-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.fedora
More file actions
132 lines (118 loc) · 5.27 KB
/
Dockerfile.fedora
File metadata and controls
132 lines (118 loc) · 5.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Dockerfile for sandbox environment with s6-overlay supervisor and dotfiles
#
# Author: Parker Wahle (regulad)
# Assisted by: Claude Sonnet 4.5
# License: AGPLv3.0 - see LICENSE.md
FROM fedora:43
# Build arguments
# dot linux suffix is lima-style (https://github.com/lima-vm/lima/discussions/2622#discussioncomment-108517600)
ARG USERNAME="regulad.linux"
ARG UID="1000"
ARG GROUPNAME="regulad.linux"
ARG GID="1000"
ARG S6_OVERLAY_VERSION=3.2.2.0
ENV TZ="America/New_York"
# repository configuration isn't neccesary for Fedora since the apply script will auto-enable RPM fusion if it is not already active
# Create user with UID 1000 and add to sudoers
# sudo doesn't take filenames that have periods in them, so we have to change it to _
# -o flags enable non-unique UIDs, should they be needed
## NOTE: the fedora dokcer image ships a borked sudo pam stack that doesn't work in a reduced environment, so !pam_acct_mgmt must be appended
## this doesn't apply to debian, and sudo-rs in ubuntu doesn't have the flag at all
RUN groupadd -g ${GID} -o ${GROUPNAME} \
&& useradd --no-log-init -m -s /bin/bash -u ${UID} -o -g ${GROUPNAME} ${USERNAME} \
&& mkdir -p /etc/sudoers.d/ \
&& echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$(echo ${USERNAME} | tr '.' '_') \
&& echo "Defaults !use_pty, !pam_acct_mgmt" >> /etc/sudoers.d/$(echo ${USERNAME} | tr '.' '_') \
&& chmod 0440 /etc/sudoers.d/$(echo ${USERNAME} | tr '.' '_')
# BuildKit enabled caching for normal packages
ENV UV_CACHE_DIR=/var/cache/buildkit/uv \
PIP_CACHE_DIR=/var/cache/buildkit/pip \
npm_config_cache=/var/cache/buildkit/npm \
HOMEBREW_CACHE=/var/cache/buildkit/brew
RUN mkdir -p \
/var/cache/buildkit/uv \
/var/cache/buildkit/pip \
/var/cache/buildkit/npm \
/var/cache/buildkit/brew && \
chown -R ${UID}:${GID} /var/cache/buildkit && \
printf '%s\n' \
'UV_CACHE_DIR=/var/cache/buildkit/uv' \
'PIP_CACHE_DIR=/var/cache/buildkit/pip' \
'npm_config_cache=/var/cache/buildkit/npm' \
'HOMEBREW_CACHE=/var/cache/buildkit/brew' \
>> /etc/environment
# BuildKit enabled caching for system packages
RUN echo 'keepcache=True' >> /etc/dnf/dnf.conf
# RPMFusion
RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked \
dnf install -y \
"https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" \
"https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
# Copy dotfiles repository to chezmoi source directory
COPY --chown=${USERNAME}:${USERNAME} . /home/${USERNAME}/.local/share/chezmoi/
## NOTE: since the docker buildx GHA action doesn't support squashing, all installs have to be done in a single layer.
## who cares about caching!
# Install all development packages
# Install s6-overlay
# Install Homebrew as the UID 1000 user
# Install pnpm globally
# Install chezmoi via Homebrew
# Initialize and apply chezmoi (expects brew and pnpm to already exist)
# Clean up dnf cache after chezmoi apply since it may install packages via sudo
RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked \
--mount=type=cache,target=/var/cache/buildkit/uv,uid=${UID},gid=${GID} \
--mount=type=cache,target=/var/cache/buildkit/pip,uid=${UID},gid=${GID} \
--mount=type=cache,target=/var/cache/buildkit/npm,uid=${UID},gid=${GID} \
--mount=type=cache,target=/var/cache/buildkit/brew,uid=${UID},gid=${GID} \
--mount=type=tmpfs,target=/tmp \
dnf -y install \
bash \
zsh \
ca-certificates \
curl \
git \
jq \
python3 \
ripgrep \
wget \
coreutils \
grep \
nodejs \
npm \
golang \
rust \
unzip \
pkgconf-pkg-config \
alsa-lib-devel \
file \
glibc-common \
glibc-locale-source \
glibc-all-langpacks \
procps-ng \
sudo \
xz \
systemd \
libxcrypt-compat \
&& dnf -y group install "development-tools" \
&& localedef -i en_US -f UTF-8 en_US.UTF-8 \
&& echo "LANG=en_US.UTF-8" > /etc/locale.conf \
\
&& visudo -c && for f in /etc/sudoers.d/*; do visudo -c -f "$f"; done \
\
&& curl -fsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz -o /tmp/s6-overlay-noarch.tar.xz \
&& tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz \
&& curl -fsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-$(uname -m).tar.xz -o /tmp/s6-overlay-$(uname -m).tar.xz \
&& tar -C / -Jxpf /tmp/s6-overlay-$(uname -m).tar.xz \
\
&& su -l ${USERNAME} -c 'NONINTERACTIVE=1 CI=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' \
&& npm install -g pnpm \
&& su -l ${USERNAME} -c 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"; brew install chezmoi' \
&& su -l ${USERNAME} -c 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"; CHEZMOI_USE_DUMMY=1 CHEZMOI_USE_HEADLESS=1 chezmoi init; chezmoi apply --exclude encrypted' \
\
&& rm -rf /home/${USERNAME}/.cache/* \
# Set s6-overlay as the init system
ENTRYPOINT ["/init"]
# To get a login shell, use one of:
# docker exec -it <container> su - <username>
# docker exec -it <container> su -l <username> /bin/bash
# docker exec -it <container> su -l <username> /bin/zsh