initial
This commit is contained in:
Rantanen Ville
16
Dockerfile
Normal file
16
Dockerfile
Normal file
@@ -0,0 +1,16 @@
|
||||
FROM ubuntu:16.04
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --allow-unauthenticated vim openssh-server mc \
|
||||
less mercurial wget boxes firefox chromium-browser sudo netcat \
|
||||
lxde vnc4server net-tools terminator lxappearance figlet && apt-get clean
|
||||
RUN hg clone https://bitbucket.org/MoonQ/tools /usr/local/share/q-tools
|
||||
|
||||
ADD bootstuff.sh /
|
||||
ADD userinit.sh /
|
||||
ADD vnc_passwd /
|
||||
RUN /userinit.sh
|
||||
|
||||
|
||||
|
||||
17
README.md
Normal file
17
README.md
Normal file
@@ -0,0 +1,17 @@
|
||||
# Sandbox X environment in Docker
|
||||
|
||||
This setup creates a VNC server running LXDE with two browsers installed
|
||||
(chromium and firefox).
|
||||
The executable connects to the container with SSH. Once SSH session exits,
|
||||
the container is destroyed. The executable automatically starts `vncviewer`
|
||||
after starting the container if --vnc passed.
|
||||
|
||||
Run the `build-run` script to build and run the container.
|
||||
Following arguments may be passed:
|
||||
|
||||
* `--vnc` Starts vncviewer
|
||||
* `--geometry` Default geometry for VNC server, e.g. `1024x768`
|
||||
* `--new-passwd` Generates a new random `vnc_passwd` file used
|
||||
for authenticating the VNC client.
|
||||
|
||||
|
||||
8
bootstuff.sh
Executable file
8
bootstuff.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
service ssh start
|
||||
while true; do
|
||||
MSG=$( nc -l -p 1515 127.0.0.1 < /dev/null )
|
||||
[[ "$MSG" = "exit" ]] && exit
|
||||
done
|
||||
91
build-run
Executable file
91
build-run
Executable file
@@ -0,0 +1,91 @@
|
||||
#!/bin/bash
|
||||
|
||||
function helpexit() {
|
||||
echo "Start a Docker session with LXDE and VNC server."
|
||||
echo "NOTE: Docker image is stopped and destroyed when ssh shell exits!"
|
||||
echo " --vnc Start VNC viewer"
|
||||
echo " --geometry WxY VNC Default screen size"
|
||||
echo " --new-passwd Generate new random VNC password file"
|
||||
echo " --help This help"
|
||||
exit
|
||||
}
|
||||
function pwgen() {
|
||||
dd if=/dev/random of=vnc_passwd bs=1 count=8
|
||||
}
|
||||
function rsagen() {
|
||||
rm -f .id_rsa .id_rsa.pub
|
||||
ssh-keygen -t rsa -b 1024 -N "" -f .id_rsa
|
||||
}
|
||||
|
||||
for (( i=1; i<=$#; i++ )); do
|
||||
j=$(( $i + 1 ))
|
||||
[[ "${!i}" = "--help" ]] && helpexit
|
||||
[[ "${!i}" = "-h" ]] && helpexit
|
||||
[[ "${!i}" = "--vnc" ]] && { VNC=1; continue; }
|
||||
[[ "${!i}" = "--new-passwd" ]] && { pwgen; continue; }
|
||||
[[ "${!i}" = "--geometry" ]] && {
|
||||
VNCSIZE="-geometry ${!j}";
|
||||
[[ "$VNCSIZE" = *x* ]] || {
|
||||
echo "VNC geometry must be of format WxH, e.g. 1024x768"
|
||||
exit 1
|
||||
}
|
||||
continue;
|
||||
}
|
||||
done
|
||||
set -e
|
||||
[[ -f vnc_passwd ]] || pwgen
|
||||
[[ -f .id_rsa.pub ]] || rsagen
|
||||
[[ -f .id_rsa ]] || rsagen
|
||||
|
||||
|
||||
cd $( dirname $( readlink -f $0 ) )
|
||||
|
||||
export USER=$( id -u -n )
|
||||
export USERID=$( id -u )
|
||||
export USERGID=$( id -u )
|
||||
cat userinit.sh.template | \
|
||||
sed 's,--USER--,'$USER',g' | \
|
||||
sed 's,--USERID--,'$USERID',g' | \
|
||||
sed 's,--USERGID--,'$USERGID',g' | \
|
||||
sed 's,--PUBKEY--,'"$( cat .id_rsa.pub )"',' > userinit.sh
|
||||
|
||||
chmod 755 userinit.sh
|
||||
|
||||
image=$( basename $( dirname $( readlink -f $0 ) ) )
|
||||
echo $image
|
||||
|
||||
docker build -t $image .
|
||||
nname=$image$$
|
||||
|
||||
docker run --rm -v /mnt:/mnt -v /media:/media -v $HOME/:/host_home \
|
||||
--privileged \
|
||||
-h $nname --name $nname $image \
|
||||
bash /bootstuff.sh $USER &
|
||||
|
||||
echo $nname
|
||||
while :; do
|
||||
sleep 3
|
||||
IP=$( docker inspect --format '{{ .NetworkSettings.IPAddress }}' $nname )
|
||||
[[ -z "$IP" ]] || break
|
||||
done
|
||||
echo $IP
|
||||
while :; do
|
||||
sleep 3
|
||||
ssh-keyscan $IP && break
|
||||
done
|
||||
|
||||
[[ "$VNC" -eq 1 ]] && {
|
||||
ssh -i .id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $USER@$IP /home/$USER/bin/vncs "$VNCSIZE"
|
||||
while :; do
|
||||
wget -qO- ${IP}:5900 && break
|
||||
sleep 5
|
||||
done
|
||||
vncviewer -passwd vnc_passwd ${IP}:5900 &> /dev/null &
|
||||
}
|
||||
ssh -i .id_rsa -XY -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $USER@$IP #&& break
|
||||
echo "Shutting down $nname"
|
||||
sleep 1
|
||||
docker stop $nname >/dev/null &
|
||||
|
||||
|
||||
|
||||
82
userinit.sh.template
Executable file
82
userinit.sh.template
Executable file
@@ -0,0 +1,82 @@
|
||||
#!/bin/bash
|
||||
|
||||
## THIS FILE gets overwritten!
|
||||
|
||||
|
||||
USR=--USER--
|
||||
addgroup --gid --USERGID-- $USR
|
||||
useradd --uid --USERID-- --gid --USERGID-- -m $USR
|
||||
echo "$USR ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
mkdir /home/$USR/.ssh /home/$USR/.vnc /home/$USR/bin
|
||||
echo '--PUBKEY--' > /home/$USR/.ssh/authorized_keys
|
||||
chmod 700 /home/$USR/.ssh
|
||||
chmod 600 /home/$USR/.ssh/authorized_keys
|
||||
chsh -s /bin/bash $USR
|
||||
cp /vnc_passwd /home/$USR/.vnc/passwd
|
||||
chmod 600 /home/$USR/.vnc/passwd
|
||||
echo '#!/bin/sh
|
||||
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
|
||||
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
|
||||
|
||||
xsetroot -solid grey
|
||||
vncconfig -iconic &
|
||||
terminator &
|
||||
openbox &
|
||||
lxpanel -p LXDE &
|
||||
pcmanfm --desktop --profile LXDE &
|
||||
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 *
|
||||
' > /home/$USR/.vnc/xstartup
|
||||
|
||||
echo "#!/bin/bash
|
||||
|
||||
vncserver :0 -depth 24 \$1 \
|
||||
-geometry 1680x1050 \
|
||||
-geometry 800x600 \
|
||||
-geometry 1024x768 \
|
||||
-geometry 1280x1024 \
|
||||
-geometry 1600x1200 \
|
||||
-geometry 1280x720
|
||||
" > /home/$USR/bin/vncs
|
||||
|
||||
echo "#!/bin/bash
|
||||
|
||||
echo exit | nc -w 1 127.0.0.1 1515
|
||||
" > /home/$USR/bin/exit-safe
|
||||
chmod 755 /home/$USR/bin/*
|
||||
|
||||
|
||||
cat <<'EOF' > /tools-install.sh
|
||||
#!/bin/bash
|
||||
|
||||
test -f $HOME/.bashrc || sed 's,#force_color_prompt=yes,force_color_prompt=yes,' /etc/skel/.bashrc > $HOME/.bashrc
|
||||
test -f $HOME/.profile || cp /etc/skel/.profile $HOME/.profile
|
||||
echo "echo \$HOSTNAME | figlet" >> $HOME/.profile
|
||||
echo "echo To exit and shutdown properly, type \'exit-safe\'" >> $HOME/.profile
|
||||
|
||||
mkdir -p $HOME/lib
|
||||
mkdir -p $HOME/bin
|
||||
mkdir -p $HOME/.config/autostart
|
||||
pushd $HOME/lib > /dev/null
|
||||
echo "Getting Tools repository"
|
||||
ln -s /usr/local/share/q-tools tools
|
||||
echo "Checking and adding tools/bin"
|
||||
touch $HOME/.bash_cdhistory $HOME/.qcd
|
||||
grep /lib/tools/rc $HOME/.bashrc > /dev/null || ( echo '. $HOME/lib/tools/rc' >> ~/.bashrc )
|
||||
[[ -f $HOME/bin/xsessionrc ]] || {
|
||||
cp $HOME/lib/tools/skel/xsessionrc $HOME/bin/xsessionrc
|
||||
chmod 755 $HOME/bin/xsessionrc
|
||||
}
|
||||
[[ -f $HOME/.config/autostart/xsessionrc.desktop ]] || {
|
||||
$HOME/lib/tools/bin/fimplate -e $HOME/lib/tools/skel/xsessionrc.desktop > $HOME/.config/autostart/xsessionrc.desktop
|
||||
}
|
||||
|
||||
popd > /dev/null
|
||||
EOF
|
||||
chown -R $USR:$USR /home/$USR/
|
||||
runuser -u $USR -- bash /tools-install.sh
|
||||
|
||||
echo "alias ff='firefox -no-remote &> /dev/null &'" >> /home/$USR/.bashrc
|
||||
echo "alias cb='chromium-browser &> /dev/null &'" >> /home/$USR/.bashrc
|
||||
|
||||
chown -R $USR:$USR /home/$USR/
|
||||
|
||||
Reference in New Issue
Block a user