From 7cefbd30b6858368dd42bbeb331e578e551ae24e Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 17 Jan 2024 14:01:19 -0600 Subject: [PATCH] Initial commit --- Containerfile | 47 +++++++++++++++++++++++++++++++++++++++++++++++ Jenkinsfile | 6 ++++++ config.sh | 35 +++++++++++++++++++++++++++++++++++ nsenter.sh | 3 +++ 4 files changed, 91 insertions(+) create mode 100644 Containerfile create mode 100644 Jenkinsfile create mode 100755 config.sh create mode 100755 nsenter.sh diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..3d75887 --- /dev/null +++ b/Containerfile @@ -0,0 +1,47 @@ +FROM registry.fedoraproject.org/fedora-minimal:39 AS build + +ARG CUE_VERSION=0.7.0 + +RUN --mount=type=cache,target=/var/cache \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + gzip \ + tar \ + && ARCH=$(uname -m) \ + && case "${ARCH}" in \ + x86_64) ARCH=amd64 ;; \ + aarch64) ARCH=arm64 ;; \ + esac \ + && url="https://github.com/cue-lang/cue/releases/download/v${CUE_VERSION}/cue_v${CUE_VERSION}_linux_${ARCH}.tar.gz" \ + && curl -fsSL "${url}" \ + | tar -C /usr/local/bin -xz cue \ + && : + + +FROM git.pyrocufflink.net/containerimages/tmpl + +RUN --mount=type=cache,target=/var/cache \ + --mount=type=bind,from=build,source=/,target=/build \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + age \ + git-core \ + && ln -snf /host/etc/passwd /etc/passwd \ + && ln -snf /host/etc/group /etc/group \ + && cp -a /build/usr/local/bin/cue /usr/local/bin/ \ + && for cmd in \ + systemctl \ + systemd-sysusers \ + ; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \ + && : + +COPY nsenter.sh /usr/local/bin/nsenter.sh + +COPY config.sh / + +ENTRYPOINT [] + +CMD ["/config.sh"] + +LABEL license= \ + vendor='Dustin C. Hatch' \ diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..d8b26c5 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,6 @@ +@Library('containerimages')_ + +buildContainerImage2( + project: 'infra', + archlist: ['amd64', 'arm64'], +) diff --git a/config.sh b/config.sh new file mode 100755 index 0000000..8a246ee --- /dev/null +++ b/config.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +: "${HOSTNAME:=$(hostname -f || uname -n)}" +: "${DESTDIR=/host}" +: "${KEYSERV_URL:=https://keyserv.pyrocufflink.blue}" +: "${SSH_CERT:=${DESTDIR}/etc/ssh/ssh_host_ed25519_key-cert.pub}" +: "${SSH_KEY:=${SSH_CERT%-cert.pub}}" +: "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}" +: "${GIT_BRANCH:=master}" + +printf 'Applying configuration policy for %s ...\n' "${HOSTNAME}" + +cd "$(mktemp -d)" || exit + +git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit + +if [ -f host/"${HOSTNAME}".pre.sh ]; then + . host/"${HOSTNAME}".pre.sh +fi + +curl -fsSL \ + "${KEYSERV_URL}"/keys \ + -H "Authorization: $(cat "${SSH_CERT}")" \ + -o keys.age +age -d -i "${SSH_KEY}" -o keys.txt keys.age + +if [ -f host/"${HOSTNAME}".cue ] && [ -f instructions/"${HOSTNAME}".cue ]; then + cue export host/"${HOSTNAME}".cue -o values.json || exit + cue export instructions/"${HOSTNAME}".cue -o instructions.json || exit + tmpl instructions.json values.json -d "${DESTDIR}" || exit +fi + +if [ -f host/"${HOSTNAME}".post.sh ]; then + . host/"${HOSTNAME}".post.sh +fi diff --git a/nsenter.sh b/nsenter.sh new file mode 100755 index 0000000..992604e --- /dev/null +++ b/nsenter.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +exec nsenter -a -t 1 "${0##*/}" "$@"