diff --git a/dev/Dockerfile b/dev/Dockerfile index 449faba..3974970 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -1,24 +1,69 @@ FROM docker.io/library/archlinux:latest RUN pacman -Syu --noconfirm && \ - pacman -S --noconfirm sudo man-db exa curl ffmpeg imagemagick nnn screen tmux groff openssh base-devel git neovim ripgrep fzf emacs python python-pip python-virtualenv go go-tools clang nodejs npm php texlive-core texlive-fontsextra r && \ - mkdir /var/run/sshd + pacman -S --needed --noconfirm sudo man-db exa curl jq ffmpeg imagemagick nnn \ + screen tmux groff openssh base-devel git neovim ripgrep fzf emacs \ + python python-pip python-virtualenv go go-tools clang nodejs npm php \ + cargo texlive-core texlive-fontsextra r && \ + mkdir -p /var/run/sshd + +RUN ssh-keygen -A RUN useradd -ms /bin/bash dev && \ echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers -ARG SSH_KEY -RUN mkdir -p /home/dev/.ssh && \ - ssh-keygen -A && \ - echo "$SSH_KEY" >> /home/dev/.ssh/authorized_keys && \ - chown -R dev:dev /home/dev/.ssh && \ - chmod 600 /home/dev/.ssh/authorized_keys +USER dev -RUN git clone https://git.tavo.one/tavo/dotfiles /home/dev/.config && \ - echo "HOSTNAME='dev'" >> /home/dev/.bash_profile && \ - echo ". ~/.config/shell/env-min" >> /home/dev/.bash_profile && \ - echo ". ~/.config/shell/bashrc" >> /home/dev/.bashrc && \ - chown -R dev:dev /home/dev +RUN echo "HOSTNAME=''" >> ~/.bash_profile && \ + echo ". ~/.config/shell/env-min" >> ~/.bash_profile && \ + echo ". ~/.config/shell/bashrc" >> ~/.bashrc + +RUN mkdir -p ~/.ssh && \ + ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N "" + +ARG FJP + +# Allow ssh from keys in foregejo instance +RUN curl -sH "Authorization: token $FJP" https://git.tavo.one/api/v1/users/tavo/keys | \ + jq | grep '"key"' | cut -d '"' -f 4 >> ~/.ssh/authorized_keys && \ + chmod 600 ~/.ssh/authorized_keys + +# Add new "dev" key in the forgejo instance +RUN NEW_KEY=$(cat ~/.ssh/id_ed25519.pub | cut -d' ' -f 1,2) && \ + OLD_KEY="$(curl -s "https://git.tavo.one/api/v1/users/tavo/keys" \ + -H "Authorization: token $FJP" \ + -H "accept: application/json" \ + -H "Content-Type: application/json" | \ + jq -r '.[] | select(.title == "dev") | .id')" && \ + if [ -n "$OLD_KEY" ] ; then \ + curl -sX DELETE "https://git.tavo.one/api/v1/user/keys/$OLD_KEY" \ + -H "Authorization: token $FJP" \ + -H "accept: application/json" \ + -H "Content-Type: application/json"; \ + fi && \ + JSON=$(printf '{"key": "%s", "read_only": true, "title": "dev"}' "$NEW_KEY") && \ + curl -s "https://git.tavo.one/api/v1/user/keys" \ + -H "Authorization: token $FJP" \ + -H "accept: application/json" \ + -H "Content-Type: application/json" \ + -d "$JSON" + +# Add SSH Host Key for git.tavo.one and clone +RUN ssh-keyscan -H git.tavo.one >> ~/.ssh/known_hosts && \ + chmod 600 ~/.ssh/known_hosts + +RUN git clone git@git.tavo.one:tavo/dotfiles.git ~/.config + +RUN sudo pacman -S --needed git base-devel && \ + sudo mkdir -p /opt/yay && \ + sudo chown -R dev:dev /opt/yay && \ + git clone https://aur.archlinux.org/yay.git /opt/yay && \ + (cd /opt/yay && makepkg -si --noconfirm) + +RUN LV_BRANCH='release-1.4/neovim-0.9' \ + bash <(curl -s https://raw.githubusercontent.com/LunarVim/LunarVim/release-1.4/neovim-0.9/utils/installer/install.sh) + +USER root EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] diff --git a/dev/build.sh b/dev/build.sh index 3c923f9..f493957 100755 --- a/dev/build.sh +++ b/dev/build.sh @@ -1,7 +1,8 @@ #!/bin/sh -SSH_KEY_ARG="$1" -[ -z "$SSH_KEY_ARG" ] && echo "No ssh-key provided" && exit 1 +FJP_ARG="$1" +[ -z "$FJP_ARG" ] && FJP_ARG="$(pass personal/forgejo | sed '/public-keys/!d;s/^.*: //')" +[ -z "$FJP_ARG" ] && echo "No ssh-key provided" && exit 1 podman rm -f dev -podman build --build-arg SSH_KEY="$SSH_KEY_ARG" -t arch-dev-env . +podman build --build-arg FJP="$FJP_ARG" -t arch-dev-env .