diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d13b220 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,91 @@ +# Version arguments +ARG DEBIAN_VERSION=bullseye-slim +ARG TERRAFORM_VERSION=1.9.4 +ARG PACKER_VERSION=1.11.2 +ARG TFHELPER_VERSION=release +ARG PYTHON_VERSION=3.9 + +# Base image +FROM debian:${DEBIAN_VERSION} + +LABEL maintainer="Syntax3rror404" + +# Install basic dependencies and tools +RUN apt-get update && apt-get install -y --no-install-recommends \ + unzip \ + curl \ + git \ + python${PYTHON_VERSION} \ + python${PYTHON_VERSION}-venv \ + python${PYTHON_VERSION}-pip \ + libffi-dev \ + gcc \ + make \ + openssh-server \ + sshpass \ + jq \ + xorriso \ + openssl \ + ca-certificates \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + +# Install Terraform +RUN curl -L -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + unzip /tmp/terraform.zip -d /usr/local/bin/ && rm /tmp/terraform.zip + +# Install Packer +RUN curl -L -o /tmp/packer.zip https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip && \ + unzip /tmp/packer.zip -d /usr/local/bin/ && rm /tmp/packer.zip + +# Install TFE_helper +RUN git clone -b ${TFHELPER_VERSION} https://github.com/hashicorp-community/tf-helper.git /opt/tf-helper + +# Set up Python environment and install requirements +COPY ./requirements.txt /tmp/requirements.txt +RUN python${PYTHON_VERSION} -m venv /opt/venv && \ + /opt/venv/bin/pip install --upgrade pip && \ + /opt/venv/bin/pip install -r /tmp/requirements.txt && \ + rm /tmp/requirements.txt + +# Install MinIO Client +RUN curl -L -o /usr/local/bin/mc https://dl.min.io/client/mc/release/linux-amd64/mc && \ + chmod +x /usr/local/bin/mc + +# Create non-root user with specific UID/GID +RUN addgroup --gid 1001 devgroup && \ + adduser --uid 1001 --ingroup devgroup --shell /bin/bash --home /home/dev --disabled-password dev && \ + echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + +# SSH configuration for rootless container +RUN mkdir -p /home/dev/.ssh /home/dev/var/run/sshd && \ + ssh-keygen -A && \ + echo 'dev:dev' | chpasswd && \ + sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \ + sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \ + mkdir -p /home/dev/ssh_host_keys && \ + ssh-keygen -t rsa -f /home/dev/ssh_host_keys/ssh_host_rsa_key -N '' && \ + ssh-keygen -t dsa -f /home/dev/ssh_host_keys/ssh_host_dsa_key -N '' && \ + ssh-keygen -t ecdsa -f /home/dev/ssh_host_keys/ssh_host_ecdsa_key -N '' && \ + ssh-keygen -t ed25519 -f /home/dev/ssh_host_keys/ssh_host_ed25519_key -N '' && \ + chown -R dev:devgroup /home/dev/.ssh /home/dev/var/run/sshd /home/dev/ssh_host_keys + +# Adjust permissions for /opt and home directories +RUN chown -R dev:devgroup /opt /home/dev + +# Switch to non-root user +USER dev + +# Set environment variables +ENV PATH="/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/tf-helper/tfh/bin:/opt/venv/bin:$PATH" +ENV VIRTUAL_ENV="/opt/venv" + +# Copy entrypoint script +COPY ./entrypoint.sh /home/dev/entrypoint.sh +RUN chmod 755 /home/dev/entrypoint.sh + +# Expose SSH port +EXPOSE 2222 + +# Start the SSH server and any other services via entrypoint.sh +ENTRYPOINT ["/home/dev/entrypoint.sh"] +CMD [] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..d7ed7f4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# Start SSH service +/usr/sbin/sshd -D -f /home/dev/ssh_host_keys/sshd_config & + +# Check if any additional commands were passed and execute them +if [ "$#" -gt 0 ]; then + exec "$@" +else + # Keep the container running if no command is provided + tail -f /dev/null +fi