From 696f6b188d2efc49b774cee7f93ddfda7d326de3 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Wed, 26 Nov 2025 21:13:07 +0200 Subject: [PATCH] feat: an approach to common files --- .gitignore | 4 ++ README.md | 8 ++++ common/etc/apk/repositories | 2 + common/etc/ssh/sshd_config.makeimg.patch | 11 +++++ common/root/.ssh/authorized_keys | 1 + justfile | 57 ++++++++++++++++++++++-- sqmeta/keys | 1 + sqmeta/repositories | 1 + 8 files changed, 81 insertions(+), 4 deletions(-) create mode 100644 README.md create mode 100644 common/etc/apk/repositories create mode 100644 common/etc/ssh/sshd_config.makeimg.patch create mode 100644 common/root/.ssh/authorized_keys create mode 120000 sqmeta/keys create mode 120000 sqmeta/repositories diff --git a/.gitignore b/.gitignore index 29963da..dceaa2a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ /.direnv/ + +/common/etc/apk/keys/ + +*.img diff --git a/README.md b/README.md new file mode 100644 index 0000000..3e621f8 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# src.quest anemos infra + +## Common files +`./common/` contains files that are common to all hosts, they can be copied to +host directories with `just merge-with-common` and can be removed with +`just remove-common`. + +These steps are done automatically during build steps. diff --git a/common/etc/apk/repositories b/common/etc/apk/repositories new file mode 100644 index 0000000..02a7842 --- /dev/null +++ b/common/etc/apk/repositories @@ -0,0 +1,2 @@ +https://dl-cdn.alpinelinux.org/alpine/v3.22/main +https://dl-cdn.alpinelinux.org/alpine/v3.22/community diff --git a/common/etc/ssh/sshd_config.makeimg.patch b/common/etc/ssh/sshd_config.makeimg.patch new file mode 100644 index 0000000..ec8e46e --- /dev/null +++ b/common/etc/ssh/sshd_config.makeimg.patch @@ -0,0 +1,11 @@ +--- sshd_config ++++ sshd_config +@@ -58,7 +58,7 @@ + #IgnoreRhosts yes + + # To disable tunneled clear text passwords, change to "no" here! +-#PasswordAuthentication yes ++PasswordAuthentication no + #PermitEmptyPasswords no + + # Change to "no" to disable keyboard-interactive authentication. Depending on diff --git a/common/root/.ssh/authorized_keys b/common/root/.ssh/authorized_keys new file mode 100644 index 0000000..7c9144e --- /dev/null +++ b/common/root/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com diff --git a/justfile b/justfile index 5acd4cb..d6afc27 100644 --- a/justfile +++ b/justfile @@ -9,6 +9,24 @@ host-dir-exists host: exit 1 fi +# Remove common files from host +remove-common host: (host-dir-exists host) + #!/usr/bin/env sh + prefix="./common/" + for file in $(find ./common/ -type f); do + path=${file#$"$prefix"} + rm -f "./{{host}}/files/$path" + done + +# Merge common files into host directory +merge-with-common host: (host-dir-exists host) + cp --archive --force ./common/. ./{{host}}/files/ + +# Remove build artifacts +remove-artifacts host: (host-dir-exists host) + rm -f "./{{host}}/{{host}}.img" + rm -f "./{{host}}/{{host}}.packages" + # Check host reachability via ping host-reachable host: (host-dir-exists host) #!/usr/bin/env sh @@ -19,12 +37,43 @@ host-reachable host: (host-dir-exists host) fi # Test the IMGBUILD by building an image -test host: (host-dir-exists host) +test host: (host-dir-exists host) (merge-with-common host) && (remove-common host) (remove-artifacts host) #!/usr/bin/env sh cd ./{{host}} sudo makeimg --format "raw 4g msdos ext4" get-anemos host: (host-reachable host) - #!/usr/bin/env/sh - address=$(cat ./{{host}}/ADDRESS) - ssh root@$address wget https://git.sr.ht/~bitfehler/anemos-cli/blob/master/anemos + ssh root@$(cat ./{{host}}/ADDRESS) wget https://git.sr.ht/~bitfehler/anemos-cli/blob/master/anemos + +# Download alpine linux keys +alpine-keys: + #!/usr/bin/env sh + mkdir -p common/etc/apk/keys + cd common/etc/apk/keys + + # Copy the names unser APKBUILD from here: + # https://git.alpinelinux.org/aports/plain/main/alpine-keys + keys=" + alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub + alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub + alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub + alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub + alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub + alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub + alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub + alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub + alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub + alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub + alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub + alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub + alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub + alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub + alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub + alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub + alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub + alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub + " + + for key in $keys; do + curl -O "https://git.alpinelinux.org/aports/plain/main/alpine-keys/${key}" + done diff --git a/sqmeta/keys b/sqmeta/keys new file mode 120000 index 0000000..bc8f321 --- /dev/null +++ b/sqmeta/keys @@ -0,0 +1 @@ +files/etc/apk/keys \ No newline at end of file diff --git a/sqmeta/repositories b/sqmeta/repositories new file mode 120000 index 0000000..8ecfe62 --- /dev/null +++ b/sqmeta/repositories @@ -0,0 +1 @@ +files/etc/apk/repositories \ No newline at end of file -- 2.44.1