#!/bin/bash set -euo pipefail apt update apt install -y openssh-server vim ca-certificates curl gnupg # Configure system-wide proxy for this container. PROXY_URL="http://10.8.0.1:7890" cat >/etc/apt/apt.conf.d/99proxy </etc/profile.d/proxy.sh </dev/null 2>&1; then git config --system http.proxy "${PROXY_URL}" git config --system https.proxy "${PROXY_URL}" fi # Install Docker CLI only (docker-ce-cli) from official Docker repo. install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc ARCH="$(dpkg --print-architecture)" . /etc/os-release echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${VERSION_CODENAME} stable" \ >/etc/apt/sources.list.d/docker.list apt update apt install -y docker-ce-cli mkdir -p /run/sshd # Configure sshd: allow root login, disable password auth. mkdir -p /etc/ssh/sshd_config.d cat >/etc/ssh/sshd_config.d/99-codex.conf <<'EOF' PermitRootLogin yes PasswordAuthentication no ChallengeResponseAuthentication no KbdInteractiveAuthentication no PubkeyAuthentication yes EOF # Copy authorized_keys for root from init directory if present. SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" if [[ -f "${SCRIPT_DIR}/authorized_keys" ]]; then mkdir -p /root/.ssh install -m 600 "${SCRIPT_DIR}/authorized_keys" /root/.ssh/authorized_keys fi cp /init.d/init.sh /init