-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.tmpl
373 lines (324 loc) · 12.6 KB
/
Dockerfile.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
########
# Base #
########
FROM debian:bookworm-slim
ARG DEBIAN_FRONTEND="noninteractive"
ARG MANALA_USER_ID="1000"
ARG MANALA_GROUP_ID="1000"
ARG GOMPLATE_VERSION="3.11.7"
ARG DIRENV_VERSION="2.33.0"
# The 'container' environment variable tells systemd that it's running inside a
# Docker container environment.
# It's also internally used for checking we're running inside a container.
ENV container="docker"
# Default locale
ENV LANG C.UTF-8
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN \
apt-get --quiet update \
&& apt-get --quiet --yes --purge --autoremove upgrade \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
s6 \
sudo \
curl \
ca-certificates \
gnupg \
libarchive-tools bzip2 \
bash-completion \
rsync \
git \
make \
less \
vim \
socat \
# User
&& addgroup --gid ${MANALA_GROUP_ID} lazy \
&& adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \
&& install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \
&& echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \
# Gomplate
&& curl -sSL "https://github.com/hairyhenderson/gomplate/releases/download/v${GOMPLATE_VERSION}/gomplate_linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
--output /usr/local/bin/gomplate \
&& chmod +x /usr/local/bin/gomplate \
# Direnv
&& curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
--output /usr/local/bin/direnv \
&& chmod +x /usr/local/bin/direnv \
# Bash completion
&& install --verbose --mode 0755 --directory /etc/bash_completion.d \
# Oh My Bash
&& git clone https://github.com/ohmybash/oh-my-bash.git /usr/local/share/oh-my-bash \
# Clean
&& rm -rf /var/lib/apt/lists/*
##########
# System #
##########
ARG PIPX_HOME="/usr/local/pipx"
ARG PIPX_BIN_DIR="/usr/local/bin"
ARG VIM_GNUPG_VERSION="2.7.1"
{{ $apt := .Vars.system.apt -}}
RUN \
apt-get --quiet update \
{{- if $apt.packages }}
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
{{- range $package := $apt.packages }}
{{ $package }} \
{{- end }}
{{- end }}
# Vim Gnupg
&& install --verbose --mode 0755 --directory /usr/share/vim/vimfiles/pack/plugins/start/vim-gnupg \
&& curl -sSL https://github.com/jamessan/vim-gnupg/releases/download/v${VIM_GNUPG_VERSION}/vim-gnupg-v${VIM_GNUPG_VERSION}.tar.gz \
| bsdtar -xvf - -C /usr/share/vim/vimfiles/pack/plugins/start/vim-gnupg --strip-components=1 vim-gnupg-${VIM_GNUPG_VERSION} \
&& echo "let g:GPGPreferSymmetric = 1" >> /etc/vim/vimrc \
# Clean
&& rm -rf /var/lib/apt/lists/*
{{ if .Vars.system.docker -}}
# Docker
RUN \
curl -sSL https://download.docker.com/linux/debian/gpg \
--output /etc/apt/keyrings/docker.asc \
&& printf "\
Types: deb\n\
URIs: https://download.docker.com/linux/debian\n\
Suites: {{ include "os_release" "VERSION_CODENAME" }}\n\
Components: stable\n\
Signed-By: /etc/apt/keyrings/docker.asc\n\
" > /etc/apt/sources.list.d/docker.sources \
&& apt-get --quiet update \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
docker-ce-cli \
# Clean
&& rm -rf /var/lib/apt/lists/*
{{ end -}}
{{ $goss := .Vars.system.goss -}}
{{ if $goss.version -}}
# Goss
RUN \
curl -sSL "https://github.com/goss-org/goss/releases/download/v{{ $goss.version }}/goss-linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
--output /usr/local/bin/goss \
&& chmod +x /usr/local/bin/goss
{{ end -}}
# Kubectl
{{ $kubectl := .Vars.system.kubectl -}}
RUN \
curl -sSL "https://storage.googleapis.com/kubernetes-release/release/v{{ $kubectl.version }}/bin/linux/{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}/kubectl" \
--output /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl \
# Bash completion
&& kubectl completion bash > /etc/bash_completion.d/kubectl \
# Bash aliases
&& printf "\
alias k='kubectl'\n\
complete -F __start_kubectl k\n\
" > /etc/profile.d/kubectl.sh
{{ $helm := .Vars.system.helm -}}
{{ if $helm.version -}}
# Helm
ENV HELM_PLUGINS="/usr/local/share/helm/plugins"
RUN \
curl -sSL "https://get.helm.sh/helm-v{{ $helm.version }}-linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.tar.gz" \
| bsdtar -xvf - -C /usr/local/bin --strip-components=1 "linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}/helm" \
# Bash completion
&& helm completion bash > /etc/bash_completion.d/helm \
# Bash aliases
&& printf "\
alias h='helm'\n\
complete -F __start_helm h\n\
" > /etc/profile.d/helm.sh
{{- if $helm.plugins }} \
# Plugins
{{- range $i, $plugin := $helm.plugins }}
&& helm plugin install
{{- if hasKey $plugin "url" }} {{ $plugin.url }}{{ end -}}
{{- if hasKey $plugin "path" }} {{ $plugin.path }}{{ end -}}
{{- if hasKey $plugin "version" }} --version {{ $plugin.version }}{{ end -}}
{{- if ne $i (sub (len $helm.plugins) 1) }} \{{ end -}}
{{- end }}
{{- end }}
{{ end -}}
{{ $helmfile := .Vars.system.helmfile -}}
{{ if $helmfile.version -}}
# Helmfile
ENV HELMFILE_UPGRADE_NOTICE_DISABLED="1"
RUN \
curl -sSL "https://github.com/helmfile/helmfile/releases/download/v{{ $helmfile.version }}/helmfile_{{ $helmfile.version }}_linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.tar.gz" \
| bsdtar -xvf - -C /usr/local/bin helmfile \
# Bash completion
&& helmfile completion bash > /etc/bash_completion.d/helmfile \
# Bash aliases
&& printf "\
alias hf='helmfile'\n\
complete -F __start_helmfile hf\n\
alias hfi='helmfile --interactive'\n\
complete -F __start_helmfile hfi\n\
" > /etc/profile.d/helmfile.sh
{{ end -}}
{{ $k9s := .Vars.system.k9s -}}
{{ if $k9s.version -}}
# K9s
RUN \
curl -sSL "https://github.com/derailed/k9s/releases/download/v{{ $k9s.version }}/k9s_Linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.tar.gz" \
| bsdtar -xvf - -C /usr/local/bin k9s
{{ end -}}
{{ $stern := .Vars.system.stern -}}
{{ if $stern.version -}}
# Stern
RUN \
curl -sSL "https://github.com/stern/stern/releases/download/v{{ $stern.version }}/stern_{{ $stern.version }}_linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.tar.gz" \
| bsdtar -xvf - -C /usr/local/bin stern \
# Bash completion
&& stern --completion=bash > /etc/bash_completion.d/stern
{{ end -}}
{{ $kubePrompt := index .Vars.system "kube-prompt" -}}
{{ if $kubePrompt.version -}}
# Kube Prompt
RUN \
curl -sSL "https://github.com/c-bata/kube-prompt/releases/download/v{{ $kubePrompt.version }}/kube-prompt_v{{ $kubePrompt.version }}_linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.zip" \
| bsdtar -xvf - -C /usr/local/bin \
&& chmod +x /usr/local/bin/kube-prompt
{{ end -}}
{{ $popeye := .Vars.system.popeye -}}
{{ if $popeye.version -}}
# Popeye
RUN \
curl -sSL "https://github.com/derailed/popeye/releases/download/v{{ $popeye.version }}/popeye_Linux_{{ include "arch_map" (dict "amd64" "x86_64" "arm64" "arm64") }}.tar.gz" \
| bsdtar -xvf - -C /usr/local/bin popeye
{{ end -}}
{{ $knsk := .Vars.system.knsk -}}
{{ if $knsk.version -}}
# Knsk
RUN \
curl -sSL https://github.com/thyarles/knsk/archive/refs/tags/v{{ $knsk.version }}.tar.gz \
| bsdtar -xvf - -C /usr/local/bin --strip-components=1 knsk-{{ $knsk.version }}/knsk.sh
{{ end -}}
{{ $vault := .Vars.system.vault -}}
{{ if $vault.version -}}
# Vault
RUN \
curl -sSL "https://releases.hashicorp.com/vault/{{ $vault.version }}/vault_{{ $vault.version }}_linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.zip" \
| bsdtar -xvf - -C /usr/local/bin \
&& chmod +x /usr/local/bin/vault \
# Bash completion
&& echo "complete -C /usr/local/bin/vault vault" > /etc/bash_completion.d/vault
{{ end -}}
{{ $rclone := .Vars.system.rclone -}}
{{ if $rclone.version -}}
# Rclone
RUN \
curl -sSL "https://downloads.rclone.org/v{{ $rclone.version }}/rclone-v{{ $rclone.version }}-linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}.zip" \
| bsdtar -xvf - -C /usr/local/bin --strip-components=1 "rclone-v{{ $rclone.version }}-linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}/rclone" \
&& chmod +x /usr/local/bin/rclone \
# Bash completion
&& rclone genautocomplete bash /etc/bash_completion.d/rclone
{{ end -}}
{{ $openstack := .Vars.system.openstack -}}
{{ if $openstack.version -}}
# Openstack
RUN \
BUILD_PACKAGES=( \
pipx \
libpython3-dev gcc \
) \
&& apt-get --quiet update \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
python3 \
"${BUILD_PACKAGES[@]}" \
&& pipx install \
python-openstackclient=={{ $openstack.version }} \
# Bash completion
&& openstack complete > /etc/bash_completion.d/openstack \
# Clean
&& apt-get --quiet --yes --autoremove purge \
"${BUILD_PACKAGES[@]}" \
&& rm -rf /var/lib/apt/lists/*
{{ end -}}
{{ $swift := .Vars.system.swift -}}
{{ if $swift.version -}}
# Swift
RUN \
BUILD_PACKAGES=( \
pipx \
libpython3-dev gcc \
) \
&& apt-get --quiet update \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
python3 \
"${BUILD_PACKAGES[@]}" \
&& pipx install \
python-swiftclient=={{ $swift.version }} \
{{ if $swift.keystone.version -}}
&& pipx inject python-swiftclient \
python-keystoneclient=={{ $swift.keystone.version }} \
{{ end -}}
# Clean
&& apt-get --quiet --yes --autoremove purge \
"${BUILD_PACKAGES[@]}" \
&& rm -rf /var/lib/apt/lists/*
{{ end -}}
{{ $scw := .Vars.system.scw -}}
{{ if $scw.version -}}
# Scaleway cli
RUN \
curl -sSL "https://github.com/scaleway/scaleway-cli/releases/download/v{{ $scw.version }}/scaleway-cli_{{ $scw.version }}_linux_{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
--output /usr/local/bin/scw \
&& chmod +x /usr/local/bin/scw \
# Bash completion
&& scw autocomplete script shell=/bin/bash > /etc/bash_completion.d/scw
{{ end -}}
{{ $sops := .Vars.system.sops -}}
{{ if $sops.version -}}
# Sops
RUN \
curl -sSL "https://github.com/mozilla/sops/releases/download/v{{ $sops.version }}/sops-v{{ $sops.version }}.linux.{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
--output /usr/local/bin/sops \
&& chmod +x /usr/local/bin/sops
{{ end -}}
{{ $aws := .Vars.system.aws -}}
{{ if $aws.version -}}
# AWS cli
RUN \
apt-get --quiet update \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
groff \
&& curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-{{ include "arch_map" (dict "amd64" "x86_64" "arm64" "aarch64") }}-{{ $aws.version }}.zip" \
--output aws.zip \
&& bsdtar -xvf aws.zip \
&& aws/install \
--install-dir /usr/local/aws-cli \
--bin-dir /usr/local/bin \
&& rm -rf aws* \
# Bash completion
&& echo "complete -C /usr/local/bin/aws_completer aws" > /etc/bash_completion.d/aws \
# Clean
&& rm -rf /var/lib/apt/lists/*
{{ end -}}
{{ $gcloud := .Vars.system.gcloud -}}
{{ if $gcloud.version -}}
# Google Cloud cli
ENV PATH="/usr/local/google-cloud-sdk/bin:${PATH}"
ENV CLOUDSDK_CORE_DISABLE_USAGE_REPORTING="1"
ENV CLOUDSDK_COMPONENT_MANAGER_DISABLE_UPDATE_CHECK="1"
RUN \
apt-get --quiet update \
&& apt-get --quiet --yes --no-install-recommends --verbose-versions install \
python3 \
&& curl -sSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-{{ $gcloud.version }}-linux-{{ include "arch_map" (dict "amd64" "x86_64" "arm64" "arm") }}.tar.gz" \
| bsdtar -xf - -C /usr/local \
# Profile
&& touch /etc/profile.d/gcloud.sh \
&& /usr/local/google-cloud-sdk/install.sh \
--rc-path /etc/profile.d/gcloud.sh \
--command-completion true \
--path-update true \
{{- if $gcloud.components }}
--additional-components {{ $gcloud.components | join " " }} \
{{- end }}
--quiet \
&& rm -rf /etc/profile.d/gcloud.sh.backup \
# Clean
&& rm -rf /var/lib/apt/lists/*
{{ end -}}
# Run
COPY docker/entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
CMD ["bash"]