-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
159 lines (130 loc) · 4.67 KB
/
Dockerfile
File metadata and controls
159 lines (130 loc) · 4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
FROM ubuntu:22.04
LABEL maintainer="mariogar1979@gmail.com"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ARG USER_ID=1000
ARG GROUP_ID=1000
ARG BUILD_DATE
ARG APP_VERSION
ENV APP_VERSION=${APP_VERSION}
LABEL org.label-schema.build-date=$BUILD_DATE
# Evita instalar documentação/man; para reverter, usar unminimize
RUN cat <<'EOF' > /etc/dpkg/dpkg.cfg.d/01_nodoc
path-exclude=/usr/share/doc/*
path-exclude=/usr/share/man/*
path-exclude=/usr/share/groff/*
path-exclude=/usr/share/info/*
path-exclude=/usr/share/lintian/*
path-exclude=/usr/share/linda/*
path-exclude=/usr/share/locale/*
# Mantém locale pt_BR (gerado mais adiante)
path-include=/usr/share/locale/pt_BR*
path-include=/usr/share/locale/locale.alias
EOF
# APT mirrors (permite override no build)
ARG APT_MIRROR=http://archive.ubuntu.com/ubuntu
ARG APT_SECURITY_MIRROR=http://security.ubuntu.com/ubuntu
# Checagem de integridade (1=verifica, 0=ignora)
ARG STRICT_CHECKSUM=1
USER root
ENV DEBIAN_FRONTEND=noninteractive
RUN sed -i "s|http://archive.ubuntu.com/ubuntu|${APT_MIRROR}|g; s|http://security.ubuntu.com/ubuntu|${APT_SECURITY_MIRROR}|g" /etc/apt/sources.list && \
apt-get update && \
apt-get install -y --no-install-recommends \
htop \
locales \
build-essential \
iputils-ping \
net-tools \
iproute2 \
traceroute \
telnet \
bind9-dnsutils \
whois \
ipcalc \
tmux \
mtr \
pwgen \
jq \
sudo \
procps \
psmisc \
curl \
wget \
rsync \
aria2 \
git \
unzip \
file \
vim \
groff \
mandoc \
bmon \
mysql-client \
postgresql-client \
python3-pip \
sshfs \
bash-completion \
ansible && \
apt-get clean && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
RUN locale-gen pt_BR.UTF-8 && \
update-locale LANG=pt_BR.UTF-8
# Definir variáveis de ambiente para o locale
ENV LANG=pt_BR.UTF-8
ENV LANGUAGE=pt_BR:pt
ENV LC_ALL=pt_BR.UTF-8
############################################################
# Atualiza o motd e bashrc (se arquivos existirem no contexto)
COPY update-motd.sh /usr/local/bin/update-motd.sh
COPY update_bashrc /usr/local/bin/update_bashrc
RUN chmod +x /usr/local/bin/update-motd.sh && \
cat /usr/local/bin/update_bashrc >> /etc/bash.bashrc && \
echo "/usr/local/bin/update-motd.sh" >> /etc/bash.bashrc && \
echo $APP_VERSION > /etc/version
# Remover o usuário ubuntu (se existir)
RUN id -u ubuntu >/dev/null 2>&1 && userdel -r ubuntu || true
# Verificar se o grupo com o GID especificado já existe
RUN getent group devops || groupadd --gid ${GROUP_ID} devops
## Grupo docker (para acesso ao socket)
RUN getent group docker || groupadd docker
# Criar um usuário devops dentro do contêiner com o userid do usuário local e pertencente ao grupo devops
RUN useradd --gid ${GROUP_ID} --uid ${USER_ID} --create-home --home /tools --shell /bin/bash devops
# Adicionar o usuário devops ao grupo docker
RUN usermod -aG docker devops
# Adicionar o usuário ao grupo sudo (opcional)
RUN usermod -aG sudo devops
RUN echo 'devops ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# Copia e configura os scripts de instalação
COPY scripts /usr/local/scripts
COPY run_all.sh /usr/local/bin
COPY utils.sh /usr/local/bin
COPY bin/pkg_add /usr/local/bin
COPY bin/pkg_apt /usr/local/bin
COPY bin/devops-tui /usr/local/bin
COPY bin/client /usr/local/bin
COPY bin/ssh-connect /usr/local/bin
COPY bin/hosts-editor /usr/local/bin
COPY bin/enable-docs /usr/local/bin
COPY bin/secret-run /usr/local/bin
COPY bin/vpn /usr/local/bin
COPY client /usr/local/lib/devops-tools/client
RUN chmod +x /usr/local/scripts/*.sh /usr/local/bin/run_all.sh /usr/local/bin/pkg_add /usr/local/bin/pkg_apt /usr/local/bin/devops-tui /usr/local/bin/client /usr/local/bin/ssh-connect /usr/local/bin/hosts-editor /usr/local/bin/enable-docs /usr/local/bin/secret-run /usr/local/bin/vpn /usr/local/lib/devops-tools/client/*.sh
# Executa todos os scripts de instalação
RUN /usr/local/bin/run_all.sh
COPY entrypoint.sh /tmp/entrypoint.sh
COPY src/backup.py /tmp/backup.py
COPY src/backup_service.py /tmp/backup_service.py
COPY src /usr/local/lib/devops-tools/src
COPY ssh_connect /usr/local/lib/devops-tools/ssh_connect
RUN chmod +x /tmp/entrypoint.sh && \
mv /tmp/entrypoint.sh /entrypoint.sh && \
pip3 install --no-cache-dir textual && \
install -o root -g root -m 0755 /tmp/backup.py /usr/local/bin/backup && \
install -o root -g root -m 0755 /tmp/backup_service.py /usr/local/bin/tools-web && \
ln -sf /usr/local/bin/tools-web /usr/local/bin/backup-web && \
rm -rf backup
# Mapeia o diretório de trabalho localmente
VOLUME /tools
# Define o usuário padrão para o container
USER devops
WORKDIR /tools
ENTRYPOINT [ "/entrypoint.sh" ]