88 lines
2.2 KiB
Bash
Executable File
88 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eo pipefail
|
|
|
|
hasunset=0
|
|
|
|
if [ "$UID" != "0" ]; then
|
|
echo "This script must be run in root."
|
|
exit 2
|
|
fi
|
|
|
|
if ! command -v "ssh-keygen"; then
|
|
echo "ssh-keygen is required for guest setup."
|
|
exit 1
|
|
fi
|
|
|
|
PATH="$PWD/scripts:$PATH"
|
|
|
|
if [[ "$CLOUD_CONFIG_REPO" -eq "" ]]; then
|
|
echo "CLOUD_CONFIG_REPO is not set."
|
|
CLOUD_CONFIG_REPO="https://git.sfclub.cc/cloud/bearnet"
|
|
hasunset=1
|
|
fi
|
|
|
|
if [[ "$CLOUD_CONFIG_REVISION" -eq "" ]]; then
|
|
echo "CLOUD_CONFIG_REVISION is not set."
|
|
CLOUD_CONFIG_REVISION="wish"
|
|
hasunset=1
|
|
fi
|
|
|
|
if [[ "$CLOUD_GATEWAY_ADDRESS" -eq "" ]]; then
|
|
echo "CLOUD_GATEWAY_ADDRESS is not set."
|
|
CLOUD_GATEWAY_ADDRESS="10.0.0.119"
|
|
hasunset=1
|
|
fi
|
|
|
|
if [[ "$hasunset" -ne 0 ]]; then
|
|
echo ""
|
|
echo "Default values will be used for unset environments:"
|
|
echo ""
|
|
set | grep -E "^CLOUD_"
|
|
fi
|
|
|
|
IMAGE_TAG=$(git rev-parse --short HEAD)
|
|
IMAGE_NAME=${IMAGE_NAME:-bearcloud}
|
|
|
|
echo "Image tag: $IMAGE_NAME:$IMAGE_TAG and $IMAGE_NAME:latest"
|
|
echo "Additional arguments for VM image: $VM_OPTS"
|
|
echo "Additional arguments for Hypervisor Image: $HY_OPTS"
|
|
echo "Missing secret files like ssh host key will be automatically created."
|
|
echo "Continue?"
|
|
read
|
|
|
|
declare -A PRIVATE_KEYS=(["ssh_host_ecdsa_key"]="ecdsa"
|
|
["ssh_host_ed25519_key"]="ed25519"
|
|
["ssh_host_rsa_key"]="rsa")
|
|
|
|
for item in "${!PRIVATE_KEYS[@]}"; do
|
|
subject="secret/$item"
|
|
if [[ ! -f $subject ]]; then
|
|
echo "Creating missing secret $subject"
|
|
ssh-keygen -t "${PRIVATE_KEYS[$item]}" -f "$subject" \
|
|
-C "automatically generated bearcloud ssh key" \
|
|
-N ""
|
|
ssh-keygen -y -f "$subject" > "${subject}_pub"
|
|
fi
|
|
done
|
|
|
|
BUILDERS=$(docker buildx ls)
|
|
if ! (echo $BUILDERS | grep -q "bearcloud"); then
|
|
docker buildx create --name bearcloud --buildkitd-flags '--allow-insecure-entitlement security.insecure'
|
|
fi
|
|
echo "BUILDING VM DISK IMAGE"
|
|
docker build \
|
|
--builder bearcloud \
|
|
--allow security.insecure \
|
|
-f vm.Dockerfile \
|
|
--build-context host-modules=/lib/modules \
|
|
--target export \
|
|
--output type=local,dest=./data \
|
|
$VM_OPTS .
|
|
|
|
fallocate -d ./data/vm.raw
|
|
|
|
echo "BUILDING HYPERVISOR IMAGE"
|
|
docker build -t "$IMAGE_NAME:$IMAGE_TAG" -t "$IMAGE_NAME:latest" \
|
|
-f hypervisor.Dockerfile $HY_OPTS .
|