Compare commits

..

20 commits

Author SHA1 Message Date
c5b4f72251 Instalar /usr/local/bin en el contenedor
All checks were successful
continuous-integration/woodpecker the build was successful
2021-11-30 15:39:27 +00:00
552cb373f1 Merge branch 'antifascista' into container-ci
All checks were successful
continuous-integration/woodpecker the build was successful
2021-11-25 21:47:40 +00:00
3777343e2d known_hosts: agregar nulo.in
All checks were successful
continuous-integration/woodpecker the build was successful
2021-11-25 21:47:21 +00:00
2548ad883a Containerfile: copiar ssh/known_hosts
All checks were successful
continuous-integration/drone the build was successful
2021-09-28 15:42:07 -03:00
ed6e1a4758 Merge remote-tracking branch 'origin/antifascista' into container-ci 2021-09-28 15:31:54 -03:00
10dcbf25e5 Merge branch 'antifascista' into container-ci
All checks were successful
continuous-integration/drone the build was successful
2021-09-28 12:39:50 -03:00
5b53d9cc28 ci: Shellcheck
Some checks failed
continuous-integration/drone the build failed
2021-09-28 12:11:38 -03:00
cd4f1cee32 Hacer contenedor root y rootless separados
All checks were successful
continuous-integration/drone the build was successful
2021-09-18 15:30:41 -03:00
cde2fdedaa Containerfile: permitirle sudo a suttier
All checks were successful
continuous-integration/drone the build was successful
2021-09-18 13:18:14 -03:00
45b3ff8741 Containerfile: asegurarse que la HOME tenga bien los permisos
Some checks failed
continuous-integration/drone the build failed
2021-09-18 12:47:12 -03:00
e00982be71 Containerfile: arreglar usuarix
All checks were successful
continuous-integration/drone the build was successful
2021-09-18 12:21:31 -03:00
8857027ba8 Containerfile: crear usuarix suttier
Some checks failed
continuous-integration/drone the build failed
2021-09-18 12:13:53 -03:00
cce727b550 packages: añadir rsync
All checks were successful
continuous-integration/drone the build was successful
2021-09-18 11:23:39 -03:00
38474192a0 woodpecker: usar registry.nulo.in
All checks were successful
continuous-integration/drone the build was successful
2021-09-17 16:11:35 -03:00
8ef34f3a69 woodpecker: intentar con plugins/docker
Some checks failed
continuous-integration/drone the build failed
2021-09-17 16:10:14 -03:00
fd4969823f woodpecker: solo usar buildah
Some checks failed
continuous-integration/drone the build failed
Podman falla al correr
2021-09-17 13:57:25 -03:00
d7d5eebec5 woodpecker: usar Alpine
Some checks failed
continuous-integration/drone the build failed
Porque buildah/buildah es viejisimo
2021-09-17 13:54:51 -03:00
92a04bf4d5 woodpecker: usar STORAGE_DRIVER=vfs
Some checks failed
continuous-integration/drone the build failed
2021-09-17 13:49:40 -03:00
7c74e6443c Añadir .woodpecker.yml
Some checks failed
continuous-integration/drone the build failed
2021-09-17 13:47:38 -03:00
df1b9f7a77 añadir Containerfile 2021-09-17 13:44:26 -03:00
8 changed files with 65 additions and 39 deletions

30
.woodpecker.yml Normal file
View file

@ -0,0 +1,30 @@
pipeline:
shellcheck:
image: docker.io/alpine:3.14
commands:
- apk add shellcheck
- shellcheck haini.sh
publish:
image: plugins/docker
registry: registry.nulo.in
repo: registry.nulo.in/sutty/haini.sh
tags: latest,root
dockerfile: Containerfile
username: sutty
secrets:
- docker_password
when:
branch: container-ci
event: push
publish-rootless:
image: plugins/docker
registry: registry.nulo.in
repo: registry.nulo.in/sutty/haini.sh
tags: rootless
dockerfile: Containerfile.rootless
username: sutty
secrets:
- docker_password
when:
branch: container-ci
event: push

17
Containerfile Normal file
View file

@ -0,0 +1,17 @@
FROM docker.io/alpine:3.13
RUN apk add --no-cache openssh-client make git bash coreutils diffutils sudo
RUN echo "https://alpine.sutty.nl/alpine/v3.13/sutty" >> "/etc/apk/repositories" && \
wget https://alpine.sutty.nl/alpine/sutty.pub -O "/etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub"
COPY packages /root/packages
COPY bin /usr/local/bin
RUN chmod 755 /usr/local/bin/*
RUN apk add --no-cache $(cat "/root/packages" | tr "\n" " ")
RUN sed -re "s/#(@platforms = )/\1/" -i "/usr/lib/ruby/2.7.0/rubygems.rb" && \
mkdir -m 700 -p "~/.ssh"
COPY ssh/known_hosts /root/.ssh/known_hosts
COPY .gemrc /root/.gemrc

14
Containerfile.rootless Normal file
View file

@ -0,0 +1,14 @@
FROM registry.nulo.in/sutty/haini.sh:root
RUN mkdir -p /home && \
adduser \
--disabled-password \
--gecos "" \
--home /home/suttier \
suttier && \
cp /root/.gemrc /home/suttier/.gemrc && \
cp -r /root/.ssh /home/suttier/.ssh && \
chown -R suttier:suttier /home/suttier/ && \
echo "suttier ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
USER suttier

View file

@ -5,4 +5,3 @@ subjectAltName = @alt_names
[alt_names] [alt_names]
DNS.1 = sutty.local DNS.1 = sutty.local
DNS.2 = *.sutty.local DNS.2 = *.sutty.local
DNS.3 = *.tienda.sutty.local

View file

@ -21,7 +21,7 @@ if ! test "$HAIN_ENV" && ! type bwrap >/dev/null 2>&1 ; then
exit 1 exit 1
fi fi
if test -f /proc/sys/kernel/unprivileged_userns_clone && test "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -ne 1 ; then if test "$(sysctl -n kernel.unprivileged_userns_clone)" -ne 1 ; then
echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2 echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2 echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2
sudo sysctl -a kernel.unprivileged_userns_clone=1 sudo sysctl -a kernel.unprivileged_userns_clone=1
@ -50,14 +50,12 @@ correr() {
fi fi
env -i \ env -i \
DISPLAY="$DISPLAY" \
TERM="$TERM" \ TERM="$TERM" \
USER="suttier" \ USER="suttier" \
HOME="/home/suttier" \ HOME="/home/suttier" \
HAIN_ENV=true \ HAIN_ENV=true \
RAILS_ENV="${RAILS_ENV:-development}" \ RAILS_ENV="${RAILS_ENV:-development}" \
JEKYLL_ENV="${JEKYLL_ENV:-development}" \ JEKYLL_ENV="${JEKYLL_ENV:-development}" \
$(test -f "$ENV_FILE" && (grep -v '^#' "$ENV_FILE" | xargs -0) || true) \
EDITOR="nano" \ EDITOR="nano" \
PAGER="less -niSFX" \ PAGER="less -niSFX" \
SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \ SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \
@ -71,7 +69,6 @@ correr() {
--unshare-cgroup-try \ --unshare-cgroup-try \
--bind "$ENTORNO" / \ --bind "$ENTORNO" / \
--bind "$ROOT" /Sutty \ --bind "$ROOT" /Sutty \
$(test -f ~/.Xauthority && echo "--ro-bind $HOME/.Xauthority /home/suttier/.Xauthority") \
--ro-bind /etc/hosts /etc/hosts \ --ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/resolv.conf /etc/resolv.conf \ --ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/localtime /etc/localtime \ --ro-bind /etc/localtime /etc/localtime \
@ -217,29 +214,6 @@ crear_entorno() {
test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt"
} }
# Auto-actualizar una vez por hora
actualizar() {
test ! "$TERM" = "dumb" || return
last_update="$(find "$DIR/.git/FETCH_HEAD" -mmin +60 | wc -l)"
if test ! $last_update -ne 0; then
return
fi
echo -n "Actualizando haini.sh... " >&2
if ping -q -c 1 0xacab.org >/dev/null 2>&1; then
git -C "$DIR" pull --ff-only
if test "$DIR/.git/FETCH_HEAD" -ot "$DIR/.git/ORIG_HEAD"; then
echo "haini.sh se actualizó, por favor volvé a ejecutar el comando" >&2
exit 0
fi
else
echo "no se pudo conectar 0xacab.org, intentando la próxima vez." >&2
fi
}
DEFAULT="sh" DEFAULT="sh"
case $1 in case $1 in
@ -271,9 +245,8 @@ else
fi fi
fi fi
actualizar
crear_entorno crear_entorno
stdin="$(test "$TERM" = "dumb" || echo "/dev/stdin")" correr "${*:-$DEFAULT}" ; salida=$? stdin=/dev/stdin correr "${*:-$DEFAULT}" ; salida=$?
${SSH_ADHOC} && ssh-agent -k ${SSH_ADHOC} && ssh-agent -k

View file

@ -9,10 +9,6 @@ server {
add_header Cache-Control "no-store; max-age=0"; add_header Cache-Control "no-store; max-age=0";
location ~ /../assets/js/pack.js {
rewrite ^ /assets/js/pack.js last;
}
location /assets/js/pack.js { location /assets/js/pack.js {
proxy_pass http://127.0.0.1:65001; proxy_pass http://127.0.0.1:65001;
} }
@ -27,5 +23,3 @@ server {
proxy_pass http://127.0.0.1:65001; proxy_pass http://127.0.0.1:65001;
} }
} }
include /Sutty/*-jekyll-theme/_nginx.conf;

View file

@ -4,7 +4,6 @@ ffmpeg
file file
git git
git-lfs git-lfs
jpegoptim
less less
libssh2 libssh2
libxml2 libxml2
@ -15,16 +14,15 @@ nano-syntax
ncurses-terminfo ncurses-terminfo
nginx nginx
nodejs nodejs
npm
openssh-client openssh-client
openssl openssl
oxipng
postgresql postgresql
postgresql-contrib postgresql-contrib
postgresql-libs postgresql-libs
py3-brotli py3-brotli
py3-cffi py3-cffi
py3-fonttools py3-fonttools
rsync
ruby ruby
ruby-bigdecimal ruby-bigdecimal
ruby-bundler ruby-bundler

View file

@ -1,3 +1,4 @@
0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr 0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr
athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA= athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA=
anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8= anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8=
[nulo.in]:420 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgHIbf5/jkeyLMndnWlEO12DPj41YPqkmz+aIreVOsP