init

init.d/authorized_keys

@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh0ZZCv7q3jX+pjA4t5CucxQgSDXTXgjAcShGmjL4O/ yangwolves@foxmail.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPemt8CCVs1Z886O/mdHnT5QUy5y+OHIr3N65u8Mob yangwolves@foxmail.com

init.d/init.sh

@@ -0,0 +1,50 @@
+#!/bin/sh -e
+
+# This is the first program launched at container start.
+# We don't know where our binaries are and we cannot guarantee
+# that the default PATH can access them.
+# So this script needs to be entirely self-contained until it has
+# at least /command, /usr/bin and /bin in its PATH.
+
+addpath () {
+  x="$1"
+  IFS=:
+  set -- $PATH
+  IFS=
+  while test "$#" -gt 0 ; do
+    if test "$1" = "$x" ; then
+      return
+    fi
+    shift
+  done
+  PATH="${x}:$PATH"
+}
+
+if test -z "$PATH" ; then
+  PATH=/bin
+fi
+
+addpath /bin
+addpath /usr/bin
+addpath /command
+export PATH
+
+/usr/sbin/sshd -D &
+
+# Wait for the Docker readiness notification, if any
+
+if read _ 2>/dev/null <&3 ; then
+  exec 3<&-
+fi
+
+
+# Now we're good: s6-overlay-suexec is accessible via PATH, as are
+# all our binaries.
+# Run preinit as root, then run stage0 as the container's user (can be
+# root, can be a normal user).
+
+exec s6-overlay-suexec \
+  ' /package/admin/s6-overlay-3.2.1.0/libexec/preinit' \
+  '' \
+  /package/admin/s6-overlay-3.2.1.0/libexec/stage0 \
+  "$@"

init.d/run.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+set -euo pipefail
+
+apt update
+
+apt install -y openssh-server vim ca-certificates curl gnupg
+
+# Install Docker CLI only (docker-ce-cli) from official Docker repo.
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+ARCH="$(dpkg --print-architecture)"
+. /etc/os-release
+echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${VERSION_CODENAME} stable" \
+  >/etc/apt/sources.list.d/docker.list
+apt update
+apt install -y docker-ce-cli
+
+mkdir -p /run/sshd
+
+# Configure sshd: allow root login, disable password auth.
+mkdir -p /etc/ssh/sshd_config.d
+cat >/etc/ssh/sshd_config.d/99-codex.conf <<'EOF'
+PermitRootLogin yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
+PubkeyAuthentication yes
+EOF
+
+# Copy authorized_keys for root from init directory if present.
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+if [[ -f "${SCRIPT_DIR}/authorized_keys" ]]; then
+  mkdir -p /root/.ssh
+  install -m 600 "${SCRIPT_DIR}/authorized_keys" /root/.ssh/authorized_keys
+fi
+
+cp init.sh /init
+
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
+
+# Configure system-wide proxy for this container.
+PROXY_URL="http://10.8.0.1:7890"
+cat >/etc/apt/apt.conf.d/99proxy <<EOF
+Acquire::http::Proxy "${PROXY_URL}";
+Acquire::https::Proxy "${PROXY_URL}";
+EOF
+
+cat >/etc/profile.d/proxy.sh <<EOF
+export http_proxy="${PROXY_URL}"
+export https_proxy="${PROXY_URL}"
+export no_proxy="localhost,127.0.0.1"
+EOF
+
+# Configure git proxy if git is available.
+if command -v git >/dev/null 2>&1; then
+  git config --system http.proxy "${PROXY_URL}"
+  git config --system https.proxy "${PROXY_URL}"
+fi