lhumina_code/hero_compute_registry
24
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Small registry that holds custom images to be used in the Hero Compute system
3 commits 1 branch 0 tags 33 KiB
  • Dockerfile 100%
Find a file
Exact
Mahmoud-Emad db1726d4fd
All checks were successful
Build VM Images / Build and Push All Images (push) Successful in 59s
Details
feat: configure SSH for key-only authentication 
- Remove password-based authentication from images
- Configure SSHD to prohibit password login
- Prepare `/root/.ssh` for authorized keys
- Update image descriptions in registry config
- Revise documentation for SSH access and image setup
2026-03-18 16:20:07 +02:00
.forgejo/workflows ci: Add CI workflow to build and push VM images 2026-03-18 14:11:59 +02:00
images feat: configure SSH for key-only authentication 2026-03-18 16:20:07 +02:00
images.toml feat: configure SSH for key-only authentication 2026-03-18 16:20:07 +02:00
README.md feat: configure SSH for key-only authentication 2026-03-18 16:20:07 +02:00

README.md

Hero Compute Registry

VM image registry for Hero Compute. Defines available images and contains Dockerfiles for custom builds.

Structure

hero_compute_registry/
├── images.toml          # Image definitions (loaded by hero_compute_server)
├── .forgejo/workflows/  # CI: auto-build and push on every commit
└── images/              # Custom Dockerfiles
    ├── alpine/
    ├── ubuntu-24.04/
    ├── ubuntu-22.04/
    ├── ubuntu-20.04/
    └── debian/

SSH Access

All images use SSH key authentication only — no passwords. Password auth is disabled.

To access a VM:

  1. Add your SSH public key in the Hero Compute Settings page
  2. Deploy and start a VM
  3. Connect: ssh root@<mycelium-ipv6>

Your SSH keys are injected into the VM's /root/.ssh/authorized_keys at deploy time.

Adding Images

From Public Registries

Add an entry to images.toml:

[[images]]
name = "Nginx"
reference = "nginx:alpine"
description = "Nginx web server on Alpine"

Custom Images (Forgejo)

  1. Create a Dockerfile in images/:
# images/my-app/Dockerfile
FROM ubuntu:24.04
RUN apt-get update && apt-get install -y nginx curl openssh-server \
    && mkdir -p /run/sshd /root/.ssh \
    && chmod 700 /root/.ssh \
    && touch /root/.ssh/authorized_keys \
    && chmod 600 /root/.ssh/authorized_keys \
    && sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config \
    && sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
  1. Build and push:
docker build -t forge.ourworld.tf/lhumina_code/hero_compute_registry/my-app:latest images/my-app/
docker login forge.ourworld.tf
docker push forge.ourworld.tf/lhumina_code/hero_compute_registry/my-app:latest
  1. Add to images.toml:
[[images]]
name = "My App"
reference = "forge.ourworld.tf/lhumina_code/hero_compute_registry/my-app:latest"
description = "Custom image with nginx and curl"
  1. On each node, login to the registry (if private):
chvm login forge.ourworld.tf -u <username> -p <token>

CI/CD

The .forgejo/workflows/build-images.yml workflow automatically builds and pushes all images on every push to development or main that modifies images/ or images.toml.

Configuration

The hero_compute_server fetches images.toml from this repo at runtime. Override the URL with:

HERO_COMPUTE_REGISTRY_URL=https://forge.ourworld.tf/lhumina_code/hero_compute_registry/raw/branch/main/images.toml

Default Image

Mark one image with default = true. This image is pre-selected in the deploy UI:

[[images]]
name = "Ubuntu 24.04"
reference = "forge.ourworld.tf/lhumina_code/hero_compute_registry/ubuntu-24.04:latest"
default = true