eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/fly/Dockerfile
Erich Blume 92e5dcfffc C1: SHA-pin tooling dependencies (2026-04 cycle) 
- prek hooks: convert all rev = "vX.Y.Z" to commit SHAs with version comments
- fly/Dockerfile: digest-pin nginx (1.30.0-alpine), tailscale (v1.94.2),
  and alloy (v1.16.0); bump from previous tag pins
- mise-tasks: pin PEP 723 deps with == (rich 15.0.0, typer 0.25.0,
  pyyaml 6.0.3, httpx 0.28.1) — PEP 508 doesn't support hashes inline
- prek additional_dependencies: pin ansible-lint==26.4.0, ansible-core==2.20.5
- taplo-lint: pass --no-schema (upstream catalog format changed and
  taplo v0.9.3 can't parse it; we don't validate against TOML schemas)
- docs/update-tooling-dependencies: document SHA-pin convention,
  digest-pin lookup via docker buildx imagetools, and prek clean before
  re-verifying (cache can grow to several GiB)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 16:16:14 -07:00

34 lines
1.4 KiB
Docker
Raw Blame History

# nginx 1.30.0-alpine
FROM nginx@sha256:0272e4604ed93c1792f03695a033a6e8546840f86e0de20a884bb17d2c924883
# Copy tailscale binaries from official image (v1.94.2)
COPY --from=docker.io/tailscale/tailscale@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 \
/usr/local/bin/tailscaled /usr/local/bin/tailscaled
COPY --from=docker.io/tailscale/tailscale@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 \
/usr/local/bin/tailscale /usr/local/bin/tailscale
RUN mkdir -p /var/run/tailscale /var/lib/tailscale \
&& apk add --no-cache iptables ip6tables \
&& apk add --no-cache libc6-compat \
&& apk add --no-cache fail2ban \
&& rm -f /etc/fail2ban/jail.d/alpine-ssh.conf
# Copy Alloy binary from official image (v1.16.0, Ubuntu-based, needs libc6-compat)
COPY --from=docker.io/grafana/alloy@sha256:6e00cf7c5a692ff5f24844529416ed017d76fce922f8199004e73d5eca46b6b8 \
/bin/alloy /usr/local/bin/alloy
RUN mkdir -p /var/log/nginx /etc/alloy /tmp/alloy-data
COPY fail2ban/filter.d/forge-login.conf /etc/fail2ban/filter.d/forge-login.conf
COPY fail2ban/jail.d/forge.conf /etc/fail2ban/jail.d/forge.conf
COPY fail2ban/action.d/nginx-deny.conf /etc/fail2ban/action.d/nginx-deny.conf
COPY nginx.conf /etc/nginx/nginx.conf
COPY error.html /usr/share/nginx/html/error.html
COPY alloy.river /etc/alloy/config.alloy
COPY start.sh /start.sh
RUN chmod +x /start.sh
EXPOSE 8080
CMD ["/start.sh"]
Reference in a new issue View git blame Copy permalink