Add devserver container

apps/devserver/Dockerfile

@@ -0,0 +1,72 @@
+FROM docker.io/library/python:3.12-slim-bookworm
+
+LABEL \
+  maintainer="Liana64" \
+  org.opencontainers.image.source="https://github.com/RareCompute/containers"
+
+ARG TARGETPLATFORM
+ARG VERSION
+ARG CHANNEL
+ARG DEBIAN_FRONTEND=noninteractive
+
+ENV \
+  NVIDIA_DRIVER_CAPABILITIES="compute,video,utility,graphics" \
+  #PATH="/opt/venv/bin:$PATH" \
+  UMASK="0002" \
+  LANG=C.UTF-8 \
+  TZ="Etc/UTC" \
+  PYTHONDONTWRITEBYTECODE=1 \
+  PYTHONUNBUFFERED=1 \
+  PYTHONFAULTHANDLER=1 \
+  PIP_ROOT_USER_ACTION=ignore \
+  PIP_NO_CACHE_DIR=1 \
+  PIP_DISABLE_PIP_VERSION_CHECK=1 \
+  PIP_BREAK_SYSTEM_PACKAGES=1 \
+  UV_HTTP_TIMEOUT=1000
+
+ENV \ 
+  USER_NAME=rare \
+  UID=1000 \
+  GID=1000 \
+  SUDO_ACCESS=false \
+  LISTEN_PORT=2222 \
+  PUBLIC_KEY=""
+
+USER root
+WORKDIR /config
+
+COPY ./apps/devserver/root/ /
+
+RUN \
+  mkdir -p /config/{.ssh,,sshd} /var/run/sshd \
+  && apt-get update && apt-get install -y --no-install-recommends \
+  curl wget unzip build-essential catatonit jq lsb-release \
+  nano vim tree tmux git htop net-tools sudo strace \
+  socat rsync aria2 restic iftop iotop \
+  less man bat ffmpeg ripgrep \
+  openssh-server pciutils \
+  #cuda-toolkit nvidia-container-toolkit \
+  && chmod 755 /entrypoint.sh \
+  && sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config \
+  && sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config \
+  && sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config \
+  && sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \
+  && sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \
+  && sed -i 's/^#*PrintLastLog.*/PrintLastLog no/' /etc/ssh/sshd_config \
+  && sed -i 's/^session.*pam_motd.so/#&/' /etc/pam.d/sshd \
+  && echo "ClientAliveInterval 180" >> /etc/ssh/sshd_config \
+  && echo "ClientAliveCountMax 2" >> /etc/ssh/sshd_config \
+  && echo "StrictModes yes" >> /etc/ssh/sshd_config \
+  && echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config \
+  && echo "AllowGroups ssh" >> /etc/ssh/sshd_config \
+  && printf "UpdateMethod=docker\nBranch=master\nPackageVersion=%s\nPackageAuthor=[RareCompute](https://github.com/RareCompute)\n" "${VERSION}" > /config/package_info \
+  && chown -R ${UID}:${GID} /config && chmod -R 755 /config \
+  && curl -LsSf https://astral.sh/uv/0.5.6/install.sh | sh \
+  && . $HOME/.local/bin/env \
+  && apt-get autoremove -y \
+  && apt-get clean \
+  && rm -rf /root/.cache /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && chsh -s /bin/bash
+
+EXPOSE ${LISTEN_PORT}
+ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"]

apps/devserver/ci/goss.yaml

@@ -0,0 +1,5 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
+file:
+  /app/LICENSE:
+    exists: true

apps/devserver/ci/latest.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+version="0.0.1"
+printf "%s" "${version}"

apps/devserver/metadata.yaml

@@ -0,0 +1,11 @@
+---
+#yamllint disable
+app: devserver
+semver: true
+channels:
+  - name: stable
+    platforms: ["linux/amd64"]
+    stable: true
+    tests:
+      enabled: false
+      type: cli

apps/devserver/root/entrypoint.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+USER_HOME="/config"
+AUTH_KEYS="$USER_HOME/.ssh/authorized_keys"
+
+echo '
+Rare Compute Devserver
+───────────────────────────────────────'
+echo "
+Username:    ${USER_NAME}
+User UID:    ${UID}
+User GID:    ${GID}
+Listen Port: ${LISTEN_PORT}
+───────────────────────────────────────"
+
+if ! getent group "${GID}" >/dev/null; then
+  groupadd -g "${GID}" ssh
+fi
+
+if ! id "$USER_NAME" &> /dev/null; then
+  useradd -u "${UID}" -g "${GID}" -d /config -s /bin/bash -m "$USER_NAME"
+fi
+
+if [ "${SUDO_ACCESS}" = "true" ]; then
+  usermod -aG sudo "$USER_NAME"
+  echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USER_NAME
+  chmod 440 /etc/sudoers.d/$USER_NAME
+fi
+
+if [ -d /custom-cont-init.d ]; then
+    for f in /custom-cont-init.d/*; do
+        if [ -f "$f" ]; then
+            echo "Running custom init script: $f"
+            if [ -x "$f" ]; then
+                "$f"
+            else
+                bash "$f"
+            fi
+        fi
+    done
+fi
+
+ssh-keygen -A
+chmod 600 /etc/ssh/ssh_host_*_key
+
+mkdir -p "$USER_HOME/.ssh"
+chown -R "$UID":"$GID" "$USER_HOME/.ssh"
+chmod 700 "$USER_HOME/.ssh"
+
+if [ ! -f "$AUTH_KEYS" ]; then
+  touch "$AUTH_KEYS"
+  chmod 600 "$AUTH_KEYS"
+  chown "$UID":"$GID" "$AUTH_KEYS"
+
+  if [ -n "$PUBLIC_KEY" ]; then
+    echo "$PUBLIC_KEY" >> "$AUTH_KEYS"
+  fi
+fi
+
+exec \
+  /usr/sbin/sshd \
+  -p "$LISTEN_PORT" \
+  -D

apps/devserver/root/etc/motd

@@ -0,0 +1 @@
+Welcome to Rare Compute