From 4610e9df33e45c0891073dd658a7ea40d10ea4c0 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 8 Nov 2023 21:12:40 -0600
Subject: [PATCH] server: Add Containerfile

The SSHCA server is intended to be run in a Kubernetes container.
---
 server/.containerignore |  5 +++++
 server/Containerfile    | 29 +++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 server/.containerignore
 create mode 100644 server/Containerfile

diff --git a/server/.containerignore b/server/.containerignore
new file mode 100644
index 0000000..0351ffd
--- /dev/null
+++ b/server/.containerignore
@@ -0,0 +1,5 @@
+*
+!src/
+!examples/
+!Cargo.toml
+!Cargo.lock
diff --git a/server/Containerfile b/server/Containerfile
new file mode 100644
index 0000000..451a0d0
--- /dev/null
+++ b/server/Containerfile
@@ -0,0 +1,29 @@
+FROM registry.fedoraproject.org/fedora:38 AS build
+
+RUN --mount=type=cache,target=/var/cache \
+	dnf install -y \
+		--setopt install_weak_deps=0 \
+		cargo \
+		libvirt-devel \
+		rust \
+	&& :
+
+COPY . /build
+
+RUN cd /build && cargo build --release --bins && strip -s target/release/sshca
+
+FROM registry.fedoraproject.org/fedora-minimal:38
+
+RUN --mount=type=cache,target=/var/cache \
+	microdnf install -y \
+		--setopt install_weak_deps=0 \
+		tini \
+		libvirt-libs \
+		openssh-clients \
+	&& :
+
+COPY --from=build /build/target/release/sshca /usr/local/bin/sshca
+
+USER 298:298
+
+ENTRYPOINT ["tini", "/usr/local/bin/sshca", "--"]