Add opencode container

Author: dzervas

.github/workflows/docker.yaml

@@ -47,3 +47,43 @@ jobs:
           tags: |
             ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:latest
             ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:${{ github.sha }}
+
+  devenv:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - opencode
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - uses: cachix/install-nix-action@v31
+      - uses: cachix/cachix-action@v16
+        with:
+          name: devenv
+      - name: Install devenv.sh
+        run: nix profile add nixpkgs#devenv
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push image
+        run: |
+          cd docker/${{ matrix.image }}
+          devenv container build ${{ matrix.image }}
+          devenv container \
+            --registry docker://ghcr.io/${{ github.repository_owner }}/ \
+            --copy-args="--dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+             copy ${{ matrix.image }}

docker/opencode/devenv.lock

@@ -0,0 +1,138 @@
+{
+  "nodes": {
+    "devenv": {
+      "locked": {
+        "dir": "src/modules",
+        "lastModified": 1768597968,
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "92ad9c70fad164e8f4a3656dec91717a5c42cd98",
+        "type": "github"
+      },
+      "original": {
+        "dir": "src/modules",
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767039857,
+        "owner": "NixOS",
+        "repo": "flake-compat",
+        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767281941,
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1762808025,
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "mk-shell-bin": {
+      "locked": {
+        "lastModified": 1677004959,
+        "owner": "rrbutani",
+        "repo": "nix-mk-shell-bin",
+        "rev": "ff5d8bd4d68a347be5042e2f16caee391cd75887",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rrbutani",
+        "repo": "nix-mk-shell-bin",
+        "type": "github"
+      }
+    },
+    "nix2container": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767430085,
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "66f4b8a47e92aa744ec43acbb5e9185078983909",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1767052823,
+        "owner": "cachix",
+        "repo": "devenv-nixpkgs",
+        "rev": "538a5124359f0b3d466e1160378c87887e3b51a4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "rolling",
+        "repo": "devenv-nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "git-hooks": "git-hooks",
+        "mk-shell-bin": "mk-shell-bin",
+        "nix2container": "nix2container",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": [
+          "git-hooks"
+        ]
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

docker/opencode/devenv.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }: {
+  languages = {
+    rust.enable = true;
+    python.enable = true;
+    javascript = {
+      enable = true;
+      npm.enable = true;
+      yarn.enable = true;
+      bun.enable = true;
+      pnpm.enable = true;
+    };
+  };
+
+  packages = with pkgs; [
+    opencode
+    ripgrep
+    fd
+  ];
+
+  containers."opencode" = {
+    name = "opencode";
+    registry = "docker://ghcr.io/dzervas/";
+
+    copyToRoot = [];
+    startupCommand = "${pkgs.opencode}/bin/opencode web";
+  };
+}

docker/opencode/devenv.yaml

@@ -0,0 +1,8 @@
+inputs:
+  mk-shell-bin:
+    url: github:rrbutani/nix-mk-shell-bin
+  nix2container:
+    url: github:nlewo/nix2container
+    inputs:
+      nixpkgs:
+        follows: nixpkgs

envs/opencode/main.jsonnet

@@ -0,0 +1,59 @@
+local dockerService = import 'docker-service.libsonnet';
+local timezone = import 'helpers/timezone.libsonnet';
+local k = import 'k.libsonnet';
+
+local namespace = 'opencode';
+local image = 'ghcr.io/dzervas/opencode:latest';
+local dataPath = '/data';
+local configPath = '/config';
+
+local serverArgs = ['web', '--hostname', '0.0.0.0', '--port', '4096'];
+local configFile = configPath + '/opencode.json';
+
+local opencode = dockerService.new('opencode', image, {
+  namespace: namespace,
+  ports: [4096],
+  fqdn: 'opencode.vpn.dzerv.art',
+  runAsUser: 1000,
+
+  command: ['opencode'],
+  args: serverArgs,
+
+  env: {
+    TZ: timezone,
+    OPENCODE_CONFIG: configFile,
+    XDG_DATA_HOME: dataPath,
+  },
+
+  op_envs: {
+    OPENCODE_SERVER_PASSWORD: 'server-password',
+  },
+
+  pvs: {
+    [dataPath]: {
+      name: 'data',
+      size: '20Gi',
+    },
+  },
+
+  config_maps: {
+    [configPath]: 'opencode-config:ro',
+  },
+});
+
+local configMap = k.core.v1.configMap.new('opencode-config')
+  + k.core.v1.configMap.metadata.withNamespace(namespace)
+  + k.core.v1.configMap.withData({
+    'opencode.json': std.manifestJsonEx({
+      '$schema': 'https://opencode.ai/config.json',
+      server: {
+        hostname: '0.0.0.0',
+        port: 4096,
+      },
+    }, '  '),
+  });
+
+{
+  opencode: opencode,
+  opencodeConfig: configMap,
+}

envs/opencode/spec.json

@@ -0,0 +1,15 @@
+{
+	"apiVersion": "tanka.dev/v1alpha1",
+	"kind": "Environment",
+	"metadata": {
+		"name": "envs/opencode"
+	},
+	"spec": {
+		"contextNames": ["gr"],
+		"namespace": "opencode",
+		"injectLabels": true,
+		"applyStrategy": "server",
+		"resourceDefaults": {},
+		"expectVersions": {}
+	}
+}