recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
recipe-maintainer/sandbox/Dockerfile
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

155 lines
5.3 KiB
Docker
Raw Permalink Blame History

# Claude Code sandboxed container
# Runs Claude Code CLI inside Docker so it can't access your host filesystem
# directly — only the directory you mount in.
FROM debian:12-slim
# ── Core system packages ────────────────────────────────────────────────
RUN apt-get update && apt-get install -y \
bash \
ca-certificates \
cmake \
curl \
build-essential \
fd-find \
git \
jq \
less \
libclang-dev \
libssl-dev \
musl-tools \
musl-dev \
gosu \
sudo \
openssh-client \
pkg-config \
python3 \
python3-pip \
ripgrep \
tar \
tree \
unzip \
zip \
nodejs \
npm \
vim \
wget \
&& rm -rf /var/lib/apt/lists/*
# Install GitHub CLI
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-o /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list \
&& apt-get update && apt-get install -y gh \
&& rm -rf /var/lib/apt/lists/*
# Playwright browser dependencies + install
RUN apt-get update && apt-get install -y \
libnspr4 \
libnss3 \
libnss3-tools \
libatk1.0-0 \
libatk-bridge2.0-0 \
libcups2 \
libdrm2 \
libxkbcommon0 \
libxcomposite1 \
libxdamage1 \
libxfixes3 \
libxrandr2 \
libgbm1 \
libpango-1.0-0 \
libcairo2 \
libasound2 \
libatspi2.0-0 \
libwayland-client0 \
libxshmfence1 \
libglib2.0-0 \
libdbus-1-3 \
fonts-liberation \
&& rm -rf /var/lib/apt/lists/*
RUN pip install --break-system-packages playwright && \
python3 -m playwright install --with-deps chromium
# Provide fd alias for fd-find (Debian names the binary fdfind)
RUN ln -s /usr/bin/fdfind /usr/local/bin/fd
# ── Claude Code CLI ────────────────────────────────────────────────────
RUN curl -fsSL https://claude.ai/install.sh | bash && \
/root/.local/bin/claude --version
# ── Optional tools (uncomment what you need) ───────────────────────────
# These are included because this project uses them — feel free to remove
# any you don't need to speed up the build.
# Hugo (static site generator)
ARG HUGO_VERSION=0.154.5
ARG TARGETARCH
RUN set -eux; \
arch="${TARGETARCH:-amd64}"; \
case "$arch" in \
amd64) hugo_arch="linux-amd64" ;; \
arm64) hugo_arch="linux-arm64" ;; \
*) echo "Unsupported arch: $arch"; exit 1 ;; \
esac; \
curl -fsSL "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_${hugo_arch}.tar.gz" -o /tmp/hugo.tar.gz; \
tar -xzf /tmp/hugo.tar.gz -C /tmp; \
mv /tmp/hugo /usr/local/bin/hugo; \
rm -f /tmp/hugo.tar.gz; \
hugo version
# Terraform
ARG TERRAFORM_VERSION=1.11.2
RUN set -eux; \
arch="${TARGETARCH:-amd64}"; \
curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${arch}.zip" -o /tmp/terraform.zip; \
unzip /tmp/terraform.zip -d /usr/local/bin/; \
rm -f /tmp/terraform.zip; \
terraform version
# Rust (rustup + cargo)
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
/root/.cargo/bin/rustup target add x86_64-unknown-linux-musl
# abra (Co-op Cloud CLI)
RUN curl -fsSL https://install.abra.coopcloud.tech | bash
# Caddy (web server / reverse proxy)
RUN curl -fsSL https://dl.cloudsmith.io/public/caddy/stable/gpg.key \
| gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg && \
echo "deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" \
> /etc/apt/sources.list.d/caddy-stable.list && \
apt-get update && apt-get install -y caddy && \
rm -rf /var/lib/apt/lists/*
# Tailscale (VPN / mesh networking)
RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg \
-o /usr/share/keyrings/tailscale-archive-keyring.gpg && \
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list \
-o /etc/apt/sources.list.d/tailscale.list && \
apt-get update && apt-get install -y tailscale && \
rm -rf /var/lib/apt/lists/*
# ── PATH & permissions ─────────────────────────────────────────────────
ENV PATH="/root/.local/bin:/root/.claude/bin:/root/.cargo/bin:${PATH}"
# Make Claude Code + abra binaries readable by non-root users
RUN chmod 755 /root && \
mkdir -p /root/.claude /root/.local/bin /root/.config && \
chmod -R a+rx /root/.claude /root/.local /root/.config && \
chmod a+rx /usr/local/bin/abra 2>/dev/null || true
# Pre-create home directory for the claude user
RUN mkdir -p /home/claude/.claude /home/claude/.local/bin /home/claude/.config /home/claude/.abra && \
chmod -R 755 /home/claude
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
WORKDIR /workspace
ENTRYPOINT ["/entrypoint.sh"]
CMD []
Reference in New Issue View Git Blame Copy Permalink