chore: adapt tasks.json for gitops workflow

This reverts commit f8a09a135b.

.bin/create-home-tarball.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "$(basename "$(pwd -P)")" != "workspaces" ]; then
+  echo "Error: this script must be run from a directory named 'workspaces', not '$(basename "$(pwd -P)")'" >&2
+  exit 1
+fi
+
+replace_home() {
+  sed -i "s|$1|$2|g" .config/fish/fish_variables
+  find .local/share/nvim/mason/packages -type f -exec sed -i "s|$1|$2|g" {} +
+}
+
+find .config -type d -exec chmod g+x {} +
+
+replace_home "$PWD" "/home/devuser"
+tar -czf home.tar.gz --owner root:0 --group secproc:1002 --xform "s,$PWD,/home/devuser," .config .local .ssh start.sh
+replace_home "/home/devuser" "$PWD"

.bin/gitops

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+ssh -F /dev/null \
+  -o HostName=10.88.0.1 \
+  -o Port=22 \
+  -o User=infilytics \
+  -o IdentityFile=~/.ssh/id_ed25519 \
+  -o ProxyCommand=none \
+  gitops -- "$@"

.bin/test-tmux.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PWD="$(pwd -P)"
+
+if [ "$(basename "$PWD")" != "workspaces" ]; then
+  echo "Error: this script must be run from a directory named 'workspaces', not '$(basename "$(pwd -P)")'" >&2
+  exit 1
+fi
+
+# Override PWD and HOME for this invocation
+export PWD=$PWD
+export HOME=$PWD
+export TMUX=""
+
+# Optionally adjust XDG_CONFIG_HOME if you use that
+# export XDG_CONFIG_HOME="$HOME/.config"
+
+# Start (or attach to) your dev session
+SESSION="dev"
+
+# If the session doesn't exist, create it
+if ! tmux has-session -t "$SESSION" 2>/dev/null; then
+  tmux new-session -d -s "$SESSION" -n editor 'HOME='"$HOME"' XDG_STATE_HOME='"$HOME/.state"' /usr/bin/fish'
+fi
+
+tmux send-keys -t $SESSION:editor 'fisher install jorgebucaran/fisher pure-fish/pure patrickf1/fzf.fish jorgebucaran/autopair.fish gazorby/fish-abbreviation-tips jethrokuan/z' Enter
+
+# Attach to it
+exec tmux attach -t "$SESSION"

.gitattributes

@@ -0,0 +1 @@
+home.tar.gz filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -1,5 +1,7 @@
 logs
-files/pallav
+.local
-home/.config/nvim/lazy-lock.json
+.cache
-home/.local
+.state
-home/.cache
+.config/fish
+.npm
+.config/nvim/lazy-lock.json

.lazy.lua

@@ -0,0 +1,24 @@
+return {
+	"folke/snacks.nvim",
+	opts = {
+		-- show hidden files in snacks.explorer
+		picker = {
+			sources = {
+				explorer = {
+					-- show hidden files like .env
+					hidden = true,
+					-- show files ignored by git like node_modules
+					ignored = false,
+					exclude = { ".git" },
+				},
+				files = {
+					-- show hidden files like .env
+					hidden = true,
+					-- show files ignored by git like node_modules
+					ignored = false,
+					exclude = { ".npm", ".git" },
+				},
+			},
+		},
+	},
+}

.ssh/config

@@ -1,7 +1,7 @@
 Host alps
     HostName 10.88.0.1
     User git
-    IdentityFile /opt/secure/ssh/id_ed25519
+    IdentityFile ~/.ssh/id_ed25519
     IdentitiesOnly yes
     StrictHostKeyChecking yes
     Port 2222
@@ -10,7 +10,7 @@ Host alps
 Host github
     HostName github.com
     User git
-    IdentityFile /opt/secure/ssh/id_ed25519
+    IdentityFile ~/.ssh/id_ed25519
     IdentitiesOnly yes
     StrictHostKeyChecking yes
     ProxyCommand none

.vscode/tasks.json

@@ -2,48 +2,121 @@
   "version": "2.0.0",
   "tasks": [
     {
-      "label": "Build workspace image",
+      "label": "GitOps(Build): base image",
       "type": "shell",
-      "command": "./build-workspace.sh",
+      "command": ".bin/gitops build base",
+      "group": "build",
+      "problemMatcher": [],
+      "detail": "build base image using buildah"
+    },
+    {
+      "label": "GitOps(Build): workspace image",
+      "type": "shell",
+      "command": ".bin/gitops build workspace",
       "group": "build",
       "problemMatcher": [],
       "detail": "build podman image using buildah"
     },
     {
-      "label": "Clean dangling images",
+      "label": "GitOps: Clean dangling images",
       "type": "shell",
-      "command": "./clean_dangling_images.sh",
+      "command": ".bin/gitops clean",
       "problemMatcher": [],
       "detail": "Clean podman images"
     },
     {
-      "label": "Tag image",
+      "label": "Gitops(Update): build-base.sh",
       "type": "shell",
-      "command": "podman tag localhost/analytics-backend-workspace:latest localhost:5100/analytics-backend-workspace:latest",
+      "command": ".bin/gitops update base",
+      "group": "build",
       "problemMatcher": [],
-      "detail": "Tag podman image to localhost 5100"
+      "detail": "Copy build-base.sh to /home/infilytics/.local/bin/"
     },
     {
-      "label": "Push image",
+      "label": "GitOps(Update): build-workspace.sh",
       "type": "shell",
-      "command": "podman push --tls-verify=false localhost:5100/analytics-backend-workspace:latest",
+      "command": ".bin/gitops update workspace",
+      "group": "build",
       "problemMatcher": [],
-      "detail": "Push podman image to localhost 5100"
+      "detail": "Copy build-workspace.sh to /home/infilytics/.local/bin/"
     },
     {
-      "label": "Copy ssh_router.sh",
+      "label": "GitOps(Update): ssh_router.sh",
       "type": "shell",
-      "command": "sudo cp ssh_router.sh /home/infilytics/ && sudo chown -R infilytics:infilytics /home/infilytics/ssh_router.sh",
+      "command": ".bin/gitops update ssh_router",
+      "group": "build",
       "problemMatcher": [],
-      "detail": "Copy ssh_router.sh to /home/infilytics"
+      "detail": "Copy ssh_router.sh to /home/infilytics/.local/bin/"
     },
     {
-      "label": "Copy access.yml",
+      "label": "GitOps(Update): access.yml",
       "type": "shell",
-      "command": "sudo cp access.yml /home/infilytics/ && sudo chown -R infilytics:infilytics /home/infilytics/access.yml",
+      "command": ".bin/gitops update access",
+      "group": "build",
       "problemMatcher": [],
-      "detail": "Copy access.yml to /home/infilytics"
+      "detail": "Copy access.yml to /home/infilytics/"
+    },
+    {
+      "label": "GitOps(Update): gitops_router.sh",
+      "type": "shell",
+      "command": ".bin/gitops update gitops_router",
+      "group": "build",
+      "problemMatcher": [],
+      "detail": "Copy gitops_router.sh to /home/infilytics/.local/bin"
+    },
+    {
+      "label": "GitOps(Update): home.tar.gz",
+      "type": "shell",
+      "command": ".bin/gitops update home_tar",
+      "group": "build",
+      "problemMatcher": [],
+      "detail": "Copy home.tar.gz to /home/infilytics/"
+    },
+    {
+      "label": "Create home tarball",
+      "type": "shell",
+      "command": "${workspaceFolder}/.bin/create-home-tarball.sh",
+      "group": "build",
+      "problemMatcher": [],
+      "detail": "create home.tar.gz from .config .local .ssh start.sh"
+    },
+    {
+      "label": "Test: start tmux session",
+      "type": "shell",
+      "command": "${workspaceFolder}/.bin/test-tmux.sh",
+      "group": "test",
+      "problemMatcher": [],
+      "detail": "run tmux with project room as home"
+    },
+    {
+      "label": "GitOps: Show image status",
+      "type": "shell",
+      "command": ".bin/gitops status",
+      "problemMatcher": [],
+      "detail": "run podman images on remote"
+    },
+    {
+      "label": "GitOps: Remove workspace container",
+      "type": "shell",
+      "command": ".bin/gitops remove ${input:container} -f",
+      "problemMatcher": [],
+      "detail": "run podman rm $args on remote"
+    },
+    {
+      "label": "Cleanup worktree",
+      "type": "shell",
+      "command": "git clean -Xfd",
+      "problemMatcher": [],
+      "detail": "delete all untracked files listed in .gitignore"
     }
   ],
-  "inputs": []
+  "inputs": [
+    {
+      "id": "container",
+      "type": "pickString",
+      "description": "Pick a container",
+      "options": ["pallav", "palak", "param", "darshan"],
+      "default": "pallav"
+    }
+  ]
 }

build-base.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+BASE_IMG_NAME="analytics-backend-base"
+DEV_USER=devuser
+DEV_UID=1001
+DEV_GID=1001
+
+ctr=$(buildah from archlinux)
+
+buildah run "$ctr" -- bash -c "
+  pacman -Sy --noconfirm && \
+  pacman -S --noconfirm --needed base-devel neovim git git-lfs fish tmux \
+  nodejs python podman fzf fd ripgrep jdk-openjdk fisher yazi less buildah \
+  lazygit luarocks python-pynvim npm bash-completion tree-sitter-cli kitty-terminfo \
+  lua51 openssh && \
+  pacman -Scc --noconfirm && \
+  groupadd -g $DEV_GID $DEV_USER && \
+  groupadd -g 1002 secproc && \
+  useradd -ms /bin/fish -G secproc -u $DEV_UID -g $DEV_GID $DEV_USER
+"
+
+buildah commit "$ctr" $BASE_IMG_NAME
+echo "✅ $BASE_IMG_NAME built."

build-workspace.sh

@@ -1,62 +1,26 @@
 #!/bin/bash
-
 set -euo pipefail
 
+BASE_IMG_NAME="analytics-backend-base"
 IMG_NAME="analytics-backend-workspace"
 DEV_USER=devuser
-DEV_UID=1001
-DEV_GID=1001
-SECURE=/opt/secure
 DEV_HOME=/home/$DEV_USER
 
-ctr=$(buildah from archlinux)
+ctr=$(buildah from "$BASE_IMG_NAME")
 
-buildah run "$ctr" -- bash -c "\
+buildah add "$ctr" home.tar.gz $DEV_HOME
-  pacman -Sy --noconfirm && pacman -S --noconfirm --needed base-devel neovim git fish tmux \
-  nodejs python podman fzf fd ripgrep jdk-openjdk fisher yazi less buildah \
-  lazygit luarocks python-pynvim npm bash-completion tree-sitter-cli kitty-terminfo \
-  lua51 openssh && pacman -Scc --noconfirm && groupadd secproc && groupadd -g $DEV_GID $DEV_USER && \
-  useradd -ms /bin/fish -G secproc -u $DEV_UID -g $DEV_GID $DEV_USER && mkdir -m 511 -p $SECURE
-"
 
-# copy start script, neovim, tmux setup and ssh setup
-buildah copy --chown $DEV_USER:$DEV_USER "$ctr" ./home/. $DEV_HOME
-buildah copy "$ctr" 00-allow-git.conf /etc/ssh/ssh_config.d/
-
-# configure lazyvim
 # shellcheck disable=SC2016
-buildah run --user "$DEV_USER" "$ctr" -- fish -c '
+buildah run "$ctr" -- fish -c '
   set -gx HOME '"$DEV_HOME"';
-  mkdir -p $HOME/.ssh;
   ssh-keyscan -p 2222 10.88.0.1 >> $HOME/.ssh/known_hosts;
   ssh-keyscan -p 22 github.com >> $HOME/.ssh/known_hosts;
-  fisher install \
+  chown -R '"$DEV_USER"':'"$DEV_USER"' $HOME/.local $HOME/.config/fish/completions \
-    jorgebucaran/fisher \
+    $HOME/.config/fish/functions $HOME/.config/fish/fish_variables $HOME/.ssh;
-    pure-fish/pure \
+  chown '"$DEV_USER"':'"$DEV_USER"' $HOME/.config $HOME/.config/fish \
-    patrickf1/fzf.fish \
+    $HOME/.config/tmux;
-    jorgebucaran/autopair.fish \
-    gazorby/fish-abbreviation-tips \
-    jethrokuan/z;
 '
 
-# lock the files
-buildah run "$ctr" -- bash -c "\
-  chmod 750 $DEV_HOME/start.sh \
-  $DEV_HOME/.config/lazygit/config.yml \
-  $DEV_HOME/.config/nvim/lua/config/lazy.lua \
-  $DEV_HOME/.config/nvim/init.lua \
-  $DEV_HOME/.config/nvim/README.md \
-  $DEV_HOME/.config/nvim/LICENSE \
-  $DEV_HOME/.config/tmux/tmux.conf && \
-  chown root:secproc $DEV_HOME/start.sh \
-  $DEV_HOME/.config/lazygit/config.yml \
-  $DEV_HOME/.config/nvim/lua/config/lazy.lua \
-  $DEV_HOME/.config/nvim/init.lua \
-  $DEV_HOME/.config/nvim/README.md \
-  $DEV_HOME/.config/nvim/LICENSE \
-  $DEV_HOME/.config/tmux/tmux.conf
-"
-
 buildah config \
   --user $DEV_USER \
   --workingdir /app \
@@ -65,5 +29,4 @@ buildah config \
   "$ctr"
 
 buildah commit "$ctr" $IMG_NAME
-
+echo "✅ $IMG_NAME built from $BASE_IMG_NAME."
-echo "✅ $IMG_NAME built."

clean_dangling_images.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Get list of image IDs with <none> tag (dangling images)
-dangling_images=$(podman images -f "dangling=true" -q)
-
-if [ -z "$dangling_images" ]; then
-  echo "✅ No dangling images to remove."
-else
-  echo "⚠️ Removing dangling images..."
-  echo "$dangling_images" | xargs podman rmi -f
-  echo "🧹 Done!"
-fi

gitops_router.sh

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PERSON="$1"
+HOST="alps:3222"
+PROTOCOL="http"
+REPO="babbarc/workspaces"
+BRANCH="master"
+
+LOG_FILE="/tmp/.gitops-router-${PERSON}.log"
+
+log() {
+  local level="${1^^}" # convert to uppercase
+  shift
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $*" | tee -a "$LOG_FILE"
+}
+
+log info "Received SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND"
+
+# Ensure the variable is set
+if [[ -z "${SSH_ORIGINAL_COMMAND:-}" ]]; then
+  log error "No SSH_ORIGINAL_COMMAND provided."
+  exit 1
+fi
+
+geturl() {
+  echo "$PROTOCOL://$HOST/$REPO/$1/branch/$BRANCH/$2"
+}
+
+function run() {
+  "$HOME"/.local/bin/"$1"
+}
+
+function update() {
+  type=${4:-raw}
+  fname=$(basename "$1")
+  output_path="$HOME/$2/$fname"
+  url=$(geturl "$type" "$1")
+
+  [ -f "$output_path" ] && chmod 700 "$output_path"
+  curl -fsSL "$url" -o "$output_path" && log info "Downloaded $url to $output_path"
+  chmod "$3" "$output_path"
+}
+
+clean_images() {
+  # Get list of image IDs with <none> tag (dangling images)
+  dangling_images=$(podman images -f "dangling=true" -q)
+
+  if [ -z "$dangling_images" ]; then
+    echo "✅ No dangling images to remove."
+  else
+    echo "⚠️ Removing dangling images..."
+    echo "$dangling_images" | xargs podman rmi
+    echo "🧹 Done!"
+  fi
+}
+
+# Strip arguments and parse command
+read -r command args <<<"$SSH_ORIGINAL_COMMAND"
+
+# Define command routing
+case "$command" in
+build)
+  case "$args" in
+  base)
+    run build-base.sh
+    ;;
+  workspace)
+    run build-workspace.sh
+    ;;
+  *)
+    log error "Invalid arguments for build command: $args"
+    ;;
+  esac
+  ;;
+update)
+  case "$args" in
+  workspace)
+    update build-workspace.sh .local/bin 500
+    ;;
+  base)
+    update build-base.sh .local/bin 500
+    ;;
+  access)
+    update access.yml . 400
+    ;;
+  ssh_router)
+    update ssh_router.sh .local/bin 500
+    ;;
+  gitops_router)
+    update gitops_router.sh .local/bin 500
+    ;;
+  home_tar)
+    update home.tar.gz . 500 media
+    ;;
+  *)
+    log error "Invalid arguments for update command: $args"
+    ;;
+  esac
+  ;;
+clean)
+  clean_images
+  ;;
+status)
+  podman images
+  ;;
+remove)
+  podman rm "$args"
+  ;;
+*)
+  log error "Unknown command: $command"
+  exit 127
+  ;;
+esac

nvim-workspace.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-XDG_CONFIG_HOME="$PWD/home/.config" \
-  XDG_DATA_HOME="$PWD/home/.local/share" \
-  XDG_STATE_HOME="$PWD/home/.local/state" \
-  XDG_CACHE_HOME="$PWD/home/.cache" \
-  nvim

pre-build.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-ln -s "$PWD"/zsh-autosuggestions "$PWD"/config/zsh/ohmyzsh/custom/plugins/zsh-autosuggestions
-ln -s "$PWD"/zsh-syntax-highlighting "$PWD"/config/zsh/ohmyzsh/custom/plugins/zsh-syntax-highlighting
-rm -rf local/state

ssh_router.sh

@@ -2,7 +2,7 @@
 
 PERSON="$1"
 WORKSPACE="$SSH_ORIGINAL_COMMAND"
-IMAGE="localhost:5100/analytics-backend-workspace:latest"
+IMAGE="localhost/analytics-backend-workspace:latest"
 DEV_USER="devuser"
 
 XDG_RUNTIME_DIR="/run/user/$(id -u)"
@@ -80,8 +80,8 @@ start_container_if_needed() {
       -v "${XDG_RUNTIME_DIR}"/podman/podman.sock:/run/podman/podman.sock \
       -v /home/infilytics/data/"$WORKSPACE":/app \
       -v /home/infilytics/secrets/"$WORKSPACE"/gitconfig:/home/"$DEV_USER"/.gitconfig:ro \
-      -v /home/infilytics/secrets/"$WORKSPACE"/id_ed25519:/opt/secure/ssh/id_ed25519:ro \
+      -v /home/infilytics/secrets/"$WORKSPACE"/id_ed25519:/home/"$DEV_USER"/.ssh/id_ed25519:ro \
-      -v /home/infilytics/secrets/"$WORKSPACE"/id_ed25519.pub:/opt/secure/ssh/id_ed25519.pub:ro \
+      -v /home/infilytics/secrets/"$WORKSPACE"/id_ed25519.pub:/home/"$DEV_USER"/.ssh/id_ed25519.pub:ro \
       --entrypoint "/home/$DEV_USER/start.sh" \
       "$IMAGE" "${TMUX_SESSION}"
   elif ! podman inspect -f '{{.State.Running}}' "$WORKSPACE" | grep -q true; then