From b7d9417abd58bbe213269acb40ea576d22091364 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 06:10:08 +0000
Subject: [PATCH 1/6] chore(devcontainer): init

for everyone who wants to use it ;)
---
 .devcontainer/devcontainer.json    | 76 ++++++++++++++++++++++++++++++
 .devcontainer/forge.code-workspace | 19 ++++++++
 .devcontainer/install-dev-tools.sh | 47 ++++++++++++++++++
 .gitignore                         |  0
 .gitmessage                        | 19 ++++++++
 .markdownlint.json                 |  3 ++
 .prettierignore                    |  3 ++
 .prettierrc                        |  3 ++
 .vscode/cspell_custom.txt          |  0
 .vscode/tasks.json                 | 39 +++++++++++++++
 10 files changed, 209 insertions(+)
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100644 .devcontainer/forge.code-workspace
 create mode 100644 .devcontainer/install-dev-tools.sh
 create mode 100644 .gitignore
 create mode 100644 .gitmessage
 create mode 100644 .markdownlint.json
 create mode 100644 .prettierignore
 create mode 100644 .prettierrc
 create mode 100644 .vscode/cspell_custom.txt
 create mode 100644 .vscode/tasks.json

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000..dc4b119
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,76 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/alpine
+{
+  "name": "ublue-os/forge",
+  // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+  "image": "mcr.microsoft.com/devcontainers/base:alpine-3.17",
+
+  // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  "remoteUser": "vscode",
+  // podman needs this
+  "containerUser": "vscode",
+  "runArgs": [
+    // run container as current user
+    "--userns=keep-id",
+    // disable selinux isolation that breaks bind mounts
+    "--security-opt=label=disable"
+  ],
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
+
+  // Mounts from host system
+  "mounts": [
+    "source=/run/user/${localEnv:UID:1000}/podman/podman.sock,target=/run/podman/podman.sock,type=bind"
+  ],
+
+  // Install DevTools
+  "postCreateCommand": "bash ./.devcontainer/install-dev-tools.sh",
+  // Configure tool-specific properties.
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "terminal.integrated.profiles.linux": {
+          "zsh": {
+            "path": "zsh",
+            "args": ["-l"]
+          }
+        },
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.automation.linux": "zsh",
+        "terminal.integrated.automationProfile.linux": { "path": "zsh" },
+        "editor.suggestSelection": "first",
+        "editor.defaultFormatter": "esbenp.prettier-vscode",
+        "editor.formatOnSave": true,
+        "editor.formatOnPaste": true,
+        "cSpell.customDictionaries": {
+          "project-words": {
+            "name": "custom-dictionary",
+            "path": "${workspaceFolder}/.vscode/cspell_custom.txt",
+            "description": "Words used in this project",
+            "addWords": true
+          },
+          "custom": true,
+          "internal-terms": false
+        },
+        "docker.host": "unix:///run/podman/podman.sock",
+        "peacock.affectActivityBar": false,
+        "peacock.affectStatusBar": true,
+        "peacock.affectTitleBar": false,
+        "peacock.surpriseMeOnStartup": false
+      },
+      "extensions": [
+        "bungcip.better-toml",
+        "DavidAnson.vscode-markdownlint",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github",
+        "Gruntfuggly.todo-tree",
+        "kokakiwi.vscode-just",
+        "ms-azuretools.vscode-docker",
+        "nico-castell.linux-desktop-file",
+        "redhat.vscode-yaml",
+        "shakram02.bash-beautify",
+        "streetsidesoftware.code-spell-checker"
+      ]
+    }
+  }
+}
diff --git a/.devcontainer/forge.code-workspace b/.devcontainer/forge.code-workspace
new file mode 100644
index 0000000..c1e45ec
--- /dev/null
+++ b/.devcontainer/forge.code-workspace
@@ -0,0 +1,19 @@
+{
+  "folders": [
+    {
+      "path": ".."
+    }
+  ],
+  "settings": {
+    "workbench.colorCustomizations": {
+      "sash.hoverBorder": "#7cb9e3",
+      "statusBar.background": "#52a2da",
+      "statusBarItem.hoverBackground": "#2c8bcd",
+      "statusBarItem.remoteBackground": "#52a2da",
+      "statusBar.foreground": "#15202b",
+      "statusBarItem.remoteForeground": "#15202b"
+    },
+    "peacock.remoteColor": "#52a2da",
+    "cSpell.enableFiletypes": ["shellscript"]
+  }
+}
diff --git a/.devcontainer/install-dev-tools.sh b/.devcontainer/install-dev-tools.sh
new file mode 100644
index 0000000..9860fc7
--- /dev/null
+++ b/.devcontainer/install-dev-tools.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+cat <<EOM
+install-dev-tools.sh
+=============================================
+This script customizes the devcontainer setup
+=============================================
+EOM
+# Bash colors
+RED="\e[31m"
+YELLOW="\e[33m"
+GREEN="\e[32m"
+ENDCOLOR="\e[0m"
+
+## Update system
+echo ""
+echo -e "${YELLOW}Updating OS${ENDCOLOR}"
+echo ""
+sudo apk update && sudo apk upgrade
+
+## Install additional tools
+echo ""
+echo -e "${YELLOW}Installing additional tools${ENDCOLOR}"
+echo ""
+sudo apk add git-extras --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing
+
+## Install podman remote
+echo ""
+echo -e "${YELLOW}Installing podman-remote${ENDCOLOR}"
+echo ""
+PODMAN_SOURCE=https://github.com/containers/podman/releases/download/v4.4.4/podman-remote-static-linux_amd64.tar.gz
+PODMAN_TMP=/tmp/podman.tar.gz
+wget -O $PODMAN_TMP $PODMAN_SOURCE
+sudo tar -xf $PODMAN_TMP -C /tmp
+sudo mv /tmp/bin/podman-remote-static-linux_amd64 /usr/bin/podman
+podman system connection add devcontainer_host unix:///run/podman/podman.sock
+sudo rm -rf /tmp/bin
+
+# Add git commit template
+echo ""
+echo -e "${YELLOW}Configuring git${ENDCOLOR}"
+echo ""
+git config --local commit.template .gitmessage
+
+# Finish
+echo ""
+echo -e "${GREEN}Done. Happy coding!${ENDCOLOR}"
+echo ""
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/.gitmessage b/.gitmessage
new file mode 100644
index 0000000..40670c3
--- /dev/null
+++ b/.gitmessage
@@ -0,0 +1,19 @@
+<type>(optional scope): <description>
+
+[optional body]
+
+[optional footer(s)]
+
+####
+# Allowed <type> values
+# ---------------------
+# feat: –> A new feature
+# fix: –> Fixed a bug
+# refactor: –> A code change that's not mainly a bug or new feature
+# docs: –> Documentation only changes
+# style: –> Changes to styling like white space, formatting, semi-colons)
+# chore: –> Other changes that don't modify src or test files
+# ci: –> Changes made to the CI configuration like Travis, Circle, Actions
+# revert: –> Revert a previous commit
+# test: –> Add or fix tests
+####
diff --git a/.markdownlint.json b/.markdownlint.json
new file mode 100644
index 0000000..8b4473c
--- /dev/null
+++ b/.markdownlint.json
@@ -0,0 +1,3 @@
+{
+  "MD024": { "allow_different_nesting": true }
+}
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000..523402d
--- /dev/null
+++ b/.prettierignore
@@ -0,0 +1,3 @@
+# Created by https://github.com/google-github-actions/release-please-action
+CHANGELOG.md
+version.txt
\ No newline at end of file
diff --git a/.prettierrc b/.prettierrc
new file mode 100644
index 0000000..75fa134
--- /dev/null
+++ b/.prettierrc
@@ -0,0 +1,3 @@
+{
+  "tabWidth": 2
+}
diff --git a/.vscode/cspell_custom.txt b/.vscode/cspell_custom.txt
new file mode 100644
index 0000000..e69de29
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
new file mode 100644
index 0000000..c2da266
--- /dev/null
+++ b/.vscode/tasks.json
@@ -0,0 +1,39 @@
+{
+  // See https://go.microsoft.com/fwlink/?LinkId=733558
+  // for the documentation about the tasks.json format
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Git: Fetch upstream",
+      "type": "shell",
+      "command": "git fetch upstream",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Merge from upstream",
+      "type": "shell",
+      "command": "git merge --no-ff --no-commit upstream/main",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Delete merged branches",
+      "type": "shell",
+      "command": "git delete-merged-branches",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    },
+    {
+      "label": "Git: Prune remote",
+      "type": "shell",
+      "command": "git remote prune origin",
+      "options": {
+        "cwd": "${workspaceFolder}"
+      }
+    }
+  ]
+}

From e9ba1a21624fc5031fd8934c50f37b0f55871bb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 17:16:24 +0000
Subject: [PATCH 2/6] chore(devcontainer): add kubernetes linting

---
 .devcontainer/devcontainer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index dc4b119..6528f96 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -66,6 +66,7 @@
         "Gruntfuggly.todo-tree",
         "kokakiwi.vscode-just",
         "ms-azuretools.vscode-docker",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
         "nico-castell.linux-desktop-file",
         "redhat.vscode-yaml",
         "shakram02.bash-beautify",

From d5d03e710f4cdda16076d7af503e81c75865b8b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 17:19:27 +0000
Subject: [PATCH 3/6] chore(devcontainer): update spell-check dictionary

---
 .vscode/cspell_custom.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.vscode/cspell_custom.txt b/.vscode/cspell_custom.txt
index e69de29..8f9b9ec 100644
--- a/.vscode/cspell_custom.txt
+++ b/.vscode/cspell_custom.txt
@@ -0,0 +1,3 @@
+devcontainer
+minica
+ublue

From 07142142477372db49d1e30bc2e808a8a22c3af1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 17:20:18 +0000
Subject: [PATCH 4/6] feat: add container registry and mini ca (#3,#4)

---
 forge-pod.yml          | 38 ++++++++++++++++++++++++++++++++++++++
 minica/Containerfile   | 10 ++++++++++
 registry/Containerfile |  6 ++++++
 3 files changed, 54 insertions(+)
 create mode 100644 forge-pod.yml
 create mode 100644 minica/Containerfile
 create mode 100644 registry/Containerfile

diff --git a/forge-pod.yml b/forge-pod.yml
new file mode 100644
index 0000000..145f9e8
--- /dev/null
+++ b/forge-pod.yml
@@ -0,0 +1,38 @@
+# uBlue-OS forge podman deployment
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ublue-os_forge
+spec:
+  restartPolicy: Always
+  volumes:
+    - name: ublue-os_forge-minica-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-minica
+    - name: ublue-os_forge-registry-pvc
+      persistentVolumeClaim:
+        claimName: ublue-os_forge-registry
+  containers:
+    - name: registry.ublue.local
+      image: registry
+      resources:
+        limits:
+          memory: 512Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+          subPath: _.ublue.local
+        - mountPath: /var/lib/registry
+          name: ublue-os_forge-registry-pvc
+      ports:
+        - containerPort: 5000
+          hostPort: 9001
+          protocol: TCP
+  initContainers:
+    - name: minica.ublue.local
+      image: minica
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
diff --git a/minica/Containerfile b/minica/Containerfile
new file mode 100644
index 0000000..ef38695
--- /dev/null
+++ b/minica/Containerfile
@@ -0,0 +1,10 @@
+# Source Image
+FROM docker.io/library/golang:1.20
+
+# Install minica
+RUN go install github.com/jsha/minica@latest
+
+# Generate wildcard certificate
+WORKDIR /certs
+RUN minica --domains "*.ublue.local,ublue.local,localhost" \
+    --ip-addresses 127.0.0.1
diff --git a/registry/Containerfile b/registry/Containerfile
new file mode 100644
index 0000000..70d4074
--- /dev/null
+++ b/registry/Containerfile
@@ -0,0 +1,6 @@
+# Source Image
+FROM docker.io/library/registry:2.8
+
+# Configure TLS certificates
+ENV REGISTRY_HTTP_TLS_CERTIFICATE="/certs/cert.pem"
+ENV REGISTRY_HTTP_TLS_KEY="/certs/key.pem"

From be498403a84084e860f224e7bb118b8fc49fb24d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 18:37:43 +0000
Subject: [PATCH 5/6] ci: workflows for conventional commit and release-please

---
 .github/dependabot.yml                     | 11 ++++++++++
 .github/workflows/conventional-commits.yml | 15 +++++++++++++
 .github/workflows/release-please.yml       | 25 ++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/conventional-commits.yml
 create mode 100644 .github/workflows/release-please.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..90e05c4
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
new file mode 100644
index 0000000..03c3989
--- /dev/null
+++ b/.github/workflows/conventional-commits.yml
@@ -0,0 +1,15 @@
+name: Conventional Commits
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: webiny/action-conventional-commits@v1.1.0
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
new file mode 100644
index 0000000..68a549d
--- /dev/null
+++ b/.github/workflows/release-please.yml
@@ -0,0 +1,25 @@
+name: release-please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      releases_created: ${{ steps.release-please.outputs.releases_created }}
+      tag: ${{ steps.release-please.outputs.tag_name }}
+      upload_url: ${{ steps.release-please.outputs.upload_url }}
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        with:
+          release-type: simple
+          package-name: release-please-action
+          prerelease: true
+          bump-minor-pre-major: true

From 815f6a423685dde7123f67e6c435a7520f91c71e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20L=C3=BCscher?= <stephan.luescher@mykolab.com>
Date: Thu, 27 Apr 2023 19:40:18 +0000
Subject: [PATCH 6/6] docs: a little update on where we are today

---
 README.md | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 18c59f0..beae138 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,39 @@
 # forge
+
 On-premises Universal Blue
 
-This repo is intended to provide the service units necessary to set up a self-hosted OS forge for custom images.
+This repo is intended to provide the service units necessary to set up a
+self-hosted OS forge for custom images.
+
+## Vision
 
 Imagine something like a home lab or a university lab:
 
 1. Deploy forge
-2. Go into the webui, clone in your favorite uBlue repo and make changes
-3. Forge automatically starts to build and images
+2. Go into the WebUI, clone in your favorite uBlue repo and make changes
+3. Forge automatically starts to build the images
 4. PXE boot the clients, select ublue in the menu
 5. Eat tacos
 6. Return to a fully deployed lab with centralized package management
 
-### Components
+## What we have so far
 
-We need:
+We are still working on making the vision a reality. The following has been
+implemented so far:
 
-- webui git frontend to replicate "self hosted ublue" 
-- a registry
-- a certificate authority
-- wireguard configs for all of it so people can self host their own personal mirror
+### Certificate Authority
+
+We use a [Minica](https://github.com/jsha/minica) as simple CA to generate a
+key pair and a root certificate for `*.ublue.local`. The wildcard certificate is
+then made available to all other components and are valid for 2 years and 30 days.
+
+### Container Registry
+
+As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/)
+implementation for storing and distributing container images
+
+The container registry is available at `registry.ublue.local:9001`
+
+## Firing Up the Forge
+
+To heat up the forge run `podman play kube forge-pod.yml --build`.