From 1d4d29c29416dd2bf7add6f9365988d64559098d Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 12 Jan 2024 06:55:29 -0600 Subject: [PATCH] Add Containerfile --- Containerfile | 44 ++++++++++++++++++++++++++++++++++++++++++++ config.sh | 35 +++++++++++++++++++++++++++++++++++ nsenter.sh | 3 +++ 3 files changed, 82 insertions(+) create mode 100644 Containerfile create mode 100755 config.sh create mode 100755 nsenter.sh diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..218a4c7 --- /dev/null +++ b/Containerfile @@ -0,0 +1,44 @@ +FROM registry.fedoraproject.org/fedora-minimal:39 AS build + +RUN --mount=type=cache,target=/var/cache \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + cargo \ + git \ + go \ + && : + +RUN --mount=type=cache,target=/root/go \ + go install kcl-lang.io/cli/cmd/kcl@v0.7 \ + && cp /root/go/bin/kcl /usr/local/bin \ + && : + +RUN --mount=type=cache,target=/root/.cargo \ + cargo install --git https://git.pyrocufflink.net/dustin/tmpl.git \ + && cp /root/.cargo/bin/tmpl /usr/local/bin \ + && : + + +FROM registry.fedoraproject.org/fedora-minimal:39 + +RUN --mount=type=cache,target=/var/cache \ + --mount=type=bind,from=build,source=/,target=/build \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + age \ + git \ + && cp -a /build/usr/local/bin/. /usr/local/bin \ + && for cmd in \ + systemctl \ + systemd-sysusers \ + ; do ln -s nsenter.sh /usr/local/bin/${cmd}; done \ + && : + +COPY nsenter.sh /usr/local/bin/nsenter.sh + +COPY config.sh / + +CMD ["/config.sh"] + +LABEL license= \ + vendor='Dustin C. Hatch' \ diff --git a/config.sh b/config.sh new file mode 100755 index 0000000..8bb81d7 --- /dev/null +++ b/config.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +: "${HOSTNAME:=$(hostname -f || uname -n)}" +: "${DESTDIR=/host}" +: "${KEYSERV_URL:=https://keyserv.pyrocufflink.blue}" +: "${SSH_CERT:=${DESTDIR}/etc/ssh/ssh_host_ed25519_key-cert.pub}" +: "${SSH_KEY:=${SSH_CERT%-cert.pub}}" +: "${GIT_URL:=https://git.pyrocufflink.net/infra/cfg.git}" +: "${GIT_BRANCH:=master}" + +printf 'Applying configuration policy for %s ...\n' "${HOSTNAME}" + +cd "$(mktemp -d)" || exit + +git clone --depth 1 "${GIT_URL}" -b "${GIT_BRANCH}" . || exit + +if [ -f host/"${HOSTNAME}".pre.sh ]; then + . host/"${HOSTNAME}".pre.sh +fi + +curl -fsSL \ + "${KEYSERV_URL}"/keys \ + -H "Authorization: $(cat "${SSH_CERT}")" \ + -o keys.age +age -d -i "${SSH_KEY}" -o keys.txt keys.age + +if [ -f host/"${HOSTNAME}".k ] && [ -f host/"${HOSTNAME}".yaml ]; then + kcl run host/"${HOSTNAME}".k -o instructions.yaml || exit + kcl run -Y host/"${HOSTNAME}".yaml -o values.yaml || exit + tmpl instructions.yaml values.yaml -d "${DESTDIR}" || exit +fi + +if [ -f host/"${HOSTNAME}".post.sh ]; then + . host/"${HOSTNAME}".post.sh +fi diff --git a/nsenter.sh b/nsenter.sh new file mode 100755 index 0000000..992604e --- /dev/null +++ b/nsenter.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +exec nsenter -a -t 1 "${0##*/}" "$@"