-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
146 lines (118 loc) · 5.09 KB
/
Dockerfile
File metadata and controls
146 lines (118 loc) · 5.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
FROM debian:trixie-slim
# pick unused uid. 65534 is nobody, 65532 is almost nobody.
ARG UID=65532
RUN groupadd --gid ${UID} dev && \
useradd --uid ${UID} --gid ${UID} -m -s /bin/sh dev
# install dependencies necessary for managing keyrings
RUN apt-get update && apt-get install -y \
sudo \
curl \
gnupg \
lsb-release
# github cli repository
RUN mkdir -p -m 755 /etc/apt/keyrings \
&& curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
&& chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
# hashicorp (vault) repository
RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /etc/apt/keyrings/hashicorp-archive-keyring.gpg \
&& chmod go+r /etc/apt/keyrings/hashicorp-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list > /dev/null
# SKIP_SETCAP=yes to prevent mlock in vault
RUN apt-get update && SKIP_SETCAP=yes apt-get install -y \
build-essential \
openssh-server \
libnss3-tools \
socat \
xdg-utils \
locales \
libxkbcommon0 \
libicu76 \
libcap2-bin \
git \
git-lfs \
gh \
python3-venv \
lsof \
rsync \
zsh \
jq \
fzf \
htop \
ripgrep \
fd-find \
bat \
tmux \
stow \
just \
tree \
vault \
unzip \
uuid-runtime \
&& apt-get clean
# link fd-find to fd
RUN ln -s "$(which fdfind)" /usr/local/bin/fd
# link batcat to bat
RUN ln -s "$(which batcat)" /usr/local/bin/bat
# install latest neovim stable from github releases
RUN ARCH=$(uname -m | sed 's/aarch64/arm64/') && \
curl -LO "https://github.com/neovim/neovim/releases/download/stable/nvim-linux-${ARCH}.tar.gz" && \
tar -xzf "nvim-linux-${ARCH}.tar.gz" && \
cp -r "nvim-linux-${ARCH}"/* /usr/local/ && \
rm -rf "nvim-linux-${ARCH}" "nvim-linux-${ARCH}.tar.gz"
# install LazyGit
RUN ARCH=$(uname -m | sed 's/aarch64/arm64/') && LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | \grep -Po '"tag_name": *"v\K[^"]*') && \
curl -Lo /tmp/lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/download/v${LAZYGIT_VERSION}/lazygit_${LAZYGIT_VERSION}_Linux_${ARCH}.tar.gz" && \
tar xf /tmp/lazygit.tar.gz -C /tmp lazygit && \
install /tmp/lazygit -D -t /usr/local/bin/ && \
rm -rf /tmp/lazygit*
# install git-delta
RUN ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') && curl -Lo /tmp/git-delta.deb https://github.com/dandavison/delta/releases/download/0.18.2/git-delta_0.18.2_${ARCH}.deb && \
dpkg -i /tmp/git-delta.deb && \
rm /tmp/git-delta.deb
USER dev
# make an empty .ssh folder so stow doesn't symlink the whole .ssh folder
RUN mkdir -p $HOME/.ssh && ssh-keyscan github.com >> $HOME/.ssh/known_hosts
# install LazyVim for neovim
RUN --mount=type=ssh,uid=${UID} \
git clone git@github.com:LazyVim/starter.git $HOME/.config/nvim && \
rm -rf $HOME/.config/nvim/.git
# oh my zsh installation
RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
# n install
RUN curl -L https://bit.ly/n-install | bash -s -- -y
# install gwtmux
RUN --mount=type=ssh,uid=${UID} \
git clone git@github.com:snapwich/gwtmux.git "$HOME/.local/share/gwtmux"
# install dotfiles (remove files that would conflict before stow)
RUN --mount=type=ssh,uid=${UID} \
git clone git@github.com:snapwich/dotfiles.git "$HOME/.dotfiles" && \
rm $HOME/.config/nvim/lua/config/autocmds.lua && \
rm $HOME/.config/nvim/lua/config/keymaps.lua && \
rm $HOME/.config/nvim/lua/config/options.lua && \
stow -t "$HOME" -d "$HOME/.dotfiles" claude n nvim ssh tmux vim zsh lazygit git
# install claude code
RUN curl -fsSL https://claude.ai/install.sh | bash
# fix .ssh permissions for SSH StrictModes
RUN chmod 700 $HOME/.ssh
USER root
RUN chsh -s /usr/bin/zsh dev
# sudoers updates
RUN echo "dev ALL=(ALL) NOPASSWD:/usr/bin/lsof" >> /etc/sudoers
RUN mkdir -p /var/run/sshd
RUN ssh-keygen -A
# update ssh_config to only allow key-based authentication and only our ssh agent
RUN echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config \
&& echo 'KbdInteractiveAuthentication no' >> /etc/ssh/sshd_config \
&& echo 'UsePAM no' >> /etc/ssh/sshd_config \
&& echo 'PermitRootLogin no' >> /etc/ssh/sshd_config \
&& echo 'AllowUsers dev' >> /etc/ssh/sshd_config \
&& echo 'AllowAgentForwarding no' >> /etc/ssh/sshd_config \
&& echo 'SetEnv SSH_AUTH_SOCK=/tmp/ssh-agent-dev' >> /etc/ssh/sshd_config
# generate locales
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
# setup our entrypoint with tmp ssh-agent socket accessible by dev user
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
EXPOSE 22
CMD ["/usr/local/bin/docker-entrypoint.sh"]