selfhostyourtech/cubbi
2
0
Fork 0
mirror of https://github.com/Monadical-SAS/cubbi.git synced 2025-12-23 05:39:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(mc): support for uid/gid, and use default current user

Browse Source
This commit is contained in:
Mathieu Virbel
2025-04-01 08:58:54 -06:00
parent 0d75bfc3d8
commit a51115a45d
5 changed files with 168 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
mcontainer/drivers/goose/Dockerfile
View File

@@ -3,8 +3,10 @@ FROM python:3.12-slim
LABEL maintainer="team@monadical.com"
LABEL description="Goose with MCP servers"
# Install system dependencies
RUN apt-get update && apt-get install -y \
# Install system dependencies including gosu for user switching and shadow for useradd/groupadd
RUN apt-get update && apt-get install -y --no-install-recommends \
gosu \
passwd \
git \
openssh-server \
bash \
@@ -12,22 +14,27 @@ RUN apt-get update && apt-get install -y \
bzip2 \
iputils-ping \
iproute2 \
libxcb1 \
libdbus-1-3 \
nano \
vim \
&& rm -rf /var/lib/apt/lists/*
# Set up SSH server
RUN mkdir /var/run/sshd
RUN echo 'root:root' | chpasswd
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
# Set up SSH server directory (configuration will be handled by entrypoint if needed)
RUN mkdir -p /var/run/sshd && chmod 0755 /var/run/sshd
# Do NOT enable root login or set root password here
# Install python dependencies
# This is done before copying scripts for better cache management
# Consider moving this WORKDIR /tmp section if goose CLI isn't strictly needed for base image setup
WORKDIR /tmp
RUN curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh -o download_cli.sh && \
chmod +x download_cli.sh && \
./download_cli.sh
./download_cli.sh && \
# Move goose to a system-wide location
mv /root/.local/bin/goose /usr/local/bin/goose && \
# Clean up
rm -rf /root/.local download_cli.sh /tmp/goose-*
# Create app directory
WORKDIR /app
@@ -46,15 +53,18 @@ RUN chmod +x /mc-init.sh /entrypoint.sh /init-status.sh \
/usr/local/bin/update-goose-config.sh
# Set up initialization status check on login
RUN echo 'export PATH=/root/.local/bin:$PATH' >> /etc/bash.bashrc
RUN echo '[ -x /init-status.sh ] && /init-status.sh' >> /etc/bash.bashrc
# Set up environment
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
# Set WORKDIR to /app, common practice and expected by mc-init.sh
WORKDIR /app
# Expose ports
EXPOSE 8000 22
# Set entrypoint
# Set entrypoint - container starts as root, entrypoint handles user switching
ENTRYPOINT ["/entrypoint.sh"]
# Default command if none is provided (entrypoint will run this via gosu)
CMD ["tail", "-f", "/dev/null"]