From ee44179a0a24637a0be01f3af90fa0f9a3d29204 Mon Sep 17 00:00:00 2001
From: Tracey Jaquith <tracey@archive.org>
Date: Sat, 30 Mar 2024 02:56:14 -0700
Subject: [PATCH] bootstrap fix. mac setup simplify

---
 Dockerfile |  4 ++++
 install.sh | 10 +++-------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fa1a909..81f004b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,10 @@ ENV REVERSE_PROXY       ""
 ENV ON_DEMAND_TLS_ASK   ""
 ENV HOST_UNAME Linux
 
+# replaced at runtime:
+ENV HIND_N "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="
+ENV HIND_C "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="
+
 ENV DEBIAN_FRONTEND noninteractive
 ENV TZ Etc/UTC
 ENV TERM xterm
diff --git a/install.sh b/install.sh
index 87aa714..45db21f 100755
--- a/install.sh
+++ b/install.sh
@@ -35,8 +35,8 @@ else
   # container will effect us, the outside/VM.
   VLC=$(realpath /var/lib/containers 2>/dev/null  ||  echo /var/lib/containers)
   SOCK=$(podman info |grep -F podman.sock |rev |cut -f1 -d ' ' |rev)
-  ARGS_INIT="--net=host -v ${VLC}:/var/lib/containers"
-  ARGS_RUN="--net=host --cgroupns=host -v /opt/nomad/data/alloc:/opt/nomad/data/alloc -v $SOCK:$SOCK"
+  ARGS_INIT="--net=host --cgroupns=host -v ${VLC}:/var/lib/containers"
+  ARGS_RUN="--net=host --cgroupns=host -v /opt/nomad/data/alloc:/opt/nomad/data/alloc -v $SOCK:$SOCK --secret HIND_C,type=env --secret HIND_N,type=env"
   PV=/pv
 fi
 
@@ -66,7 +66,7 @@ fi
   mkdir -p -m777 /opt/nomad/data/alloc
 
   podman pull $QUIET $IMG > $OUT
-  podman run --privileged --cgroupns=host \
+  podman run --privileged \
     $ARGS_INIT \
     -e FQDN  -e HOST_UNAME \
     --name hind-init $QUIET "$@" $IMG
@@ -76,9 +76,6 @@ fi
 
 
 if [ "$HOST_UNAME" = Darwin ]; then
-  echo VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk= |tr -d '\n' | podman secret create HIND_C -
-  echo VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk= |tr -d '\n' | podman secret create HIND_N -
-
   set +x
   echo '
 
@@ -98,7 +95,6 @@ fi
   podman run --privileged \
     $ARGS_RUN \
     -v $PV:/pv \
-    --secret HIND_C,type=env --secret HIND_N,type=env \
     --restart=always --name hind -d $QUIET "$@" localhost/hind > $OUT 2>&1
 )