Move openssh install mamba system env

This will prevent providers clobbering our install with theirs We can now run our ssh daemon on an alternative port alongside the provider
ai-dock · Aug 11, 2023 · 19b1293 · 19b1293
1 parent 064d134
commit 19b1293
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -117,18 +117,18 @@ If you are running locally you may instead opt to mount an executable script at
 
 ## Software Management
 
-A small software collection is installed by apt-get. This is mostly to provide basic functionality, but also includes `openssh-server` as the OS vendor is likely to be first to patch any security issues.
+A small software collection is installed by apt-get to provide basic utility.
 
-All other software is installed into its own environment by `micromamba`, which is a drop-in replacement for conda/mamba. Read more about it [here](https://mamba.readthedocs.io/en/latest/user_guide/micromamba.html).
+All other software is installed by `micromamba`, which is a drop-in replacement for conda/mamba. Read more about it [here](https://mamba.readthedocs.io/en/latest/user_guide/micromamba.html).
 
 Micromamba environments are particularly useful where several software packages are required but their dependencies conflict. 
 
 ### Installed Micromamba Environments
 
-| Environment    | Packages / Rationale |
+| Environment    | Packages |
 | -------------- | ----------------------------------------- |
 | `base`         | micromamba's base environment |
-| `system`       | `supervisord`, `rclone` - latest versions |
+| `system`       | `supervisord`, `openssh`, `rclone` |
 
 If you are extending this image or running an interactive session where additional software is required, you should almost certainly create a new environment first. See below for guidance.
 

diff --git a/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh b/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh
@@ -21,20 +21,20 @@ $APT_INSTALL \
     libelf1 \
     lsb-release \
     nano \
-    openssh-server \
     screen \
     tmux \
     unzip \
     vim \
     zip
 
 # Prepare environment for running SSHD
+chmod 700 /root
 mkdir -p /root/.ssh
 chmod 700 /root/.ssh
 touch /root/.ssh/authorized_keys
 chmod 600 /root/.ssh/authorized_keys
-mkdir -p /run/sshd
-chmod 700 /run/sshd
+#mkdir -p /run/sshd
+#chmod 700 /run/sshd
 
 # Remove less relevant parts of motd
 rm /etc/update-motd.d/10-help-text
@@ -50,6 +50,7 @@ micromamba shell init --shell bash --root-prefix=/opt/micromamba
 $MAMBA_CREATE -n "${MAMBA_BASE_ENV}" python="${MAMBA_BASE_PYTHON_VERSION}"
 micromamba -n "${MAMBA_BASE_ENV}" install -y -c conda-forge \
     supervisor \
+    openssh \
     rclone
 
 # We will use a config from /etc
@@ -58,5 +59,6 @@ rm -rf /root/micromamba/envs/"${MAMBA_BASE_ENV}"/etc/supervisord*
 # Ensure critical paths/files are present
 mkdir -p --mode=0755 /etc/apt/keyrings
 mkdir -p /var/log/supervisor
+mkdir -p /var/empty
 mkdir -p /etc/rclone
 touch /etc/rclone/rclone.conf
diff --git a/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh b/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh
@@ -18,6 +18,6 @@ if [[ ! $(ssh-keygen -l -f $ak_file) ]]; then
 fi
 
 printf "Starting SSH server...\n"
-
+micromamba -n ${MAMBA_BASE_ENV} run /opt/micromamba/envs/"${MAMBA_BASE_ENV}"/bin/ssh-keygen -A
 wait -n
-/usr/sbin/sshd -D -p $SSH_PORT
+micromamba -n ${MAMBA_BASE_ENV} run /opt/micromamba/envs/"${MAMBA_BASE_ENV}"/bin/sshd -D -p $SSH_PORT