From 5cf3fa03183e578959e43bc91c23eefa9c5520b4 Mon Sep 17 00:00:00 2001
From: ub <ub>
Date: Fri, 6 Feb 2026 06:35:16 +0800
Subject: [PATCH] init

---
 .gitignore             |  2 ++
 docker-compose.yaml    | 21 +++++++++++++++
 init.d/authorized_keys |  2 ++
 init.d/init.sh         | 50 +++++++++++++++++++++++++++++++++++
 init.d/run.sh          | 59 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 134 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 docker-compose.yaml
 create mode 100644 init.d/authorized_keys
 create mode 100755 init.d/init.sh
 create mode 100755 init.d/run.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a65bbb1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+workspace/
+config/
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..ee2a8c6
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,21 @@
+---
+services:
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Asia/Shanghai
+      - PASSWORD=Kx123456
+      - SUDO_PASSWORD=Kx123456
+    volumes:
+      - ./config:/config
+      - ./init.d:/init.d
+      - ./workspace:/workspace
+      - /var/run/user/1000/docker.sock:/run/docker.sock
+    ports:
+      - 58333:8443
+      - 58322:22
+    restart: unless-stopped
+    privileged: true
\ No newline at end of file
diff --git a/init.d/authorized_keys b/init.d/authorized_keys
new file mode 100644
index 0000000..e2339d6
--- /dev/null
+++ b/init.d/authorized_keys
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh0ZZCv7q3jX+pjA4t5CucxQgSDXTXgjAcShGmjL4O/ yangwolves@foxmail.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPemt8CCVs1Z886O/mdHnT5QUy5y+OHIr3N65u8Mob yangwolves@foxmail.com
diff --git a/init.d/init.sh b/init.d/init.sh
new file mode 100755
index 0000000..77bd329
--- /dev/null
+++ b/init.d/init.sh
@@ -0,0 +1,50 @@
+#!/bin/sh -e
+
+# This is the first program launched at container start.
+# We don't know where our binaries are and we cannot guarantee
+# that the default PATH can access them.
+# So this script needs to be entirely self-contained until it has
+# at least /command, /usr/bin and /bin in its PATH.
+
+addpath () {
+  x="$1"
+  IFS=:
+  set -- $PATH
+  IFS=
+  while test "$#" -gt 0 ; do
+    if test "$1" = "$x" ; then
+      return
+    fi
+    shift
+  done
+  PATH="${x}:$PATH"
+}
+
+if test -z "$PATH" ; then
+  PATH=/bin
+fi
+
+addpath /bin
+addpath /usr/bin
+addpath /command
+export PATH
+
+/usr/sbin/sshd -D &
+
+# Wait for the Docker readiness notification, if any
+
+if read _ 2>/dev/null <&3 ; then
+  exec 3<&-
+fi
+
+
+# Now we're good: s6-overlay-suexec is accessible via PATH, as are
+# all our binaries.
+# Run preinit as root, then run stage0 as the container's user (can be
+# root, can be a normal user).
+
+exec s6-overlay-suexec \
+  ' /package/admin/s6-overlay-3.2.1.0/libexec/preinit' \
+  '' \
+  /package/admin/s6-overlay-3.2.1.0/libexec/stage0 \
+  "$@"
\ No newline at end of file
diff --git a/init.d/run.sh b/init.d/run.sh
new file mode 100755
index 0000000..0e8a24f
--- /dev/null
+++ b/init.d/run.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+set -euo pipefail
+
+apt update
+
+apt install -y openssh-server vim ca-certificates curl gnupg
+
+# Install Docker CLI only (docker-ce-cli) from official Docker repo.
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+ARCH="$(dpkg --print-architecture)"
+. /etc/os-release
+echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${VERSION_CODENAME} stable" \
+  >/etc/apt/sources.list.d/docker.list
+apt update
+apt install -y docker-ce-cli
+
+mkdir -p /run/sshd
+
+# Configure sshd: allow root login, disable password auth.
+mkdir -p /etc/ssh/sshd_config.d
+cat >/etc/ssh/sshd_config.d/99-codex.conf <<'EOF'
+PermitRootLogin yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
+PubkeyAuthentication yes
+EOF
+
+# Copy authorized_keys for root from init directory if present.
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+if [[ -f "${SCRIPT_DIR}/authorized_keys" ]]; then
+  mkdir -p /root/.ssh
+  install -m 600 "${SCRIPT_DIR}/authorized_keys" /root/.ssh/authorized_keys
+fi
+
+cp init.sh /init
+
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
+
+# Configure system-wide proxy for this container.
+PROXY_URL="http://10.8.0.1:7890"
+cat >/etc/apt/apt.conf.d/99proxy <<EOF
+Acquire::http::Proxy "${PROXY_URL}";
+Acquire::https::Proxy "${PROXY_URL}";
+EOF
+
+cat >/etc/profile.d/proxy.sh <<EOF
+export http_proxy="${PROXY_URL}"
+export https_proxy="${PROXY_URL}"
+export no_proxy="localhost,127.0.0.1"
+EOF
+
+# Configure git proxy if git is available.
+if command -v git >/dev/null 2>&1; then
+  git config --system http.proxy "${PROXY_URL}"
+  git config --system https.proxy "${PROXY_URL}"
+fi
\ No newline at end of file