Skip to content

Instantly share code, notes, and snippets.

@hiredman
Created August 31, 2022 16:23
Show Gist options
  • Save hiredman/efbbb9e48548778df397118e9ea9a934 to your computer and use it in GitHub Desktop.
Save hiredman/efbbb9e48548778df397118e9ea9a934 to your computer and use it in GitHub Desktop.
cat > /tmp/storeid.lisp <<EOF
#!/usr/bin/sbcl --script
(loop
(let* ((parts (list ""))
(_ (loop for c across (read-line) do
(cond
((equal c #\Space)
(setf parts (cons "" parts)))
('t
(setf (car parts)
(concatenate 'string (car parts) (list c)))))))
(_ (setf parts (reverse parts)))
(url (elt parts 0))
(url-parts (list ""))
(_ (loop for c across url do
(cond
((equal c #\/)
(setf url-parts (cons "" url-parts)))
('t
(setf (car url-parts)
(concatenate 'string (car url-parts) (list c))))))))
(cond
((equal "rpm" (subseq (car url-parts) (- (length (car url-parts)) 3)))
(format t "OK store-id=~a~%"
(car url-parts)))
('t
(format t "ERR~%")))))
EOF
cat > /tmp/squid.conf <<EOF
http_port 3128
cache_effective_user squid
cache_effective_group squid
workers 1
refresh_pattern . 129600 33% 525600
cache_dir ufs /var/spool/squid 10000 16 256
store_id_program /opt/storeid.lisp
store_id_children 5 startup=1
# have not seen a larger RPM yet
maximum_object_size 1 GB
# cache RPMs only
acl rpm_only urlpath_regex \.rpm
cache allow rpm_only
cache deny all
# Allow proxing standard web traffic only
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
# ACLs to target for logging
acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection
acl failure_codes http_status 400-499 # client error
acl failure_codes http_status 500-599 # server error
acl success_hier hier_code HIER_DIRECT
acl failure_hier hier_code HIER_NONE
acl failure all-of CONNECT failure_hier
acl failure all-of !CONNECT failure_codes
acl success all-of CONNECT success_hier
acl success all-of !CONNECT success_codes
# ACL operators
# -------------
http_access allow localhost
http_access deny to_localhost
http_access deny CONNECT !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access allow Safe_ports
http_access deny all
# Logging configuration
# ---------------------
log_mime_hdrs on
logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
EOF
cat > /tmp/sdfasd <<EOF
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
squid -N -z -f /opt/squid.conf
exec squid -N -d 10 -f /opt/squid.conf
EOF
buildah rm fedora-working-container && \
buildah from fedora && \
buildah run fedora-working-container sh -c "echo proxy=http://pods.home.arpa:3128 >> /etc/dnf/dnf.conf" && \
buildah run fedora-working-container cat /etc/dnf/dnf.conf && \
buildah run fedora-working-container dnf install -y squid sbcl && \
buildah copy fedora-working-container /tmp/sdfasd /opt/init.sh && \
buildah copy fedora-working-container /tmp/storeid.lisp /opt/storeid.lisp && \
buildah copy fedora-working-container /tmp/squid.conf /opt/squid.conf && \
buildah run fedora-working-container chmod +x /opt/init.sh && \
buildah run fedora-working-container chmod +x /opt/storeid.lisp && \
buildah config --entrypoint "/opt/init.sh" fedora-working-container && \
buildah commit fedora-working-container rpm-cache && \
buildah push --tls-verify=false rpm-cache docker://pods.home.arpa:5000/rpm-cache:$(date +%Y-%m-%H.%s) && \
buildah push --tls-verify=false rpm-cache docker://pods.home.arpa:5000/rpm-cache:latest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment