From a06498d67e5f4f3782700cb6bfa4f647682c9a1e Mon Sep 17 00:00:00 2001
From: Xaver Russ <me@xaverruss.de>
Date: Fri, 5 Dec 2025 12:10:56 +0100
Subject: [PATCH] debain 13 container

---
 .forgejo/workflows/debian.yml | 66 +++++++++++++++++++++++++++++++++++
 containers/debian/Dockerfile  | 66 +++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)
 create mode 100644 .forgejo/workflows/debian.yml
 create mode 100644 containers/debian/Dockerfile

diff --git a/.forgejo/workflows/debian.yml b/.forgejo/workflows/debian.yml
new file mode 100644
index 0000000..43ad90e
--- /dev/null
+++ b/.forgejo/workflows/debian.yml
@@ -0,0 +1,66 @@
+# Workflow name
+name: Build and Push Debian Container
+
+# Run-name for each workflow run
+run-name: Build and Push Debian Container
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - 'containers/debian/**'
+    - '.forgejo/workflows/debian.yml'
+  workflow_dispatch: {}
+  schedule:
+  - cron: '0 18 * * 5' # Runs every Friday at 6 PM UTC
+
+env:
+  CONTAINER_NAME: debian
+  # USER: ${{ github.actor }}
+  USER: hbms
+
+jobs:
+  build-and-push-arch:
+    runs-on: ${{ matrix.arch }}
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-22.04
+    steps:
+    - name: Prepare environment variables
+      run: |
+        echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+        echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV
+
+    - name: Checkout the repo
+      uses: actions/checkout@v4
+
+    - name: Login to the registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.REGISTRY }}
+        username: ${{ env.USER }}
+        password: ${{ secrets.PACKAGE_TOKEN }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v6
+      with:
+        context: ./containers/debian/
+        file: ./containers/debian/Dockerfile
+        push: true
+        provenance: false
+        tags: ${{ vars.REGISTRY }}/${{ env.USER }}/${{ env.CONTAINER_NAME }}-${{ matrix.arch }}:latest
+
+  merge-images-via-manifest:
+    runs-on: amd64
+    needs: build-and-push-arch
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-22.04
+    steps:
+    - name: Generate and push multi-arch manifest
+      run: |
+        echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV
+        echo ${{ secrets.PACKAGE_TOKEN }} | docker login ${{ vars.REGISTRY }} -u ${USER} --password-stdin
+        docker manifest create ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-amd64:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-arm64:latest
+        docker manifest push ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest
diff --git a/containers/debian/Dockerfile b/containers/debian/Dockerfile
new file mode 100644
index 0000000..e47121b
--- /dev/null
+++ b/containers/debian/Dockerfile
@@ -0,0 +1,66 @@
+FROM debian:13
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y \
+    bash \
+    ca-certificates \
+    curl \
+    cron \
+    git \
+    iptables \
+    iproute2 \
+    openssh-server \
+    openssl \
+    python3 \
+    sudo \
+    nano \
+    btop \
+    systemd \
+    systemd-sysv \
+    dbus \
+    ifupdown \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Tailscale
+RUN curl -fsSL https://tailscale.com/install.sh | sh
+
+# Install Croc
+RUN curl https://getcroc.schollz.com | bash
+
+# Install Incus Agent
+RUN mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc && \
+    echo "deb [signed-by=/etc/apt/keyrings/zabbly.asc] https://pkgs.zabbly.com/incus/stable $(. /etc/os-release && echo ${VERSION_CODENAME}) main" > /etc/apt/sources.list.d/zabbly-incus-stable.list && \
+    apt-get update && \
+    apt-get install -y incus-agent && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Configure Services
+RUN systemctl enable ssh
+RUN systemctl enable cron
+RUN systemctl enable incus-agent || true
+RUN systemctl enable tailscaled || true
+RUN ssh-keygen -A
+
+RUN printf 'auto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet dhcp\n' > /etc/network/interfaces
+
+RUN mkdir -p /root/.ssh && \
+  printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFdTFM5ZbGytRp8orRu4cK+kLcQdPFVKqaN0iNVlp2p slothington\n' >> /root/.ssh/authorized_keys && \
+  printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPfTPAUFhNV2O032ZsmKTFuNZgQtWhMPYlHqcKycAG8 forgejo-hbms\n' >> /root/.ssh/authorized_keys && \
+  chmod 600 /root/.ssh/authorized_keys && \
+  chmod 700 /root/.ssh
+
+RUN printf 'root ALL=(ALL) NOPASSWD:ALL\n' > /etc/sudoers.d/00-root-nopasswd && \
+    chmod 0440 /etc/sudoers.d/00-root-nopasswd
+
+EXPOSE 22
+
+CMD ["/sbin/init"]
+
+
+
+