feat: replace systemd with supervisord in coder image

images/homelab-workspace/Dockerfile

@@ -105,35 +105,6 @@ RUN --mount=type=cache,target=/var/cache/apt,id=sysbase1-cache-apt-${TARGETARCH}
     sed -i 's|xargs dpkg -S|xargs -r dpkg -S|g' /usr/local/sbin/unminimize && \
     echo -e 'y\ny' | unminimize
 
-# systemd requirements (from https://github.com/nestybox/dockerfiles/blob/master/ubuntu-jammy-systemd/Dockerfile)
-RUN --mount=type=cache,target=/var/cache/apt,id=sysbase2-cache-apt-${TARGETARCH} \
-    --mount=type=cache,target=/var/cache/debconf,id=sysbase2-cache-debconf-${TARGETARCH} \
-    --mount=type=cache,target=/var/lib/apt,id=sysbase2-lib-apt-${TARGETARCH} \
-    --mount=type=tmpfs,target=/var/cache/python \
-    --mount=type=tmpfs,target=/tmp \
-    --mount=type=tmpfs,target=/var/log \
-    --mount=type=tmpfs,target=/var/tmp \
-    apt-get update && \
-    DEBIAN_FRONTEND="noninteractive" apt-get install -yq --no-install-recommends \
-      dbus \
-      iptables \
-      iproute2 \
-      kmod \
-      libsystemd0 \
-      systemd \
-      systemd-sysv \
-      udev \
-      && \
-    # Prevents journald from reading kernel messages from /dev/kmsg
-    echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \
-    # Disable systemd services/units that are unnecessary within a container.
-    systemctl mask systemd-udevd.service \
-      systemd-udevd-kernel.socket \
-      systemd-udevd-control.socket \
-      systemd-modules-load.service \
-      sys-kernel-debug.mount \
-      sys-kernel-tracing.mount
-
 # install docker-engine
 # hadolint ignore=SC1091
 RUN --mount=type=cache,target=/var/cache/apt,id=sysbase3-cache-apt-${TARGETARCH} \
@@ -231,14 +202,14 @@ RUN --mount=type=cache,target=/var/cache/apt,id=sysbase4-cache-apt-${TARGETARCH}
       python3 \
       python3-pip \
       python3-venv \
-      qemu-user-static \
       ripgrep \
       rsync \
       screen \
       software-properties-common \
       sshpass \
       ssh-askpass \
       strace \
+      supervisor \
       sysstat \
       traceroute \
       tmux \
@@ -249,9 +220,6 @@ RUN --mount=type=cache,target=/var/cache/apt,id=sysbase4-cache-apt-${TARGETARCH}
       zsh \
       zstd
 
-# enables docker starting with systemd
-RUN systemctl enable docker
-
 
 # ========================================================================================================
 FROM --platform=$TARGETPLATFORM base AS packages
@@ -274,6 +242,7 @@ ENV FNM_ROOT=/opt/fnm
 # renovate: datasource=node depName=node versioning=node
 ARG NODE_VERSION="20.15.1"
 ENV PATH="$PATH:${FNM_ROOT}"
+# hadolint ignore=SC2086
 RUN --mount=type=tmpfs,target=/tmp \
     --mount=type=tmpfs,target=/var/log \
     --mount=type=tmpfs,target=/var/tmp \
@@ -460,7 +429,7 @@ RUN --mount=type=bind,from=packages,source=/packages/${TARGETARCH},target=/packa
     echo "$PIPX_BIN_DIR" > /env/pipx.path
 
 # ansible and its dependencies, related apps and collections
-# hadolint ignore=SC2046
+# hadolint ignore=SC2046,SC2016
 RUN --mount=type=bind,from=packages,source=/packages/${TARGETARCH},target=/packages \
     --mount=type=cache,target=/root/.cache/pip,id=ansible-cache-${TARGETARCH} \
     --mount=type=tmpfs,target=/var/cache/python \
@@ -504,6 +473,7 @@ COPY --from=sdk-rust-cargo /usr/local/bin/* /usr/local/sbin/
 COPY --from=sdk-golang /usr/local/bin/* /usr/local/sbin/
 
 # copy environment variables
+# hadolint ignore=SC2086
 RUN --mount=type=bind,from=sdk-nodejs,source=/env,target=/env/sdk-nodejs \
     --mount=type=bind,from=sdk-golang,source=/env,target=/env/sdk-golang \
     --mount=type=bind,from=sdk-terraform,source=/env,target=/env/sdk-terraform \
@@ -531,9 +501,13 @@ COPY --link --chown=root:root --chmod=644 shell/bashrc.extra /etc/skel/.bashrc.e
 RUN mkdir -p /opt/coder/bin
 COPY --link --chown=root:root --chmod=755 coder/*.sh /opt/coder/bin/
 
+# supervisord configuration for docker and coder agent
+COPY --link --chown=root:root --chmod=644 etc/supervisord.conf /etc/supervisord.conf
+
 RUN rm -f /etc/apt/apt.conf.d/keep-cache
 
 # Add `coder` user (coder platform will connect the user in as this user)
+# hadolint ignore=DL3059
 RUN useradd coder --no-create-home --shell /bin/bash -g coder --groups sudo,docker
 USER coder
 WORKDIR /

images/homelab-workspace/coder/agent-startup.sh

@@ -43,6 +43,7 @@ install_node() {
 }
 
 install_npm_packages() {
+  eval "$(fnm env --shell bash --use-on-cd --fnm-dir $HOME/.fnm)"
   for i in $(jq -r '.devDependencies | to_entries | map([.key, .value] | join("@")) | .[]' /opt/fnm/npm-packages.json); do
     npm install --global --no-audit $i
   done

images/homelab-workspace/coder/entrypoint-prepare.sh

@@ -44,6 +44,7 @@ maintain_directories() {
 
   echo "- Creating directories..."
   mkdir -p $home_dir
+  ln -sf $home_dir /home/coder
   mkdir -p $home_dir/.log/
   echo "- Updating directory permissions..."
   chown $username:coder $home_dir

images/homelab-workspace/etc/supervisord.conf

@@ -0,0 +1,31 @@
+[unix_http_server]
+file=/var/run/supervisor.sock
+
+[supervisord]
+logfile=/dev/fd/1
+logfile_maxbytes=0
+loglevel=info
+pidfile=/var/run/supervisord.pid
+nodaemon=true
+silent=false
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[program:docker]
+command=/usr/bin/dockerd
+redirect_stderr=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+
+[program:coder]
+command=/tmp/coder-agent-wrapper.sh
+process_name=coder
+directory=/tmp
+environment=CODER_AGENT_TOKEN="%(ENV_CODER_AGENT_TOKEN)"
+redirect_stderr=true
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0

templates/docker/homelab-workspace/main.tf

@@ -119,6 +119,22 @@ resource "docker_image" "workspace_image" {
   keep_locally = true
 }
 
+locals {
+  supervised_mode      = (local.test_mode) ? 0 : 1
+  standard_init_script = replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")
+  agent_init_script    = <<EOF
+    echo ${local.standard_init_script} > /tmp/coder-agent-init-script.sh
+    if [[ "${local.supervised_mode}" == "1" ]]; then
+      sudo -u ${local.username} --preserve-env=CODER_AGENT_TOKEN /bin/bash /tmp/coder-agent-init-script.sh
+    else
+      /opt/coder/bin/entrypoint-prepare.sh --username ${local.username}
+      echo "sudo -u ${local.username} --preserve-env=CODER_AGENT_TOKEN /bin/bash /tmp/coder-agent-init-script.sh" > /tmp/coder-agent-wrapper.sh
+      chmod 700 /tmp/coder-agent-wrapper.sh
+      exec /usr/bin/supervisord
+    fi
+    EOF
+}
+
 resource "docker_container" "workspace" {
   count = data.coder_workspace.me.start_count
 
@@ -128,36 +144,10 @@ resource "docker_container" "workspace" {
   runtime  = "sysbox-runc"
   user     = "0:0"
 
-  entrypoint = ["/bin/bash", "-c", <<EOF
-    echo "TEST_MODE=$TEST_MODE"
-    echo
-    if [[ "$TEST_MODE" == "1" ]]; then
-      sudo -u ${local.username} --preserve-env=CODER_AGENT_TOKEN /bin/bash -- <<-'      EOT'
-      ${replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")}
-      EOT
-    else
-      /opt/coder/bin/entrypoint-prepare.sh --username ${local.username}
-
-      # start coder agent as the "coder" user once systemd has started up
-      sudo -u ${local.username} --preserve-env=CODER_AGENT_TOKEN /bin/bash -- <<-'      EOT' &
-      while [[ ! $(systemctl is-system-running) =~ ^(running|degraded) ]]
-      do
-        echo "Waiting for system to start... $(systemctl is-system-running)"
-        sleep 2
-      done
-      ${coder_agent.main.init_script}
-      EOT
-
-      # /sbin/init must be the last line within entrypoint script to have systemd start as the init process
-      exec /sbin/init
-    fi
-    EOF
-    ,
-  ]
+  entrypoint = ["/bin/bash", "-c", local.agent_init_script]
 
   env = [
-    "CODER_AGENT_TOKEN=${coder_agent.main.token}",
-    "TEST_MODE=${(local.test_mode) ? 1 : 0}"
+    "CODER_AGENT_TOKEN=${coder_agent.main.token}"
   ]
   host {
     host = "host.docker.internal"