1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/sh
CONTAINER_NAME='alpine-builds'
VERSION='3.15'
REPO_NAME='tardypad'
KEY_DIR="$1"
lxc launch "images:alpine/${VERSION}" "${CONTAINER_NAME}"
# wait for network
sleep 2
cat << EOF | lxc exec "${CONTAINER_NAME}" -- /bin/sh
apk add alpine-sdk doas
adduser -D damien
adduser damien abuild
echo 'permit nopass damien' > /etc/doas.d/doas.conf
echo '/home/damien/packages/${REPO_NAME}' >> /etc/apk/repositories
EOF
if [ -n "${KEY_DIR}" ]; then
# configure the signing key
lxc file push -p "${KEY_DIR}"/damien-6220f8bc.rsa* "${CONTAINER_NAME}"/home/damien/.abuild/
cat <<- EOF | lxc exec "${CONTAINER_NAME}" -- /bin/sh
echo 'PACKAGER_PRIVKEY="/home/damien/.abuild/damien-6220f8bc.rsa"' > /home/damien/.abuild/abuild.conf
cp /home/damien/.abuild/damien-6220f8bc.rsa.pub /etc/apk/keys/
EOF
else
# generate the signing key
lxc exec "${CONTAINER_NAME}" --env SUDO=doas -- su -c 'abuild-keygen -ain' damien
# save signing key on host for backup
(
cd "${XDG_DESKTOP_DIR:-$HOME/Desktop}" || exit 1
lxc file pull -r "${CONTAINER_NAME}/home/damien/.abuild" .
mv .abuild/damien* .
rm -rf .abuild
)
fi
# share builds folder with rw permissions
lxc config device add "${CONTAINER_NAME}" builds disk \
source="$( project-path repo alpine-system )/builds" \
path="/home/damien/${REPO_NAME}"
lxc config set "${CONTAINER_NAME}" raw.idmap='both 1000 1000'
# share SSH agent
lxc config device add "${CONTAINER_NAME}" ssh-agent proxy \
"connect=unix:$( echo "${SSH_AUTH_SOCK}" | cut -f2 -d= )" \
listen=unix:/home/damien/.ssh-agent.sock \
bind=container \
uid=1000 \
gid=1000 \
mode=0600 \
security.uid=1000 \
security.gid=1000
# rsync usage to chestnut
cat << EOF | lxc exec "${CONTAINER_NAME}" -- /bin/sh
apk add openssh rsync
echo 'export SSH_AUTH_SOCK=/home/damien/.ssh-agent.sock' > /home/damien/.profile
chown damien:damien /home/damien/.profile
mkdir /home/damien/.ssh
cat <<- EOF2 > /home/damien/.ssh/config
Host chestnut
Hostname tardypad.me
User damien
Port 11235
EOF2
chown -R damien:damien /home/damien/.ssh
EOF
lxc restart "${CONTAINER_NAME}"