diff --git a/apps/devserver/Dockerfile b/apps/devserver/Dockerfile new file mode 100644 index 0000000..3fbd235 --- /dev/null +++ b/apps/devserver/Dockerfile @@ -0,0 +1,76 @@ +FROM docker.io/library/python:3.12-slim-bookworm + +LABEL \ + maintainer="Liana64" \ + org.opencontainers.image.source="https://github.com/RareCompute/containers" + +ARG TARGETPLATFORM +ARG VERSION +ARG CHANNEL +ARG DEBIAN_FRONTEND=noninteractive + +ENV \ + NVIDIA_DRIVER_CAPABILITIES="compute,video,utility,graphics" \ + #PATH="/opt/venv/bin:$PATH" \ + UMASK="0002" \ + LANG=C.UTF-8 \ + TZ="Etc/UTC" \ + PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + PYTHONFAULTHANDLER=1 \ + PIP_ROOT_USER_ACTION=ignore \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + PIP_BREAK_SYSTEM_PACKAGES=1 \ + UV_HTTP_TIMEOUT=1000 + +ENV \ + USER_NAME=rare \ + UID=1000 \ + GID=1000 \ + SUDO_ACCESS=false \ + LISTENPORT=2222 \ + PUBLIC_KEY="" + +USER root +WORKDIR /config + +COPY ./apps/devserver/root/ / + +RUN \ + mkdir -p /config/{.ssh,,sshd} /var/run/sshd \ + apt-get update && apt-get install -y --no-install-recommends \ + curl wget unzip build-essential catatonit jq lsb-release \ + nano vim tree tmux git htop net-tools sudo \ + socat rsync aria2 restic \ + less man bat ffmpeg ripgrep \ + #cuda-toolkit nvidia-container-toolkit \ + openssh-server pciutils \ + && chmod 755 /entrypoint.sh \ + && sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config \ + && sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config \ + && sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config \ + && sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config \ + && sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \ + && echo "ClientAliveInterval 180" >> /etc/ssh/sshd_config \ + && echo "ClientAliveCountMax 2" >> /etc/ssh/sshd_config \ + && echo "StrictModes yes" >> /etc/ssh/sshd_config \ + && echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config \ + && echo "AllowGroups ssh" >> /etc/ssh/sshd_config \ + && printf "UpdateMethod=docker\nBranch=master\nPackageVersion=%s\nPackageAuthor=[RareCompute](https://github.com/RareCompute)\n" "${VERSION}" > /config/package_info \ + && chown -R ${UID}:${GID} /config && chmod -R 755 /config \ + && curl -LsSf https://astral.sh/uv/0.5.6/install.sh | sh \ + && . $HOME/.local/bin/env \ + #&& uv venv --no-python-downloads /opt/venv \ + #&& . /opt/venv/bin/activate \ + #&& uv pip install \ + #tensorflow torch torchvision torchaudio \ + #numpy pandas matplotlib scikit-learn \ + #networkx tqdm pydot \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /root/.cache /var/lib/apt/lists/* /tmp/* /var/tmp/* \ + && chsh -s /bin/bash + +ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] +CMD ["/usr/sbin/sshd", "-D"] diff --git a/apps/devserver/ci/goss.yaml b/apps/devserver/ci/goss.yaml new file mode 100644 index 0000000..ddfc75c --- /dev/null +++ b/apps/devserver/ci/goss.yaml @@ -0,0 +1,5 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml +file: + /app/LICENSE: + exists: true diff --git a/apps/devserver/ci/latest.sh b/apps/devserver/ci/latest.sh new file mode 100755 index 0000000..0bdfee5 --- /dev/null +++ b/apps/devserver/ci/latest.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +version="0.0.1" +printf "%s" "${version}" diff --git a/apps/devserver/metadata.yaml b/apps/devserver/metadata.yaml new file mode 100644 index 0000000..912e482 --- /dev/null +++ b/apps/devserver/metadata.yaml @@ -0,0 +1,11 @@ +--- +#yamllint disable +app: devserver +semver: true +channels: + - name: stable + platforms: ["linux/amd64"] + stable: true + tests: + enabled: false + type: cli diff --git a/apps/devserver/root/entrypoint.sh b/apps/devserver/root/entrypoint.sh new file mode 100644 index 0000000..c78e89a --- /dev/null +++ b/apps/devserver/root/entrypoint.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +set -euo pipefail + +USER_HOME="/config" +AUTH_KEYS="$USER_HOME/.ssh/authorized_keys" + +echo ' +Rare Compute Devserver +───────────────────────────────────────' +echo " +Username: ${USER_NAME} +User UID: ${UID} +User GID: ${GID} +───────────────────────────────────────" + +if ! getent group "${GID}" >/dev/null; then + groupadd -g "${GID}" ssh +fi + +if ! id "$USER_NAME" &> /dev/null; then + useradd -u "${UID}" -g "${GID}" -d /config -s /bin/bash -m "$USER_NAME" +fi + +if [ "${SUDO_ACCESS}" = "true" ]; then + usermod -aG sudo "$USER_NAME" + echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USER_NAME + chmod 440 /etc/sudoers.d/$USER_NAME +fi + +if [ -d /custom-cont-init.d ]; then + for f in /custom-cont-init.d/*; do + if [ -x "$f" ]; then + echo "Running custom init script: $f" + "$f" + elif [ -f "$f" ]; then + echo "Couldn't execute custom init script: $f" + fi + done +fi + +ssh-keygen -A +chmod 600 /etc/ssh/ssh_host_*_key + +mkdir -p "$USER_HOME/.ssh" +chown -R "$UID":"$GID" "$USER_HOME/.ssh" +chmod 700 "$USER_HOME/.ssh" + +if [ ! -f "$AUTH_KEYS" ]; then + touch "$AUTH_KEYS" + chmod 600 "$AUTH_KEYS" + chown "$UID":"$GID" "$AUTH_KEYS" + + if [ -n "$PUBLIC_KEY" ]; then + echo "$PUBLIC_KEY" >> "$AUTH_KEYS" + fi +fi + +exec \ + /usr/sbin/sshd \ + -p "$LISTEN_PORT" \ + -D diff --git a/apps/devserver/root/etc/motd b/apps/devserver/root/etc/motd new file mode 100644 index 0000000..ab17369 --- /dev/null +++ b/apps/devserver/root/etc/motd @@ -0,0 +1 @@ +Welcome to Rare Compute