Add golang codium extension

Allows interfacing with podman on the host from within containers

Makefile

@@ -2,15 +2,18 @@ BUILD_COMMIT       = $(shell git rev-parse HEAD)
 BASE_IMAGE         = registry.fedoraproject.org/fedora-toolbox
 BASE_IMAGE_VERSION = $(shell cat /etc/os-release | grep VERSION_ID | cut -d = -f 2)
 REPOSITORY         = localhost/toolbox-dev-env
-STARSHIP_COLOR     = $(shell cat starship.$(HOSTNAME).color)
+STARSHIP_COLOR     = $(shell cat shell/starship.$(HOSTNAME).color)
 
-.PHONY: container
-container:
-	podman build ./container/ --tag $(REPOSITORY):$(BUILD_COMMIT) --build-arg BASE_IMAGE="$(BASE_IMAGE)" --build-arg BASE_IMAGE_VERSION="$(BASE_IMAGE_VERSION)" --build-arg BUILD_COMMIT="$(BUILD_COMMIT)"
+.PHONY: toolbox
+toolbox:
+	podman build ./toolbox/ --tag $(REPOSITORY):$(BUILD_COMMIT) --build-arg BASE_IMAGE="$(BASE_IMAGE)" --build-arg BASE_IMAGE_VERSION="$(BASE_IMAGE_VERSION)" --build-arg BUILD_COMMIT="$(BUILD_COMMIT)"
 	podman tag $(REPOSITORY):$(BUILD_COMMIT) $(REPOSITORY):latest
 
-.PHONY: container
-scripts:
+	systemctl --user enable podman.socket --now
+	systemctl --user enable podman.service --now
+
+.PHONY: shell
+shell:
 	mkdir --parents ~/.local/share/fonts/
 	curl -sSLo ~/.local/share/fonts/nerdfont.zip https://github.com/ryanoasis/nerd-fonts/releases/download/v3.4.0/AdwaitaMono.zip
 	unzip -o ~/.local/share/fonts/nerdfont.zip -d ~/.local/share/fonts/
@@ -22,15 +25,45 @@ scripts:
 	sh /tmp/starship.sh --yes --bin-dir=$(HOME)/.local/bin
 
 	mkdir --parents ~/.config/bashrc.d
-	cp scripts.d/*.sh ~/.config/bashrc.d/
+	cp shell/scripts.d/*.sh ~/.config/bashrc.d/
 
 	mkdir --parents ~/.config/completions.d
-	cp completions.d/*.completion ~/.config/completions.d/
+	cp shell/completions.d/*.completion ~/.config/completions.d/
 
-	cp bashrc.sh ~/.bashrc
-	cp inputrc ~/.inputrc
-	cp starship.toml ~/.config/starship.toml
+	cp shell/bashrc.sh ~/.bashrc
+	cp shell/inputrc ~/.inputrc
+	cp shell/starship.toml ~/.config/starship.toml
 	sed -i "s/#XXXXXX/$(STARSHIP_COLOR)/g" ~/.config/starship.toml
 
-install: container scripts;
+.PHONY: vscodium
+vscodium:
+	mkdir --parents ~/.config/VSCodium/User
+	cp vscodium/settings.json ~/.config/VSCodium/User/settings.json
+	cp vscodium/keybindings.json ~/.config/VSCodium/User/keybindings.json
+
+	toolbox create --image $(REPOSITORY):latest vscodium-setup-temp
+	toolbox run --container=vscodium-setup-temp codium --install-extension="tamasfe.even-better-toml"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="samuelcolvin.jinjahtml"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="yzhang.markdown-all-in-one"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="streetsidesoftware.code-spell-checker"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="github.vscode-github-actions"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="redhat.vscode-yaml"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="ms-python.debugpy"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="ms-python.python"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="detachhead.basedpyright"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="opentofu.vscode-opentofu"
+	toolbox run --container=vscodium-setup-temp codium --install-extension="golang.go"
+	toolbox run --container=vscodium-setup-temp codium --update-extensions
+	podman stop vscodium-setup-temp
+	podman rm vscodium-setup-temp
+
+.PHONY: act-runner
+act-runner:
+	systemctl enable libvirtd --now
+	mkdir --parents ~/.local/share/act-runner
+	cp act-runner/act-runner.bu ~/.local/share/act-runner/act-runner.bu
+	bash act-runner/rebuild.bash $(HOME)/.local/share/act-runner
+
+.PHONY: install
+install: toolbox shell vscodium act-runner;
 

README.md

@@ -1,5 +1,22 @@
-# toolbox dev env
+# local dev env
 
-My personal development environment for using [Toolbox](https://containertoolbx.org/) containers.
+My personal development environment for using [Toolbox](https://containertoolbx.org/) containers, VSCodium,
+and custom shell configuration:
 
-To install, run `make install`. To update the image use `make build` and then recreate any running toolbox containers.
+* Toolbox
+   * Build a custom Toolbox container image with all my stuff in it
+   * Enable the podman socket to allow running containers via podman from within Toolbox
+* Shell
+   * Add custom bash aliases
+   * Install a nerd font
+   * Install starship
+   * Add custom bash script `dev` for loading dev tools in a toolbox container
+   * Disable case-sensitive tab completion
+   * Configure starship prompt
+* VSCodium
+   * _Note that VSCodium is installed in the toolbox container, not on the host_
+   * Copy settings and keybindings
+   * Install and update specified extensions
+
+Use `make toolbox|shell|vscodium` for installation of specific components, or `make install` to install all
+components.

act-runner/act-runner.bu

@@ -0,0 +1,131 @@
+---
+variant: fcos
+version: 1.6.0
+
+passwd:
+  users:
+  - name: root
+    ssh_authorized_keys: []
+
+  - name: core
+    groups:
+    - docker
+    ssh_authorized_keys_local:
+    - core_ssh_keys.pub
+
+systemd:
+  units:
+  - name: docker-image-prune.service
+    enabled: false
+    contents: |
+      [Unit]
+      Description=Remove unused images from Docker
+      Wants=docker.socket
+      After=docker.socket
+      After=docker.service
+
+      [Service]
+      Type=oneshot
+      ExecStart=docker image prune --force --all --filter 'reference!="catthehacker/ubuntu"'
+      ExecStart=docker builder prune --force
+      RemainAfterExit=no
+
+      [Install]
+      WantedBy=multi-user.target
+
+  - name: docker-image-prune.timer
+    enabled: true
+    contents: |
+      [Unit]
+      Description=Start docker-image-prune every day
+
+      [Timer]
+      OnBootSec=30min
+      OnUnitActiveSec=1d
+
+      [Install]
+      WantedBy=timers.target
+
+storage:
+  files:
+  - path: /etc/hostname
+    mode: 0644
+    overwrite: true
+    contents:
+      local: hostname
+
+  - path: /etc/ssh/sshd_config.d/99-custom.conf
+    mode: 0644
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      inline: |
+        UseDNS no
+        PermitRootLogin no
+        AllowUsers core@*
+        AuthenticationMethods publickey
+        HostKey /etc/ssh/ssh_host_rsa_key
+        HostKey /etc/ssh/ssh_host_ed25519_key
+        HostKey /etc/ssh/ssh_host_ecdsa_key
+
+  - path: /etc/ssh/ssh_host_rsa_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_rsa
+
+  - path: /etc/ssh/ssh_host_rsa_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_rsa.pub
+
+  - path: /etc/ssh/ssh_host_ed25519_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ed25519
+
+  - path: /etc/ssh/ssh_host_ed25519_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ed25519.pub
+
+  - path: /etc/ssh/ssh_host_ecdsa_key
+    mode: 0600
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ecdsa
+
+  - path: /etc/ssh/ssh_host_ecdsa_key.pub
+    mode: 0644
+    overwrite: true
+    user:
+      name: root
+    group:
+      name: root
+    contents:
+      local: host_keys/ssh_ecdsa.pub

act-runner/rebuild.bash

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+if [ $# -lt 1 ]; then
+  echo "ERROR: Specify config path"
+  exit 1
+fi
+
+CONFIG_PATH="${1}"
+
+if [ ! -f "${CONFIG_PATH}/act-runner.bu" ]; then
+  echo "ERROR: Config path ${CONFIG_PATH} must include the act-runner.bu file"
+  exit 1
+fi
+
+NAME="${HOSTNAME}-act-runner"
+STREAM="stable"
+BUTANE_CONFIG="${CONFIG_PATH}/act-runner.bu"
+VCPUS="8"
+RAM_MB="16132"
+DISK_GB="100"
+SSH_KEY="${HOME}/.ssh/_${HOSTNAME}_act_runner_ed25519"
+
+IGNITION_PATH="${CONFIG_PATH}/${NAME}.ign"
+IMAGE_PATH="${CONFIG_PATH}/${NAME}.qcow2"
+DOWNLOAD_PATH="$(mktemp -d)"
+KVM="qemu:///session"
+
+if ! systemctl is-active libvirtd --quiet; then
+    systemctl start libvirtd
+fi
+
+all_vms=$(virsh --connect="${KVM}" list --all)
+
+if [[ $all_vms == *"${NAME}"* ]]; then
+    running_vms=$(virsh --connect="$KVM" list)
+    if [[ $running_vms == *"${NAME}"* ]]; then
+        echo "Shutting down VM ${NAME}..."
+        virsh --connect="${KVM}" destroy "${NAME}"
+    fi
+    echo "Destroying VM ${NAME}..."
+    virsh --connect="${KVM}" undefine --domain="${NAME}" --remove-all-storage --managed-save
+    echo "Deleting image ${IMAGE_PATH}..."
+    rm -rf "${IMAGE_PATH}"
+    echo "Deleting ignition file ${IGNITION_PATH}..."
+    rm "${IGNITION_PATH}"
+fi
+
+podman run \
+  --rm \
+  -v "${DOWNLOAD_PATH}:/data:z" \
+  -w /data \
+  quay.io/coreos/coreos-installer:release \
+  download -s "${STREAM}" -p qemu -f qcow2.xz --decompress
+
+download_image=$(command ls "${DOWNLOAD_PATH}"/*.qcow2)
+
+mv "${download_image}" "${IMAGE_PATH}"
+
+echo "${HOSTNAME}-act-runner" >"${CONFIG_PATH}/hostname"
+
+if [ ! -f "${SSH_KEY}" ]; then
+  ssh-keygen -q -f "${SSH_KEY}" -t ed25519 -C "${USERNAME}@${HOSTNAME}-act-runner" -N ''
+fi
+cp "${SSH_KEY}.pub" "${CONFIG_PATH}/core_ssh_keys.pub"
+
+mkdir --parents "${CONFIG_PATH}/host_keys"
+
+key_formats=(
+  "rsa"
+  "ed25519"
+  "ecdsa"
+)
+
+for key in "${key_formats[@]}"; do
+  if [ ! -f "${CONFIG_PATH}/host_keys/ssh_${key}" ]; then
+    ssh-keygen -q \
+      -f "${CONFIG_PATH}/host_keys/ssh_${key}" \
+      -t "${key}" \
+      -C "${HOSTNAME}-act-runner" \
+      -N ''
+  fi
+done
+
+podman run \
+  --interactive \
+  --rm \
+  -v "${CONFIG_PATH}:/data:z" \
+  quay.io/coreos/butane:release \
+  --pretty --strict --files-dir=/data < "${BUTANE_CONFIG}" > "${IGNITION_PATH}"
+
+chcon --verbose --type svirt_home_t "${IGNITION_PATH}"
+
+virt-install \
+  --connect="${KVM}" \
+  --name="${NAME}" \
+  --vcpus="${VCPUS}" \
+  --memory="${RAM_MB}" \
+  --os-variant="fedora-coreos-${STREAM}" \
+  --import \
+  --noautoconsole \
+  --graphics=none \
+  --disk="size=${DISK_GB},backing_store=${IMAGE_PATH}" \
+  --network bridge=virbr0 \
+  --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_PATH}"

shell/scripts.d/01-aliases.sh

@@ -1,11 +1,11 @@
 alias fuck='sudo $(history -p \!\!)'
 alias cls='clear'
 alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso'
-alias gmtime='/usr/bin/date -u --iso-8601=seconds'
-alias date='/usr/bin/date --iso-8601=seconds'
+alias gmtime='command -u --iso-8601=seconds'
+alias date='command --iso-8601=seconds'
 alias whatismyip='curl https://icanhazip.com/'
 alias uuid="python3 -c 'import uuid; print(uuid.uuid4());'"
-alias epoch="python3 -c 'import time; print(time.time());'"
+alias epoch="command date +%s"
 alias uptime="command uptime --pretty"
 alias doc='cd ~/Documents'
 alias dn='cd ~/Downloads'
@@ -16,3 +16,4 @@ alias code='codium'
 alias ssh='ssh -F ~/.ssh/config'
 alias whereami='echo $LOCATION'
 alias gg='dev'
+alias bk='cd -'

shell/scripts.d/50-act.sh

@@ -0,0 +1,32 @@
+function start-act-runner() {
+  if ! systemctl is-active libvirtd --quiet; then
+    systemctl start libvirtd
+  fi
+
+  running_vms=$(virsh --connect=qemu:///session list)
+  if [[ "$running_vms" != *"${HOSTNAME}-act-runner"* ]]; then
+    echo "Sarting ACT runner '${HOSTNAME}-act-runner'..."
+    virsh --connect=qemu:///session start --domain="${HOSTNAME}-act-runner" && sleep 15
+  fi
+
+  _configure_act_alias
+}
+
+function _configure_act_alias() {
+  if systemctl is-active libvirtd --quiet; then
+    running_vms=$(virsh --connect=qemu:///session list)
+    if [[ "$running_vms" = *"${HOSTNAME}-act-runner"* ]]; then
+      export ACT_RUNNER_MAC=$(virsh --connect="qemu:///session" domiflist "${HOSTNAME}-act-runner" | awk '{ print $5 }' | tail -2 | head -1)
+      export ACT_RUNNER_IP=$(arp -a | grep $ACT_RUNNER_MAC | awk '{ print $2 }' | sed 's/[()]//g')
+      export ACT_SOURCE_IP="$(echo $ACT_RUNNER_IP | cut -d '.' -f -3).1"
+      export ACT_DOCKER_HOST="ssh://core@$ACT_RUNNER_IP:22"
+      alias act='DOCKER_HOST=$ACT_DOCKER_HOST act --rm --secret=GITHUB_TOKEN=$(gh auth token) --platform="ubuntu-latest=docker.io/catthehacker/ubuntu:full-latest" --platform="ubuntu-24.04=docker.io/catthehacker/ubuntu:full-latest" --container-options="--privileged" --artifact-server-path=$(mktemp --directory) --artifact-server-addr=$ACT_SOURCE_IP --cache-server-path=$(mkdir --parents /tmp/act-cache && echo /tmp/act-cache) --cache-server-addr=$ACT_SOURCE_IP'
+    else
+      alias act='echo ERROR: local act runner is not active, use "start-act-runner" to start it'
+    fi
+  else
+    alias act='echo ERROR: local act runner is not running, use "start-act-runner" to start it'
+  fi
+}
+
+_configure_act_alias

shell/scripts.d/99-local.sh

@@ -0,0 +1,3 @@
+if [ -f ~/.bashrc_local ]; then
+  source ~/.bashrc_local
+fi

toolbox/Containerfile

@@ -27,6 +27,7 @@ RUN dnf install --assumeyes \
   google-cloud-sdk-gke-gcloud-auth-plugin \
   jq \
   kubectl \
+  kustomize \
   libacl-devel \
   libffi-devel \
   libpq-devel \
@@ -49,6 +50,8 @@ RUN dnf install --assumeyes \
   python3.12 \
   python3.12-devel \
   python3.13 \
+  python3.13-devel \
+  python3.14 \
   python3.9 \
   ShellCheck \
   virsh \

vscodium/keybindings.json

@@ -0,0 +1,13 @@
+// Place your key bindings in this file to override the defaults
+[
+    {
+        "key": "ctrl+shift+o",
+        "command": "workbench.action.files.openFolder",
+        "when": "openFolderWorkspaceSupport"
+    },
+    {
+        "key": "ctrl+k ctrl+o",
+        "command": "-workbench.action.files.openFolder",
+        "when": "openFolderWorkspaceSupport"
+    }
+]

vscodium/settings.json

@@ -0,0 +1,28 @@
+{
+    "workbench.activityBar.location": "hidden",
+    "workbench.startupEditor": "none",
+    "workbench.iconTheme": "vs-minimal",
+    "explorer.autoReveal": "focusNoScroll",
+    "explorer.confirmDragAndDrop": false,
+    "update.showReleaseNotes": false,
+    "telemetry.telemetryLevel": "crash",
+    "security.workspace.trust.untrustedFiles": "open",
+    "workbench.tree.indent": 10,
+    "redhat.telemetry.enabled": false,
+    "cSpell.userWords": [
+        "enpaul",
+        "freedomofpress",
+        "venv",
+        "Zizmor"
+    ],
+    "python.missingPackage.severity": "Warning",
+    "[dockercompose]": {
+        "editor.insertSpaces": true,
+        "editor.tabSize": 2,
+        "editor.autoIndent": "advanced",
+        "editor.defaultFormatter": "redhat.vscode-yaml"
+    },
+    "[github-actions-workflow]": {
+        "editor.defaultFormatter": "redhat.vscode-yaml"
+    }
+}