101 lines
2.8 KiB
Docker
101 lines
2.8 KiB
Docker
FROM debian:bookworm-slim
|
|
|
|
# Avoid interactive prompts
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Update and install Swiss Army Knife tools
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
wget \
|
|
git \
|
|
jq \
|
|
unzip \
|
|
tar \
|
|
vim-nox \
|
|
nano \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
python3-full \
|
|
build-essential \
|
|
iputils-ping \
|
|
dnsutils \
|
|
net-tools \
|
|
ffmpeg \
|
|
openssh-server \
|
|
openssh-client \
|
|
sshpass \
|
|
ripgrep \
|
|
ncdu \
|
|
sudo \
|
|
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
|
|
&& apt-get install -y nodejs \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install yq (v4.x)
|
|
RUN YQ_VERSION="v4.40.5" && \
|
|
wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -O /usr/bin/yq && \
|
|
chmod +x /usr/bin/yq
|
|
|
|
# Install OpenShift CLI (oc)
|
|
RUN OC_VERSION="stable" && \
|
|
wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz -O /tmp/oc.tar.gz && \
|
|
tar -xvf /tmp/oc.tar.gz -C /usr/bin/ oc && \
|
|
rm /tmp/oc.tar.gz && chmod +x /usr/bin/oc
|
|
|
|
# Setup SSH directory & Config for OpenShift (Random UID support)
|
|
RUN mkdir -p /var/run/sshd && \
|
|
chmod 775 /var/run/sshd
|
|
|
|
# Custom sshd_config for non-root usage
|
|
# StrictModes no: Required for non-root / random UID environments
|
|
# PidFile: Point to /tmp for guaranteed write access
|
|
RUN printf "Port 2222\n\
|
|
PermitRootLogin no\n\
|
|
PasswordAuthentication no\n\
|
|
PubkeyAuthentication yes\n\
|
|
StrictModes no\n\
|
|
PidFile /tmp/sshd.pid\n\
|
|
HostKey /data/ssh/ssh_host_rsa_key\n\
|
|
HostKey /data/ssh/ssh_host_ecdsa_key\n\
|
|
HostKey /data/ssh/ssh_host_ed25519_key\n\
|
|
AuthorizedKeysFile .ssh/authorized_keys\n\
|
|
ChallengeResponseAuthentication no\n\
|
|
UsePAM no\n\
|
|
Subsystem sftp /usr/lib/openssh/sftp-server\n" > /etc/ssh/sshd_config
|
|
|
|
# Create a user 'claw' (UID 1000) with sudo access
|
|
RUN useradd -m -s /bin/bash -u 1000 claw && \
|
|
echo "claw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
|
|
chmod -R g+rwX /home/claw
|
|
|
|
# Prepare volume mount point
|
|
# Mount persistent storage here
|
|
VOLUME /data
|
|
RUN mkdir -p /data && \
|
|
chown claw:claw /data && \
|
|
chmod 775 /data
|
|
|
|
# Set working directory to the persistent volume
|
|
WORKDIR /data
|
|
|
|
# Expose SSH port (non-privileged)
|
|
EXPOSE 2222
|
|
|
|
# Switch to user 'claw' (UID 1000)
|
|
USER claw
|
|
|
|
# Start SSH daemon
|
|
# The keys are generated if they don't exist on the persistent volume
|
|
CMD ["/bin/bash", "-c", "\
|
|
mkdir -p /data/ssh && \
|
|
for keytype in rsa ecdsa ed25519; do \
|
|
if [ ! -f /data/ssh/ssh_host_${keytype}_key ]; then \
|
|
echo \"Generating persistent host ${keytype} key...\"; \
|
|
ssh-keygen -q -f /data/ssh/ssh_host_${keytype}_key -N '' -t ${keytype}; \
|
|
fi; \
|
|
done && \
|
|
chmod 600 /data/ssh/ssh_host_*_key && \
|
|
/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config"]
|