scratch.sh

cat > /tmp/storeid.lisp <<EOF
#!/usr/bin/sbcl --script

(loop
 (let* ((parts (list ""))
        (_ (loop for c across (read-line) do
                (cond
                  ((equal c #\Space)
                   (setf parts (cons "" parts)))
                  ('t
                   (setf (car parts)
                         (concatenate 'string (car parts) (list c)))))))
        (_ (setf parts (reverse parts)))
        (url (elt parts 0))
        (url-parts (list ""))
        (_ (loop for c across url do
                (cond
                  ((equal c #\/)
                   (setf url-parts (cons "" url-parts)))
                  ('t
                   (setf (car url-parts)
                         (concatenate 'string (car url-parts) (list c))))))))
   (cond
     ((equal "rpm" (subseq (car url-parts) (- (length (car url-parts)) 3)))
      (format t "OK store-id=~a~%"
              (car url-parts)))
     ('t
      (format t "ERR~%")))))
EOF
cat > /tmp/squid.conf <<EOF
http_port 3128
cache_effective_user squid
cache_effective_group squid
workers 1

refresh_pattern . 129600 33% 525600

cache_dir ufs /var/spool/squid 10000 16 256

store_id_program /opt/storeid.lisp
store_id_children 5 startup=1

# have not seen a larger RPM yet
maximum_object_size 1 GB

# cache RPMs only
acl rpm_only urlpath_regex \.rpm
cache allow rpm_only
cache deny all

# Allow proxing standard web traffic only
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT

# ACLs to target for logging
acl success_codes http_status 100-199 # informational
acl success_codes http_status 200-299 # successful transactions
acl success_codes http_status 300-399 # redirection
acl failure_codes http_status 400-499 # client error
acl failure_codes http_status 500-599 # server error
acl success_hier hier_code HIER_DIRECT
acl failure_hier hier_code HIER_NONE
acl failure all-of CONNECT failure_hier
acl failure all-of !CONNECT failure_codes
acl success all-of CONNECT success_hier
acl success all-of !CONNECT success_codes

# ACL operators
# -------------
http_access allow localhost
http_access deny to_localhost
http_access deny CONNECT !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access allow Safe_ports
http_access deny all

# Logging configuration
# ---------------------
log_mime_hdrs on
logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
EOF
cat > /tmp/sdfasd <<EOF
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

squid -N -z -f /opt/squid.conf
exec squid -N -d 10 -f /opt/squid.conf

EOF
buildah rm fedora-working-container && \
    buildah from fedora && \
    buildah run fedora-working-container sh -c "echo proxy=http://pods.home.arpa:3128 >> /etc/dnf/dnf.conf" && \
    buildah run fedora-working-container cat /etc/dnf/dnf.conf && \
    buildah run fedora-working-container dnf install -y squid sbcl && \
    buildah copy fedora-working-container /tmp/sdfasd /opt/init.sh && \
    buildah copy fedora-working-container /tmp/storeid.lisp /opt/storeid.lisp && \
    buildah copy fedora-working-container /tmp/squid.conf /opt/squid.conf && \
    buildah run fedora-working-container chmod +x /opt/init.sh && \
    buildah run fedora-working-container chmod +x /opt/storeid.lisp && \
    buildah config --entrypoint "/opt/init.sh" fedora-working-container && \
    buildah commit fedora-working-container rpm-cache && \
    buildah push --tls-verify=false rpm-cache docker://pods.home.arpa:5000/rpm-cache:$(date +%Y-%m-%H.%s) && \
    buildah push --tls-verify=false rpm-cache docker://pods.home.arpa:5000/rpm-cache:latest