-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
103 lines (94 loc) · 3.05 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#
# use ssh+xvfb+xclip+x11vnc as a network-addressible clipboard
#
FROM alpine
# port choices, add em up
# - x11: 6000
# - vnc: 5900
# - ssh: 22
ENV vncport=11900
ENV clipport=11922
ENV clipscreen=99
ENV clipuser=clippy
ENV cliphome=/home/${clipuser}
ENV clipdata=/data/clip
EXPOSE ${clipport}
COPY dropbear.sh /
COPY xvfb.sh /
COPY x11vnc.sh /
COPY startup.sh /
COPY netclip /
RUN chmod 755 /*.sh \
&& apk --no-cache upgrade \
&& apk --no-cache add \
bash \
busybox-extras \
coreutils \
curl \
dmenu \
doas \
dropbear \
dropbear-convert \
dropbear-dbclient \
dropbear-scp \
dropbear-ssh \
dwm \
file \
openbox \
openssh-keygen \
openssh-sftp-server \
openssl \
procps \
psmisc \
st \
sudo \
tini \
vim \
x11vnc \
xclip \
xinit \
xsetroot \
xterm \
xvfb \
&& rm -f /bin/sh \
&& ln -s /bin/bash /bin/sh \
&& ln -s /netclip /clip \
&& ln -s /netclip /usr/bin/ \
&& ln -s /netclip /usr/bin/clip \
&& sed -i.ORIG '/^root:/s#/bin/ash#/bin/bash#g' /etc/passwd \
&& mkdir -p /etc/dropbear ${clipdata} \
&& sed -i.ORIG "/^wheel:/s/:root/:root,${clipuser}/g" /etc/group \
&& sed -i "/^shadow:/s/:\$/:${clipuser}/g" /etc/group \
&& echo '%wheel ALL=(ALL:ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel \
&& chmod 600 /etc/sudoers.d/wheel \
&& openssl rand -base64 16 > ${clipdata}/passwd \
&& echo ${clipuser} > ${clipdata}/user \
&& echo ${clipport} > ${clipdata}/clipport \
&& echo ${clipscreen} > ${clipdata}/clipscreen \
&& echo ${vncport} > ${clipdata}/vncport \
&& echo "export clipdata=${clipdata}" > /etc/profile.d/clip.sh \
&& addgroup -S ${clipuser} \
&& adduser -D -S -G ${clipuser} -s /bin/bash -h ${cliphome} ${clipuser} \
&& echo "${clipuser}:$(cat ${clipdata}/passwd)" | chpasswd \
&& su - ${clipuser} -c "mkdir -p ${cliphome}/.vnc" \
&& su - ${clipuser} -c "x11vnc -storepasswd '$(cat ${clipdata}/passwd)' ${cliphome}/.vnc/passwd" \
&& echo 'xsetroot -solid darkslategrey' > ${cliphome}/.xinitrc \
&& echo 'exec openbox' >> ${cliphome}/.xinitrc \
&& chmod 755 ${cliphome}/.x* \
&& chown -R ${clipuser}:${clipuser} ${cliphome} ${clipdata} /etc/dropbear \
&& chmod 640 ${clipdata}/* \
&& test -e /etc/motd && cat /etc/motd > /etc/motd.ORIG || true \
&& rm -f /etc/motd || true \
&& cat /etc/doas.conf > /etc/doas.conf.ORIG \
&& echo "permit nopass ${clipuser}" >> /etc/doas.conf
## to debug x11/xvfb/xclip/vnc/x11vnc
#EXPOSE ${vncport}
#RUN openssl rand -base64 16 > ${clipdata}/debug \
# && adduser -D -S -G wheel -s /bin/bash debug \
# && echo "debug:$(cat ${clipdata}/debug)" | chpasswd \
# && chmod 640 ${clipdata}/* \
# && sed -i '/x11vnc/s/#//g' /startup.sh \
# && apk --no-cache add font-terminus font-inconsolata font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra
ENTRYPOINT ["/sbin/tini","-gwvv","--"]
CMD ["/startup.sh"]
# vim: set ft=sh: