A Docker image based on crux that builds a UNIX as an IDE.
docker run -i -t --privileged prologic/ide
Several fil(s) that contain sensitive data such as API Key(s) or Password(s) are encrypted. When this image is started you will be prompted for a decryption key.
The decryption key can also be specified as an environment variable:
docker run -i -t -e KEY=<secret> --privileged prologic/ide
| FROM crux/base:latest | |
| MAINTAINER James Mills <prologic@shortcircuitnet.au> | |
| ENV USER prologic | |
| ENV HOME /home | |
| ENV FULLNAME James Mills | |
| ENV locale en_US | |
| VOLUME /var/lib/docker | |
| ENTRYPOINT ["/entrypoint.sh"] | |
| CMD ["/start.sh"] | |
| RUN localedef -i ${locale} -f ISO-8859-1 ${locale} | |
| RUN localedef -i ${locale} -f ISO-8859-1 ${locale}.ISO-8859-1 | |
| RUN localedef -i ${locale} -f UTF-8 ${locale}.utf8 | |
| RUN passwd -d -l root | |
| RUN groupadd -r docker | |
| RUN useradd -c "${FULLNAME}" -G docker,wheel -M ${USER} | |
| RUN ports -u && prt-get cache | |
| RUN prt-get depinst vim enchant mutt tmux irssi elinks | |
| RUN prt-get depinst netcat mtr nmap ngrep fping openssh | |
| RUN prt-get depinst python setuptools pip | |
| RUN prt-get depinst lua nodejs go | |
| RUN prt-get depinst git mercurial | |
| RUN prt-get depinst ccrypt | |
| RUN pip install fr grin gister pylama virtualenv | |
| RUN pip install -e hg+https://bitbucket.org/durin42/hg-git#egg=hggit | |
| RUN npm install -g jshint | |
| RUN virtualenv $HOME | |
| RUN curl -# -q -o /usr/bin/docker \ | |
| https://get.docker.com/builds/Linux/x86_64/docker-latest && \ | |
| chmod +x /usr/bin/docker | |
| WORKDIR /home/.vim/bundle | |
| RUN git clone https://github.com/scrooloose/syntastic.git | |
| RUN git clone https://github.com/kingbin/vim-arduino.git | |
| RUN git clone https://github.com/fatih/vim-go.git | |
| RUN git clone https://github.com/nathanaelkane/vim-indent-guides.git | |
| RUN git clone https://github.com/mitsuhiko/vim-jinja.git | |
| RUN git clone https://github.com/elzr/vim-json.git | |
| RUN git clone https://github.com/tpope/vim-sleuth.git | |
| RUN git clone https://github.com/tpope/vim-unimpaired.git | |
| ADD . / | |
| RUN chown -R ${USER}:users /home | |
| USER prologic | |
| WORKDIR /home | |
| RUN bash -l -c "pip install virtualenvwrapper" |
| #!/bin/bash | |
| sudo /wrapdocker.sh | |
| exec $@ |
| #!/bin/bash | |
| echo "Decrypting files ..." | |
| if [ -z "$KEY" ]; then | |
| ccdecrypt $(find . -type f -name "*.cpt" -printf '%p ') | |
| else | |
| ccdecrypt -E KEY $(find . -type f -name "*.cpt" -printf '%p ') | |
| fi | |
| echo "Launching a shell ..." | |
| bash -l |
| #!/bin/bash | |
| # First, make sure that cgroups are mounted correctly. | |
| CGROUP=/sys/fs/cgroup | |
| : {LOG:=stdio} | |
| [ -d $CGROUP ] || | |
| mkdir $CGROUP | |
| mountpoint -q $CGROUP || | |
| mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { | |
| echo "Could not make a tmpfs mount. Did you use -privileged?" | |
| exit 1 | |
| } | |
| if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security | |
| then | |
| mount -t securityfs none /sys/kernel/security || { | |
| echo "Could not mount /sys/kernel/security." | |
| echo "AppArmor detection and -privileged mode might break." | |
| } | |
| fi | |
| # Mount the cgroup hierarchies exactly as they are in the parent system. | |
| for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) | |
| do | |
| [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS | |
| mountpoint -q $CGROUP/$SUBSYS || | |
| mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS | |
| # The two following sections address a bug which manifests itself | |
| # by a cryptic "lxc-start: no ns_cgroup option specified" when | |
| # trying to start containers withina container. | |
| # The bug seems to appear when the cgroup hierarchies are not | |
| # mounted on the exact same directories in the host, and in the | |
| # container. | |
| # Named, control-less cgroups are mounted with "-o name=foo" | |
| # (and appear as such under /proc/<pid>/cgroup) but are usually | |
| # mounted on a directory named "foo" (without the "name=" prefix). | |
| # Systemd and OpenRC (and possibly others) both create such a | |
| # cgroup. To avoid the aforementioned bug, we symlink "foo" to | |
| # "name=foo". This shouldn't have any adverse effect. | |
| echo $SUBSYS | grep -q ^name= && { | |
| NAME=$(echo $SUBSYS | sed s/^name=//) | |
| ln -s $SUBSYS $CGROUP/$NAME | |
| } | |
| # Likewise, on at least one system, it has been reported that | |
| # systemd would mount the CPU and CPU accounting controllers | |
| # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" | |
| # but on a directory called "cpu,cpuacct" (note the inversion | |
| # in the order of the groups). This tries to work around it. | |
| [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct | |
| done | |
| # Note: as I write those lines, the LXC userland tools cannot setup | |
| # a "sub-container" properly if the "devices" cgroup is not in its | |
| # own hierarchy. Let's detect this and issue a warning. | |
| grep -q :devices: /proc/1/cgroup || | |
| echo "WARNING: the 'devices' cgroup should be in its own hierarchy." | |
| grep -qw devices /proc/1/cgroup || | |
| echo "WARNING: it looks like the 'devices' cgroup is not mounted." | |
| # Now, close extraneous file descriptors. | |
| pushd /proc/self/fd >/dev/null | |
| for FD in * | |
| do | |
| case "$FD" in | |
| # Keep stdin/stdout/stderr | |
| [012]) | |
| ;; | |
| # Nuke everything else | |
| *) | |
| eval exec "$FD>&-" | |
| ;; | |
| esac | |
| done | |
| popd >/dev/null | |
| # If a pidfile is still around (for example after a container restart), | |
| # delete it so that docker can start. | |
| rm -rf /var/run/docker.pid | |
| nohup docker \ | |
| -d $DOCKER_DAEMON_ARGS \ | |
| -H tcp://0.0.0.0:2375 \ | |
| -H unix:///var/run/docker.sock \ | |
| &>/var/log/docker.log & |