diff --git a/nix/devshells/devenv/default.nix b/nix/devshells/devenv/default.nix index 99118d67..4bfde5d5 100644 --- a/nix/devshells/devenv/default.nix +++ b/nix/devshells/devenv/default.nix @@ -46,6 +46,9 @@ inputs.devenv.lib.mkShell { kind kubectl dive + ytt + kapp + vendir ]; env = { diff --git a/nix/oci/tanzu/default.nix b/nix/oci/tanzu/default.nix index 21b53346..509ceb24 100644 --- a/nix/oci/tanzu/default.nix +++ b/nix/oci/tanzu/default.nix @@ -17,6 +17,12 @@ inherit crossPkgs; }; + root_files = builtins.path { + name = "root_files"; + path = ./root/.; + recursive = true; + }; + environmentHelpers = with pkgs.dockerTools; [ usrBinEnv binSh @@ -84,6 +90,7 @@ in "/run" "/sbin" "/usr" + "/usr/lib" "/usr/local" "/usr/share/" "/var" @@ -162,6 +169,7 @@ in carvel tanzu ] + ++ [root_files] ++ environmentHelpers ++ nonRootShadowSetup { user = containerUser; @@ -179,7 +187,8 @@ in # TODO: Make sudo work. chmod +s /sbin/sudo /bin/sudo - echo "tanzu ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + chown root:root /sbin/sudo /bin/sudo + echo "tanzu ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/tanzu # Create /etc/os-release cat << EOF > /etc/os-release @@ -201,57 +210,155 @@ in ln -s ${pkgs.glibc}/lib64 /lib64/glibc ln -s /lib64/glibc/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 - # Create the home dir for the container user. - mkdir --parents /home/${containerUser} + # Create a default global profile. + cat << 'EOF' > /etc/profile + #!/usr/bin/env bash + + if [[ "$(id -u)" -eq 0 ]]; + then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + else + PATH="/usr/local/bin:/usr/bin:/bin" + fi + export PATH + + if [[ -d "/etc/profile.d" ]]; + then + for FILE in /etc/profile.d/*.sh; + do + if [[ -r "''${FILE}" ]]; + then + . "''${FILE}" + fi + done + unset FILE + fi + EOF + chmod +x /etc/profile + + # Default user .bashrc + mkdir --parents /etc/skel + cat << 'EOF' > /etc/skel/.bashrc + #!/usr/bin/env bash - # Stop clusterctl from checking for updates. - mkdir --parents /home/${containerUser}/.cluster-api - cat << EOF > /home/${containerUser}/.cluster-api/clusterctl.yaml + if [[ -f "/etc/profile" ]]; + then + . "/etc/profile" + fi + + if [[ -n "''${BASH_VERSION}" ]]; + then + if [[ -f "''${HOME}/.profile" ]]; + then + . "''${HOME}/.profile" + fi + fi + EOF + chmod +x /etc/skel/.bashrc + + # Create clusterctl config + mkdir --parents /etc/skel/.cluster-api + cat << EOF > /etc/skel/.cluster-api/clusterctl.yaml --- CLUSTERCTL_DISABLE_VERSIONCHECK: "true" EOF - # Setup the .bashrc for the container user. - cat << 'EOF' > /home/${containerUser}/.bashrc + # Setup the Tanzu profile for all users. + cat << 'EOF' > /etc/profile.d/tanzu.sh #!/usr/bin/env bash + # Variables + export YTT_LIB="/usr/lib/ytt/" + + # HACK: A better method is needed. + # Check for a proxy settings script. + if [[ "''${ENABLE_PROXY_SCRIPT:-FALSE}" == "TRUE" ]]; + then + if [[ -f "''${WORKDIR}/scripts/proxy.sh" ]]; + then + echo "Loading proxy settings from ''${WORKDIR}/scripts/proxy.sh" + source "''${WORKDIR}/scripts/proxy.sh" + proxy_on || { + echo "Failed to enable proxy settings" + exit 1 + } + else + echo "Proxy settings are enabled but ''${WORKDIR}/scripts/proxy.sh does not exist." + exit 1 + fi + fi + # Initialise the Tanzu CLI if [[ -d "''${HOME}/.config/tanzu/tkg" ]]; then - echo "Tanzu CLI is already initialised." - else - while true; do - clear read -r -p "Initialise the Tanzu CLI? y/n: " CHOICE - case ''$CHOICE in + [Yy]* ) + echo "Initialising Tanzu CLI..." + tanzu plugin clean || { echo "Failed to clean the Tanzu CLI plugins" } + + # HACK: A better method is needed, perhaps interactive 'tanzu plugin source' + if [[ "''${TANZU_PULL_THROUGH_CACHE:-EMPTY}" == "EMPTY" ]]; + then + + echo "No pull-through prefix provided, using default." + + else + + echo "Pull-through prefix provided, prefixing ''${TANZU_PULL_THROUGH_CACHE}" + + # Capture existing OCI URL + TANZU_CLI_OCI_URL="$(cat ''${HOME}/.config/tanzu/config.yaml | yq '.clientOptions.cli.discoverySources.[0].oci.image')" + + # Add the pull-through cache OCI URL + tanzu plugin source add \ + --name pull-through-cache \ + --type oci \ + --uri "''${TANZU_PULL_THROUGH_CACHE}/''${TANZU_CLI_OCI_URL}" || { + echo "Failed to add the pull-through cache Tanzu CLI plugin source" + } + + fi + tanzu init || { - echo "Failed to initialise the Tanzu CLI. Please check network connectivity and try running 'tanzu init' again." + echo "Failed to initialise the Tanzu CLI using configured sources." + echo "Please check network connectivity and try running 'tanzu init' again." + } + + tanzu plugin sync || { + echo "Failed to synchronise Tanzu CLI plugins" } + break + ;; + [Nn]* ) + echo "Skipping Tanzu CLI initialisation" break + ;; + * ) + echo "Please answer yes or no." sleep 3 + ;; - esac + esac done - fi # Enable bash-completion @@ -261,9 +368,6 @@ in . "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" fi - # shellcheck disable=SC1090 - source <(/bin/starship init bash --print-full-init) - # Binaries with bash completions declare -r BINS=( clusterctl @@ -291,9 +395,20 @@ in figlet "Tanzu CLI" + # shellcheck disable=SC1090 + source <(/bin/starship init bash --print-full-init) + EOF + chmod +x /etc/profile.d/tanzu.sh + + # Create the home dir for the container user. + mkdir --parents /home/${containerUser} + + # Copy dotfiles for user ${containerUser} and root. + cp --recursive /etc/skel/. /home/${containerUser}/ + cp --recursive /etc/skel/. /root/ - # Fix home permissions + # Fix home permissions for user ${containerUser} chown -R ${containerUID}:${containerGID} /home/${containerUser} || { echo "Failed to chown home for user ${containerUser}" exit 1 @@ -331,7 +446,6 @@ in "LD_LIBRARY_PATH=/lib;/lib/stdenv;/lib/glibc;/lib64;/lib64/stdenv;/lib64/glibc" "PAGER=less" "NIX_PAGER=less" - "PATH=/workdir:/usr/bin:/bin:/sbin" "SHELL=${pkgs.bashInteractive}/bin/bash" "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "TERM=xterm" diff --git a/nix/oci/tanzu/root/usr/lib/ytt/_ytt_lib/tanzu/functions.star b/nix/oci/tanzu/root/usr/lib/ytt/_ytt_lib/tanzu/functions.star new file mode 100644 index 00000000..9d998e56 --- /dev/null +++ b/nix/oci/tanzu/root/usr/lib/ytt/_ytt_lib/tanzu/functions.star @@ -0,0 +1,4 @@ + +def tanzu_test(): + return "This is a test" +end diff --git a/nix/oci/tanzu/root/usr/lib/ytt/add-registry-prefix.yaml b/nix/oci/tanzu/root/usr/lib/ytt/add-registry-prefix.yaml new file mode 100644 index 00000000..65385348 --- /dev/null +++ b/nix/oci/tanzu/root/usr/lib/ytt/add-registry-prefix.yaml @@ -0,0 +1,23 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:assert", "assert") +#@ load("@ytt:library", "library") + +#@overlay/match by=overlay.all +#@overlay/merge +--- +#@overlay/match expects=1 +#@overlay/merge +clientOptions: + #@overlay/match expects=1 + #@overlay/merge + cli: + #@overlay/match expects=1 + #@overlay/merge + discoverySources: + #@overlay/match by=overlay.all, expects="1+" + #@overlay/merge + - oci: + #@overlay/match expects=1 + #@overlay/replace via=lambda left, right: right+left + image: #@ data.values.PULL_THROUGH_CACHE + "/" or assert("Environment variable TANZU_PULL_THROUGH_CACHE is required. NOTE: the variable is case-sensitive.")