Templates control how a DevZero “devbox” is created so that code is cloned, packages installed and custom commands are run.

Basic template policy

The DevZero template is composed of yaml with a few main blocks: softwarepolicy, repopolicy and scriptpolicy.

# a minimal policy
softwarepolicy:
- packagename: build-essential # includes make
repopolicy:
- path: /home/devzero/projects
  repourl: <https://github.com/hashicorp/vault> # will clone vault
scriptpolicy:
- script: |
    # some mulitline script
    echo "run this"
    wget "httpbin.org/get" > file.txt
  runas: devzero # user to run script as

Software policy softwarepolicy

List of Debian packages that will get installed on a devbox. These are installed by the root user. This will be installed with apt-get

Example:

softwarepolicy:
- packagename: build-essential # includes make
- packagename: nano

Repo Policy repopolicy

These are the repositories that are cloned and kept updated by the agent. At checkout time ownership is transferred to the user is assigned to the devbox

Example:

# NOTE! Need to get access to company’s GitHub Enterprise in order to access private repositories.
repopolicy:
- path: /home/devzero/projects
  repourl: <https://github.com/hashicorp/vault>
- path: /home/devzero/projects
  repourl: <https://github.com/organization/repo>

Script Policy scriptpolicy

Identified with the scriptpolicy key, it is an array of scripts that are run sequentially

By default scripts are run as root, but this can be changed with the runas key (this is useful in the User Policy)

Scripts can be run at various stages using the key: runphase:

• regular: after the machine has been initialized w/ the basic templates, this is the default, it does not need to be specified
• checkout: when a user is assigned to a devbox

Example:

scriptpolicy:
- script: |
    # docker install instructions from: <https://docs.docker.com/engine/install/ubuntu>
    apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y
    curl -fsSL <https://download.docker.com/linux/ubuntu/gpg> | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] <https://download.docker.com/linux/ubuntu> $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
    apt-get update -y
    apt-get install docker-ce docker-ce-cli containerd.io -y
- script: whoami > /home/devzero/whoami.txt
  runphase: checkout # user will be filled in based on assigned user
  runas: devzero # this is the primary user for the machine