-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Dockerfile
165 lines (138 loc) · 6.3 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
FROM debian:bookworm
LABEL maintainer="[email protected]"
# Default (run-time) environment variables
# Used during initial setup
ENV USERNAME=user
ENV USER_ID=1000
ENV ALLOW_APT=yes
ENV ENTER_PASS=no
# Build arguments, _only_ used during Docker build
ARG DEBIAN_FRONTEND=noninteractive
ARG APT_PROXY
WORKDIR /app
# Enable APT proxy (if APT_PROXY is set)
COPY ./configs/apt.conf ./
COPY ./scripts/apt_proxy.sh ./
RUN ./apt_proxy.sh
## First install basic required packages
RUN apt-get update && apt-get install -y --no-install-recommends \
dirmngr gnupg gnupg-l10n \
gnupg-utils gpg gpg-agent \
gpg-wks-client gpg-wks-server gpgconf \
gpgsm libassuan0 libksba8 \
libldap-2.5-0 libldap-common libnpth0 \
libreadline8 libsasl2-2 libsasl2-modules \
libsasl2-modules-db libsqlite3-0 libssl3 \
lsb-base pinentry-curses readline-common \
apt-transport-https ca-certificates curl \
software-properties-common apt-utils net-tools
## Add additional repositories/components (software-properties-common is required to be installed)
# Add contrib and non-free distro components (deb822-style format)
# Note: apt-add-repository seems to be broken under Debian 12 :(
#RUN apt-add-repository -y contrib non-free
# Copy our own Debian sources file with contrib & non-free instead of apt-add-repository
COPY ./configs/debian.sources /etc/apt/sources.list.d/debian.sources
# Retrieve third party GPG keys from keyserver
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 302F0738F465C1535761F965A6616109451BBBF2 972FD88FA0BAFB578D0476DFE1F958385BFE2B6E
# Add Linux Mint GPG keyring file (for the Mint-Y-Dark theme)
RUN gpg --export 302F0738F465C1535761F965A6616109451BBBF2 | tee /etc/apt/trusted.gpg.d/linuxmint-archive-keyring.gpg >/dev/null
# Add Linux Mint Faye repo source file
COPY ./configs/linuxmint-faye.list /etc/apt/sources.list.d/linuxmint-faye.list
# Add X2Go GPG keyring file
RUN gpg --export 972FD88FA0BAFB578D0476DFE1F958385BFE2B6E | tee /etc/apt/trusted.gpg.d/x2go-archive-keyring.gpg >/dev/null
# Add X2Go repo source file
COPY ./configs/x2go.list /etc/apt/sources.list.d/x2go.list
## Install X2Go server and session
RUN apt update && apt-get install -y x2go-keyring && apt-get update
RUN apt-get install -y x2goserver x2goserver-xsession
## Install important (or often used) dependency packages
RUN apt-get install -y --no-install-recommends \
openssh-server \
pulseaudio \
pavucontrol \
dbus-x11 \
locales \
git \
wget \
sudo \
zip \
bzip2 \
unzip \
unrar \
ffmpeg \
pwgen \
nano \
file \
dialog \
at-spi2-core \
util-linux \
coreutils \
xdg-utils \
xz-utils \
x11-utils \
x11-xkb-utils \
cron
## Add themes & fonts
RUN apt-get install -y --no-install-recommends fonts-ubuntu breeze-gtk-theme mint-themes
# Don't add papirus icons (can be comment-out if you want)
#RUN apt install -y papirus-icon-theme
# Add LibreOffice
RUN apt install -y libreoffice-base libreoffice-base-core libreoffice-common libreoffice-core libreoffice-base-drivers \
libreoffice-nlpsolver libreoffice-script-provider-bsh libreoffice-script-provider-js libreoffice-script-provider-python libreoffice-style-colibre \
libreoffice-writer libreoffice-calc libreoffice-impress libreoffice-draw libreoffice-math
## Install XFCE4
# Install XFCE4, including XFCE panels, terminal, screenshooter, task manager, notify daemon, dbus, locker and plugins.
# ! But we do NOT install xfce4-goodies; since this will install xfburn (not needed) and xfce4-statusnotifier-plugin (deprecated) !
RUN apt-get upgrade -y && apt-get install -y --no-install-recommends \
xfwm4 xfce4-session default-dbus-session-bus xfdesktop4 light-locker \
xfce4-panel xfce4-terminal librsvg2-common \
xfce4-dict xfce4-screenshooter xfce4-appfinder \
xfce4-taskmanager xfce4-notifyd xfce4-whiskermenu-plugin \
xfce4-pulseaudio-plugin xfce4-clipman-plugin xfce4-indicator-plugin
# Install additional apps including recommendations, mainly: file manager, archive manager and image viewer
RUN apt-get install -y \
ristretto tumbler xarchiver \
thunar thunar-archive-plugin thunar-media-tags-plugin
## Add more applications
# Most importantly: browser, calculator, file editor, video player, profile manager
RUN apt-get install -y --no-install-recommends \
firefox-esr htop qalculate-gtk \
mousepad celluloid mugshot
# Update locales, generate new SSH host keys and clean-up (keep manpages)
RUN update-locale
RUN rm -rf /etc/ssh/ssh_host_* && ssh-keygen -A
RUN apt-get clean -y && rm -rf /usr/share/doc/* /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/apk/*
# Update timezone to The Netherlands
RUN echo 'Europe/Amsterdam' >/etc/timezone
RUN unlink /etc/localtime && ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
# Start default XFCE4 panels (don't ask for it)
RUN mv -f /etc/xdg/xfce4/panel/default.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# Use mice as default Splash
COPY ./configs/xfconf/xfce4-session.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
# Add XFCE4 settings to start-up
COPY ./configs/xfce4-settings.desktop /etc/xdg/autostart/
# Enable Clipman by default during start-up
RUN sed -i "s/Hidden=.*/Hidden=false/" /etc/xdg/autostart/xfce4-clipman-plugin-autostart.desktop
# Remove unnecessary existing start-up apps
RUN rm -rf /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/xscreensaver.desktop
# Change default terminal to xfce4-terminal
RUN update-alternatives --set x-terminal-emulator /usr/bin/xfce4-terminal.wrapper
# Disable root shell
RUN usermod -s /usr/sbin/nologin root
## Create worker user (instead of root user)
RUN useradd -d /app -s /bin/bash -u 1001 worker
RUN echo "Defaults!/app/setup.sh setenv" >>/etc/sudoers
# Limit the execute of the following commands of the worker user
RUN echo "worker ALL=(root) NOPASSWD:/usr/sbin/service ssh start, /usr/sbin/service dbus start, /usr/sbin/service cron start, /app/setup.sh" >>/etc/sudoers
# Copy worker scripts
COPY ./scripts/setup.sh ./
COPY ./configs/terminalrc ./
COPY ./configs/whiskermenu-1.rc ./
COPY ./scripts/xfce_settings.sh ./
COPY ./scripts/run.sh ./
# Print hello during worker bash start-up
RUN echo 'echo "Info: Thank you for using Melroys VDI XFCE Docker image!"' >>/app/.bashrc
# Run as worker
USER worker
EXPOSE 22
CMD ["/bin/bash", "/app/run.sh"]