~mapperr/dockerfiles

03b501f37175a049c77d1588c92c6193b24db24e — mapperr 9 months ago fe63014
unify archlinux containers
9 files changed, 290 insertions(+), 133 deletions(-)

D archdock/Dockerfile
D archdock/provision.sh
D archdock/run.sh
A archlinux/Dockerfile
A archlinux/game_installs
A archlinux/provision.sh
A archlinux/run.sh
A archlinux/work_installs
A archlinux/work_provision.sh
D archdock/Dockerfile => archdock/Dockerfile +0 -51
@@ 1,51 0,0 @@
FROM archlinux

RUN --mount=type=cache,target=/var/cache/pacman \
    pacman --noconfirm -Sy  && \
    pacman --noconfirm -S archlinux-keyring  && \
    pacman --noconfirm -Su  && \
    pacman --noconfirm -S base-devel reflector pacman-contrib  && \
    pacman --noconfirm -S openssh  && \
    pacman --noconfirm -S python poetry go  && \
    pacman --noconfirm -S neovim git git-crypt gnupg wget curl entr inotify-tools  && \
    pacman --noconfirm -S pyright  && \
    pacman --noconfirm -S nnn rsync atool zip unzip sshfs fuse samba cifs-utils  && \
    pacman --noconfirm -S exa fd ripgrep fzf gopass jq httpie croc direnv bc && \
    pacman --noconfirm -S shfmt uncrustify prettier python-black tidy  && \
    pacman --noconfirm -S zsh zsh-autosuggestions zsh-completions tmux  && \
    pacman --noconfirm -S podman podman-compose cni-plugins catatonit aardvark-dns  && \
    pacman --noconfirm -S docker docker-compose docker-buildx  && \
    pacman --noconfirm -S bandwhich tre duf diff-so-fancy bat tldr bpytop sd most  && \
    pacman --noconfirm -S glances python-docker python-netifaces && \
    pacman --noconfirm -S pandoc-cli imagemagick && \
    pacman --noconfirm -S terraform ansible kubectl k9s nomad consul && \
    pacman --noconfirm -S jdk-openjdk jdk8-openjdk jdk11-openjdk jdk17-openjdk && \
    pacman --noconfirm -S pipewire pipewire-alsa alsa-utils

RUN \
    yes 'root' | passwd && \
    ssh-keygen -A && \
    sed -i 's/#Port 22/Port 2345/' /etc/ssh/sshd_config

RUN \
    echo 'en_US.UTF-8 UTF-8' >>/etc/locale.gen && \
    locale-gen && \
    echo 'LANG=en_US.UTF-8' >/etc/locale.conf && \
    ln -sf /usr/share/zoneinfo/Europe/Rome /etc/localtime

# not working due to missing systemd running
# RUN \
#     localectl set-locale LANG=en_US.UTF-8 && \
#     timedatectl set-timezone Europe/Rome

RUN \
    useradd -m arch && \
    yes 'arch' | passwd arch && \
    chsh -s /bin/zsh arch && \
    usermod -aG docker arch && \
    echo 'arch ALL=(ALL:ALL) NOPASSWD: ALL' >/etc/sudoers.d/arch

USER 1000

EXPOSE 2345
ENTRYPOINT ["sudo", "/usr/bin/sshd", "-D"]

D archdock/provision.sh => archdock/provision.sh +0 -38
@@ 1,38 0,0 @@
#! /bin/sh

if ! hash yay 2>/dev/null; then
  git clone https://aur.archlinux.org/yay.git /tmp/yay
  cd /tmp/yay
  makepkg -sif --noconfirm
  cd -
fi

if hash yay 2>/dev/null; then
  yay -S --noconfirm \
    usql \
    jdtls \
    ibmcloud-cli \
    azure-cli-bin \
    google-cloud-cli \
    google-cloud-cli-gke-gcloud-auth-plugin \
    python310
fi

minpac_dir=$HOME/.config/nvim/pack/minpac/opt/minpac  && \
test -d $minpac_dir || git clone https://github.com/k-takata/minpac.git $minpac_dir  && \

if ! test -d ~/.dotfiles; then
  curl https://git.sr.ht/~mapperr/dotfiles/blob/master/.bin/dff >$HOME/dff  && \
  chmod u+x $HOME/dff

  sh dff clone git@git.sr.ht:~mapperr/dotfiles
  sh dff checkout -f
  sh dff crypt unlock

  test -d ~/.dotfiles && test -r ~/dff && rm -f ~/dff
fi

if ! test -d ~/src/git.sr.ht/~mapperr/pass; then
  ~/.bin/gitw clone git@git.sr.ht:~mapperr/pass
  gopass config mounts.path ~/src/git.sr.ht/~mapperr/pass
fi

D archdock/run.sh => archdock/run.sh +0 -44
@@ 1,44 0,0 @@
#! /bin/sh

cmd="$1"
cont_name="arch"

if test "$cmd" = "build"; then
    docker build -t archdock .

elif test "$cmd" = "setup"; then
    docker run -d \
        --name $cont_name \
        --restart unless-stopped \
        --hostname archdock \
        --privileged \
        --net=host \
        --ipc=host \
        --ulimit "nofile=1024:1048576" \
        -v ~/mnt/archdock:/home/arch \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY  \
        -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
        -e XDG_RUNTIME_DIR=/tmp \
        -e XDG_SESSION_TYPE=wayland \
        -e DISPLAY=$DISPLAY \
        -v /run/user/$(id -u)/pipewire-0:/tmp/pipewire-0 \
        -v /tmp/.X11-unix:/tmp/.X11-unix \
        --user=$(id -u):$(id -g) \
        archdock

    docker cp ~/.ssh $cont_name:/home/arch/
    docker cp ~/.gnupg $cont_name:/home/arch/
    docker cp provision.sh $cont_name:/home/arch/
    docker exec $cont_name sudo chown -R arch:arch /home/arch
    docker exec -it --user 1000 $cont_name sh /home/arch/provision.sh

elif test "$cmd" = "ssh"; then
    sshpass -p arch ssh -p 2345 arch@localhost
else
    echo "usage:
    $0 build
    $0 setup
    $0 ssh
    "
fi

A archlinux/Dockerfile => archlinux/Dockerfile +65 -0
@@ 0,0 1,65 @@
FROM archlinux

ARG MY_USER
ARG SSH_PORT
ARG YAY_INSTALL_FILE

RUN \
    --mount=type=cache,target=/var/cache/pacman \
    pacman --noconfirm -Sy  && \
    pacman --noconfirm -S archlinux-keyring  && \
    pacman --noconfirm -Su  && \
    pacman --noconfirm -S \
        base-devel \
        sudo \
        openssh \
        gnupg \
        curl \
        git \
        git-crypt \
        gopass


RUN \
    echo 'en_US.UTF-8 UTF-8' >>/etc/locale.gen && \
    locale-gen && \
    echo 'LANG=en_US.UTF-8' >/etc/locale.conf && \
    ln -sf /usr/share/zoneinfo/Europe/Rome /etc/localtime

RUN \
    useradd -m ${MY_USER} && \
    yes "${MY_USER}" | passwd ${MY_USER} && \
    echo "${MY_USER} ALL=(ALL:ALL) NOPASSWD: ALL" >/etc/sudoers.d/${MY_USER}

COPY ${YAY_INSTALL_FILE} /home/${MY_USER}/yay_installs

RUN \
    chown ${MY_USER} /home/${MY_USER}/yay_installs

RUN \
    yes 'root' | passwd && \
    ssh-keygen -A && \
    sed -i "s/#Port 22/Port ${SSH_PORT}/" /etc/ssh/sshd_config

USER 1000

RUN \
    git clone https://aur.archlinux.org/yay.git /tmp/yay && \
    cd /tmp/yay && \
    makepkg -sif --noconfirm

RUN \
    curl https://git.sr.ht/~mapperr/dotfiles/blob/master/.bin/dff >$HOME/dff && \
    chmod u+x $HOME/dff

RUN \
    --mount=type=cache,target=/var/cache/pacman \
    --mount=type=cache,target=/home/${MY_USER}/.cache/yay,uid=1000,gid=1000 \
    cat /home/${MY_USER}/yay_installs && \
    yay --noconfirm -Sy  && \
    yay --noconfirm -S archlinux-keyring  && \
    yay --noconfirm -Su  && \
    yay --noconfirm -S $(cat /home/${MY_USER}/yay_installs)

EXPOSE ${SSH_PORT}
ENTRYPOINT ["sudo", "/usr/bin/sshd", "-D"]

A archlinux/game_installs => archlinux/game_installs +40 -0
@@ 0,0 1,40 @@
reflector
pacman-contrib
python
neovim
wget
nnn
rsync
atool
zip
unzip
sshfs
fuse
samba
cifs-utils
exa
fd
ripgrep
fzf
jq
httpie
croc
zsh
zsh-autosuggestions
zsh-completions
tmux
tre
duf
diff-so-fancy
bat
tldr
bpytop
sd
most
glances
python-docker
python-netifaces
pipewire
pipewire-alsa
alsa-utils
# AUR

A archlinux/provision.sh => archlinux/provision.sh +17 -0
@@ 0,0 1,17 @@
#! /bin/sh

if ! test -d ~/.dotfiles; then
  ./dff clone git@git.sr.ht:~mapperr/dotfiles
  ./dff checkout -f
  ./dff crypt unlock

  test -d ~/.dotfiles && test -r ~/dff && rm -f ~/dff
fi

if ! test -d ~/src/git.sr.ht/~mapperr/pass; then
  ~/.bin/gitw clone git@git.sr.ht:~mapperr/pass
  gopass config mounts.path ~/src/git.sr.ht/~mapperr/pass
fi

# misc
sudo chsh -s /bin/zsh $(whoami)

A archlinux/run.sh => archlinux/run.sh +80 -0
@@ 0,0 1,80 @@
#! /bin/sh

context="$1"
cmd="$2"

test -z "$context" && echo "$0 <context> <cmd>" && exit 1
test -z "$cmd" && echo "$0 <context> <cmd>" && exit 1

img_name="arch${context}"
cont_name="$img_name"
yay_install_file="${context}_installs"
test -z "$my_user" && my_user="arch"

ssh_port=$(string_to_port_number "$context")
test -z "$ssh_port" &&
    echo "error converting string to port number" &&
    echo "check that the function string_to_port_number is available" &&
    exit 1

if test "$cmd" = "build"; then
    docker build \
        --ulimit nofile=65536:65536 \
        --build-arg="MY_USER=${my_user}" \
        --build-arg="SSH_PORT=${ssh_port}" \
        --build-arg="YAY_INSTALL_FILE=${yay_install_file}" \
        -t $img_name  .

elif test "$cmd" = "setup"; then
    # --ulimit "nofile=1024:1048576" \
    # "restart no" due to failed remounting before wayland starts
    docker run -d \
        --name $cont_name \
        --restart no \
        --hostname $cont_name \
        --privileged \
        --net=host \
        --ipc=host \
        --ulimit "nofile=65536" \
        -v ~/mnt/$cont_name:/home/arch \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:/tmp/$WAYLAND_DISPLAY  \
        -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
        -e XDG_RUNTIME_DIR=/tmp \
        -e XDG_SESSION_TYPE=wayland \
        -e DISPLAY=$DISPLAY \
        -v /run/user/$(id -u)/pipewire-0:/tmp/pipewire-0 \
        -v /tmp/.X11-unix:/tmp/.X11-unix \
        --user=$(id -u):$(id -g) \
        $img_name

    echo "copying .ssh"
    docker cp ~/.ssh $cont_name:/home/${my_user}/
    echo "copying .gnupg"
    docker cp ~/.gnupg $cont_name:/home/${my_user}/
    echo "changing permissions"
    docker exec $cont_name sudo chown -R ${my_user}:${my_user} /home/${my_user}

    if test -r provision.sh; then
        echo "copying and executing common provision script"
        docker cp provision.sh $cont_name:/home/${my_user}/
        docker exec $cont_name sudo chown -R ${my_user}:${my_user} /home/${my_user}
        docker exec -it --user 1000 $cont_name sh /home/${my_user}/provision.sh
    fi
    provision_file="${context}_provision.sh"
    if test -r $provision_file; then
        echo "copying and executing ${context} provision script"
        docker cp $provision_file $cont_name:/home/${my_user}/
        docker exec $cont_name sudo chown -R ${my_user}:${my_user} /home/${my_user}
        docker exec -it --user 1000 $cont_name sh /home/${my_user}/$provision_file
    fi

elif test "$cmd" = "ssh"; then
    sshpass -p ${my_user} ssh -p $ssh_port ${my_user}@localhost
else
    echo "usage:
    $0 build
    $0 setup
    $0 ssh
    "
fi

A archlinux/work_installs => archlinux/work_installs +82 -0
@@ 0,0 1,82 @@
reflector
pacman-contrib
python
poetry
go
neovim
wget
entr
inotify-tools
pyright
nnn
rsync
atool
zip
unzip
sshfs
fuse
samba
cifs-utils
exa
fd
ripgrep
fzf
jq
httpie
croc
direnv
bc
shfmt
uncrustify
prettier
python-black
tidy
zsh
zsh-autosuggestions
zsh-completions
tmux
podman
podman-compose
cni-plugins
catatonit
aardvark-dns
docker
docker-compose
docker-buildx
bandwhich
tre
duf
diff-so-fancy
bat
tldr
bpytop
sd
most
glances
python-docker
python-netifaces
pandoc-cli
imagemagick
terraform
ansible
kubectl
k9s
nomad
consul
jdk-openjdk
jdk8-openjdk
jdk11-openjdk
jdk17-openjdk
pipewire
pipewire-alsa
alsa-utils
# AUR
usql
jdtls
ibmcloud-cli
azure-cli-bin
google-cloud-cli
google-cloud-cli-gke-gcloud-auth-plugin
# they compiles, are time-consuming
# python38
# python310

A archlinux/work_provision.sh => archlinux/work_provision.sh +6 -0
@@ 0,0 1,6 @@
#! /bin/sh

minpac_dir=$HOME/.config/nvim/pack/minpac/opt/minpac  && \
test -d $minpac_dir || git clone https://github.com/k-takata/minpac.git $minpac_dir  && \

sudo usermod -aG docker $(whoami)