diff --git a/.gitignore b/.gitignore deleted file mode 100644 index ff72b5c..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/devc.sh b/devc.sh index 6cba622..0b88552 100755 --- a/devc.sh +++ b/devc.sh @@ -4,12 +4,6 @@ # Dev container enter script. Handles setting up # # different dev containers, resuming sessions and # # automatic container updates. # -# # -# TODO: # -# - Remove security-opt label=disable # -# when possible. # -# - Look into removeing userns=keep-id. # -# - Isolate ssh keys to containers. # # =============================================== # set -eu log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; } @@ -20,27 +14,29 @@ arg() { echo -n " $@"; } default_args() { arg "--name $name" arg "--hostname $name" + + # Pull newer container image if available. arg "--pull=newer" - # Disable some security settings so host directories can - # be mounted without problems. - arg "--security-opt label=disable" # disable labeling so mounts don't need to be labeled. - arg "--userns=keep-id" # required for ~/.ssh which is usually 700. + # Use keep-id so the container user matches the host user. + arg "--userns=keep-id" + + # Disable selinux labeling so unix sockets can be mounted + # without problems. + arg "--security-opt label=disable" # Mount the wayland socket. Required to get the system # clipboard (wl-copy) and gui applications working. [ -e "/run/user/$UID/wayland-0" ] && arg "-v /run/user/$UID/wayland-0:/run/user/1000/wayland-0" - # Mount the ssh socket to get ssh commands working. - [ -e "$SSH_AUTH_SOCK" ] && arg "-v $SSH_AUTH_SOCK:/run/user/1000/ssh-auth-sock" - - # Load custom configuration for container. - config_file="$script_dir/containers/$name/config.sh" - [ -f "${config_file}" ] && source "${config_file}" - - # Add a volume for the home directory so it survives - # container updates. + # Make the user home dir a volume so it survives container + # restarts. Use copy to keep the homedir files from the image. arg "-v $name:/home/user:copy" + + # If there is custom configuration for the container, load + # it here. + config_file="$(dirname "$(realpath "$0")")/containers/$name/config.sh" + [ -f "${config_file}" ] && source "${config_file}" } # param_args returns the podman run arguments based on the @@ -51,16 +47,17 @@ param_args() { -gpu) # Enable gpu acceleration. arg "--device /dev/dri" ;; -host-spawn) # Enable spawning host commands from inside the container using host-spawn. - arg "-v /run/user/$UID/bus:/tmp/bus" ;; - *) # Use argument as is. - echo "$1" ;; + arg "-v /run/user/$UID/bus:/tmp/bus" + arg "-e HOST_HOME=$HOME" # Use to translate paths. + ;; + *) # Use unknown arguments a podman arguments. + arg "$1" ;; esac shift done } ### MAIN ### -script_dir="$(dirname "$(realpath "$0")")" # Get container registry from DEVC_REGISTRY env variable. if [ -n "${DEVC_REGISTRY:-}" ]; then @@ -73,16 +70,16 @@ fi # Get the devcontainer name from the first argument. If not # provided, use the last used name when possible. if [[ $# -gt 0 ]] && [[ ${1:-} != -* ]]; then - name="$1" - mkdir -p "$script_dir/state" - echo "$name" >"$script_dir/state/last-name" + image="$1" + echo "$image" >"$HOME/.local/share/devc-previous-container" shift -elif [ -f "$script_dir/state/last-name" ]; then - name=$(<"$script_dir/state/last-name") +elif [ -f "$HOME/.local/share/devc-previous-container" ]; then + image=$(<"$HOME/.local/share/devc-previous-container") else log "no container name specified" 'x' 31 exit 1 fi +name="${image%:*}" # Create a new container when the container is not running or # when any arguments are provided.