ContainerImages
/
cfg
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ContainerImages:7cefbd30b6858368dd42bbeb331e578e551ae24e
Branches Tags
ContainerImages:main
...
compare: ContainerImages:4bba99f4f2bf1a3f34cd8d9c67983ec80434cb06
Branches Tags
ContainerImages:main

2 Commits
7cefbd30b6 ... 4bba99f4f2

Author SHA1 Message Date
Dustin 4bba99f4f2 Rebase on Alpine
ContainerImages/cfg/pipeline/head This commit looks good Details 
Using Alpine instead of Fedora Minimal reduces the size of the final
image from 175 MB to 50 MB.  This should speed up execeution on slow
machines like Raspberry Pis.
 2024-01-19 10:15:25 -06:00
Dustin d5c20663f6 Run config.sh from Git checkout 
This way, we don't have to rebuild the container image every time we
want to make a change to the configuration process.
 2024-01-17 17:33:42 -06:00
2 changed files with 8 additions and 55 deletions
Show Stats Expand all files Collapse all files

36
Containerfile
View File

@ -1,40 +1,21 @@
FROM registry.fedoraproject.org/fedora-minimal:39 AS build FROM docker.io/library/alpine:3.19
ARG CUE_VERSION=0.7.0
RUN --mount=type=cache,target=/var/cache \ RUN --mount=type=cache,target=/var/cache \
microdnf install -y \ apk add \
--setopt install_weak_deps=0 \
gzip \
tar \
&& ARCH=$(uname -m) \
&& case "${ARCH}" in \
x86_64) ARCH=amd64 ;; \
aarch64) ARCH=arm64 ;; \
esac \
&& url="https://github.com/cue-lang/cue/releases/download/v${CUE_VERSION}/cue_v${CUE_VERSION}_linux_${ARCH}.tar.gz" \
&& curl -fsSL "${url}" \
| tar -C /usr/local/bin -xz cue \
&& :
FROM git.pyrocufflink.net/containerimages/tmpl
RUN --mount=type=cache,target=/var/cache \
--mount=type=bind,from=build,source=/,target=/build \
microdnf install -y \
--setopt install_weak_deps=0 \
age \ age \
git-core \ git \
&& ln -snf /host/etc/passwd /etc/passwd \ && ln -snf /host/etc/passwd /etc/passwd \
&& ln -snf /host/etc/group /etc/group \ && ln -snf /host/etc/group /etc/group \
&& cp -a /build/usr/local/bin/cue /usr/local/bin/ \
&& for cmd in \ && for cmd in \
systemctl \ systemctl \
systemd-sysusers \ systemd-sysusers \
; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \ ; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \
&& : && :
COPY --from=docker.io/cuelang/cue:0.7.0 /usr/bin/cue /usr/local/bin/cue
COPY --from=git.pyrocufflink.net/containerimages/tmpl /tmpl /usr/local/bin/tmpl
COPY nsenter.sh /usr/local/bin/nsenter.sh COPY nsenter.sh /usr/local/bin/nsenter.sh
COPY config.sh / COPY config.sh /
@ -42,6 +23,3 @@ COPY config.sh /
ENTRYPOINT [] ENTRYPOINT []
CMD ["/config.sh"] CMD ["/config.sh"]
LABEL license= \
vendor='Dustin C. Hatch' \

27
config.sh
View File

@ -1,35 +1,10 @@
#!/bin/sh #!/bin/sh
: "${HOSTNAME:=$(hostname -f || uname -n)}"
: "${DESTDIR=/host}"
: "${KEYSERV_URL:=https://keyserv.pyrocufflink.blue}"
: "${SSH_CERT:=${DESTDIR}/etc/ssh/ssh_host_ed25519_key-cert.pub}"
: "${SSH_KEY:=${SSH_CERT%-cert.pub}}"
: "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}" : "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}"
: "${GIT_BRANCH:=master}" : "${GIT_BRANCH:=master}"
printf 'Applying configuration policy for %s ...\n' "${HOSTNAME}"
cd "$(mktemp -d)" || exit cd "$(mktemp -d)" || exit
git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit
if [ -f host/"${HOSTNAME}".pre.sh ]; then . ./config.sh
. host/"${HOSTNAME}".pre.sh
fi
curl -fsSL \
"${KEYSERV_URL}"/keys \
-H "Authorization: $(cat "${SSH_CERT}")" \
-o keys.age
age -d -i "${SSH_KEY}" -o keys.txt keys.age
if [ -f host/"${HOSTNAME}".cue ] && [ -f instructions/"${HOSTNAME}".cue ]; then
cue export host/"${HOSTNAME}".cue -o values.json || exit
cue export instructions/"${HOSTNAME}".cue -o instructions.json || exit
tmpl instructions.json values.json -d "${DESTDIR}" || exit
fi
if [ -f host/"${HOSTNAME}".post.sh ]; then
. host/"${HOSTNAME}".post.sh
fi