Rebase on Alpine

Using Alpine instead of Fedora Minimal reduces the size of the final image from 175 MB to 50 MB. This should speed up execeution on slow machines like Raspberry Pis.
Run config.sh from Git checkout
2024-01-19 10:15:25 -06:00 · 2024-01-17 17:33:42 -06:00
2 changed files with 8 additions and 55 deletions
--- a/36
+++ b/36
@ -1,40 +1,21 @@
-FROM registry.fedoraproject.org/fedora-minimal:39 AS build
-
-ARG CUE_VERSION=0.7.0
+FROM docker.io/library/alpine:3.19

 RUN --mount=type=cache,target=/var/cache \
-	microdnf install -y \
-		--setopt install_weak_deps=0 \
-		gzip \
-		tar \
-	&& ARCH=$(uname -m) \
-	&& case "${ARCH}" in \
-		x86_64) ARCH=amd64 ;; \
-		aarch64) ARCH=arm64 ;; \
-	esac \
-	&& url="https://github.com/cue-lang/cue/releases/download/v${CUE_VERSION}/cue_v${CUE_VERSION}_linux_${ARCH}.tar.gz" \
-	&& curl -fsSL "${url}" \
-	| tar -C /usr/local/bin -xz cue \
-	&& :
-
-
-FROM git.pyrocufflink.net/containerimages/tmpl
-
-RUN --mount=type=cache,target=/var/cache \
-	--mount=type=bind,from=build,source=/,target=/build \
-	microdnf install -y \
-		--setopt install_weak_deps=0 \
+	apk add \
 		age \
-		git-core \
+		git \
 	&& ln -snf /host/etc/passwd /etc/passwd \
 	&& ln -snf /host/etc/group /etc/group \
-	&& cp -a /build/usr/local/bin/cue /usr/local/bin/ \
 	&& for cmd in \
 		systemctl \
 		systemd-sysusers \
 	; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \
 	&& :

+COPY --from=docker.io/cuelang/cue:0.7.0 /usr/bin/cue /usr/local/bin/cue
+
+COPY --from=git.pyrocufflink.net/containerimages/tmpl /tmpl /usr/local/bin/tmpl
+
 COPY nsenter.sh /usr/local/bin/nsenter.sh

 COPY config.sh /
@ -42,6 +23,3 @@ COPY config.sh /
 ENTRYPOINT []

 CMD ["/config.sh"]
-
-LABEL license= \
-	vendor='Dustin C. Hatch' \
--- a/config.sh
+++ b/config.sh
@ -1,35 +1,10 @@
 #!/bin/sh

-: "${HOSTNAME:=$(hostname -f || uname -n)}"
-: "${DESTDIR=/host}"
-: "${KEYSERV_URL:=https://keyserv.pyrocufflink.blue}"
-: "${SSH_CERT:=${DESTDIR}/etc/ssh/ssh_host_ed25519_key-cert.pub}"
-: "${SSH_KEY:=${SSH_CERT%-cert.pub}}"
 : "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}"
 : "${GIT_BRANCH:=master}"

-printf 'Applying configuration policy for %s ...\n' "${HOSTNAME}"
-
 cd "$(mktemp -d)" || exit

 git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit

-if [ -f host/"${HOSTNAME}".pre.sh ]; then
-    . host/"${HOSTNAME}".pre.sh
-fi
-
-curl -fsSL \
-    "${KEYSERV_URL}"/keys \
-    -H "Authorization: $(cat "${SSH_CERT}")" \
-    -o keys.age
-age -d -i "${SSH_KEY}" -o keys.txt keys.age
-
-if [ -f host/"${HOSTNAME}".cue ] && [ -f instructions/"${HOSTNAME}".cue ]; then
-    cue export host/"${HOSTNAME}".cue -o values.json || exit
-    cue export instructions/"${HOSTNAME}".cue -o instructions.json || exit
-    tmpl instructions.json values.json -d "${DESTDIR}" || exit
-fi
-
-if [ -f host/"${HOSTNAME}".post.sh ]; then
-    . host/"${HOSTNAME}".post.sh
-fi
+. ./config.sh