAME:latest
+
+# Clean all symlinks
+clean:
+	@echo "Cleaning up symlinks..."
+	@find $(IMAGES_PATH) -name 'library_*' -type l -delete
+	@echo "All symlinks removed!"
diff --git a/builds/docker.pkr.hcl b/builds/docker.pkr.hcl
new file mode 100644
index 0000000..8657a5e
--- /dev/null
+++ b/builds/docker.pkr.hcl
@@ -0,0 +1,69 @@
+build {
+  name = local.build_name
+  sources = [
+    "source.docker.os",
+  ]
+
+  # pre-file-copy scripts
+  provisioner "shell" {
+    inline = var.scripts_pre_file_copy
+  }
+
+  # Deploy files from the image directory -> root of machine
+  provisioner "file" {
+    source      = var.deploy_files_from_image ? "./files/" : ""
+    destination = "/"
+  }
+
+  # Deploy files from the common directory -> root of machine
+  provisioner "file" {
+    source      = var.deploy_files_from_common ? "../../../../files/${var.os_name}/${var.os_image}/" : ""
+    destination = "/"
+  }
+
+  # post-file-copy scripts
+  provisioner "shell" {
+    inline = var.scripts_post_file_copy
+  }
+
+  # pre-packages scripts
+  provisioner "shell" {
+    inline = var.scripts_pre_packages
+  }
+
+  # manage dnf/packages
+  provisioner "shell" {
+    inline = [
+      "dnf install -y ${join(" ", var.packages)}"
+    ]
+  }
+
+  # post-packages scripts
+  provisioner "shell" {
+    inline = var.scripts_post_packages
+  }
+
+  # final scripts
+  provisioner "shell" {
+    inline = var.scripts_final
+  }
+
+
+  post-processors {
+    post-processor "docker-tag" {
+      repository = "${var.docker_server}/unkin/${var.os_name}${var.os_version_major}-${var.os_image}"
+      tags = ["latest", var.date]
+    }
+
+    dynamic "post-processor" {
+      for_each = local.is_master ? [1] : []
+      labels   = ["docker-push"]
+      content {
+        login = true
+        login_server   = var.docker_server
+        login_username = var.docker_username
+        login_password = var.docker_password
+      }
+    }
+  }
+}
diff --git a/builds/incus.pkr.hcl b/builds/incus.pkr.hcl
new file mode 100644
index 0000000..84fc507
--- /dev/null
+++ b/builds/incus.pkr.hcl
@@ -0,0 +1,60 @@
+build {
+  name = local.build_name
+  sources = [
+    "source.incus.os"
+  ]
+
+  # pre-file-copy scripts
+  provisioner "shell" {
+    inline = var.scripts_pre_file_copy
+  }
+
+  # Deploy files from the image directory -> root of machine
+  provisioner "file" {
+    source      = var.deploy_files_from_image ? "./files/" : ""
+    destination = "/"
+  }
+
+  # Deploy files from the common directory -> root of machine
+  provisioner "file" {
+    source      = var.deploy_files_from_common ? "../../../../files/${var.os_name}/${var.os_image}/" : ""
+    destination = "/"
+  }
+
+  # post-file-copy scripts
+  provisioner "shell" {
+    inline = var.scripts_post_file_copy
+  }
+
+  # pre-packages scripts
+  provisioner "shell" {
+    inline = var.scripts_pre_packages
+  }
+
+  # manage dnf/packages
+  provisioner "shell" {
+    inline = [
+      "dnf install -y ${join(" ", var.packages)}"
+    ]
+  }
+
+  # post-packages scripts
+  provisioner "shell" {
+    inline = var.scripts_post_packages
+  }
+
+  # final scripts
+  provisioner "shell" {
+    inline = var.scripts_final
+  }
+
+  post-processor "shell-local" {
+    inline = [
+      "incus image alias delete local:${local.incus_base_name}/latest || true",
+      "incus image alias delete local:${local.incus_base_name}/${var.date} || true",
+      "incus image info local:${local.incus_output_image} | grep Fingerprint | awk '{print $2}'",
+      "incus image alias create local:${local.incus_base_name}/latest $(incus image info local:${local.incus_output_image} | grep Fingerprint | awk '{print $2}')",
+      "incus image alias create local:${local.incus_base_name}/${var.date} $(incus image info local:${local.incus_output_image} | grep Fingerprint | awk '{print $2}')"
+    ]
+  }
+}
diff --git a/files/almalinux/jupyterlab/etc/sudoers.d/10-jupyter b/files/almalinux/jupyterlab/etc/sudoers.d/10-jupyter
new file mode 100644
index 0000000..92f8d97
--- /dev/null
+++ b/files/almalinux/jupyterlab/etc/sudoers.d/10-jupyter
@@ -0,0 +1 @@
+jupyter ALL=(ALL) NOPASSWD: /usr/bin/dnf
diff --git a/files/almalinux/jupyterlab/tmp/jupyter_requirements.txt b/files/almalinux/jupyterlab/tmp/jupyter_requirements.txt
new file mode 100644
index 0000000..7a36df8
--- /dev/null
+++ b/files/almalinux/jupyterlab/tmp/jupyter_requirements.txt
@@ -0,0 +1,7 @@
+jupyterhub==5.2.1
+notebook==7.2.2
+numpy
+pandas
+matplotlib
+pyarrow
+pyyaml
diff --git a/images/almalinux/8.10/actionsdind/builds b/images/almalinux/8.10/actionsdind/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/8.10/actionsdind/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/8.10/actionsdind/variables.auto.pkrvars.hcl b/images/almalinux/8.10/actionsdind/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..dc0ba68
--- /dev/null
+++ b/images/almalinux/8.10/actionsdind/variables.auto.pkrvars.hcl
@@ -0,0 +1,18 @@
+# almalinux/8.10/actionsdind
+docker_source = "git.query.consul/unkin/almalinux8-base:latest"
+packages = [
+  "bash",
+  "docker-ce-cli",
+  "make",
+  "nodejs",
+  "unzip"
+]
+scripts_pre_packages = [
+  "dnf install -y yum-utils",
+  "dnf module enable -y nodejs:20",
+  "yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo"
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
diff --git a/images/almalinux/8.10/base/builds b/images/almalinux/8.10/base/builds
new file mode 100644
index 0000000..4ff1840
--- /dev/null
+++ b/images/almalinux/8.10/base/builds
@@ -0,0 +1,2 @@
+docker
+incus
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/appstream.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/appstream.repo
new file mode 100644
index 0000000..fc7ca36
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/appstream.repo
@@ -0,0 +1,6 @@
+[appstream]
+name=appstream repository
+baseurl=https://edgecache.query.consul/almalinux/8.10/AppStream/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-8
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/baseos.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/baseos.repo
new file mode 100644
index 0000000..b1420ec
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/baseos.repo
@@ -0,0 +1,6 @@
+[baseos]
+name=baseos repository
+baseurl=https://edgecache.query.consul/almalinux/8.10/BaseOS/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-8
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/epel.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/epel.repo
new file mode 100644
index 0000000..0ad2389
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/epel.repo
@@ -0,0 +1,6 @@
+[epel]
+name=epel repository
+baseurl=https://edgecache.query.consul/epel/8/Everything/x86_64
+gpgkey=https://edgecache.query.consul/epel/RPM-GPG-KEY-EPEL-8
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/extras.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/extras.repo
new file mode 100644
index 0000000..02b3fb0
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/extras.repo
@@ -0,0 +1,4 @@
+[extras]
+name=extras repository
+baseurl=https://edgecache.query.consul/almalinux/8.10/extras/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-8
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/highavailability.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/highavailability.repo
new file mode 100644
index 0000000..b2a6b44
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/highavailability.repo
@@ -0,0 +1,4 @@
+[highavailability]
+name=highavailability repository
+baseurl=https://edgecache.query.consul/almalinux/8.10/HighAvailability/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-8
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/powertools.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/powertools.repo
new file mode 100644
index 0000000..7d5f7c9
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/powertools.repo
@@ -0,0 +1,7 @@
+# replaced by crb repo in EL9
+[powertools]
+name=powertools repository
+baseurl=https://edgecache.query.consul/almalinux/8.10/PowerTools/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-8
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/unkin.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/unkin.repo
new file mode 100644
index 0000000..75b52bc
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/unkin.repo
@@ -0,0 +1,6 @@
+[unkin]
+name=unkin repository
+baseurl=https://git.query.consul/api/packages/unkin/rpm/almalinux/el8
+gpgkey=https://git.query.consul/api/packages/unkin/rpm/repository.key
+enabled=1
+gpgcheck=0
diff --git a/images/almalinux/8.10/base/files/etc/yum.repos.d/unkinben.repo b/images/almalinux/8.10/base/files/etc/yum.repos.d/unkinben.repo
new file mode 100644
index 0000000..122b5df
--- /dev/null
+++ b/images/almalinux/8.10/base/files/etc/yum.repos.d/unkinben.repo
@@ -0,0 +1,7 @@
+# only available on EL8
+[unkinben]
+name=unkinben repository
+baseurl=https://git.query.consul/api/packages/unkinben/rpm/el8
+gpgkey=https://git.query.consul/api/packages/unkinben/rpm/repository.key
+enabled=1
+gpgcheck=0
diff --git a/images/almalinux/8.10/base/variables.auto.pkrvars.hcl b/images/almalinux/8.10/base/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..09f4c20
--- /dev/null
+++ b/images/almalinux/8.10/base/variables.auto.pkrvars.hcl
@@ -0,0 +1,22 @@
+# almalinux/8.10/base
+deploy_files_from_image = true
+deploy_files_from_common = true
+use_incus = true
+packages = [
+  "git",
+  "jq",
+  "uv",
+  "wget",
+]
+scripts_pre_file_copy = [
+  "rm -f /etc/yum.repos.d/*.repo",
+  "curl -k -o internal-ca-certificates.rpm https://git.query.consul/unkin/-/packages/rpm/internal-ca-certificates/20240825-1.el8/files/756 && rpm -i internal-ca-certificates.rpm"
+]
+scripts_pre_packages = [
+  "dnf makecache",
+  "dnf update -y",
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
diff --git a/images/almalinux/8.10/jupyterlab/builds b/images/almalinux/8.10/jupyterlab/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/8.10/jupyterlab/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/8.10/jupyterlab/variables.auto.pkrvars.hcl b/images/almalinux/8.10/jupyterlab/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..a27f426
--- /dev/null
+++ b/images/almalinux/8.10/jupyterlab/variables.auto.pkrvars.hcl
@@ -0,0 +1,33 @@
+# almalinux/8.10/jupyterlab
+docker_source = "git.query.consul/unkin/almalinux8-base:latest"
+deploy_files_from_common = true
+packages = [
+  "uv",
+  "python3.11",
+  "python3.11-pip",
+  "python3.12",
+  "python3.12-pip"
+]
+scripts_pre_file_copy = [
+  "dnf install -y sudo",
+]
+scripts_post_packages = [
+  "uv venv --python 3.12 /opt/jupyter && source /opt/jupyter/bin/activate && uv pip install -r /tmp/jupyter_requirements.txt && deactivate",
+  "uv venv --python 3.11 /opt/ipykernels/python3.11 && source /opt/ipykernels/python3.11/bin/activate && uv pip install ipykernel && python -m ipykernel install --name ipykernel311 --display-name \"Python (3.11)\" && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/python3.12 && source /opt/ipykernels/python3.12/bin/activate && uv pip install ipykernel && python -m ipykernel install --name ipykernel312 --display-name \"Python (3.12)\" && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/bash && source /opt/ipykernels/bash/bin/activate && uv pip install bash_kernel && python -m bash_kernel.install --prefix /usr/local && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/zsh && source /opt/ipykernels/zsh/bin/activate && uv pip install zsh_jupyter_kernel && python -m zsh_jupyter_kernel.install --prefix /usr/local && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/vim && source /opt/ipykernels/vim/bin/activate && uv pip install vim_kernel && python -m vim_kernel.install --prefix /usr/local && deactivate",
+  "useradd -m jupyter",
+  "mkdir /home/jupyter/work",
+  "chown jupyter:jupyter -Rv /home/jupyter/work"
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
+docker_changes = [
+  "USER jupyter",
+  "WORKDIR /home/jupyter",
+  "CMD [\"/opt/jupyter/bin/jupyterhub-singleuser\"]",
+]
diff --git a/images/almalinux/8.10/rpmbuilder/builds b/images/almalinux/8.10/rpmbuilder/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/8.10/rpmbuilder/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/8.10/rpmbuilder/variables.auto.pkrvars.hcl b/images/almalinux/8.10/rpmbuilder/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..08b3e2e
--- /dev/null
+++ b/images/almalinux/8.10/rpmbuilder/variables.auto.pkrvars.hcl
@@ -0,0 +1,47 @@
+# almalinux/8.10/rpmbuilder
+docker_source = "git.query.consul/unkin/almalinux8-base:latest"
+packages = [
+  "asciidoc",
+  "autoconf",
+  "automake",
+  "binutils",
+  "bison",
+  "byacc",
+  "cmake",
+  "diffstat",
+  "flex",
+  "gcc",
+  "gcc-c++",
+  "gdb",
+  "glibc-devel",
+  "go",
+  "gzip",
+  "intltool",
+  "jna",
+  "ltrace",
+  "make",
+  "nfpm",
+  "patchutils",
+  "perl-Fedora-VSP",
+  "perl-generators",
+  "pesign",
+  "pkgconf",
+  "pkgconf-m4",
+  "pkgconf-pkg-config",
+  "redhat-rpm-config",
+  "rpm",
+  "rpm-build",
+  "rpm-sign",
+  "rpmdevtools",
+  "rpmlint",
+  "source-highlight",
+  "strace",
+  "systemtap",
+  "tar",
+  "valgrind",
+  "valgrind-devel",
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
diff --git a/images/almalinux/9.5/actionsdind/builds b/images/almalinux/9.5/actionsdind/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/9.5/actionsdind/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/9.5/actionsdind/variables.auto.pkrvars.hcl b/images/almalinux/9.5/actionsdind/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..812b45f
--- /dev/null
+++ b/images/almalinux/9.5/actionsdind/variables.auto.pkrvars.hcl
@@ -0,0 +1,18 @@
+# almalinux/9.5/actionsdind
+docker_source = "git.query.consul/unkin/almalinux9-base:latest"
+packages = [
+  "bash",
+  "docker-ce-cli",
+  "make",
+  "nodejs",
+  "unzip"
+]
+scripts_pre_packages = [
+  "dnf install -y yum-utils",
+  "dnf module enable -y nodejs:20",
+  "yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo"
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
diff --git a/images/almalinux/9.5/base/builds b/images/almalinux/9.5/base/builds
new file mode 100644
index 0000000..4ff1840
--- /dev/null
+++ b/images/almalinux/9.5/base/builds
@@ -0,0 +1,2 @@
+docker
+incus
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/appstream.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/appstream.repo
new file mode 100644
index 0000000..c0afc18
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/appstream.repo
@@ -0,0 +1,6 @@
+[appstream]
+name=appstream repository
+baseurl=https://edgecache.query.consul/almalinux/9.5/AppStream/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-9
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/baseos.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/baseos.repo
new file mode 100644
index 0000000..2fb52aa
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/baseos.repo
@@ -0,0 +1,6 @@
+[baseos]
+name=baseos repository
+baseurl=https://edgecache.query.consul/almalinux/9.5/BaseOS/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-9
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/crb.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/crb.repo
new file mode 100644
index 0000000..1bb4812
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/crb.repo
@@ -0,0 +1,5 @@
+# new repo for EL9+, replaces PowerTools repo
+[crb]
+name=crb repository
+baseurl=https://edgecache.query.consul/almalinux/9.5/CRB/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-9
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/epel.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/epel.repo
new file mode 100644
index 0000000..b65fa74
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/epel.repo
@@ -0,0 +1,6 @@
+[epel]
+name=epel repository
+baseurl=https://edgecache.query.consul/epel/9/Everything/x86_64
+gpgkey=https://edgecache.query.consul/epel/RPM-GPG-KEY-EPEL-9
+enabled=1
+gpgcheck=1
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/extras.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/extras.repo
new file mode 100644
index 0000000..e6f1e97
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/extras.repo
@@ -0,0 +1,4 @@
+[extras]
+name=extras repository
+baseurl=https://edgecache.query.consul/almalinux/9.5/extras/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-9
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/highavailability.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/highavailability.repo
new file mode 100644
index 0000000..294796b
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/highavailability.repo
@@ -0,0 +1,4 @@
+[highavailability]
+name=highavailability repository
+baseurl=https://edgecache.query.consul/almalinux/9.5/HighAvailability/x86_64/os
+gpgkey=https://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-9
diff --git a/images/almalinux/9.5/base/files/etc/yum.repos.d/unkin.repo b/images/almalinux/9.5/base/files/etc/yum.repos.d/unkin.repo
new file mode 100644
index 0000000..e44d97e
--- /dev/null
+++ b/images/almalinux/9.5/base/files/etc/yum.repos.d/unkin.repo
@@ -0,0 +1,6 @@
+[unkin]
+name=unkin repository
+baseurl=https://git.query.consul/api/packages/unkin/rpm/almalinux/el9
+gpgkey=https://git.query.consul/api/packages/unkin/rpm/repository.key
+enabled=1
+gpgcheck=0
diff --git a/images/almalinux/9.5/base/variables.auto.pkrvars.hcl b/images/almalinux/9.5/base/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..5633259
--- /dev/null
+++ b/images/almalinux/9.5/base/variables.auto.pkrvars.hcl
@@ -0,0 +1,23 @@
+# almalinux/9.5/base
+deploy_files_from_image = true
+deploy_files_from_common = true
+use_incus = true
+packages = [
+  "git",
+  "jq",
+  "uv",
+  "wget",
+]
+scripts_pre_file_copy = [
+  "rm -f /etc/yum.repos.d/*.repo",
+  "curl -k -o internal-ca-certificates.rpm https://git.query.consul/unkin/-/packages/rpm/internal-ca-certificates/20240825-1.el8/files/756 && rpm -i internal-ca-certificates.rpm"
+]
+scripts_pre_packages = [
+  "dnf makecache",
+  "dnf update -y",
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
+
diff --git a/images/almalinux/9.5/jupyterlab/builds b/images/almalinux/9.5/jupyterlab/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/9.5/jupyterlab/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/9.5/jupyterlab/variables.auto.pkrvars.hcl b/images/almalinux/9.5/jupyterlab/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..154471f
--- /dev/null
+++ b/images/almalinux/9.5/jupyterlab/variables.auto.pkrvars.hcl
@@ -0,0 +1,33 @@
+# almalinux/9.5/jupyterlab
+deploy_files_from_common = true
+docker_source = "git.query.consul/unkin/almalinux9-base:latest"
+packages = [
+  "uv",
+  "python3.11",
+  "python3.11-pip",
+  "python3.12",
+  "python3.12-pip"
+]
+scripts_pre_file_copy = [
+  "dnf install -y sudo",
+]
+scripts_post_packages = [
+  "uv venv --python 3.12 /opt/jupyter && source /opt/jupyter/bin/activate && uv pip install -r /tmp/jupyter_requirements.txt && deactivate",
+  "uv venv --python 3.11 /opt/ipykernels/python3.11 && source /opt/ipykernels/python3.11/bin/activate && uv pip install ipykernel && python -m ipykernel install --name ipykernel311 --display-name \"Python (3.11)\" && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/python3.12 && source /opt/ipykernels/python3.12/bin/activate && uv pip install ipykernel && python -m ipykernel install --name ipykernel312 --display-name \"Python (3.12)\" && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/bash && source /opt/ipykernels/bash/bin/activate && uv pip install bash_kernel && python -m bash_kernel.install --prefix /usr/local && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/zsh && source /opt/ipykernels/zsh/bin/activate && uv pip install zsh_jupyter_kernel && python -m zsh_jupyter_kernel.install --prefix /usr/local && deactivate",
+  "uv venv --python 3.12 /opt/ipykernels/vim && source /opt/ipykernels/vim/bin/activate && uv pip install vim_kernel && python -m vim_kernel.install --prefix /usr/local && deactivate",
+  "useradd -m jupyter",
+  "mkdir /home/jupyter/work",
+  "chown jupyter:jupyter -Rv /home/jupyter/work"
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
+docker_changes = [
+  "USER jupyter",
+  "WORKDIR /home/jupyter",
+  "CMD [\"/opt/jupyter/bin/jupyterhub-singleuser\"]",
+]
diff --git a/images/almalinux/9.5/rpmbuilder/builds b/images/almalinux/9.5/rpmbuilder/builds
new file mode 100644
index 0000000..bdb9670
--- /dev/null
+++ b/images/almalinux/9.5/rpmbuilder/builds
@@ -0,0 +1 @@
+docker
diff --git a/images/almalinux/9.5/rpmbuilder/variables.auto.pkrvars.hcl b/images/almalinux/9.5/rpmbuilder/variables.auto.pkrvars.hcl
new file mode 100644
index 0000000..943b555
--- /dev/null
+++ b/images/almalinux/9.5/rpmbuilder/variables.auto.pkrvars.hcl
@@ -0,0 +1,47 @@
+# almalinux/9.5/rpmbuilder
+docker_source = "git.query.consul/unkin/almalinux9-base:latest"
+packages = [
+  "asciidoc",
+  "autoconf",
+  "automake",
+  "binutils",
+  "bison",
+  "byacc",
+  "cmake",
+  "diffstat",
+  "flex",
+  "gcc",
+  "gcc-c++",
+  "gdb",
+  "glibc-devel",
+  "go",
+  "gzip",
+  "intltool",
+  "jna",
+  "ltrace",
+  "make",
+  "nfpm",
+  "patchutils",
+  "perl-Fedora-VSP",
+  "perl-generators",
+  "pesign",
+  "pkgconf",
+  "pkgconf-m4",
+  "pkgconf-pkg-config",
+  "redhat-rpm-config",
+  "rpm",
+  "rpm-build",
+  "rpm-sign",
+  "rpmdevtools",
+  "rpmlint",
+  "source-highlight",
+  "strace",
+  "systemtap",
+  "tar",
+  "valgrind",
+  "valgrind-devel",
+]
+scripts_final = [
+  "dnf clean all",
+  "rm -rf /var/cache/dnf"
+]
diff --git a/library/locals.pkr.hcl b/library/locals.pkr.hcl
new file mode 100644
index 0000000..3a306cb
--- /dev/null
+++ b/library/locals.pkr.hcl
@@ -0,0 +1,10 @@
+locals {
+  build_name = "${var.os_name}_${var.os_version_full}_${var.os_image}"
+  sources = [
+    var.use_docker ? "source.docker.os" : null,
+    var.use_incus ? "source.incus.os" : null
+  ]
+  incus_base_name = "${var.os_name}${var.os_version_major}/${var.os_image}"
+  incus_output_image = "${local.incus_base_name}/${var.suffix}"
+  is_master  = "${var.git_branch}" == "master"
+}
diff --git a/library/plugins.pkr.hcl b/library/plugins.pkr.hcl
new file mode 100644
index 0000000..3f7f865
--- /dev/null
+++ b/library/plugins.pkr.hcl
@@ -0,0 +1,12 @@
+packer {
+  required_plugins {
+    docker = {
+      version = ">= 1.1.1"
+      source  = "github.com/hashicorp/docker"
+    }
+    incus = {
+      source  = "github.com/bketelsen/incus"
+      version = "~> 1"
+    }
+  }
+}
diff --git a/library/sources.pkr.hcl b/library/sources.pkr.hcl
new file mode 100644
index 0000000..b4cbb48
--- /dev/null
+++ b/library/sources.pkr.hcl
@@ -0,0 +1,11 @@
+source "docker" "os" {
+  image  = var.docker_source
+  commit = true
+  changes = var.docker_changes
+}
+
+source "incus" "os" {
+  image = var.incus_source
+  output_image = local.incus_output_image
+  publish_remote_name = "local"
+}
diff --git a/library/variables.pkr.hcl b/library/variables.pkr.hcl
new file mode 100644
index 0000000..f26fe58
--- /dev/null
+++ b/library/variables.pkr.hcl
@@ -0,0 +1,118 @@
+variable "use_docker" {
+  type    = bool
+  default = true
+}
+variable "use_incus" {
+  type    = bool
+  default = false
+}
+variable "os_name" {
+  description = "The name of the operating system."
+  type = string
+  default = env("OS_NAME")
+}
+variable "os_version_full" {
+  description = "The operating system full version number."
+  type = string
+  default = env("OS_VERSION_FULL")
+}
+variable "os_image" {
+  description = "The type of image to be built."
+  type = string
+  default = env("OS_IMAGE")
+}
+variable "os_version_major" {
+  description = "The operating system major version number."
+  type = string
+  default = env("OS_VERSION_MAJOR")
+}
+variable "date" {
+  description = "The current date in yyymmdd format."
+  type = string
+  default = env("DATE")
+}
+variable "packages" {
+  description = "List of packages to install."
+  type = list(string)
+  default = ["git"]
+}
+variable "scripts_pre_file_copy" {
+  description = "Scripts to run before the file copy process."
+  type = list(string)
+  default = ["true"]
+}
+variable "scripts_post_file_copy" {
+  description = "Scripts to run after the file copy process."
+  type = list(string)
+  default = ["true"]
+}
+variable "scripts_pre_packages" {
+  description = "Scripts to run before the package install process."
+  type = list(string)
+  default = ["true"]
+}
+variable "scripts_post_packages" {
+  description = "Scripts to run after the package install process."
+  type = list(string)
+  default = ["true"]
+}
+variable "scripts_final" {
+  description = "Scripts to run at the end of the build process."
+  type = list(string)
+  default = ["true"]
+}
+variable "deploy_files_from_image" {
+  description = "Whether to deploy files from images directory."
+  type        = bool
+  default     = false
+}
+variable "deploy_files_from_common" {
+  description = "Whether to deploy files from the common os name/image path."
+  type        = bool
+  default     = false
+}
+variable "docker_username" {
+  description = "The username to use when logging into docker registry."
+  type = string
+  default = env("DOCKER_USERNAME")
+}
+variable "docker_password" {
+  description = "The password to use when logging into docker registry."
+  type = string
+  default = env("DOCKER_PASSWORD")
+}
+variable "docker_server" {
+  description = "The docker registry to login to."
+  type = string
+  default = env("DOCKER_SERVER")
+}
+variable "docker_changes" {
+  description = "A list of metadata changes, e.g. CMD, WORKDIR, ENV, etc."
+  type = list(string)
+  default = []
+}
+variable "docker_source" {
+  description = "The docker_source image for the build."
+  type = string
+  default = env("DOCKER_SOURCE")
+}
+variable "incus_source" {
+  description = "The incus_source image for the build."
+  type = string
+  default = env("INCUS_SOURCE")
+}
+variable "incus_output_image" {
+  description = "The output image name for incus images for the build."
+  type = string
+  default = env("INCUS_OUTPUT_IMAGE")
+}
+variable "suffix" {
+  description = "The output image suffix. This should be unique per-run."
+  type = string
+  default = env("SUFFIX")
+}
+variable "git_branch" {
+  description = "The current git branch."
+  type = string
+  default = env("GIT_BRANCH")
+}