Add Containerfile

2024-01-12 06:55:29 -06:00 · 2024-01-12 06:55:29 -06:00 · 1d4d29c294
parent 778c6d440d
commit 1d4d29c294
3 changed files with 82 additions and 0 deletions
--- a/44
+++ b/44
@ -0,0 +1,44 @@
+FROM registry.fedoraproject.org/fedora-minimal:39 AS build
+
+RUN --mount=type=cache,target=/var/cache \
+	microdnf install -y \
+		--setopt install_weak_deps=0 \
+		cargo \
+		git \
+		go \
+	&& :
+
+RUN --mount=type=cache,target=/root/go \
+	go install kcl-lang.io/cli/cmd/kcl@v0.7 \
+	&& cp /root/go/bin/kcl /usr/local/bin \
+	&& :
+
+RUN --mount=type=cache,target=/root/.cargo \
+	cargo install --git https://git.pyrocufflink.net/dustin/tmpl.git \
+	&& cp /root/.cargo/bin/tmpl /usr/local/bin \
+	&& :
+
+
+FROM registry.fedoraproject.org/fedora-minimal:39
+
+RUN --mount=type=cache,target=/var/cache \
+	--mount=type=bind,from=build,source=/,target=/build \
+	microdnf install -y \
+		--setopt install_weak_deps=0 \
+		age \
+		git \
+	&& cp -a /build/usr/local/bin/. /usr/local/bin \
+	&& for cmd in \
+		systemctl \
+		systemd-sysusers \
+	; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \
+	&& :
+
+COPY nsenter.sh /usr/local/bin/nsenter.sh
+
+COPY config.sh /
+
+CMD ["/config.sh"]
+
+LABEL license= \
+	vendor='Dustin C. Hatch' \
--- a/config.sh
+++ b/config.sh
@ -0,0 +1,35 @@
+#!/bin/sh
+
+: "${HOSTNAME:=$(hostname -f || uname -n)}"
+: "${DESTDIR=/host}"
+: "${KEYSERV_URL:=https://keyserv.pyrocufflink.blue}"
+: "${SSH_CERT:=${DESTDIR}/etc/ssh/ssh_host_ed25519_key-cert.pub}"
+: "${SSH_KEY:=${SSH_CERT%-cert.pub}}"
+: "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}"
+: "${GIT_BRANCH:=master}"
+
+printf 'Applying configuration policy for %s ...\n' "${HOSTNAME}"
+
+cd "$(mktemp -d)" || exit
+
+git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit
+
+if [ -f host/"${HOSTNAME}".pre.sh ]; then
+    . host/"${HOSTNAME}".pre.sh
+fi
+
+curl -fsSL \
+    "${KEYSERV_URL}"/keys \
+    -H "Authorization: $(cat "${SSH_CERT}")" \
+    -o keys.age
+age -d -i "${SSH_KEY}" -o keys.txt keys.age
+
+if [ -f host/"${HOSTNAME}".k ] && [ -f host/"${HOSTNAME}".yaml ]; then
+    kcl run host/"${HOSTNAME}".k -o instructions.yaml || exit
+    kcl run -Y host/"${HOSTNAME}".yaml -o values.yaml || exit
+    tmpl instructions.yaml values.yaml -d "${DESTDIR}" || exit
+fi
+
+if [ -f host/"${HOSTNAME}".post.sh ]; then
+    . host/"${HOSTNAME}".post.sh
+fi
--- a/nsenter.sh
+++ b/nsenter.sh
@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec nsenter -a -t 1 "${0##*/}" "$@"