init

init.d/run.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+set -euo pipefail
+
+apt update
+
+apt install -y openssh-server vim ca-certificates curl gnupg
+
+# Install Docker CLI only (docker-ce-cli) from official Docker repo.
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+ARCH="$(dpkg --print-architecture)"
+. /etc/os-release
+echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${VERSION_CODENAME} stable" \
+  >/etc/apt/sources.list.d/docker.list
+apt update
+apt install -y docker-ce-cli
+
+mkdir -p /run/sshd
+
+# Configure sshd: allow root login, disable password auth.
+mkdir -p /etc/ssh/sshd_config.d
+cat >/etc/ssh/sshd_config.d/99-codex.conf <<'EOF'
+PermitRootLogin yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
+PubkeyAuthentication yes
+EOF
+
+# Copy authorized_keys for root from init directory if present.
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+if [[ -f "${SCRIPT_DIR}/authorized_keys" ]]; then
+  mkdir -p /root/.ssh
+  install -m 600 "${SCRIPT_DIR}/authorized_keys" /root/.ssh/authorized_keys
+fi
+
+cp init.sh /init
+
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
+
+# Configure system-wide proxy for this container.
+PROXY_URL="http://10.8.0.1:7890"
+cat >/etc/apt/apt.conf.d/99proxy <<EOF
+Acquire::http::Proxy "${PROXY_URL}";
+Acquire::https::Proxy "${PROXY_URL}";
+EOF
+
+cat >/etc/profile.d/proxy.sh <<EOF
+export http_proxy="${PROXY_URL}"
+export https_proxy="${PROXY_URL}"
+export no_proxy="localhost,127.0.0.1"
+EOF
+
+# Configure git proxy if git is available.
+if command -v git >/dev/null 2>&1; then
+  git config --system http.proxy "${PROXY_URL}"
+  git config --system https.proxy "${PROXY_URL}"
+fi