new dev container

dev/Dockerfile

@@ -1,24 +1,69 @@
 FROM docker.io/library/archlinux:latest
 
 RUN pacman -Syu --noconfirm && \
-    pacman -S --noconfirm sudo man-db exa curl ffmpeg imagemagick nnn screen tmux groff openssh base-devel git neovim ripgrep fzf emacs python python-pip python-virtualenv go go-tools clang nodejs npm php texlive-core texlive-fontsextra r && \
-    mkdir /var/run/sshd
+    pacman -S --needed --noconfirm sudo man-db exa curl jq ffmpeg imagemagick nnn \
+        screen tmux groff openssh base-devel git neovim ripgrep fzf emacs \
+        python python-pip python-virtualenv go go-tools clang nodejs npm php \
+        cargo texlive-core texlive-fontsextra r && \
+    mkdir -p /var/run/sshd
+
+RUN ssh-keygen -A
 
 RUN useradd -ms /bin/bash dev && \
     echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 
-ARG SSH_KEY
-RUN mkdir -p /home/dev/.ssh && \
-    ssh-keygen -A && \
-    echo "$SSH_KEY" >> /home/dev/.ssh/authorized_keys && \
-    chown -R dev:dev /home/dev/.ssh && \
-    chmod 600 /home/dev/.ssh/authorized_keys
+USER dev
 
-RUN git clone https://git.tavo.one/tavo/dotfiles /home/dev/.config && \
-    echo "HOSTNAME='dev'" >> /home/dev/.bash_profile && \
-    echo ". ~/.config/shell/env-min" >> /home/dev/.bash_profile && \
-    echo ". ~/.config/shell/bashrc" >> /home/dev/.bashrc && \
-    chown -R dev:dev /home/dev
+RUN echo "HOSTNAME=''" >> ~/.bash_profile && \
+    echo ". ~/.config/shell/env-min" >> ~/.bash_profile && \
+    echo ". ~/.config/shell/bashrc" >> ~/.bashrc
+
+RUN mkdir -p ~/.ssh && \
+    ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""
+
+ARG FJP
+
+# Allow ssh from keys in foregejo instance
+RUN curl -sH "Authorization: token $FJP" https://git.tavo.one/api/v1/users/tavo/keys | \
+        jq | grep '"key"' | cut -d '"' -f 4 >> ~/.ssh/authorized_keys && \
+    chmod 600 ~/.ssh/authorized_keys
+
+# Add new "dev" key in the forgejo instance
+RUN NEW_KEY=$(cat ~/.ssh/id_ed25519.pub | cut -d' ' -f 1,2) && \
+    OLD_KEY="$(curl -s "https://git.tavo.one/api/v1/users/tavo/keys" \
+        -H "Authorization: token $FJP" \
+        -H "accept: application/json" \
+        -H "Content-Type: application/json" | \
+        jq -r '.[] | select(.title == "dev") | .id')" && \
+    if [ -n "$OLD_KEY" ] ; then \
+        curl -sX DELETE "https://git.tavo.one/api/v1/user/keys/$OLD_KEY" \
+            -H "Authorization: token $FJP" \
+            -H "accept: application/json" \
+            -H "Content-Type: application/json"; \
+    fi && \
+    JSON=$(printf '{"key": "%s", "read_only": true, "title": "dev"}' "$NEW_KEY") && \
+    curl -s "https://git.tavo.one/api/v1/user/keys" \
+        -H "Authorization: token $FJP" \
+        -H "accept: application/json" \
+        -H "Content-Type: application/json" \
+        -d "$JSON"
+
+# Add SSH Host Key for git.tavo.one and clone
+RUN ssh-keyscan -H git.tavo.one >> ~/.ssh/known_hosts && \
+    chmod 600 ~/.ssh/known_hosts
+
+RUN git clone git@git.tavo.one:tavo/dotfiles.git ~/.config
+
+RUN sudo pacman -S --needed git base-devel && \
+    sudo mkdir -p /opt/yay && \
+    sudo chown -R dev:dev /opt/yay && \
+    git clone https://aur.archlinux.org/yay.git /opt/yay && \
+    (cd /opt/yay && makepkg -si --noconfirm)
+
+RUN LV_BRANCH='release-1.4/neovim-0.9' \
+    bash <(curl -s https://raw.githubusercontent.com/LunarVim/LunarVim/release-1.4/neovim-0.9/utils/installer/install.sh)
+
+USER root
 
 EXPOSE 22
 CMD ["/usr/sbin/sshd", "-D"]

dev/build.sh

@@ -1,7 +1,8 @@
 #!/bin/sh
 
-SSH_KEY_ARG="$1"
-[ -z "$SSH_KEY_ARG" ] && echo "No ssh-key provided" && exit 1
+FJP_ARG="$1"
+[ -z "$FJP_ARG" ] && FJP_ARG="$(pass personal/forgejo | sed '/public-keys/!d;s/^.*: //')"
+[ -z "$FJP_ARG" ] && echo "No ssh-key provided" && exit 1
 
 podman rm -f dev
-podman build --build-arg SSH_KEY="$SSH_KEY_ARG" -t arch-dev-env .
+podman build --build-arg FJP="$FJP_ARG" -t arch-dev-env .