52 lines
1.5 KiB
Bash
Executable File
52 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
apt update
|
|
|
|
apt install -y openssh-server vim ca-certificates curl gnupg iputils-ping
|
|
|
|
# Configure system-wide proxy for this container.
|
|
PROXY_URL="http://10.8.0.1:7890"
|
|
cat >/etc/apt/apt.conf.d/99proxy <<EOF
|
|
Acquire::http::Proxy "${PROXY_URL}";
|
|
Acquire::https::Proxy "${PROXY_URL}";
|
|
EOF
|
|
|
|
cat >/etc/profile.d/proxy.sh <<EOF
|
|
export http_proxy="${PROXY_URL}"
|
|
export https_proxy="${PROXY_URL}"
|
|
export no_proxy="localhost,127.0.0.1"
|
|
EOF
|
|
|
|
# Configure git proxy if git is available.
|
|
if command -v git >/dev/null 2>&1; then
|
|
git config --system http.proxy "${PROXY_URL}"
|
|
git config --system https.proxy "${PROXY_URL}"
|
|
fi
|
|
|
|
# Install Docker CLI only (docker-ce-cli) from official Docker repo.
|
|
install -m 0755 -d /etc/apt/keyrings
|
|
export DOWNLOAD_URL="https://mirrors.tuna.tsinghua.edu.cn/docker-ce"
|
|
curl -fsSL https://raw.githubusercontent.com/docker/docker-install/master/install.sh | sh
|
|
|
|
mkdir -p /run/sshd
|
|
|
|
# Configure sshd: allow root login, disable password auth.
|
|
mkdir -p /etc/ssh/sshd_config.d
|
|
cat >/etc/ssh/sshd_config.d/99-codex.conf <<'EOF'
|
|
PermitRootLogin yes
|
|
PasswordAuthentication no
|
|
ChallengeResponseAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
PubkeyAuthentication yes
|
|
EOF
|
|
|
|
# Copy authorized_keys for root from init directory if present.
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
if [[ -f "${SCRIPT_DIR}/authorized_keys" ]]; then
|
|
mkdir -p /root/.ssh
|
|
install -m 600 "${SCRIPT_DIR}/authorized_keys" /root/.ssh/authorized_keys
|
|
fi
|
|
|
|
# Copy init.sh to /init
|
|
cp /init.d/init.sh /init |