...

6 files changed, 180 insertions, 13 deletions

diff --git a/docker/code-server/Dockerfile b/docker/code-server/Dockerfile
new file mode 100644
index 0000000..180cb7e
--- /dev/null
+++ b/docker/code-server/Dockerfile
@@ -0,0 +1,25 @@
+FROM archlinux:latest
+
+ARG CRUPEST_USER
+ARG CRUPEST_GROUP
+ARG CRUPEST_UID=1000
+ARG CRUPEST_GID=1000
+ARG CRUPEST_PACKAGES=""
+ARG CRUPEST_AUR_PACKAGES=""
+ARG USE_CHINA_MIRROR="false"
+ARG CHINA_MIRROR_URL="https://mirrors.tuna.tsinghua.edu.cn/archlinux/\$repo/os/\$arch"
+
+ADD ./archlinux-setup.bash ./archlinux-setup-user.bash ./restore-pacman-conf.py /tmp/
+
+ENV CRUPEST_IN_DOCKER="true"
+WORKDIR /tmp
+RUN /tmp/archlinux-setup.bash
+USER ${CRUPEST_UID}:${CRUPEST_GID}
+WORKDIR /home/${CRUPEST_USER}
+RUN /tmp/archlinux-setup-user.bash
+
+VOLUME [ "/data" ]
+EXPOSE 8080
+
+ENV CODE_SERVER_CONFIG="/data/code-server-config.yaml"
+ENTRYPOINT [ "code-sever", "--bind-addr", "0.0.0.0:8080" ]
diff --git a/docker/code-server/archlinux-setup-user.bash b/docker/code-server/archlinux-setup-user.bash
new file mode 100755
index 0000000..2b39bd2
--- /dev/null
+++ b/docker/code-server/archlinux-setup-user.bash
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# check if we are in docker by CRUPEST_IN_DOCKER
+if [ "${CRUPEST_IN_DOCKER}" != "true" ]; then
+    echo "This script is intended to be run in a docker container."
+    exit 1
+fi
+
+cd ~ || exit 1
+
+mkdir data
+
+mkdir aur
+cd aur || exit 1
+
+# install all aur packages
+for aur_package in ${CRUPEST_AUR_PACKAGES} ; do
+    echo "Installing ${aur_package} from AUR..."
+    git clone "https://aur.archlinux.org/${aur_package}.git" --depth 1
+    pushd "${aur_package}" || exit 1
+    makepkg -sr --noconfirm
+    makepkg --packagelist | sudo pacman -U --noconfirm -
+    popd || exit 1
+done
diff --git a/docker/code-server/archlinux-setup.bash b/docker/code-server/archlinux-setup.bash
new file mode 100755
index 0000000..c926384
--- /dev/null
+++ b/docker/code-server/archlinux-setup.bash
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# check if we are in docker by CRUPEST_IN_DOCKER
+if [ "${CRUPEST_IN_DOCKER}" != "true" ]; then
+    echo "This script is intended to be run in a docker container."
+    exit 1
+fi
+
+# check if we are root
+if [ "$(id -u)" != "0" ]; then
+    echo "This script must be run as root."
+    exit 1
+fi
+
+# CRUPEST_USER, CRUPEST_UID, CRUPEST_GID must be defined
+if [ -z "$CRUPEST_USER" ] || [ -z "$CRUPEST_UID" ] || [ -z "$CRUPEST_GID" ]; then
+    echo "CRUPEST_USER, CRUPEST_UID, CRUPEST_GID must be defined."
+    exit 1
+fi
+
+# if we are in China (by checking USE_CHINA_MIRROR), use the mirror in China
+if [ "$USE_CHINA_MIRROR" = "true" ]; then
+    echo "You have set USE_CHINA_MIRROR to true, using mirror ${CHINA_MIRROR_URL} (set by CHINA_MIRROR_URL) in China."
+    echo "Server = ${CHINA_MIRROR_URL}" > /etc/pacman.d/mirrorlist
+fi
+
+# from now on, we don't allow error
+set -e
+
+# Update the system and I need python3
+pacman -Syu --noconfirm python
+
+# execute the restore pacman config script
+python3 ./restore-pacman-conf.py
+
+# reinstall all installed packages
+pacman -Qnq | pacman -S --noconfirm --overwrite=* -
+
+# install new packages
+echo "base-devel git ${CRUPEST_PACKAGES}" | tr " " "\n" | pacman -S --noconfirm --needed -
+
+# if GROUP not defined, set it the same to USER
+if [ -z "$CRUPEST_GROUP" ]; then
+    CRUPEST_GROUP="$CRUPEST_USER"
+fi
+
+# check if GROUP exists. if not create it with GID
+if ! grep -q "^${CRUPEST_GROUP}:" /etc/group; then
+    groupadd -g "$CRUPEST_GID" "$CRUPEST_GROUP"
+fi
+
+# create user for UID and GID
+useradd -m -u "${CRUPEST_UID}" -g "${CRUPEST_GID}" "${CRUPEST_USER}"
+
+# add the user to sudo
+echo "${CRUPEST_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+# create data directory and change the permission
+mkdir -p /data
+chown "${CRUPEST_USER}":"${CRUPEST_GROUP}" /data
+chmod 700 /data
diff --git a/docker/code-server/restore-pacman-conf.py b/docker/code-server/restore-pacman-conf.py
new file mode 100755
index 0000000..3486dd3
--- /dev/null
+++ b/docker/code-server/restore-pacman-conf.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+
+# Fxxk damn shit bash script and linux tools. They just don't work well with text processing, which took me a long time to discover the stupid fact.
+
+import os
+import os.path
+import sys
+import urllib.request
+from http.client import HTTPResponse
+
+PACMAN_NO_EXTRACT_URL = 'https://gitlab.archlinux.org/archlinux/archlinux-docker/-/raw/master/pacman-conf.d-noextract.conf'
+
+# check if this is in docker by CRUPEST_IN_DOCKER env
+if not os.environ.get('CRUPEST_IN_DOCKER'):
+    print("Not in docker, exiting!", file=sys.stderr)
+    exit(1)
+
+# check if I'm root
+if os.geteuid() != 0:
+    print("Not root, exiting!", file=sys.stderr)
+    exit(1)
+
+# check if pacman.conf exists
+if not os.path.exists('/etc/pacman.conf'):
+    print("/etc/pacman.conf does not exist, are you running this in Arch Linux? Exiting!", file=sys.stderr)
+    exit(2)
+
+# Download pacman-no-extract file from url
+res: HTTPResponse = urllib.request.urlopen(PACMAN_NO_EXTRACT_URL)
+if res.status != 200:
+    print(
+        f"Failed to download pacman-no-extract file from url: {PACMAN_NO_EXTRACT_URL}, exiting!", file=sys.stderr)
+    exit(3)
+
+# Read the content of pacman-no-extract file
+pacman_no_extract_content = res.read().decode('utf-8')
+
+# Read the content of pacman.conf
+with open('/etc/pacman.conf', 'r') as f:
+    pacman_conf_content = f.read()
+    # remove pacman_no_extract_content from pacman_conf_content
+    pacman_conf_content = pacman_conf_content.replace(
+        pacman_no_extract_content, '')
+
+# Write the content of pacman.conf
+with open('/etc/pacman.conf', 'w') as f:
+    f.write(pacman_conf_content)
diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template
index 0367605..5cc6d10 100644
--- a/template/docker-compose.yaml.template
+++ b/template/docker-compose.yaml.template
@@ -32,17 +32,20 @@ services:
       - internal
 
   code-server:
-    image: codercom/code-server:latest
+    build:
+      context: ./docker/code-server
+      dockerfile: Dockerfile
+      args:
+        - CRUPEST_USER={{CRUPEST_USER}}
+        - CRUPEST_GROUP={{CRUPEST_GROUP}}
+        - CRUPEST_UID={{CRUPEST_UID}}
+        - CRUPEST_GID={{CRUPEST_GID}}
     container_name: code_server
     restart: on-failure:3
     volumes:
       - ./data/code-server:/data
-      - ./data/code-server-config.yaml:/home/coder/.config/code-server/config.yaml
     ports:
       - "8080:8080"
-    environment:
-      - "DOCKER_USER=$USER"
-    user: "{{CRUPEST_UID}}:{{CRUPEST_GID}}"
     networks:
       - internal
 
diff --git a/template/generate.py b/template/generate.py
index d00a84f..1c94cda 100755
--- a/template/generate.py
+++ b/template/generate.py
@@ -3,9 +3,11 @@
 import os
 import os.path
 import re
-from sys import argv
+import pwd
+import grp
+import sys
 
-required_config_keys = set(["CRUPEST_DOMAIN", "CRUPEST_UID",
+required_config_keys = set(["CRUPEST_DOMAIN", "CRUPEST_USER", "CRUPEST_GROUP", "CRUPEST_UID",
                             "CRUPEST_GID", "CRUPEST_HALO_DB_PASSWORD"])
 
 print("It's happy to see you!\n")
@@ -28,7 +30,7 @@ for filename in filenames:
 print("")
 
 # if command is 'clean'
-if len(argv) > 1 and argv[1] == "clean":
+if len(sys.argv) > 1 and sys.argv[1] == "clean":
     print("Are you sure you want to delete all generated files? (y/N)")
     if input() == "y":
         print("Deleting all generated files...")
@@ -88,12 +90,17 @@ config_path = os.path.join(project_dir, "data/config")
 
 # check if there exists a config file
 if not os.path.exists(config_path):
+    config = {}
     print("No existing config file found. Don't worry. Let's create one! Just tell me your domain name:")
-    domain = input()
-    my_uid = os.getuid()
-    my_gid = os.getgid()
-    halo_db_password = os.urandom(8).hex()
-    config_content = f"CRUPEST_DOMAIN={domain}\nCRUPEST_UID={my_uid}\nCRUPEST_GID={my_gid}\nCRUPEST_HALO_DB_PASSWORD={halo_db_password}\n"
+    config["CRUPEST_DOMAIN"] = input()
+    config["CRUPEST_USER"] = pwd.getpwuid(os.getuid()).pw_name
+    config["CRUPEST_GROUP"] = grp.getgrgid(os.getgid()).gr_name
+    config["CRUPEST_UID"] = str(os.getuid())
+    config["CRUPEST_GID"] = str(os.getgid())
+    config["CRUPEST_HALO_DB_PASSWORD"] = os.urandom(8).hex()
+    config_content = ""
+    for key in config:
+        config_content += f"{key}={config[key]}\n"
     # create data dir if not exist
     if not os.path.exists(os.path.join(project_dir, "data")):
         os.mkdir(os.path.join(project_dir, "data"))