# Use a lightweight Debian base for a simplified Linux environment FROM debian:bookworm-slim # Set environment variables to avoid interactive prompts during installation ENV DEBIAN_FRONTEND=noninteractive ENV HOME=/home/user ENV PATH=$HOME/.local/bin:$PATH # Install essential system packages and build tools # - sudo: Required for root privileges # - build-essential, cmake: Required for compiling software like OpenClaw # - curl, wget, git: Basic tools for downloading and version control # - vim, nano: Text editors # - nginx, netcat-openbsd: Required for Auth Proxy RUN apt-get update && apt-get install -y \ curl \ wget \ git \ sudo \ vim \ nano \ unzip \ procps \ net-tools \ nginx \ netcat-openbsd \ build-essential \ cmake \ pkg-config \ && apt-get clean && rm -rf /var/lib/apt/lists/* # Install ttyd (Web Terminal) RUN wget https://github.com/tsl0922/ttyd/releases/download/1.7.7/ttyd.x86_64 -O /usr/bin/ttyd \ && chmod +x /usr/bin/ttyd # Install oauth2-proxy RUN wget https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.6.0/oauth2-proxy-v7.6.0.linux-amd64.tar.gz \ && tar -xzf oauth2-proxy-v7.6.0.linux-amd64.tar.gz \ && mv oauth2-proxy-v7.6.0.linux-amd64/oauth2-proxy /usr/bin/oauth2-proxy \ && chmod +x /usr/bin/oauth2-proxy \ && rm -rf oauth2-proxy-v7.6.0.linux-amd64* # Create a non-root user 'user' (UID 1000) for security and Hugging Face compatibility # Grant sudo privileges without password for easy administration RUN useradd -m -u 1000 user && \ echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # Set working directory to user's home WORKDIR $HOME # Copy configuration files COPY --chown=user:user nginx.conf /etc/nginx/nginx.conf COPY --chown=user:user oauth2-proxy-github.cfg $HOME/oauth2-proxy-github.cfg COPY --chown=user:user sign_in.html /var/www/html/theme/sign_in.html COPY --chown=user:user start.sh $HOME/start.sh RUN chmod +x $HOME/start.sh # Switch to the non-root user USER user # Expose port 7860 (Standard for Hugging Face Spaces) EXPOSE 7860 # Start via entrypoint script CMD ["./start.sh"]