Merge branch 'issue-47' into 'antifascista'

fix: no usar sysctl sin root #47

See merge request sutty/haini.sh!52

.woodpecker.yml

@@ -1,30 +0,0 @@
-pipeline:
-  shellcheck:
-    image: docker.io/alpine:3.14
-    commands:
-      - apk add shellcheck
-      - shellcheck haini.sh
-  publish:
-    image: plugins/docker
-    registry: registry.nulo.in
-    repo: registry.nulo.in/sutty/haini.sh
-    tags: latest,root
-    dockerfile: Containerfile
-    username: sutty
-    secrets:
-      - docker_password
-    when:
-      branch: container-ci
-      event: push
-  publish-rootless:
-    image: plugins/docker
-    registry: registry.nulo.in
-    repo: registry.nulo.in/sutty/haini.sh
-    tags: rootless
-    dockerfile: Containerfile.rootless
-    username: sutty
-    secrets:
-      - docker_password
-    when:
-      branch: container-ci
-      event: push

Containerfile

@@ -1,17 +0,0 @@
-FROM docker.io/alpine:3.13
-
-RUN apk add --no-cache openssh-client make git bash coreutils diffutils sudo
-
-RUN echo "https://alpine.sutty.nl/alpine/v3.13/sutty" >> "/etc/apk/repositories" && \
-    wget https://alpine.sutty.nl/alpine/sutty.pub -O "/etc/apk/keys/alpine@sutty.nl-5ea884cd.rsa.pub"
-
-COPY packages /root/packages
-COPY bin /usr/local/bin
-
-RUN chmod 755 /usr/local/bin/*
-RUN apk add --no-cache $(cat "/root/packages" | tr "\n" " ")
-RUN sed -re "s/#(@platforms = )/\1/" -i "/usr/lib/ruby/2.7.0/rubygems.rb" && \
-    mkdir -m 700 -p "~/.ssh"
-
-COPY ssh/known_hosts /root/.ssh/known_hosts
-COPY .gemrc /root/.gemrc

Containerfile.rootless

@@ -1,14 +0,0 @@
-FROM registry.nulo.in/sutty/haini.sh:root
-
-RUN mkdir -p /home && \
-    adduser \
-        --disabled-password \
-        --gecos "" \
-        --home /home/suttier \
-        suttier && \
-    cp /root/.gemrc /home/suttier/.gemrc && \
-    cp -r /root/.ssh /home/suttier/.ssh && \
-    chown -R suttier:suttier /home/suttier/ && \
-    echo "suttier ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-USER suttier
-

domains.ext

@@ -5,3 +5,4 @@ subjectAltName = @alt_names
 [alt_names]
 DNS.1 = sutty.local
 DNS.2 = *.sutty.local
+DNS.3 = *.tienda.sutty.local

haini.sh

@@ -21,7 +21,7 @@ if ! test "$HAIN_ENV" && ! type bwrap >/dev/null 2>&1 ; then
   exit 1
 fi
 
-if test "$(sysctl -n kernel.unprivileged_userns_clone)" -ne 1 ; then
+if test -f /proc/sys/kernel/unprivileged_userns_clone && test "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -ne 1 ; then
   echo "Necesitamos configurar tu sistema, ingresa tu contraseña para correr el comando" >&2
   echo "sudo sysctl -a kernel.unprivileged_userns_clone=1" >&2
   sudo sysctl -a kernel.unprivileged_userns_clone=1
@@ -50,12 +50,14 @@ correr() {
   fi
 
   env -i \
+    DISPLAY="$DISPLAY" \
     TERM="$TERM" \
     USER="suttier" \
     HOME="/home/suttier" \
     HAIN_ENV=true \
     RAILS_ENV="${RAILS_ENV:-development}" \
     JEKYLL_ENV="${JEKYLL_ENV:-development}" \
+    $(test -f "$ENV_FILE" && (grep -v '^#' "$ENV_FILE" | xargs -0) || true) \
     EDITOR="nano" \
     PAGER="less -niSFX" \
     SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" \
@@ -69,6 +71,7 @@ correr() {
     --unshare-cgroup-try \
     --bind "$ENTORNO" / \
     --bind "$ROOT" /Sutty \
+    $(test -f ~/.Xauthority && echo "--ro-bind $HOME/.Xauthority /home/suttier/.Xauthority") \
     --ro-bind /etc/hosts /etc/hosts \
     --ro-bind /etc/resolv.conf /etc/resolv.conf \
     --ro-bind /etc/localtime /etc/localtime \
@@ -214,6 +217,29 @@ crear_entorno() {
   test -f "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt" || mv "$ENTORNO/etc/ssl/certs/ca-sutty.crt" "$ENTORNO/usr/local/share/ca-certificates/ca-sutty.crt"
 }
 
+# Auto-actualizar una vez por hora
+actualizar() {
+  test ! "$TERM" = "dumb" || return
+
+  last_update="$(find "$DIR/.git/FETCH_HEAD" -mmin +60 | wc -l)"
+
+  if test ! $last_update -ne 0; then
+    return
+  fi
+
+  echo -n "Actualizando haini.sh... " >&2
+  if ping -q -c 1 0xacab.org >/dev/null 2>&1; then
+    git -C "$DIR" pull --ff-only
+
+    if test "$DIR/.git/FETCH_HEAD" -ot "$DIR/.git/ORIG_HEAD"; then
+      echo "haini.sh se actualizó, por favor volvé a ejecutar el comando" >&2
+      exit 0
+    fi
+  else
+    echo "no se pudo conectar 0xacab.org, intentando la próxima vez." >&2
+  fi
+}
+
 DEFAULT="sh"
 
 case $1 in
@@ -245,8 +271,9 @@ else
     fi
   fi
 
+  actualizar
   crear_entorno
-  stdin=/dev/stdin correr "${*:-$DEFAULT}" ; salida=$?
+  stdin="$(test "$TERM" = "dumb" || echo "/dev/stdin")" correr "${*:-$DEFAULT}" ; salida=$?
 
   ${SSH_ADHOC} && ssh-agent -k
 

nginx.conf

@@ -9,6 +9,10 @@ server {
 
   add_header Cache-Control "no-store; max-age=0";
 
+  location ~ /../assets/js/pack.js {
+    rewrite ^ /assets/js/pack.js last;
+  }
+
   location /assets/js/pack.js {
     proxy_pass http://127.0.0.1:65001;
   }
@@ -23,3 +27,5 @@ server {
     proxy_pass http://127.0.0.1:65001;
   }
 }
+
+include /Sutty/*-jekyll-theme/_nginx.conf;

packages

@@ -4,6 +4,7 @@ ffmpeg
 file
 git
 git-lfs
+jpegoptim
 less
 libssh2
 libxml2
@@ -14,15 +15,16 @@ nano-syntax
 ncurses-terminfo
 nginx
 nodejs
+npm
 openssh-client
 openssl
+oxipng
 postgresql
 postgresql-contrib
 postgresql-libs
 py3-brotli
 py3-cffi
 py3-fonttools
-rsync
 ruby
 ruby-bigdecimal
 ruby-bundler

ssh/known_hosts

@@ -1,4 +1,3 @@
 0xacab.org,198.252.153.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdh69MJNIA4hZNdplalK1BOD4QZEKn8msMwsEzA7nrr
 athshe.sutty.nl,172.96.172.58 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIDqJl9IW6WXAxrtZXMzvMnIpTjIZB+Tp+dDUpSaOrqdjqdMVjHVQSFnVh0MLHbvdjKKtxaKDAuT3JXGrSp8wyA=
 anarres.sutty.nl,54.39.161.205 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGw9aXovdiR44WzGfaitjlGiAO7I5OP/XgxFEc+t6HWeS0oqIVaEo17y7j29hLZbTRpN8vWoGSMa+UtquQZ6JG8=
-[nulo.in]:420 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgHIbf5/jkeyLMndnWlEO12DPj41YPqkmz+aIreVOsP