infra/stacks/valia-sites/sync-image/Dockerfile
Viktor Barzin 8b80b4cc41
Some checks failed
ci/woodpecker/push/default Pipeline failed
Build valia-sites-sync / build (push) Has been cancelled
valia-sites: registry stack for Valia's Pages sites + declarative internal DNS (ADR-0018)
Valia keeps asking Viktor to host 1-page sites from her Drive folders;
this makes it one map entry. New stacks/valia-sites: per site a CF Pages
project + custom domain + proxied CNAME (bridge adopted via import{}),
a ConfigMap feed (valia-sites-dns) the technitium ingress-dns-sync
script now reconciles internal CNAMEs from (add/update/REMOVE — fixes
the add-only stale-record gotcha), and one shared 10-min CronJob that
mirrors each Content folder (rclone, drive.readonly, stem95su's guards)
and wrangler-deploys ONLY on manifest change (free-tier deploy cap).
Scoped CF Pages token + shared rclone conf in secret/valia-sites; the
Global API Key never enters a pod. cloudflared forgets bridge's record
via removed{} (no destroy). stem95su is in the map dns-parked
(manage_dns=false) until its cutover commit.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 12:28:06 +00:00

15 lines
720 B
Docker

# valia-sites-sync: everything the 10-min Content-folder mirror needs, baked in
# (no runtime installs — CronJob pods must not apk/npm on every start).
# rclone pinned to match the proven stem95su version; wrangler pinned to major 4.
FROM node:22-alpine
RUN apk add --no-cache curl unzip ca-certificates jq \
&& curl -fsSL https://downloads.rclone.org/v1.74.3/rclone-v1.74.3-linux-amd64.zip -o /tmp/rclone.zip \
&& unzip -j /tmp/rclone.zip '*/rclone' -d /usr/local/bin \
&& chmod +x /usr/local/bin/rclone \
&& rm /tmp/rclone.zip \
&& npm install -g wrangler@4 \
&& npm cache clean --force
# wrangler writes config/cache under $HOME; the CronJob runs as non-root node (uid 1000)
ENV HOME=/tmp