File size: 3,618 Bytes
021894c 24cd90e 4cf4b93 2fd81a5 9c993dc b772e78 24cd90e 021894c |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# syntax=docker/dockerfile:1
FROM debian:trixie-slim
ARG TARGETARCH
ARG VERSION_ARG="0.0"
ARG VERSION_VNC="1.6.0"
ARG VERSION_UTK="1.2.0"
ARG VERSION_PASST="2025_09_19"
ARG DEBCONF_NOWARNINGS="yes"
ARG DEBIAN_FRONTEND="noninteractive"
ARG DEBCONF_NONINTERACTIVE_SEEN="true"
RUN set -eu && \
apt-get update && \
apt-get --no-install-recommends -y install \
bc \
jq \
xxd \
tini \
wget \
7zip \
curl \
ovmf \
fdisk \
nginx \
swtpm \
procps \
ethtool \
iptables \
iproute2 \
dnsmasq \
xz-utils \
apt-utils \
net-tools \
e2fsprogs \
qemu-utils \
websocketd \
iputils-ping \
genisoimage \
inotify-tools \
netcat-openbsd \
ca-certificates \
qemu-system-x86 && \
wget "https://github.com/qemus/passt/releases/download/v${VERSION_PASST}/passt_${VERSION_PASST}_${TARGETARCH}.deb" -O /tmp/passt.deb -q && \
dpkg -i /tmp/passt.deb && \
apt-get clean && \
mkdir -p /etc/qemu && \
echo "allow br0" > /etc/qemu/bridge.conf && \
mkdir -p /usr/share/novnc && \
wget "https://github.com/novnc/noVNC/archive/refs/heads/master.tar.gz" -O /tmp/novnc.tar.gz -q --timeout=10 && \
tar -xf /tmp/novnc.tar.gz -C /tmp/ && \
cd "/tmp/noVNC-master" && \
mv app core vendor package.json ./*.html /usr/share/novnc && \
unlink /etc/nginx/sites-enabled/default && \
sed -i 's/^worker_processes.*/worker_processes 1;/' /etc/nginx/nginx.conf && \
echo "$VERSION_ARG" > /run/version && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN set -eu && \
# Ensure runtime directories exist and are writable by unprivileged users
mkdir -p /run /run/shm /storage && \
# /run/shm should be a sticky tmpfs-like directory
chmod 1777 /run/shm && \
chmod 0777 /storage || true && \
# Prepare nginx config slot so non-root users (e.g. UID 1000 in Spaces)
# can write runtime site configs without permission errors.
mkdir -p /etc/nginx/sites-enabled && \
chmod 0777 /etc/nginx/sites-enabled || true && \
# Ensure nginx runtime dirs are writable for unprivileged users
mkdir -p /var/lib/nginx/body /var/log/nginx /var/cache/nginx /var/run && \
# Prefer setting ownership to the unprivileged UID 1000 used by Spaces;
# if that fails (image built elsewhere), fall back to world-writable modes.
chown -R 1000:1000 /var/lib/nginx /var/log/nginx /var/cache/nginx /var/run 2>/dev/null || \
chmod -R 0777 /var/lib/nginx /var/log/nginx /var/cache/nginx /var/run || true && \
mkdir -p /run/shm && touch /run/shm/websocketd.log && chown 1000:1000 /run/shm/websocketd.log 2>/dev/null || \
chmod 0666 /run/shm/websocketd.log || true && \
# Ensure nginx can create/open its pid file when running non-root
touch /run/nginx.pid && chown 1000:1000 /run/nginx.pid 2>/dev/null || \
chmod 0666 /run/nginx.pid || true
COPY --chmod=755 ./src /run/
COPY --chmod=755 ./web /var/www/
COPY --chmod=664 ./web/conf/defaults.json /usr/share/novnc
COPY --chmod=664 ./web/conf/mandatory.json /usr/share/novnc
COPY --chmod=744 ./web/conf/nginx.conf /etc/nginx/default.conf
ADD --chmod=755 "https://github.com/qemus/fiano/releases/download/v${VERSION_UTK}/utk_${VERSION_UTK}_${TARGETARCH}.bin" /run/utk.bin
VOLUME /storage
EXPOSE 22 5900 8006
ENV BOOT="alpine"
ENV CPU_CORES="2"
ENV RAM_SIZE="2G"
ENV DISK_SIZE="64G"
ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"]
|