Compare commits
20 commits
antifascis
...
container-
Author | SHA1 | Date | |
---|---|---|---|
c5b4f72251 | |||
552cb373f1 | |||
3777343e2d | |||
2548ad883a | |||
ed6e1a4758 | |||
10dcbf25e5 | |||
5b53d9cc28 | |||
cd4f1cee32 | |||
cde2fdedaa | |||
45b3ff8741 | |||
e00982be71 | |||
8857027ba8 | |||
cce727b550 | |||
38474192a0 | |||
8ef34f3a69 | |||
fd4969823f | |||
d7d5eebec5 | |||
92a04bf4d5 | |||
7c74e6443c | |||
df1b9f7a77 |
8 changed files with 65 additions and 39 deletions
30
.woodpecker.yml
Normal file
30
.woodpecker.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
pipeline:
|
||||||
|
shellcheck:
|
||||||
|
image: docker.io/alpine:3.14
|
||||||
|
commands:
|
||||||
|
- apk add shellcheck
|
||||||
|
- shellcheck haini.sh
|
||||||
|
publish:
|
||||||
|
image: plugins/docker
|
||||||
|
registry: registry.nulo.in
|
||||||
|
repo: registry.nulo.in/sutty/haini.sh
|
||||||
|
tags: latest,root
|
||||||
|
dockerfile: Containerfile
|
||||||
|
username: sutty
|
||||||
|
secrets:
|
||||||
|
- docker_password
|
||||||
|
when:
|
||||||
|
branch: container-ci
|
||||||
|
event: push
|
||||||
|
publish-rootless:
|
||||||
|
image: plugins/docker
|
||||||
|
registry: registry.nulo.in
|
||||||
|
repo: registry.nulo.in/sutty/haini.sh
|
||||||
|
tags: rootless
|
||||||
|
dockerfile: Containerfile.rootless
|
||||||
|
username: sutty
|
||||||
|
secrets:
|
||||||
|
- docker_password
|
||||||
|
when:
|
||||||
|
branch: container-ci
|
||||||
|
event: push
|
17
Containerfile
Normal file
17
Containerfile
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
FROM docker.io/alpine:3.13
|
||||||
|
|
||||||
|
RUN apk add --no-cache openssh-client make git bash coreutils diffutils sudo
|
||||||
|
|
||||||
|
RUN echo "https://alpine.sutty.nl/alpine/v3.13/sutty" >> "/etc/apk/repositories" && \
|
||||||
|
wget https://alpine.sutty.nl/alpine/sutty.pub -O "/etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub"
|
||||||
|
|
||||||
|
COPY packages /root/packages
|
||||||
|
COPY bin /usr/local/bin
|
||||||
|
|
||||||
|
RUN chmod 755 /usr/local/bin/*
|
||||||
|
RUN apk add --no-cache $(cat "/root/packages" | tr "\n" " ")
|
||||||
|
RUN sed -re "s/#(@platforms = )/\1/" -i "/usr/lib/ruby/2.7.0/rubygems.rb" && \
|
||||||
|
mkdir -m 700 -p "~/.ssh"
|
||||||
|
|
||||||
|
COPY ssh/known_hosts /root/.ssh/known_hosts
|
||||||
|
COPY .gemrc /root/.gemrc
|
14
Containerfile.rootless
Normal file
14
Containerfile.rootless
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
FROM registry.nulo.in/sutty/haini.sh:root
|
||||||
|
|
||||||
|
RUN mkdir -p /home && \
|
||||||
|
adduser \
|
||||||
|
--disabled-password \
|
||||||
|
--gecos "" \
|
||||||
|
--home /home/suttier \
|
||||||
|
suttier && \
|
||||||
|
cp /root/.gemrc /home/suttier/.gemrc && \
|
||||||
|
cp -r /root/.ssh /home/suttier/.ssh && \
|
||||||
|
chown -R suttier:suttier /home/suttier/ && \
|
||||||
|
echo "suttier ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||||
|
USER suttier
|
||||||
|
|
|
@ -5,4 +5,3 @@ subjectAltName = @alt_names
|
||||||
[alt_names]
|
[alt_names]
|
||||||
DNS.1 = sutty.local
|
DNS.1 = sutty.local
|
||||||
DNS.2 = *.sutty.local
|
DNS.2 = *.sutty.local
|
||||||
DNS.3 = *.tienda.sutty.local
|
|
||||||
|
|
31
haini.sh
31
haini.sh
|
@ -21,7 +21,7 @@ if ! test "$HAIN_ENV" && ! type bwrap >/dev/null 2>&1 ; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test -f /proc/sys/kernel/unprivileged_userns_clone && test "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -ne 1 ; then
|
if test "$(sysctl -n kernel.unprivileged_userns_clone)" -ne 1 ; then
|
||||||
echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
|
echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
|
||||||
echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2
|
echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2
|
||||||
sudo sysctl -a kernel.unprivileged_userns_clone=1
|
sudo sysctl -a kernel.unprivileged_userns_clone=1
|
||||||
|
@ -50,14 +50,12 @@ correr() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
env -i \
|
env -i \
|
||||||
DISPLAY="$DISPLAY" \
|
|
||||||
TERM="$TERM" \
|
TERM="$TERM" \
|
||||||
USER="suttier" \
|
USER="suttier" \
|
||||||
HOME="/home/suttier" \
|
HOME="/home/suttier" \
|
||||||
HAIN_ENV=true \
|
HAIN_ENV=true \
|
||||||
RAILS_ENV="${RAILS_ENV:-development}" \
|
RAILS_ENV="${RAILS_ENV:-development}" \
|
||||||
JEKYLL_ENV="${JEKYLL_ENV:-development}" \
|
JEKYLL_ENV="${JEKYLL_ENV:-development}" \
|
||||||
$(test -f "$ENV_FILE" && (grep -v '^#' "$ENV_FILE" | xargs -0) || true) \
|
|
||||||
EDITOR="nano" \
|
EDITOR="nano" \
|
||||||
PAGER="less -niSFX" \
|
PAGER="less -niSFX" \
|
||||||
SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \
|
SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \
|
||||||
|
@ -71,7 +69,6 @@ correr() {
|
||||||
--unshare-cgroup-try \
|
--unshare-cgroup-try \
|
||||||
--bind "$ENTORNO" / \
|
--bind "$ENTORNO" / \
|
||||||
--bind "$ROOT" /Sutty \
|
--bind "$ROOT" /Sutty \
|
||||||
$(test -f ~/.Xauthority && echo "--ro-bind $HOME/.Xauthority /home/suttier/.Xauthority") \
|
|
||||||
--ro-bind /etc/hosts /etc/hosts \
|
--ro-bind /etc/hosts /etc/hosts \
|
||||||
--ro-bind /etc/resolv.conf /etc/resolv.conf \
|
--ro-bind /etc/resolv.conf /etc/resolv.conf \
|
||||||
--ro-bind /etc/localtime /etc/localtime \
|
--ro-bind /etc/localtime /etc/localtime \
|
||||||
|
@ -217,29 +214,6 @@ crear_entorno() {
|
||||||
test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt"
|
test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Auto-actualizar una vez por hora
|
|
||||||
actualizar() {
|
|
||||||
test ! "$TERM" = "dumb" || return
|
|
||||||
|
|
||||||
last_update="$(find "$DIR/.git/FETCH_HEAD" -mmin +60 | wc -l)"
|
|
||||||
|
|
||||||
if test ! $last_update -ne 0; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -n "Actualizando haini.sh... " >&2
|
|
||||||
if ping -q -c 1 0xacab.org >/dev/null 2>&1; then
|
|
||||||
git -C "$DIR" pull --ff-only
|
|
||||||
|
|
||||||
if test "$DIR/.git/FETCH_HEAD" -ot "$DIR/.git/ORIG_HEAD"; then
|
|
||||||
echo "haini.sh se actualizó, por favor volvé a ejecutar el comando" >&2
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "no se pudo conectar 0xacab.org, intentando la próxima vez." >&2
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
DEFAULT="sh"
|
DEFAULT="sh"
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
|
@ -271,9 +245,8 @@ else
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
actualizar
|
|
||||||
crear_entorno
|
crear_entorno
|
||||||
stdin="$(test "$TERM" = "dumb" || echo "/dev/stdin")" correr "${*:-$DEFAULT}" ; salida=$?
|
stdin=/dev/stdin correr "${*:-$DEFAULT}" ; salida=$?
|
||||||
|
|
||||||
${SSH_ADHOC} && ssh-agent -k
|
${SSH_ADHOC} && ssh-agent -k
|
||||||
|
|
||||||
|
|
|
@ -9,10 +9,6 @@ server {
|
||||||
|
|
||||||
add_header Cache-Control "no-store; max-age=0";
|
add_header Cache-Control "no-store; max-age=0";
|
||||||
|
|
||||||
location ~ /../assets/js/pack.js {
|
|
||||||
rewrite ^ /assets/js/pack.js last;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /assets/js/pack.js {
|
location /assets/js/pack.js {
|
||||||
proxy_pass http://127.0.0.1:65001;
|
proxy_pass http://127.0.0.1:65001;
|
||||||
}
|
}
|
||||||
|
@ -27,5 +23,3 @@ server {
|
||||||
proxy_pass http://127.0.0.1:65001;
|
proxy_pass http://127.0.0.1:65001;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
include /Sutty/*-jekyll-theme/_nginx.conf;
|
|
||||||
|
|
4
packages
4
packages
|
@ -4,7 +4,6 @@ ffmpeg
|
||||||
file
|
file
|
||||||
git
|
git
|
||||||
git-lfs
|
git-lfs
|
||||||
jpegoptim
|
|
||||||
less
|
less
|
||||||
libssh2
|
libssh2
|
||||||
libxml2
|
libxml2
|
||||||
|
@ -15,16 +14,15 @@ nano-syntax
|
||||||
ncurses-terminfo
|
ncurses-terminfo
|
||||||
nginx
|
nginx
|
||||||
nodejs
|
nodejs
|
||||||
npm
|
|
||||||
openssh-client
|
openssh-client
|
||||||
openssl
|
openssl
|
||||||
oxipng
|
|
||||||
postgresql
|
postgresql
|
||||||
postgresql-contrib
|
postgresql-contrib
|
||||||
postgresql-libs
|
postgresql-libs
|
||||||
py3-brotli
|
py3-brotli
|
||||||
py3-cffi
|
py3-cffi
|
||||||
py3-fonttools
|
py3-fonttools
|
||||||
|
rsync
|
||||||
ruby
|
ruby
|
||||||
ruby-bigdecimal
|
ruby-bigdecimal
|
||||||
ruby-bundler
|
ruby-bundler
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr
|
0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr
|
||||||
athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA=
|
athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA=
|
||||||
anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8=
|
anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8=
|
||||||
|
[nulo.in]:420 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgHIbf5/jkeyLMndnWlEO12DPj41YPqkmz+aIreVOsP
|
||||||
|
|
Loading…
Reference in a new issue