debain 13 container
All checks were successful
All checks were successful
This commit is contained in:
parent
07b917b30c
commit
a06498d67e
2 changed files with 132 additions and 0 deletions
66
.forgejo/workflows/debian.yml
Normal file
66
.forgejo/workflows/debian.yml
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
# Workflow name
|
||||||
|
name: Build and Push Debian Container
|
||||||
|
|
||||||
|
# Run-name for each workflow run
|
||||||
|
run-name: Build and Push Debian Container
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- 'containers/debian/**'
|
||||||
|
- '.forgejo/workflows/debian.yml'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
schedule:
|
||||||
|
- cron: '0 18 * * 5' # Runs every Friday at 6 PM UTC
|
||||||
|
|
||||||
|
env:
|
||||||
|
CONTAINER_NAME: debian
|
||||||
|
# USER: ${{ github.actor }}
|
||||||
|
USER: hbms
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-and-push-arch:
|
||||||
|
runs-on: ${{ matrix.arch }}
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
arch: [ amd64, arm64 ]
|
||||||
|
container:
|
||||||
|
image: ghcr.io/catthehacker/ubuntu:act-22.04
|
||||||
|
steps:
|
||||||
|
- name: Prepare environment variables
|
||||||
|
run: |
|
||||||
|
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
|
||||||
|
echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Checkout the repo
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Login to the registry
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ${{ vars.REGISTRY }}
|
||||||
|
username: ${{ env.USER }}
|
||||||
|
password: ${{ secrets.PACKAGE_TOKEN }}
|
||||||
|
|
||||||
|
- name: Build and push
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: ./containers/debian/
|
||||||
|
file: ./containers/debian/Dockerfile
|
||||||
|
push: true
|
||||||
|
provenance: false
|
||||||
|
tags: ${{ vars.REGISTRY }}/${{ env.USER }}/${{ env.CONTAINER_NAME }}-${{ matrix.arch }}:latest
|
||||||
|
|
||||||
|
merge-images-via-manifest:
|
||||||
|
runs-on: amd64
|
||||||
|
needs: build-and-push-arch
|
||||||
|
container:
|
||||||
|
image: ghcr.io/catthehacker/ubuntu:act-22.04
|
||||||
|
steps:
|
||||||
|
- name: Generate and push multi-arch manifest
|
||||||
|
run: |
|
||||||
|
echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV
|
||||||
|
echo ${{ secrets.PACKAGE_TOKEN }} | docker login ${{ vars.REGISTRY }} -u ${USER} --password-stdin
|
||||||
|
docker manifest create ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-amd64:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-arm64:latest
|
||||||
|
docker manifest push ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest
|
||||||
66
containers/debian/Dockerfile
Normal file
66
containers/debian/Dockerfile
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
FROM debian:13
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get upgrade -y && \
|
||||||
|
apt-get install -y \
|
||||||
|
bash \
|
||||||
|
ca-certificates \
|
||||||
|
curl \
|
||||||
|
cron \
|
||||||
|
git \
|
||||||
|
iptables \
|
||||||
|
iproute2 \
|
||||||
|
openssh-server \
|
||||||
|
openssl \
|
||||||
|
python3 \
|
||||||
|
sudo \
|
||||||
|
nano \
|
||||||
|
btop \
|
||||||
|
systemd \
|
||||||
|
systemd-sysv \
|
||||||
|
dbus \
|
||||||
|
ifupdown \
|
||||||
|
&& apt-get clean \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Install Tailscale
|
||||||
|
RUN curl -fsSL https://tailscale.com/install.sh | sh
|
||||||
|
|
||||||
|
# Install Croc
|
||||||
|
RUN curl https://getcroc.schollz.com | bash
|
||||||
|
|
||||||
|
# Install Incus Agent
|
||||||
|
RUN mkdir -p /etc/apt/keyrings && \
|
||||||
|
curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc && \
|
||||||
|
echo "deb [signed-by=/etc/apt/keyrings/zabbly.asc] https://pkgs.zabbly.com/incus/stable $(. /etc/os-release && echo ${VERSION_CODENAME}) main" > /etc/apt/sources.list.d/zabbly-incus-stable.list && \
|
||||||
|
apt-get update && \
|
||||||
|
apt-get install -y incus-agent && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Configure Services
|
||||||
|
RUN systemctl enable ssh
|
||||||
|
RUN systemctl enable cron
|
||||||
|
RUN systemctl enable incus-agent || true
|
||||||
|
RUN systemctl enable tailscaled || true
|
||||||
|
RUN ssh-keygen -A
|
||||||
|
|
||||||
|
RUN printf 'auto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet dhcp\n' > /etc/network/interfaces
|
||||||
|
|
||||||
|
RUN mkdir -p /root/.ssh && \
|
||||||
|
printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFdTFM5ZbGytRp8orRu4cK+kLcQdPFVKqaN0iNVlp2p slothington\n' >> /root/.ssh/authorized_keys && \
|
||||||
|
printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPfTPAUFhNV2O032ZsmKTFuNZgQtWhMPYlHqcKycAG8 forgejo-hbms\n' >> /root/.ssh/authorized_keys && \
|
||||||
|
chmod 600 /root/.ssh/authorized_keys && \
|
||||||
|
chmod 700 /root/.ssh
|
||||||
|
|
||||||
|
RUN printf 'root ALL=(ALL) NOPASSWD:ALL\n' > /etc/sudoers.d/00-root-nopasswd && \
|
||||||
|
chmod 0440 /etc/sudoers.d/00-root-nopasswd
|
||||||
|
|
||||||
|
EXPOSE 22
|
||||||
|
|
||||||
|
CMD ["/sbin/init"]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue