gemini changes

Dockerfile

@@ -4,24 +4,24 @@ FROM debian:bookworm-slim
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Update and install Swiss Army Knife tools
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
     curl \
     wget \
     git \
     jq \
     unzip \
     tar \
-    vim \
+    vim-nox \
     nano \
     python3 \
     python3-pip \
     python3-venv \
+    python3-full \
     build-essential \
     iputils-ping \
     dnsutils \
     net-tools \
-    nodejs \
-    npm \
     ffmpeg \
     openssh-server \
     openssh-client \
@@ -29,14 +29,20 @@ RUN apt-get update && apt-get install -y \
     ripgrep \
     ncdu \
     sudo \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y nodejs \
     && rm -rf /var/lib/apt/lists/*
 
-# Install yq (binary release for latest version)
-RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \
+# Install yq (v4.x)
+RUN YQ_VERSION="v4.40.5" && \
+    wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq && \
     chmod +x /usr/bin/yq
-RUN wget https://downloads-openshift-console.apps.lab.apilab.us/amd64/linux/oc.tar -O /tmp/oc.tar && \
-    tar -xvf /tmp/oc.tar -C /usr/bin/ && \
-    rm /tmp/oc.tar && chmod +x /usr/bin/oc
+
+# Install OpenShift CLI (oc)
+RUN OC_VERSION="stable" && \
+    wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz -O /tmp/oc.tar.gz && \
+    tar -xvf /tmp/oc.tar.gz -C /usr/bin/ oc && \
+    rm /tmp/oc.tar.gz && chmod +x /usr/bin/oc
 
 # Setup SSH directory & Config for OpenShift (Random UID support)
 RUN mkdir -p /var/run/sshd && \
@@ -45,7 +51,19 @@ RUN mkdir -p /var/run/sshd && \
 # Custom sshd_config for non-root usage
 # StrictModes no: Required for non-root / random UID environments
 # PidFile: Point to /tmp for guaranteed write access
-RUN echo "Port 2222\nPermitRootLogin no\nPasswordAuthentication no\nPubkeyAuthentication yes\nStrictModes no\nPidFile /tmp/sshd.pid\nHostKey /data/ssh/ssh_host_rsa_key\nHostKey /data/ssh/ssh_host_ecdsa_key\nHostKey /data/ssh/ssh_host_ed25519_key\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nSubsystem sftp /usr/lib/openssh/sftp-server" > /etc/ssh/sshd_config
+RUN printf "Port 2222\n\
+PermitRootLogin no\n\
+PasswordAuthentication no\n\
+PubkeyAuthentication yes\n\
+StrictModes no\n\
+PidFile /tmp/sshd.pid\n\
+HostKey /data/ssh/ssh_host_rsa_key\n\
+HostKey /data/ssh/ssh_host_ecdsa_key\n\
+HostKey /data/ssh/ssh_host_ed25519_key\n\
+AuthorizedKeysFile .ssh/authorized_keys\n\
+ChallengeResponseAuthentication no\n\
+UsePAM no\n\
+Subsystem sftp /usr/lib/openssh/sftp-server\n" > /etc/ssh/sshd_config
 
 # Create a user 'claw' (UID 1000) with sudo access
 RUN useradd -m -s /bin/bash -u 1000 claw && \
@@ -69,9 +87,14 @@ EXPOSE 2222
 USER claw
 
 # Start SSH daemon
-# Fix: StrictModes no handles permissions, but chmod 600 helps sanity.
-CMD ["/bin/bash", "-c", "mkdir -p /data/ssh && if [ ! -f /data/ssh/ssh_host_rsa_key ]; then \
-    echo 'Generating persistent host keys...'; \
-    ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa; \
-    ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa; \
-    ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519; fi && chmod 600 /data/ssh/ssh_host_*_key && /usr/sbin/sshd -D -f /etc/ssh/sshd_config"]
+# The keys are generated if they don't exist on the persistent volume
+CMD ["/bin/bash", "-c", "\
+mkdir -p /data/ssh && \
+for keytype in rsa ecdsa ed25519; do \
+    if [ ! -f /data/ssh/ssh_host_${keytype}_key ]; then \
+        echo \"Generating persistent host ${keytype} key...\"; \
+        ssh-keygen -q -f /data/ssh/ssh_host_${keytype}_key -N '' -t ${keytype}; \
+    fi; \
+done && \
+chmod 600 /data/ssh/ssh_host_*_key && \
+/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config"]