marcuskammer/cloudinit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Maybe another kind of Dockerfile

Browse source
This commit is contained in:
Marcus Kammer 2023-10-28 11:14:40 +02:00
parent ace8fc7538
commit 595293e968
Signed by: marcuskammer
GPG key ID: C374817BE285268F
1 changed files with 65 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
test.Dockerfile Normal file
View file

@ -0,0 +1,65 @@
# Use a base image with necessary tools installed
FROM ubuntu:latest
# Set environment variables
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV TZ Europe/Berlin
# Install necessary packages
RUN apt-get update && \
apt-get install -y fail2ban ufw unattended-upgrades sbcl mosh tmux git mercurial nginx certbot python3-certbot-nginx libev4 build-essential libsqlite3-dev sqlite3 emacs-nox python3-pip python3-pandas python3-matplotlib && \
apt-get upgrade -y && \
apt-get autoremove -y && \
apt-get clean
# Add users and groups
RUN groupadd nginxgroup && \
useradd -r -s /usr/sbin/nologin -g nginxgroup nginxuser && \
useradd -m -s /bin/bash -G users,admin marcus && \
echo 'marcus ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# Copy SSH keys
COPY marcus-ssh-keys /home/marcus/.ssh/authorized_keys
RUN chown marcus:marcus /home/marcus/.ssh/authorized_keys && \
chmod 600 /home/marcus/.ssh/authorized_keys
# Copy configuration files
COPY 20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
COPY sshd_config /etc/ssh/sshd_config
COPY jail.local /etc/fail2ban/jail.local
COPY nginx.conf /etc/nginx/nginx.conf
COPY reverse-proxy.conf /etc/nginx/sites-available/reverse-proxy.conf
# Set up symbolic link for nginx configuration
RUN ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/ && \
rm /etc/nginx/sites-enabled/default
# Set up Certbot, firewall, and other configurations
RUN certbot certonly --nginx -d u1.metaebene.dev --non-interactive --agree-tos --email marcus.kammer@mailbox.org --redirect && \
certbot certonly --nginx -d docs.u1.metaebene.dev --non-interactive --agree-tos --email marcus.kammer@mailbox.org --redirect && \
echo '0 0 1 * * root certbot renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-auto-renew.log' > /etc/cron.d/letsencrypt-renew && \
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/letsencrypt/ssl-dhparams.pem && \
ufw allow 'Nginx Full' && \
ufw default deny incoming && \
ufw default allow outgoing && \
ufw allow 22/tcp && \
ufw allow mosh && \
ufw enable && \
systemctl enable fail2ban && systemctl start fail2ban && \
systemctl restart sshd
# Set up Git, SBCL, SLIME and Quicklisp for user Marcus
USER marcus
RUN git config --global user.email "marcus.kammer@mailbox.org" && \
git config --global user.name "Marcus Kammer" && \
git config --global init.defaultBranch main && \
git clone --depth 1 --branch sbcl-2.1.11 git://git.code.sf.net/p/sbcl/sbcl /home/marcus/sbcl && \
git clone --depth 1 --branch v2.28 https://github.com/slime/slime.git /home/marcus/slime && \
curl https://beta.quicklisp.org/quicklisp.lisp -o /home/marcus/quicklisp.lisp && \
sbcl --load quicklisp.lisp --non-interactive --eval '(quicklisp-quickstart:install)' --quit && rm quicklisp.lisp && \
curl https://git.sr.ht/~marcuskammer/cloudinit/blob/main/.sbclrc -o /home/marcus/.sbclrc && \
sbcl --non-interactive --eval "(ql:quickload '(:hunchentoot :spinneret :dexador :rove :vecto :woo :clsql-sqlite3))" --quit
# Switch back to root user for any further setup
USER root