cscott/ClawdBox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b95ba72b329a211e98e6e61ac6725b1eed3c7e5
ClawdBox/Dockerfile

38 lines
2.3 KiB
Docker
Raw Blame History

FROM debian:bookworm-slim
# Avoid interactive prompts
ENV DEBIAN_FRONTEND=noninteractive
# Update and install Swiss Army Knife tools
RUN apt-get update && apt-get install -y curl wget git jq unzip tar vim nano python3 python3-pip python3-venv build-essential iputils-ping dnsutils net-tools nodejs npm ffmpeg openssh-server sudo && rm -rf /var/lib/apt/lists/*
# Install yq (binary release for latest version)
RUN wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
# Setup SSH directory & Config for OpenShift (Random UID support)
RUN mkdir -p /var/run/sshd && mkdir -p /etc/ssh/host_keys && chmod 775 /var/run/sshd && chmod 775 /etc/ssh/host_keys
# Custom sshd_config for non-root usage
RUN echo "Port 2222\nPermitRootLogin no\nPasswordAuthentication no\nPubkeyAuthentication yes\nPidFile /var/run/sshd/sshd.pid\nHostKey /etc/ssh/host_keys/ssh_host_rsa_key\nHostKey /etc/ssh/host_keys/ssh_host_ecdsa_key\nHostKey /etc/ssh/host_keys/ssh_host_ed25519_key\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nSubsystem sftp /usr/lib/openssh/sftp-server" > /etc/ssh/sshd_config
# Create a user 'claw' with sudo access
# Passwordless sudo allowed for friction-free automation
# OpenShift runs as random UID, but 'claw' gives us a named user for direct exec if needed
# We also chmod the home dir to allow group access (OpenShift random UID runs as root group)
RUN useradd -m -s /bin/bash claw && echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && chmod -R g+rwX /home/claw
# Prepare volume mount point
# Mount persistent storage here
VOLUME /data
# Critical for OpenShift: Allow root group (gid 0) to write to /data
RUN mkdir -p /data && chown claw:claw /data && chmod 775 /data
# Set working directory to the persistent volume
WORKDIR /data
# Expose SSH port (non-privileged)
EXPOSE 2222
# Start SSH daemon
# Fix: Explicitly generate keys into the custom host_keys directory
CMD ["/bin/bash", "-c", "ssh-keygen -f /etc/ssh/host_keys/ssh_host_rsa_key -N '' -t rsa && ssh-keygen -f /etc/ssh/host_keys/ssh_host_ecdsa_key -N '' -t ecdsa && ssh-keygen -f /etc/ssh/host_keys/ssh_host_ed25519_key -N '' -t ed25519 && /usr/sbin/sshd -D -f /etc/ssh/sshd_config"]
Reference in New Issue View Git Blame Copy Permalink