diff --git a/Dockerfile b/Dockerfile index e099920..1a9f8c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,50 +4,14 @@ FROM debian:bookworm-slim ENV DEBIAN_FRONTEND=noninteractive # Update and install Swiss Army Knife tools -RUN apt-get update && apt-get install -y \ - curl \ - wget \ - git \ - jq \ - unzip \ - tar \ - vim \ - nano \ - python3 \ - python3-pip \ - python3-venv \ - build-essential \ - iputils-ping \ - dnsutils \ - net-tools \ - ffmpeg \ - openssh-server \ - ripgrep ncdu \ - sudo \ - && rm -rf /var/lib/apt/lists/* - -# Install Node.js 22 (via NodeSource) -RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ - && apt-get install -y nodejs \ - && rm -rf /var/lib/apt/lists/* - -# Install Chromium + Xvfb for headful browser support -RUN apt-get update && apt-get install -y chromium xvfb \ - && rm -rf /var/lib/apt/lists/* - -# Install OpenClaw CLI globally -RUN npm install -g openclaw@latest +RUN apt-get update && apt-get install -y curl wget git jq unzip tar vim nano python3 python3-pip python3-venv build-essential iputils-ping dnsutils net-tools nodejs npm ffmpeg openssh-server ripgrep ncdu sudo && rm -rf /var/lib/apt/lists/* # Install yq (binary release for latest version) -RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \ - chmod +x /usr/bin/yq -RUN wget https://downloads-openshift-console.apps.lab.apilab.us/amd64/linux/oc.tar -O /tmp/oc.tar && \ - tar -xvf /tmp/oc.tar -C /usr/bin/ && \ - rm /tmp/oc.tar && chmod +x /usr/bin/oc +RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq +RUN wget https://downloads-openshift-console.apps.lab.apilab.us/amd64/linux/oc.tar -O /tmp/oc.tar && tar -xvf /tmp/oc.tar -C /usr/bin/ && rm /tmp/oc.tar && chmod +x /usr/bin/oc # Setup SSH directory & Config for OpenShift (Random UID support) -RUN mkdir -p /var/run/sshd && \ - chmod 775 /var/run/sshd +RUN mkdir -p /var/run/sshd && chmod 775 /var/run/sshd # Custom sshd_config for non-root usage # StrictModes no: Required for non-root / random UID environments @@ -55,16 +19,12 @@ RUN mkdir -p /var/run/sshd && \ RUN echo "Port 2222\nPermitRootLogin no\nPasswordAuthentication no\nPubkeyAuthentication yes\nStrictModes no\nPidFile /tmp/sshd.pid\nHostKey /data/ssh/ssh_host_rsa_key\nHostKey /data/ssh/ssh_host_ecdsa_key\nHostKey /data/ssh/ssh_host_ed25519_key\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nSubsystem sftp /usr/lib/openssh/sftp-server" > /etc/ssh/sshd_config # Create a user 'claw' (UID 1000) with sudo access -RUN useradd -m -s /bin/bash -u 1000 claw && \ - echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \ - chmod -R g+rwX /home/claw +RUN useradd -m -s /bin/bash -u 1000 claw && echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && chmod -R g+rwX /home/claw # Prepare volume mount point # Mount persistent storage here VOLUME /data -RUN mkdir -p /data && \ - chown claw:claw /data && \ - chmod 775 /data +RUN mkdir -p /data && chown claw:claw /data && chmod 775 /data # Set working directory to the persistent volume WORKDIR /data @@ -77,4 +37,4 @@ USER claw # Start SSH daemon # Fix: StrictModes no handles permissions, but chmod 600 helps sanity. -CMD ["/bin/bash", "-c", "mkdir -p /data/ssh && if [ ! -f /data/ssh/ssh_host_rsa_key ]; then echo 'Generating persistent host keys...'; ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa; ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa; ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519; fi && chmod 600 /data/ssh/ssh_host_*_key && /usr/sbin/sshd -D -f /etc/ssh/sshd_config"] +CMD ["/bin/bash", "-c", "mkdir -p /data/ssh && if [ ! -f /data/ssh/ssh_host_rsa_key ]; then echo 'Generating persistent host keys...'; ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa; ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa; ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519; fi && chmod 600 /data/ssh/ssh_host_*_key && /usr/sbin/sshd -D -f /etc/ssh/sshd_config"] \ No newline at end of file