public
/
stack
5
0
Fork 0
Code Issues 4 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: public:32697576a0e092c361dffa58b27adb89de327f30
Branches Tags
public:main
public:drgrove/radicale
public:ryansquared/use-stagex-bins
public:anton/radicale/add-user
public:drgrove/k8s-container-fixes
public:test/make-plan
public:add-anton-pgp-key
public:feat/nextcloud
public:add-anton-pgp
public:ryansquared/toolchain-go-1.20.4
..
compare: public:3175f2c96d10c7245eb41187dd303dba6d0d8576
Branches Tags
public:main
public:drgrove/radicale
public:ryansquared/use-stagex-bins
public:anton/radicale/add-user
public:drgrove/k8s-container-fixes
public:test/make-plan
public:add-anton-pgp-key
public:feat/nextcloud
public:add-anton-pgp
public:ryansquared/toolchain-go-1.20.4

2 Commits
32697576a0 ... 3175f2c96d

Author SHA1 Message Date
Danny Grove 3175f2c96d
Upgrade k8s CLIs, make alias functions the decrypt secerts on the fly 2025-07-14 23:21:11 -07:00
Danny Grove 6c19aed9aa
Pass in gpg agent and socket to user, add stack repo to container 2025-07-14 23:19:55 -07:00
3 changed files with 30 additions and 17 deletions
Show Stats Expand all files Collapse all files

3
.bashrc Normal file
View File

@ -0,0 +1,3 @@
alias k9s='sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/k9s"'
alias kubectl='function _kubectl(){ sops exec-file --no-fifo ~/stack/secrets/production.kubeconfig "KUBECONFIG={} /usr/bin/kubectl $@"; };_kubectl'
alias talosctl='function _talosctl(){ sops exec-file --no-fifo ~/stack/secrets/production.talosconfig "TALOSCONFIG={} /usr/bin/talosctl $@"; };_talosctl'

27
Containerfile.tools
View File

@ -13,13 +13,15 @@ FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a203218
FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl
FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize
FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops
FROM drgrove/kubectl:1.33.2 AS user-kubectl
FROM drgrove/kustomize:5.7.0 AS user-kustomize
FROM drgrove/kustomize-sops:4.3.3 AS user-kustomize-sops
FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
FROM stagex/user-k9s@sha256:eff325c4d000358b2f6ed0f63d61fcea8f98c081395437d0003e7429e0c334b4 AS user-k9s
FROM drgrove/k9s:0.50.7 AS user-k9s
FROM stagex/core-bash@sha256:a4601014df6ed004e0a81f65159b7f9dbdaec73db679ddef338b58ac4b85f0da AS core-bash
FROM scratch
FROM stagex/core-filesystem
COPY --from=core-bash . /
COPY --from=core-busybox . /
COPY --from=core-musl . /
COPY --from=core-ca-certificates . /
@ -35,11 +37,16 @@ COPY --from=user-sops . /
COPY --from=user-talosctl . /
COPY --from=user-kubectl . /
COPY --from=user-kustomize . /
COPY --from=user-kustomize-sops . /
COPY --from=user-kustomize-sops . /
COPY --from=user-sops . /
COPY --from=user-helm . /
COPY --from=user-k9s . /
RUN mkdir -p /root/.gnupg
RUN chmod 0700 /root/.gnupg
USER 0
RUN \
mkdir -p /run/user/1000/ \
&& chown 1000:1000 -R /run/user/1000/ \
&& chown 1000:1000 -R /home/user/
USER 1000
ENV PS1="[stack] $ "
ENV KUSTOMIZE_PLUGIN_HOME=/usr/lib/kustomize/plugins/
WORKDIR /home/user/

17
Makefile
View File

@ -20,7 +20,6 @@ EXTRA_ARGS :=
.DEFAULT_GOAL :=
.PHONY: default
default: \
toolchain \
tools \
apply
@ -28,13 +27,16 @@ default: \
clean:
rm -rf $(CACHE_DIR)
out:
mkdir out
.PHONY: update-tools
update-tools:
./src/make/update.sh
.PHONY: shell
shell: out/tools-image.digest
$(call run-container, -v ./secrets:/secrets, $(shell cat $<), bin/sh)
$(call run-container, -v $${PWD}:/home/user/stack:rw, $(shell cat $<), /bin/bash)
.PHONY: credentials
credentials: \
@ -137,11 +139,12 @@ GPG_TTY ?= $(shell tty)
define run-container
docker run -it $(1) \
-e GPG_TTY="$(GPG_TTY)" \
-v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg/S.gpg-agent:ro \
-v $(shell gpgconf --list-dirs homedir):/root/.gnupg:rw \
$(2) \
$(3)
-v $$PWD/.bashrc:/home/user/.bashrc:ro \
-v $(shell gpgconf --list-dirs socketdir)/:/run/user/1000/gnupg/:ro \
-v $(shell gpgconf --list-dirs homedir):/home/user/.gnupg:rw \
-e SSH_AUTH_SOCK=/run/user/1000/gnupg/$(shell basename $(shell gpgconf --list-dirs agent-ssh-socket)) \
--entrypoint $(3) \
$(2)
endef
.PHONY: plan