chore: Merge pull request #6 from ublue-os/tepene/getting-started

getting started

.devcontainer/devcontainer.json

@@ -0,0 +1,77 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/alpine
+{
+  "name": "ublue-os/forge",
+  // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+  "image": "mcr.microsoft.com/devcontainers/base:alpine-3.17",
+
+  // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  "remoteUser": "vscode",
+  // podman needs this
+  "containerUser": "vscode",
+  "runArgs": [
+    // run container as current user
+    "--userns=keep-id",
+    // disable selinux isolation that breaks bind mounts
+    "--security-opt=label=disable"
+  ],
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
+
+  // Mounts from host system
+  "mounts": [
+    "source=/run/user/${localEnv:UID:1000}/podman/podman.sock,target=/run/podman/podman.sock,type=bind"
+  ],
+
+  // Install DevTools
+  "postCreateCommand": "bash ./.devcontainer/install-dev-tools.sh",
+  // Configure tool-specific properties.
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "terminal.integrated.profiles.linux": {
+          "zsh": {
+            "path": "zsh",
+            "args": ["-l"]
+          }
+        },
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.automation.linux": "zsh",
+        "terminal.integrated.automationProfile.linux": { "path": "zsh" },
+        "editor.suggestSelection": "first",
+        "editor.defaultFormatter": "esbenp.prettier-vscode",
+        "editor.formatOnSave": true,
+        "editor.formatOnPaste": true,
+        "cSpell.customDictionaries": {
+          "project-words": {
+            "name": "custom-dictionary",
+            "path": "${workspaceFolder}/.vscode/cspell_custom.txt",
+            "description": "Words used in this project",
+            "addWords": true
+          },
+          "custom": true,
+          "internal-terms": false
+        },
+        "docker.host": "unix:///run/podman/podman.sock",
+        "peacock.affectActivityBar": false,
+        "peacock.affectStatusBar": true,
+        "peacock.affectTitleBar": false,
+        "peacock.surpriseMeOnStartup": false
+      },
+      "extensions": [
+        "bungcip.better-toml",
+        "DavidAnson.vscode-markdownlint",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github",
+        "Gruntfuggly.todo-tree",
+        "kokakiwi.vscode-just",
+        "ms-azuretools.vscode-docker",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "nico-castell.linux-desktop-file",
+        "redhat.vscode-yaml",
+        "shakram02.bash-beautify",
+        "streetsidesoftware.code-spell-checker"
+      ]
+    }
+  }
+}

.devcontainer/forge.code-workspace

@@ -0,0 +1,19 @@
+{
+  "folders": [
+    {
+      "path": ".."
+    }
+  ],
+  "settings": {
+    "workbench.colorCustomizations": {
+      "sash.hoverBorder": "#7cb9e3",
+      "statusBar.background": "#52a2da",
+      "statusBarItem.hoverBackground": "#2c8bcd",
+      "statusBarItem.remoteBackground": "#52a2da",
+      "statusBar.foreground": "#15202b",
+      "statusBarItem.remoteForeground": "#15202b"
+    },
+    "peacock.remoteColor": "#52a2da",
+    "cSpell.enableFiletypes": ["shellscript"]
+  }
+}

.devcontainer/install-dev-tools.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+cat <<EOM
+install-dev-tools.sh
+=============================================
+This script customizes the devcontainer setup
+=============================================
+EOM
+# Bash colors
+RED="\e[31m"
+YELLOW="\e[33m"
+GREEN="\e[32m"
+ENDCOLOR="\e[0m"
+
+## Update system
+echo ""
+echo -e "${YELLOW}Updating OS${ENDCOLOR}"
+echo ""
+sudo apk update && sudo apk upgrade
+
+## Install additional tools
+echo ""
+echo -e "${YELLOW}Installing additional tools${ENDCOLOR}"
+echo ""
+sudo apk add git-extras --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing
+
+## Install podman remote
+echo ""
+echo -e "${YELLOW}Installing podman-remote${ENDCOLOR}"
+echo ""
+PODMAN_SOURCE=https://github.com/containers/podman/releases/download/v4.4.4/podman-remote-static-linux_amd64.tar.gz
+PODMAN_TMP=/tmp/podman.tar.gz
+wget -O $PODMAN_TMP $PODMAN_SOURCE
+sudo tar -xf $PODMAN_TMP -C /tmp
+sudo mv /tmp/bin/podman-remote-static-linux_amd64 /usr/bin/podman
+podman system connection add devcontainer_host unix:///run/podman/podman.sock
+sudo rm -rf /tmp/bin
+
+# Add git commit template
+echo ""
+echo -e "${YELLOW}Configuring git${ENDCOLOR}"
+echo ""
+git config --local commit.template .gitmessage
+
+# Finish
+echo ""
+echo -e "${GREEN}Done. Happy coding!${ENDCOLOR}"
+echo ""

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/conventional-commits.yml

@@ -0,0 +1,15 @@
+name: Conventional Commits
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: webiny/action-conventional-commits@v1.1.0

.github/workflows/release-please.yml

@@ -0,0 +1,25 @@
+name: release-please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      releases_created: ${{ steps.release-please.outputs.releases_created }}
+      tag: ${{ steps.release-please.outputs.tag_name }}
+      upload_url: ${{ steps.release-please.outputs.upload_url }}
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        with:
+          release-type: simple
+          package-name: release-please-action
+          prerelease: true
+          bump-minor-pre-major: true

.gitmessage

@@ -0,0 +1,19 @@
+<type>(optional scope): <description>
+
+[optional body]
+
+[optional footer(s)]
+
+####
+# Allowed <type> values
+# ---------------------
+# feat: –> A new feature
+# fix: –> Fixed a bug
+# refactor: –> A code change that's not mainly a bug or new feature
+# docs: –> Documentation only changes
+# style: –> Changes to styling like white space, formatting, semi-colons)
+# chore: –> Other changes that don't modify src or test files
+# ci: –> Changes made to the CI configuration like Travis, Circle, Actions
+# revert: –> Revert a previous commit
+# test: –> Add or fix tests
+####

.markdownlint.json

@@ -0,0 +1,3 @@
+{
+  "MD024": { "allow_different_nesting": true }
+}

.prettierignore

@@ -0,0 +1,3 @@
+# Created by https://github.com/google-github-actions/release-please-action
+CHANGELOG.md
+version.txt

.prettierrc

@@ -0,0 +1,3 @@
+{
+  "tabWidth": 2
+}

.vscode/cspell_custom.txt

@@ -0,0 +1,3 @@
+devcontainer
+minica
+ublue

.vscode/tasks.json

@@ -0,0 +1,39 @@
+{
+  // See https://go.microsoft.com/fwlink/?LinkId=733558
+  // for the documentation about the tasks.json format
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Git: Fetch upstream",
+      "type": "shell",
+      "command": "git fetch upstream",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Merge from upstream",
+      "type": "shell",
+      "command": "git merge --no-ff --no-commit upstream/main",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Delete merged branches",
+      "type": "shell",
+      "command": "git delete-merged-branches",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Prune remote",
+      "type": "shell",
+      "command": "git remote prune origin",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    }
+  ]
+}

README.md

@@ -1,22 +1,39 @@
 # forge
+
 On-premises Universal Blue
 
-This repo is intended to provide the service units necessary to set up a self-hosted OS forge for custom images.
+This repo is intended to provide the service units necessary to set up a
+self-hosted OS forge for custom images.
+
+## Vision
 
 Imagine something like a home lab or a university lab:
 
 1. Deploy forge
-2. Go into the webui, clone in your favorite uBlue repo and make changes
-3. Forge automatically starts to build and images
+2. Go into the WebUI, clone in your favorite uBlue repo and make changes
+3. Forge automatically starts to build the images
 4. PXE boot the clients, select ublue in the menu
 5. Eat tacos
 6. Return to a fully deployed lab with centralized package management
 
-### Components
+## What we have so far
 
-We need:
+We are still working on making the vision a reality. The following has been
+implemented so far:
 
-- webui git frontend to replicate "self hosted ublue" 
-- a registry
-- a certificate authority
-- wireguard configs for all of it so people can self host their own personal mirror
+### Certificate Authority
+
+We use a [Minica](https://github.com/jsha/minica) as simple CA to generate a
+key pair and a root certificate for `*.ublue.local`. The wildcard certificate is
+then made available to all other components and are valid for 2 years and 30 days.
+
+### Container Registry
+
+As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/)
+implementation for storing and distributing container images
+
+The container registry is available at `registry.ublue.local:9001`
+
+## Firing Up the Forge
+
+To heat up the forge run `podman play kube forge-pod.yml --build`.

forge-pod.yml

@@ -0,0 +1,38 @@
+# uBlue-OS forge podman deployment
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ublue-os_forge
+spec:
+  restartPolicy: Always
+  volumes:
+    - name: ublue-os_forge-minica-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-minica
+    - name: ublue-os_forge-registry-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-registry
+  containers:
+    - name: registry.ublue.local
+      image: registry
+      resources:
+        limits:
+          memory: 512Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+          subPath: _.ublue.local
+        - mountPath: /var/lib/registry
+          name: ublue-os_forge-registry-pvc
+      ports:
+        - containerPort: 5000
+          hostPort: 9001
+          protocol: TCP
+  initContainers:
+    - name: minica.ublue.local
+      image: minica
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc

minica/Containerfile

@@ -0,0 +1,10 @@
+# Source Image
+FROM docker.io/library/golang:1.20
+
+# Install minica
+RUN go install github.com/jsha/minica@latest
+
+# Generate wildcard certificate
+WORKDIR /certs
+RUN minica --domains "*.ublue.local,ublue.local,localhost" \
+    --ip-addresses 127.0.0.1

registry/Containerfile

@@ -0,0 +1,6 @@
+# Source Image
+FROM docker.io/library/registry:2.8
+
+# Configure TLS certificates
+ENV REGISTRY_HTTP_TLS_CERTIFICATE="/certs/cert.pem"
+ENV REGISTRY_HTTP_TLS_KEY="/certs/key.pem"