8 changed files with 50 additions and 36 deletions
--- a/.trunk/trunk.yaml
+++ b/.trunk/trunk.yaml
@ -21,7 +21,6 @@ lint:
    - trufflehog # Trufflehog duplicates gitleaks functionality.
    - terrascan
    - trivy
-    - checkov
  enabled:
    - hadolint@2.12.0
    - tflint@0.51.1
@ -29,6 +28,7 @@ lint:
    - markdownlint@0.41.0
    - taplo@0.8.1
    - actionlint@1.7.1
+    - checkov@3.2.156
    - git-diff-check
    - prettier@3.3.2
    - yamllint@1.35.1
--- a/README.md
+++ b/README.md
@ -1,3 +1,5 @@
-# Grey's Docker Swarm does IAC
+Grey's Docker Swarm does IAC
+============================

 Or: How I learned to stop worrying and love the swarm.
+
--- a/modules/minio/minio.tf
+++ b/modules/minio/minio.tf
@ -52,7 +52,6 @@ resource "docker_service" "minio" {
 }

 module "minio_nginx_config" {
-  # tflint-ignore: terraform_module_pinned_source
  source   = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
  hostname = var.domain
  //certificate   = acme_certificate.ooo_grey["s3"]
--- a/modules/vigil/terraform.tf
+++ b/modules/vigil/terraform.tf
@ -12,9 +12,5 @@ terraform {
      source  = "BrendanThompson/scratch"
      version = "~> 0.4"
    }
-    local = {
-      source  = "hashicorp/local"
-      version = "~>2.1"
-    }
  }
 }
--- a/nginx.tf
+++ b/nginx.tf
@ -11,7 +11,6 @@ resource "docker_network" "loadbalancer" {
 }

 module "nginx" {
-  # tflint-ignore: terraform_module_pinned_source
  source = "git::https://code.techinc.nl/grey/terraform-nginx.git"
  configs = concat(
    module.minio.nginx_files,
--- a/printers.tf
+++ b/printers.tf
@ -13,25 +13,37 @@ resource "docker_volume" "ender5plus" {
  name     = "ender5plus_config"
 }

-resource "docker_container" "ender5plus" {
-  image = "${docker_image.octoprint.name}:latest"
+resource "docker_service" "ender5plus" {
  provider = docker.printi
  name     = "ender5plus"
-  env = [
-    "ENABLE_MJPG_STREAMER=false"
-  ]
-  restart = "always"
+  task_spec {
+    container_spec {
+      image = "${docker_image.octoprint.name}:latest"
+      mounts {
+        target = "/octoprint"
+        source = docker_volume.ender5plus.name
+        type   = "volume"
+      }
+      mounts {
+        target = "/dev/ttyACM0"
+        source = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
+        type   = "bind"
+      }
+      env = {
+        #ENABLE_MJPG_STREAMER = "true"
+      }
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "20s"
+      window    = "0s"
+    }
+  }
+  endpoint_spec {
    ports {
-    internal = 80
-    external = 3000
+      target_port    = 80
+      published_port = 3000
+      publish_mode   = "ingress"
    }
-  devices {
-    host_path = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
-    container_path = "/dev/ttyACM0"
-  }
-  volumes {
-    container_path = "/octoprint"
-    #host_path = docker_volume.ender5plus.name
-    volume_name = docker_volume.ender5plus.name
  }
 }
--- a/printers/Dockerfile
+++ b/printers/Dockerfile
@ -1,6 +1,6 @@
 FROM octoprint/octoprint AS octoprint
-RUN apt-get update -q && \
-    apt-get install -yq --no-install-recommends \
+RUN apt update -q && \
+    apt install -yq \
        cpulimit \
        sudo \
        curl wget \
@ -13,16 +13,23 @@ RUN apt-get update -q && \

 FROM octoprint AS mjpg-streamer-builder
 WORKDIR /build
-RUN apt-get update -q && \
-    apt-get install -yq --no-install-recommends \
-      unzip  \
-      subversion
+RUN apt update -q && \
+    apt install -yq unzip subversion
 RUN curl -s -L https://github.com/pranjalv123/mjpg-streamer-yu12/archive/refs/heads/master.zip --output mjpeg-streamer-yu12.zip && \
-    unzip -q mjpeg-streamer-yu12.zip \
-WORKDIR /build/mjpg-streamer-yu12-master/mjpg-streamer
-RUN make && \
+    unzip -q mjpeg-streamer-yu12.zip
+RUN cd mjpg-streamer-yu12-master/mjpg-streamer && \
+    make && \
    ls -lah

 FROM octoprint AS octoprint-mjpg-streamer
 COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/mjpg_streamer /usr/local/bin/mjpg_streamer
 COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/*.so /usr/local/lib/mjpg-streamer/
+
+FROM octoprint AS octoklipper
+RUN git clone https://github.com/Klipper3d/klipper.git klipper && \
+    cd klipper && \
+    git checkout master && \
+    rm .git -rf
+RUN venv/bin/pip install -r klipper/scripts/klippy-requirements.txt \
+ && venv/bin/python -m compileall klipper/klippy \
+ && venv/bin/python klipper/klippy/chelper/__init__.py
--- a/vigil.tf
+++ b/vigil.tf
@ -1,5 +1,4 @@
 module "vigil_nginx_config" {
-  # tflint-ignore: terraform_module_pinned_source
  source   = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
  hostname = "vigil.california.ti"
  //certificate   = acme_certificate.ooo_grey["s3"]