diff --git a/Dockerfile b/Dockerfile index 53290b4..e138214 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,13 @@ ARG TARGETPLATFORM # We don't actually need to create a new user # Just set a reasonable home directory -WORKDIR /home/root -ENV HOME=/home/root +ARG UID=1000 +ARG GID=1000 +ENV USERNAME=rgpeach10 +RUN addgroup -g ${GID} ${USERNAME} 2>/dev/null || addgroup ${USERNAME}; \ + adduser -D -H -u ${UID} -G ${USERNAME} ${USERNAME} 2>/dev/null || \ + (echo "${USERNAME}:x:${UID}:${GID}::/home/${USERNAME}:/bin/sh" >> /etc/passwd && \ + mkdir -p /home/${USERNAME} && chown ${UID}:${GID} /home/${USERNAME}) # Stable repos first, edge as fallback for packages not yet in stable # Stable repos first @@ -95,12 +100,7 @@ RUN apk add --no-cache --repositories-file /etc/apk/repositories.edge \ helmfile \ && rm -rf /var/cache/apk/* -# Cargo installs -ENV PATH="/home/root/.cargo/bin:$PATH" - -# uv installs -ENV PATH="$HOME/.local/bin:$PATH" -RUN curl -LsSf https://astral.sh/uv/install.sh | sh +# Build dependencies needed for uv tool compilation (requires root) RUN apk --no-cache --virtual .build-deps add \ gcc \ g++ \ @@ -124,9 +124,18 @@ RUN apk --no-cache --virtual .build-deps add \ sshpass \ patch \ build-base \ - gcc-doc && \ + gcc-doc + +# Drop root — all remaining commands run as the non-root user +USER ${USERNAME} +WORKDIR /home/${USERNAME} +ENV HOME=/home/${USERNAME} + +# uv installs (as user) +ENV PATH="$HOME/.local/bin:$PATH" +RUN curl -LsSf https://astral.sh/uv/install.sh | sh +RUN uv tool install --verbose pre-commit && \ # uv tool install aider-chat && \ TODO: Fix this, something to do with scipy - uv tool install --verbose pre-commit && \ uv tool install --verbose ruff && \ uv tool install --verbose ipython && \ uv tool install --verbose ipdb && \ @@ -137,15 +146,21 @@ RUN apk --no-cache --virtual .build-deps add \ uv tool install --verbose thefuck && \ uv tool install --verbose ansible -# npm installs -RUN npm install -g \ +# npm installs (user-local prefix to avoid root) +RUN mkdir -p "$HOME/.npm-global" && \ + npm config set prefix "$HOME/.npm-global" && \ + npm install -g \ prettier \ pyright +ENV PATH="$HOME/.npm-global/bin:$PATH" # Install tfenv RUN git clone --depth=1 https://github.com/tfutils/tfenv.git $HOME/.tfenv RUN .tfenv/bin/tfenv install latest +# Rust installs +ENV PATH="$HOME/.local/bin:$HOME/.cargo/bin:$PATH" + # Go installs ENV PATH="$HOME/go/bin:$PATH" @@ -155,7 +170,7 @@ RUN curl -sS https://webi.sh/gh | sh # Install Oh My Zsh RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" -ENV ZSH_CUSTOM=/home/root/.oh-my-zsh/custom +ENV ZSH_CUSTOM=/home/${USERNAME}/.oh-my-zsh/custom RUN git clone https://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions RUN git clone https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_CUSTOM/plugins/zsh-syntax-highlighting RUN git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $ZSH_CUSTOM/themes/powerlevel10k @@ -165,11 +180,11 @@ RUN git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $ZSH_CUSTOM # REF: https://github.com/eth-p/bat-extras/issues/126 RUN git clone https://github.com/eth-p/bat-extras.git \ && cd bat-extras \ - && ./build.sh --install --no-verify + && ./build.sh --install --prefix="$HOME/.local" --no-verify # Copies ENV SHELL_DIR=$HOME/shell -COPY . $SHELL_DIR +COPY --chown=${USERNAME}:${USERNAME} . $SHELL_DIR RUN set -e \ && cd $SHELL_DIR \ && if [ -z "$(git status --porcelain)" ]; then echo "No changes"; else git status --porcelain; exit 1; fi @@ -186,4 +201,8 @@ RUN find $SHELL_DIR/home/bin -type f -exec chmod +x {} \; # terminal colors with xterm ENV TERM=xterm-256color +# Entrypoint must run as root to modify the user +USER root +WORKDIR /home/${USERNAME}/mnt +ENV MNT=/home/${USERNAME}/mnt CMD ["/bin/zsh"] diff --git a/Justfile b/Justfile index 9e63b4a..024c467 100644 --- a/Justfile +++ b/Justfile @@ -1,28 +1,41 @@ build: - docker buildx build --progress=plain -t rgpeach10/shell:local . --load + docker buildx build \ + --progress=plain \ + --build-arg UID=$(id -u) \ + --build-arg GID=$(id -g) \ + --build-arg USERNAME=$(whoami) \ + -t rgpeach10/shell:local \ + . \ + --load run-local: docker run -it --rm \ - -v $HOME/.ssh:/home/root/.ssh \ - -v $HOME:/home/root/mnt \ - -w /home/root/mnt \ + --user $(id -u) \ + -v $HOME:/home/$(whoami)/mnt \ + -v /var/run/docker.sock:/var/run/docker.sock \ -e GITHUB_TOKEN=$(gh auth token) \ - -e MNT=/home/root/mnt \ - -e DEBUG=1 \ + --pull=always \ rgpeach10/shell:local run-remote tag="local": docker run -it --rm \ - -v $HOME/.ssh:/home/root/.ssh \ - -v $HOME:/home/root/mnt \ - -w /home/root/mnt \ + --user $(id -u) \ + -v $HOME:/home/$(whoami)/mnt \ + -v /var/run/docker.sock:/var/run/docker.sock \ -e GITHUB_TOKEN=$(gh auth token) \ - -e MNT=/home/root/mnt \ --pull=always \ rgpeach10/shell:{{tag}} build-all tag="local": - docker buildx build --progress=plain -t rgpeach10/shell:{{tag}} --platform linux/amd64,linux/arm64 . --push + docker buildx build \ + --progress=plain \ + --build-arg UID=$(id -u) \ + --build-arg GID=$(id -g) \ + --build-arg USERNAME=$(whoami) \ + -t rgpeach10/shell:{{tag}} \ + --platform linux/amd64,linux/arm64 \ + . \ + --push test: just build diff --git a/README.md b/README.md index 9e97662..8eeaaf0 100644 --- a/README.md +++ b/README.md @@ -37,16 +37,16 @@ Create a `~/.docker-shell.sh` file with the following contents: #!/usr/bin/env bash docker run -it --rm \ - -v $HOME/.ssh:/home/root/.ssh \ - -v $HOME:/home/root/mnt \ + --user $(id -u) \ + -v $HOME:/home/rgpeach10/mnt \ -v /var/run/docker.sock:/var/run/docker.sock \ - -w /home/root/mnt \ -e GITHUB_TOKEN=$(gh auth token) \ - -e MNT=/home/rgpeach10/mnt \ --pull=always \ rgpeach10/shell:main ``` +NOTE: User must match the $UID and $(id -g) must match $GID build args. Othwerwise, please build this locally then run it. + Then set your terminal to launch this script when you open it. Or you could put it in your `~/.bash_profile`, `~/.bashrc`, or `~/.zshrc` file.