tec3/ublue-forge
tec3/ublue-forge
1
0
Fork 0
mirror of https://github.com/ublue-os/forge.git synced 2025-04-26 16:24:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: create ssh key for automation tasks

Browse source 
includes refactoring for build process
This commit is contained in:
Stephan Lüscher 2023-05-04 15:02:05 +00:00
parent fe6e5d59f3
commit 717998b801
No known key found for this signature in database
GPG key ID: 445779060FF3D3CF
5 changed files with 50 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
forge-pod.yml
View file

@ -7,9 +7,9 @@ metadata:
spec:
restartPolicy: Always
volumes:
- name: ublue-os_forge-minica-pvc
- name: ublue-os_forge-certs-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-minica
claimName: ublue-os_forge-certs
- name: ublue-os_forge-registry-pvc
persistentVolumeClaim:
@ -28,7 +28,7 @@ spec:
cpu: 200m
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-minica-pvc
name: ublue-os_forge-certs-pvc
ports:
- containerPort: 443
hostPort: 443
@ -42,7 +42,7 @@ spec:
cpu: 200m
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-minica-pvc
name: ublue-os_forge-certs-pvc
subPath: _.ublue.local
- mountPath: /var/lib/registry
name: ublue-os_forge-registry-pvc
@ -59,12 +59,21 @@ spec:
volumeMounts:
- mountPath: /var/lib/semaphore
name: ublue-os_forge-semaphore-pvc
- mountPath: /certs
subPath: ssh
name: ublue-os_forge-certs-pvc
readOnly: true
ports:
- containerPort: 3000
protocol: TCP
- name: setup.ublue.local
image: setup
volumeMounts:
- mountPath: /certs
subPath: ssh
name: ublue-os_forge-certs-pvc
readOnly: true
resources:
limits:
memory: 512Mi
@ -75,4 +84,4 @@ spec:
image: minica
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-minica-pvc
name: ublue-os_forge-certs-pvc

11
minica/Containerfile
View file

@ -1,10 +1,13 @@
# Source Image
FROM docker.io/library/golang:1.20
# Copy script
WORKDIR /certs
COPY certificates.sh .
RUN chmod +x ./certificates.sh
# Install minica
RUN go install github.com/jsha/minica@latest
# Generate wildcard certificate
WORKDIR /certs
RUN minica --domains "*.ublue.local,ublue.local,localhost" \
--ip-addresses 127.0.0.1
# Container start command
CMD ["/certs/certificates.sh"]

21
minica/certificates.sh Normal file
View file

@ -0,0 +1,21 @@
#!/bin/sh
## Create SSH keys and certificates for uBlue-OS Forge
CERTIFICATE_DIRECTORY="/certs"
SSH_KEY_NAME="ublue-os_forge-id_ed25519"
TLS_ROOT_CERTIFICATE_NAME="ublue-os_forge-root"
if [ ! -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} ];
then
echo "uBlue Forge SSH key not present. Creating new key..."
mkdir ${CERTIFICATE_DIRECTORY}/ssh -p
mkdir ${CERTIFICATE_DIRECTORY}/tls -p
# Generate SSH key
ssh-keygen -o -a 100 -t ed25519 -f ${CERTIFICATE_DIRECTORY}/ssh/${SSH_KEY_NAME} -C "forge@ublue.local"
else
echo "Existing uBlue Forge SSH key found. Nothing to do..."
fi
# Creating TLS certificates
echo "Creating / Updating TLS certificate..."
minica --domains "*.ublue.local,ublue.local,localhost" --ip-addresses 127.0.0.1 -ca-cert "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}.pem" -ca-key "${CERTIFICATE_DIRECTORY}/tls/${TLS_ROOT_CERTIFICATE_NAME}-key.pem"

2
rvproxy/Caddyfile
View file

@ -16,7 +16,7 @@
reverse_proxy ublue-os_forge-registry.ublue.local:5000 {
transport http {
tls
tls_trusted_ca_certs /certs/minica.pem
tls_trusted_ca_certs /certs/tls/ublue-os_forge-root.pem
}
}
}

14
setup/Containerfile
View file

@ -1,11 +1,11 @@
# Source Image
FROM docker.io/library/python:alpine3.17
# Install forge setup project
COPY ./ansible /ansible
RUN pip3 install -r /ansible/requirements.txt
RUN chmod +x /ansible/startup.sh
# Run starup script
# Install ansible setup project
WORKDIR /ansible
CMD ["./startup.sh"]
COPY ./ansible .
RUN pip3 install -r ./requirements.txt
RUN chmod +x ./startup.sh
# Container start command
CMD ["/ansible/startup.sh"]