-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
74 lines (64 loc) · 2.75 KB
/
Dockerfile
File metadata and controls
74 lines (64 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
FROM debian:stable-slim
LABEL sh.demyx.image demyx/ssh
LABEL sh.demyx.maintainer Demyx <info@demyx.sh>
LABEL sh.demyx.url https://demyx.sh
LABEL sh.demyx.github https://github.com/demyxsh
LABEL sh.demyx.registry https://hub.docker.com/u/demyx
# Set default variables
ENV DEMYX /demyx
ENV DEMYX_CONFIG /etc/demyx
ENV DEMYX_LOG /var/log/demyx
ENV DEMYX_PASSWORD demyx
ENV DEMYX_USERNAME demyx
ENV TZ America/Los_Angeles
# Support for old variables
ENV SSH_CONFIG "$DEMYX_CONFIG"
ENV SSH_LOG "$DEMYX_LOG"
ENV SSH_ROOT "$DEMYX"
# Packages and setup
RUN set -ex; \
apt update; \
apt install -y bash curl git htop nano openssh-client openssh-server sudo tzdata
# Configure Demyx
RUN set -ex; \
# Create demyx user
groupadd -g 1000 demyx; \
useradd -u 1000 -g demyx -m -s /bin/bash demyx; \
\
# Create demyx directories
install -d -m 0755 -o demyx -g demyx "$DEMYX"; \
install -d -m 0755 -o demyx -g demyx "$DEMYX_CONFIG"; \
install -d -m 0755 -o demyx -g demyx "$DEMYX_LOG"; \
\
# Update .bashrc
echo 'PS1="$(whoami)@\h:\w \$ "' > /home/demyx/.bashrc; \
echo 'PS1="$(whoami)@\h:\w \$ "' > /root/.bashrc
# Imports
COPY bin /usr/local/bin
# Finalize
RUN set -ex; \
# Set up ssh
sed -i "s|/home/demyx:/sbin/nologin|/home/demyx:/bin/bash|g" /etc/passwd; \
sed -i "s|#Port 22|Port 2222|g" /etc/ssh/sshd_config; \
sed -i "s|#PermitRootLogin prohibit-password|PermitRootLogin no|g" /etc/ssh/sshd_config; \
sed -i "s|#PubkeyAuthentication.*|PubkeyAuthentication no|g" /etc/ssh/sshd_config; \
sed -i "s|#PasswordAuthentication.*|PasswordAuthentication yes|g" /etc/ssh/sshd_config; \
sed -i "s|#PermitEmptyPasswords.*|PermitEmptyPasswords no|g" /etc/ssh/sshd_config; \
sed -i "s|#LoginGraceTime 2m|LoginGraceTime 30|g" /etc/ssh/sshd_config; \
sed -i "s|#MaxAuthTries 6|MaxAuthTries 3|g" /etc/ssh/sshd_config; \
sed -i "s|#MaxSessions 10|MaxSessions 3|g" /etc/ssh/sshd_config; \
sed -i "s|#X11Forwarding yes|X11Forwarding no|g" /etc/ssh/sshd_config; \
sed -i "s|#AllowTcpForwarding yes|AllowTcpForwarding local|g" /etc/ssh/sshd_config; \
sed -i "s|#PermitUserEnvironment no|PermitUserEnvironment no|g" /etc/ssh/sshd_config; \
sed -i "s|#ClientAliveInterval 0|ClientAliveInterval 300|g" /etc/ssh/sshd_config; \
sed -i "s|#ClientAliveCountMax 3|ClientAliveCountMax 0|g" /etc/ssh/sshd_config; \
\
# Configure sudo
echo "demyx ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/demyx-sudo" > /etc/sudoers.d/demyx; \
\
# Set ownership
chown -R root:root /usr/local/bin
EXPOSE 2222
USER demyx
WORKDIR /home/demyx
ENTRYPOINT ["demyx-entrypoint"]