commit 117566bd3c96280fdcd2b57add00961da101c5f8 Author: Knut Ahlers Date: Sun Jun 27 16:11:15 2021 +0200 Initial setup diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..697fba8 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM luzifer/archlinux + +ARG CODE_SERVER_VERSION=3.10.2 +ARG DUMB_INIT_VERSION=1.2.5 +ARG FIXUID_VERSION=0.5 + +COPY build.sh /usr/local/bin/build.sh +RUN set -ex \ + && bash /usr/local/bin/build.sh + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh + +EXPOSE 8080 + +# This way, if someone sets $DOCKER_USER, docker-exec will still work as +# the uid will remain the same. note: only relevant if -u isn't passed to +# docker-run. +USER 1000 +ENV USER=coder +WORKDIR /home/coder + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["--auth", "none", "--bind-addr", "0.0.0.0:8080", "."] diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..de30af0 --- /dev/null +++ b/build.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -euxo pipefail + +build_packages=() +install_packages=( + curl + git + openssh + sudo + tar +) + +pacman -Sy --noconfirm "${build_packages[@]}" "${install_packages[@]}" + +# Install code-server release +curl -sSfL "https://github.com/cdr/code-server/releases/download/v${CODE_SERVER_VERSION}/code-server-${CODE_SERVER_VERSION}-linux-amd64.tar.gz" | + tar -xz -C /opt +mv /opt/code-server-${CODE_SERVER_VERSION}-linux-amd64 /opt/code-server + +# Install dumb-init +curl -sSfLo /usr/bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" +chmod 0755 /usr/bin/dumb-init + +# Install and configure fixuid +curl -sSfL "https://github.com/boxboat/fixuid/releases/download/v${FIXUID_VERSION}/fixuid-${FIXUID_VERSION}-linux-amd64.tar.gz" | + tar -xz -C /usr/local/bin +chown root:root /usr/local/bin/fixuid +chmod 4755 /usr/local/bin/fixuid + +mkdir -p /etc/fixuid +echo "user: coder\ngroup: coder" >/etc/fixuid/config.yml + +# Configure user to use +useradd -m -u 1000 -U coder +echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd + +[ ${#build_packages[@]} -gt 0 ] && pacman -Rs --noconfirm "${build_packages[@]}" || true diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..466d201 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -euo pipefail + +# We do this first to ensure sudo works below when renaming the user. +# Otherwise the current container UID may not exist in the passwd database. +eval "$(fixuid -q)" + +if [ "${DOCKER_USER-}" ]; then + USER="$DOCKER_USER" + if [ "$DOCKER_USER" != "$(whoami)" ]; then + echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd >/dev/null + # Unfortunately we cannot change $HOME as we cannot move any bind mounts + # nor can we bind mount $HOME into a new home as that requires a privileged container. + sudo usermod --login "$DOCKER_USER" coder + sudo groupmod -n "$DOCKER_USER" coder + + sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd + fi +fi + +dumb-init /opt/code-server/bin/code-server "$@"