diff --git a/Dockerfile b/Dockerfile index b3ac371..956c52b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,54 +11,54 @@ LABEL maintainer="aptalca" ENV HOME="/config" RUN \ - echo "**** install node repo ****" && \ - apt-get update && \ - apt-get install -y \ - gnupg && \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ - echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ - > /etc/apt/sources.list.d/nodesource.list && \ - curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ - > /etc/apt/sources.list.d/yarn.list && \ - echo "**** install build dependencies ****" && \ - apt-get update && \ - apt-get install -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - echo "**** install runtime dependencies ****" && \ - apt-get install -y \ - git \ - jq \ - nano \ - net-tools \ - nodejs \ - sudo \ - yarn && \ - echo "**** install code-server ****" && \ - if [ -z ${CODE_RELEASE+x} ]; then \ - CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ - | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ - fi && \ - CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ - yarn config set network-timeout 600000 -g && \ - yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ - yarn cache clean && \ - echo "**** clean up ****" && \ - apt-get purge --auto-remove -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - apt-get clean && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install node repo ****" && \ + apt-get update && \ + apt-get install -y \ + gnupg && \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ + echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ + > /etc/apt/sources.list.d/nodesource.list && \ + curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ + > /etc/apt/sources.list.d/yarn.list && \ + echo "**** install build dependencies ****" && \ + apt-get update && \ + apt-get install -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + echo "**** install runtime dependencies ****" && \ + apt-get install -y \ + git \ + jq \ + nano \ + net-tools \ + nodejs \ + sudo \ + yarn && \ + echo "**** install code-server ****" && \ + if [ -z ${CODE_RELEASE+x} ]; then \ + CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ + | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ + fi && \ + CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ + yarn config set network-timeout 600000 -g && \ + yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ + yarn cache clean && \ + echo "**** clean up ****" && \ + apt-get purge --auto-remove -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + apt-get clean && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* # add local files COPY /root / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 9321fb6..9fbfcdc 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -11,54 +11,54 @@ LABEL maintainer="aptalca" ENV HOME="/config" RUN \ - echo "**** install node repo ****" && \ - apt-get update && \ - apt-get install -y \ - gnupg && \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ - echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ - > /etc/apt/sources.list.d/nodesource.list && \ - curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ - > /etc/apt/sources.list.d/yarn.list && \ - echo "**** install build dependencies ****" && \ - apt-get update && \ - apt-get install -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - echo "**** install runtime dependencies ****" && \ - apt-get install -y \ - git \ - jq \ - nano \ - net-tools \ - nodejs \ - sudo \ - yarn && \ - echo "**** install code-server ****" && \ - if [ -z ${CODE_RELEASE+x} ]; then \ - CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ - | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ - fi && \ - CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ - yarn config set network-timeout 600000 -g && \ - yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ - yarn cache clean && \ - echo "**** clean up ****" && \ - apt-get purge --auto-remove -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - apt-get clean && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install node repo ****" && \ + apt-get update && \ + apt-get install -y \ + gnupg && \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ + echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ + > /etc/apt/sources.list.d/nodesource.list && \ + curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ + > /etc/apt/sources.list.d/yarn.list && \ + echo "**** install build dependencies ****" && \ + apt-get update && \ + apt-get install -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + echo "**** install runtime dependencies ****" && \ + apt-get install -y \ + git \ + jq \ + nano \ + net-tools \ + nodejs \ + sudo \ + yarn && \ + echo "**** install code-server ****" && \ + if [ -z ${CODE_RELEASE+x} ]; then \ + CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ + | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ + fi && \ + CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ + yarn config set network-timeout 600000 -g && \ + yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ + yarn cache clean && \ + echo "**** clean up ****" && \ + apt-get purge --auto-remove -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + apt-get clean && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* # add local files COPY /root / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index d5ba348..d89c362 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -11,54 +11,54 @@ LABEL maintainer="aptalca" ENV HOME="/config" RUN \ - echo "**** install node repo ****" && \ - apt-get update && \ - apt-get install -y \ - gnupg && \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ - echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ - > /etc/apt/sources.list.d/nodesource.list && \ - curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ - > /etc/apt/sources.list.d/yarn.list && \ - echo "**** install build dependencies ****" && \ - apt-get update && \ - apt-get install -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - echo "**** install runtime dependencies ****" && \ - apt-get install -y \ - git \ - jq \ - nano \ - net-tools \ - nodejs \ - sudo \ - yarn && \ - echo "**** install code-server ****" && \ - if [ -z ${CODE_RELEASE+x} ]; then \ - CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ - | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ - fi && \ - CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ - yarn config set network-timeout 600000 -g && \ - yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ - yarn cache clean && \ - echo "**** clean up ****" && \ - apt-get purge --auto-remove -y \ - build-essential \ - libx11-dev \ - libxkbfile-dev \ - libsecret-1-dev \ - pkg-config && \ - apt-get clean && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + echo "**** install node repo ****" && \ + apt-get update && \ + apt-get install -y \ + gnupg && \ + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ + echo 'deb https://deb.nodesource.com/node_12.x bionic main' \ + > /etc/apt/sources.list.d/nodesource.list && \ + curl -s https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + echo 'deb https://dl.yarnpkg.com/debian/ stable main' \ + > /etc/apt/sources.list.d/yarn.list && \ + echo "**** install build dependencies ****" && \ + apt-get update && \ + apt-get install -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + echo "**** install runtime dependencies ****" && \ + apt-get install -y \ + git \ + jq \ + nano \ + net-tools \ + nodejs \ + sudo \ + yarn && \ + echo "**** install code-server ****" && \ + if [ -z ${CODE_RELEASE+x} ]; then \ + CODE_RELEASE=$(curl -sX GET https://registry.yarnpkg.com/code-server \ + | jq -r '."dist-tags".latest' | sed 's|^|v|'); \ + fi && \ + CODE_VERSION=$(echo "$CODE_RELEASE" | awk '{print substr($1,2); }') && \ + yarn config set network-timeout 600000 -g && \ + yarn --production --verbose --frozen-lockfile global add code-server@"$CODE_VERSION" && \ + yarn cache clean && \ + echo "**** clean up ****" && \ + apt-get purge --auto-remove -y \ + build-essential \ + libx11-dev \ + libxkbfile-dev \ + libsecret-1-dev \ + pkg-config && \ + apt-get clean && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* # add local files COPY /root / diff --git a/README.md b/README.md index 1eb7ad6..54c2510 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e HASHED_PASSWORD=` | Optional web gui password, overrides `PASSWORD`, instructions on how to create it is below. | | `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. | | `-e SUDO_PASSWORD_HASH=` | Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`. | -| `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) | +| `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#sub-domains) | | `-v /config` | Contains all relevant configuration files. | ## Environment variables from files (Docker secrets) @@ -263,6 +263,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **08.05.21:** - Fix doc link * **04.02.20:** - Allow setting gui password via hash using env var `HASHED_PASSWORD`. * **23.12.20:** - Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`. * **29.05.20:** - Add --domain-proxy support. diff --git a/readme-vars.yml b/readme-vars.yml index 27e9009..cb9b4a8 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ opt_param_env_vars: - { env_var: "HASHED_PASSWORD", env_value: "", desc: "Optional web gui password, overrides `PASSWORD`, instructions on how to create it is below." } - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password." } - { env_var: "SUDO_PASSWORD_HASH", env_value: "", desc: "Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`." } - - { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" } + - { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#sub-domains)" } optional_block_1: false optional_block_1_items: "" @@ -75,6 +75,7 @@ app_setup_block: | # changelog changelogs: + - { date: "08.05.21:", desc: "Fix doc link" } - { date: "04.02.20:", desc: "Allow setting gui password via hash using env var `HASHED_PASSWORD`." } - { date: "23.12.20:", desc: "Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`." } - { date: "29.05.20:", desc: "Add --domain-proxy support." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index ef6be25..b3f6cd4 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -3,20 +3,20 @@ mkdir -p /config/{extensions,data,workspace,.ssh} if [ -n "${SUDO_PASSWORD}" ] || [ -n "${SUDO_PASSWORD_HASH}" ]; then - echo "setting up sudo access" - if ! grep -q 'abc' /etc/sudoers; then - echo "adding abc to sudoers" - echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers - fi - if [ -n "${SUDO_PASSWORD_HASH}" ]; then - echo "setting sudo password using sudo password hash" - sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow - else - echo "setting sudo password using SUDO_PASSWORD env var" - echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc - fi + echo "setting up sudo access" + if ! grep -q 'abc' /etc/sudoers; then + echo "adding abc to sudoers" + echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers + fi + if [ -n "${SUDO_PASSWORD_HASH}" ]; then + echo "setting sudo password using sudo password hash" + sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow + else + echo "setting sudo password using SUDO_PASSWORD env var" + echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc + fi fi # permissions chown -R abc:abc \ - /config + /config diff --git a/root/etc/services.d/code-server/run b/root/etc/services.d/code-server/run index 4a7780c..c298a9b 100644 --- a/root/etc/services.d/code-server/run +++ b/root/etc/services.d/code-server/run @@ -1,25 +1,25 @@ #!/usr/bin/with-contenv bash if [ -n "${PASSWORD}" ] || [ -n "${HASHED_PASSWORD}" ]; then - AUTH="password" + AUTH="password" else - AUTH="none" - echo "starting with no password" + AUTH="none" + echo "starting with no password" fi if [ -z ${PROXY_DOMAIN+x} ]; then - PROXY_DOMAIN_ARG="" + PROXY_DOMAIN_ARG="" else - PROXY_DOMAIN_ARG="--proxy-domain=${PROXY_DOMAIN}" + PROXY_DOMAIN_ARG="--proxy-domain=${PROXY_DOMAIN}" fi exec \ - s6-setuidgid abc \ - /usr/local/bin/code-server \ - --bind-addr 0.0.0.0:8443 \ - --user-data-dir /config/data \ - --extensions-dir /config/extensions \ - --disable-telemetry \ - --auth "${AUTH}" \ - "${PROXY_DOMAIN_ARG}" \ - /config/workspace + s6-setuidgid abc \ + /usr/local/bin/code-server \ + --bind-addr 0.0.0.0:8443 \ + --user-data-dir /config/data \ + --extensions-dir /config/extensions \ + --disable-telemetry \ + --auth "${AUTH}" \ + "${PROXY_DOMAIN_ARG}" \ + /config/workspace