Generalize s6 services usage

Author: hyvs

lazy.ansible/.manala.yaml

@@ -7,6 +7,7 @@ manala:
       - .manala/github
       - .manala/gitlab
       - .manala/make
+      - .manala/services
       - .manala/.dockerignore
       - .manala/.gitignore
       - .manala/Makefile.tmpl

lazy.ansible/.manala/docker/Dockerfile.tmpl

@@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive"
 ARG MANALA_USER_ID="1000"
 ARG MANALA_GROUP_ID="1000"
 
+ARG TINI_VERSION="0.19.0"
 ARG GOSU_VERSION="1.17"
 ARG GOMPLATE_VERSION="3.11.7"
 ARG DIRENV_VERSION="2.33.0"
@@ -45,6 +46,10 @@ RUN \
     && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \
     && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \
     && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \
+    # Tini
+    && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
+        --output /usr/local/bin/tini \
+    && chmod +x /usr/local/bin/tini \
     # Gosu
     && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/gosu \
@@ -57,13 +62,20 @@ RUN \
     && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/direnv \
     && chmod +x /usr/local/bin/direnv \
+    # Services
+    && install --verbose --directory /etc/services/enabled \
+    && install --verbose --directory /etc/services/available \
     # Bash completion
     && install --verbose --mode 0755 --directory /etc/bash_completion.d \
     # Oh My Bash
     && git clone https://github.com/ohmybash/oh-my-bash.git /usr/local/share/oh-my-bash \
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
+# Services
+COPY services/docker-bridge /etc/services/available/docker-bridge
+COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge
+
 ##########
 # System #
 ##########

lazy.ansible/.manala/docker/entrypoint.sh

@@ -2,30 +2,6 @@
 
 set -e
 
-# Ssh agent bridge
-if [ -n "${SSH_AUTH_SOCK}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/ssh-auth-bridge.sock ;
-      socat \
-        UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/ssh-auth.sock ; \
-    done \
-  " &
-fi
-
-# Docker bridge
-if [ -n "${DOCKER_HOST}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/docker-bridge.sock ;
-      socat -t 600 \
-        UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/docker.sock ; \
-    done \
-  " &
-fi
-
 # As a consequence of running the container as root user,
 # tty is not writable by sued user
 if [ -t 1 ]; then
@@ -48,10 +24,18 @@ if [ -d ".manala/etc" ]; then
   GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null
 fi
 
-# Services
-if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then
-    exec s6-svscan /etc/services.d
+# Docker bridge
+if [ -n "${DOCKER_HOST}" ]; then
+  ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/
 fi
 
+# Ssh auth bridge
+if [ -n "${SSH_AUTH_SOCK}" ]; then
+  ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/
+fi
+
+# Services
+s6-svscan /etc/services/enabled &
+
 # Command
-exec gosu lazy "$@"
+exec tini -- gosu lazy "$@"

lazy.ansible/.manala/services/docker-bridge/run

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/docker.sock

lazy.ansible/.manala/services/ssh-auth-bridge/run

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/ssh-auth.sock

lazy.kubernetes/.manala.yaml

@@ -7,6 +7,7 @@ manala:
       - .manala/github
       - .manala/gitlab
       - .manala/make
+      - .manala/services
       - .manala/.dockerignore
       - .manala/.gitignore
       - .manala/Makefile.tmpl

lazy.kubernetes/.manala/docker/Dockerfile.tmpl

@@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive"
 ARG MANALA_USER_ID="1000"
 ARG MANALA_GROUP_ID="1000"
 
+ARG TINI_VERSION="0.19.0"
 ARG GOSU_VERSION="1.17"
 ARG GOMPLATE_VERSION="3.11.7"
 ARG DIRENV_VERSION="2.33.0"
@@ -45,6 +46,10 @@ RUN \
     && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \
     && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \
     && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \
+    # Tini
+    && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
+        --output /usr/local/bin/tini \
+    && chmod +x /usr/local/bin/tini \
     # Gosu
     && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/gosu \
@@ -57,13 +62,20 @@ RUN \
     && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/direnv \
     && chmod +x /usr/local/bin/direnv \
+    # Services
+    && install --verbose --directory /etc/services/enabled \
+    && install --verbose --directory /etc/services/available \
     # Bash completion
     && install --verbose --mode 0755 --directory /etc/bash_completion.d \
     # Oh My Bash
     && git clone https://github.com/ohmybash/oh-my-bash.git /usr/local/share/oh-my-bash \
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
+# Services
+COPY services/docker-bridge /etc/services/available/docker-bridge
+COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge
+
 ##########
 # System #
 ##########

lazy.kubernetes/.manala/docker/entrypoint.sh

@@ -2,30 +2,6 @@
 
 set -e
 
-# Ssh agent bridge
-if [ -n "${SSH_AUTH_SOCK}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/ssh-auth-bridge.sock ;
-      socat \
-        UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/ssh-auth.sock ; \
-    done \
-  " &
-fi
-
-# Docker bridge
-if [ -n "${DOCKER_HOST}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/docker-bridge.sock ;
-      socat -t 600 \
-        UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/docker.sock ; \
-    done \
-  " &
-fi
-
 # As a consequence of running the container as root user,
 # tty is not writable by sued user
 if [ -t 1 ]; then
@@ -48,10 +24,18 @@ if [ -d ".manala/etc" ]; then
   GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null
 fi
 
-# Services
-if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then
-    exec s6-svscan /etc/services.d
+# Docker bridge
+if [ -n "${DOCKER_HOST}" ]; then
+  ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/
 fi
 
+# Ssh auth bridge
+if [ -n "${SSH_AUTH_SOCK}" ]; then
+  ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/
+fi
+
+# Services
+s6-svscan /etc/services/enabled &
+
 # Command
-exec gosu lazy "$@"
+exec tini -- gosu lazy "$@"

lazy.kubernetes/.manala/services/docker-bridge/run

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/docker.sock

lazy.kubernetes/.manala/services/ssh-auth-bridge/run

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/ssh-auth.sock

lazy.symfony/.manala.yaml

@@ -8,6 +8,7 @@ manala:
       - .manala/github
       - .manala/gitlab
       - .manala/make
+      - .manala/services
       - .manala/.dockerignore
       - .manala/.gitignore
       - .manala/Makefile.tmpl

lazy.symfony/.manala/docker/Dockerfile.tmpl

@@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND="noninteractive"
 ARG MANALA_USER_ID="1000"
 ARG MANALA_GROUP_ID="1000"
 
+ARG TINI_VERSION="0.19.0"
 ARG GOSU_VERSION="1.17"
 ARG GOMPLATE_VERSION="3.11.7"
 ARG DIRENV_VERSION="2.33.0"
@@ -45,6 +46,10 @@ RUN \
     && adduser --home /home/lazy --shell /bin/bash --uid ${MANALA_USER_ID} --gecos lazy --ingroup lazy --disabled-password lazy \
     && install --verbose --mode 0755 --group lazy --owner lazy --directory /run/user/${MANALA_USER_ID} \
     && echo "lazy ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lazy \
+    # Tini
+    && curl -sSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
+        --output /usr/local/bin/tini \
+    && chmod +x /usr/local/bin/tini \
     # Gosu
     && curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/gosu \
@@ -57,13 +62,20 @@ RUN \
     && curl -sSL "https://github.com/direnv/direnv/releases/download/v${DIRENV_VERSION}/direnv.linux-{{ include "arch_map" (dict "amd64" "amd64" "arm64" "arm64") }}" \
         --output /usr/local/bin/direnv \
     && chmod +x /usr/local/bin/direnv \
+    # Services
+    && install --verbose --directory /etc/services/enabled \
+    && install --verbose --directory /etc/services/available \
     # Bash completion
     && install --verbose --mode 0755 --directory /etc/bash_completion.d \
     # Oh My Bash
     && git clone https://github.com/ohmybash/oh-my-bash.git /usr/local/share/oh-my-bash \
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
+# Services
+COPY services/docker-bridge /etc/services/available/docker-bridge
+COPY services/ssh-auth-bridge /etc/services/available/ssh-auth-bridge
+
 ##########
 # System #
 ##########
@@ -133,6 +145,8 @@ Pin-Priority: 1000\n\
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
+COPY services/nginx /etc/services/enabled/nginx
+
 # Php
 {{ $php := .Vars.system.php -}}
 RUN \
@@ -174,6 +188,8 @@ Signed-By: /etc/apt/keyrings/sury_php.gpg\n\
     # Clean
     && rm -rf /var/lib/apt/lists/*
 
+COPY services/php /etc/services/enabled/php
+
 {{ $nodejs := .Vars.system.nodejs -}}
 {{ if $nodejs.version -}}
 # Nodejs

lazy.symfony/.manala/docker/entrypoint.sh

@@ -2,30 +2,6 @@
 
 set -e
 
-# Ssh agent bridge
-if [ -n "${SSH_AUTH_SOCK}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/ssh-auth-bridge.sock ;
-      socat \
-        UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/ssh-auth.sock ; \
-    done \
-  " &
-fi
-
-# Docker bridge
-if [ -n "${DOCKER_HOST}" ]; then
-  sh -c " \
-    while sleep 1; do \
-      rm -f /var/run/docker-bridge.sock ;
-      socat -t 600 \
-        UNIX-LISTEN:/var/run/docker-bridge.sock,fork,mode=777 \
-        UNIX-CONNECT:/var/run/docker.sock ; \
-    done \
-  " &
-fi
-
 # As a consequence of running the container as root user,
 # tty is not writable by sued user
 if [ -t 1 ]; then
@@ -48,10 +24,15 @@ if [ -d ".manala/etc" ]; then
   GOMPLATE_LOG_FORMAT=simple gomplate --input-dir=.manala/etc --output-dir=/etc 2>/dev/null
 fi
 
-# Services
-if [ $# -eq 0 ] && [ -d "/etc/services.d" ]; then
-    exec s6-svscan /etc/services.d
+# Docker bridge
+if [ -n "${DOCKER_HOST}" ]; then
+  ln --symbolic /etc/services/available/docker-bridge /etc/services/enabled/
 fi
 
-# Command
-exec gosu lazy "$@"
+# Ssh auth bridge
+if [ -n "${SSH_AUTH_SOCK}" ]; then
+  ln --symbolic /etc/services/available/ssh-auth-bridge /etc/services/enabled/
+fi
+
+# Services
+exec s6-svscan /etc/services/enabled

lazy.symfony/.manala/etc/services.d/.s6-svscan/finish

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/docker-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/docker.sock

lazy.symfony/.manala/services/docker-bridge/run

@@ -1,2 +1,3 @@
 #!/bin/sh
+
 exec nginx -c /etc/nginx/project.conf

lazy.symfony/.manala/etc/services.d/nginx/down-signal renamed to lazy.symfony/.manala/services/nginx/down-signal

@@ -1,2 +1,3 @@
 #!/bin/sh
+
 exec php-fpm --fpm-config /etc/php/default/fpm/project.conf

lazy.symfony/.manala/etc/services.d/nginx/run renamed to lazy.symfony/.manala/services/nginx/run

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec socat \
+    UNIX-LISTEN:/var/run/ssh-auth-bridge.sock,fork,unlink-early,mode=777 \
+    UNIX-CONNECT:/var/run/ssh-auth.sock