From e7be2f0a648e52012d92da64763cb527e0cbeb72 Mon Sep 17 00:00:00 2001
From: legobt <6wbvkn0j@anonaddy.me>
Date: Fri, 5 Jul 2024 03:34:26 +0000
Subject: [PATCH] chore: move unused ships to shipyard

---
 .../Containerfile.alpine-nvim                 |  0
 .../Containerfile.fedora                      |  0
 shipyard/Containerfile.fedora-slim            | 91 +++++++++++++++++++
 .../Containerfile.sudo                        |  0
 shipyard/README.md                            |  3 +
 5 files changed, 94 insertions(+)
 rename Containerfile => shipyard/Containerfile.alpine-nvim (100%)
 rename Containerfile.fedora => shipyard/Containerfile.fedora (100%)
 create mode 100644 shipyard/Containerfile.fedora-slim
 rename Containerfile.sudo => shipyard/Containerfile.sudo (100%)
 create mode 100644 shipyard/README.md

diff --git a/Containerfile b/shipyard/Containerfile.alpine-nvim
similarity index 100%
rename from Containerfile
rename to shipyard/Containerfile.alpine-nvim
diff --git a/Containerfile.fedora b/shipyard/Containerfile.fedora
similarity index 100%
rename from Containerfile.fedora
rename to shipyard/Containerfile.fedora
diff --git a/shipyard/Containerfile.fedora-slim b/shipyard/Containerfile.fedora-slim
new file mode 100644
index 00000000..f43ade6f
--- /dev/null
+++ b/shipyard/Containerfile.fedora-slim
@@ -0,0 +1,91 @@
+# syntax=docker/dockerfile:1.4-labs
+ARG CADDY_IMAGE=localhost/l7/caddy:latest
+FROM registry.fedoraproject.org/fedora-minimal:40 AS base
+
+
+# EXTRA_BASE_PKGS get installed in both build and runtime. Example of useful packages:
+### golang LSP support
+## ARG EXTRA_PKGS='go golang-x-tools-gopls'
+ARG EXTRA_BASE_PKGS=''
+
+RUN microdnf -y update \
+  && microdnf -y install --nodocs --setopt=install_weak_deps=False \
+     curl wget jq tar \
+     git \
+     neovim \
+     $EXTRA_BASE_PKGS \
+  && ln -sf nvim /usr/bin/vim
+
+# this assumes we already have a locally built caddy image
+# the image contains a pregenerated ca root cert for mitm, which we copy here
+# TODO: provide a nicer way to manage the rootcert
+FROM ${CADDY_IMAGE} AS fwdproxy
+#######################
+##### FINAL IMAGE #####
+FROM base
+
+# EXTRA_PKGS get installed in final image. examples of useful extra packages:
+### golang LSP support
+## ARG EXTRA_PKGS='go golang-x-tools-gopls'
+### secrets injection
+## ARG EXTRA_PKGS='age pass gopass'
+### TUI file managers
+## ARG EXTRA_PKGS='ranger vifm'
+### open links in host browser
+## ARG EXTRA_PKGS='xdg-open'
+### yes, you can integrate with system clipboard
+## ARG EXTRA_PKGS='xsel xclip wl-clipboard'
+## ARG EXTRA_PKGS='terminus-fonts fontawesome-fonts-all gdouros-symbola-fonts'
+### monitoring etc, probably more useful on host
+## ARG EXTRA_PKGS='htop sysstat ncdu net-tools'
+### wip / not working / notes
+## ARG EXTRA_PKGS='tree-sitter-cli' # repo version errors right now? try again later
+
+ARG EXTRA_PKGS=
+
+ARG HOME=/home/user
+ENV HOME=${HOME}
+ARG SHELL=/usr/bin/bash
+ARG UID=1000
+ARG GID=1000
+
+WORKDIR ${HOME}
+
+RUN microdnf -y install --nodocs --setopt=install_weak_deps=False \
+    ip openssl \
+    gettext-envsubst mkpasswd \
+    which \
+    ${EXTRA_PKGS} \
+  && ln -sf nvim /usr/bin/vim \
+
+  # create user entry or podman will mess up /etc/passwd entry
+  && bash -c "groupadd -g ${GID} userz || true" \
+  && bash -c "useradd -u ${UID} -g ${GID} -d /home/user -m user -s "${SHELL}" && chown -R ${UID}:${GID} /home/user || true" \
+  && microdnf clean all
+
+
+COPY --chmod=755 --chown=root contrib/bin/* contrib/*/bin/*       /usr/local/bin/
+ARG NODE_BINS="npm7 npm9 npm10 pnpm9 yarn1 yarn3 yarn4     allow-scripts corepack glob lavamoat-ls mkdirp node-gyp node-which nopt npx pnpx resolve semver yarn-deduplicate"
+RUN for bin in ${NODE_BINS}; do ln -s l7-run-node "/usr/local/bin/${bin}"; done
+
+COPY --chown=${UID}:${GID} skel/ /home/user/
+
+# default trust github.com known ssh key
+COPY contrib/data/ssh_known_hosts /etc/ssh/ssh_known_hosts
+# https://docs.fedoraproject.org/en-US/quick-docs/using-shared-system-certificates/
+COPY --from=fwdproxy \
+  --chmod=444 \
+  /data/caddy/pki/authorities/local/root.crt \
+  /etc/pki/ca-trust/source/anchors/l7-fwd-proxy.crt
+RUN update-ca-trust \
+  && cat /home/user/.env >> /etc/profile \
+  # podman quirk: `COPY --from` messes up ownership so rechown needs to come last
+  && chown -R ${UID}:${GID} \
+    /home/user \
+  && rm -rf /usr/lib64/python*/__pycache__
+
+
+
+USER ${UID}:${GID}
+WORKDIR /src
+ENTRYPOINT ${SHELL}
diff --git a/Containerfile.sudo b/shipyard/Containerfile.sudo
similarity index 100%
rename from Containerfile.sudo
rename to shipyard/Containerfile.sudo
diff --git a/shipyard/README.md b/shipyard/README.md
new file mode 100644
index 00000000..edc4288c
--- /dev/null
+++ b/shipyard/README.md
@@ -0,0 +1,3 @@
+# shipyard
+
+various images not used by default but may be useful for someone