This repository has been archived by the owner on Nov 10, 2019. It is now read-only.
/
centos.eex
114 lines (102 loc) · 4.02 KB
/
centos.eex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
FROM centos:<%= tag %>
# autogenerated by deli
ENV OTP_VERSION="<%= versions[:otp][:version] %>" \
ELIXIR_VERSION="<%= versions[:elixir][:version] %>" \
REBAR3_VERSION="<%= versions[:rebar3][:version] %>" \
OTP_SUM="<%= versions[:otp][:checksum] %>" \
ELIXIR_SUM="<%= versions[:elixir][:checksum] %>" \
REBAR3_SUM="<%= versions[:rebar3][:checksum] %>"
# Base dependencies
RUN set -xe \
&& yum update -y \
&& yum clean all \
&& yum reinstall -y glibc-common \
&& localedef -i en_US -f UTF-8 en_US.UTF-8 \
&& yum -y groupinstall "Development Tools" \
&& yum -y install ncurses \
ncurses-devel \
unixODBC \
unixODBC-devel \
openssl-devel \
openssh-clients \
openssh-server \
&& echo "NETWORKING=yes" > /etc/sysconfig/network \
&& ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Configure SSH for non-root public key authentication
RUN set -xe \
&& mkdir -p /var/run/sshd \
&& sed -i \
-e 's~^PasswordAuthentication yes~PasswordAuthentication no~g' \
-e 's~^#PermitRootLogin yes~PermitRootLogin no~g' \
-e 's~^#UseDNS yes~UseDNS no~g' \
-e 's~^Host~#Host~g' \
-e 's~^ForwardX11Trusted~#ForwardX11Trusted~g' \
-e 's~^SendEnv~#SendEnv~g' \
-e 's~^\(.*\)/usr/libexec/openssh/sftp-server$~\1internal-sftp~g' \
/etc/ssh/sshd_config
# Erlang/OTP
RUN set -xe \
&& OTP_SRC_URL="https://github.com/erlang/otp/archive/OTP-${OTP_VERSION}.tar.gz" \
&& curl -fSL "$OTP_SRC_URL" -o otp-src.tar.gz \
&& echo "${OTP_SUM} otp-src.tar.gz" | sha256sum -c - \
&& mkdir -p /usr/local/src/otp \
&& tar -zxf otp-src.tar.gz -C /usr/local/src/otp --strip-components=1 \
&& rm otp-src.tar.gz \
&& cd /usr/local/src/otp \
&& ./otp_build autoconf \
&& ./configure --disable-hipe --without-javac --without-odbc --without-diameter --without-megaco --without-eldap --without-debugger --without-wx --without-et --without-observer \
&& make \
&& make install \
&& find /usr/local -name examples | xargs rm -rf \
&& cd /usr/local \
&& rm -rf /usr/local/src/otp \
&& cd /usr/local/src \
&& git clone --branch ${REBAR3_VERSION} https://github.com/rebar/rebar3.git \
&& cd rebar3 \
&& ./bootstrap \
&& cp rebar3 /usr/bin/rebar3 \
&& cd / && rm -rf /usr/src/rebar3
# Elixir
RUN set -xe \
&& ELIXIR_DOWNLOAD_URL="https://github.com/elixir-lang/elixir/archive/v${ELIXIR_VERSION}.tar.gz" \
&& curl -fSL -o elixir-src.tar.gz $ELIXIR_DOWNLOAD_URL \
&& echo "${ELIXIR_SUM} elixir-src.tar.gz" | sha256sum -c - \
&& mkdir -p /usr/local/src/elixir \
&& tar -xzC /usr/local/src/elixir --strip-components=1 -f elixir-src.tar.gz \
&& rm elixir-src.tar.gz \
&& cd /usr/local/src/elixir \
&& make install clean \
&& cd /usr/local \
&& rm -rf /usr/local/src/elixir \
&& mix local.hex --force \
&& mix hex.info
<%= if yarn? do %>
# Yarn
RUN set -xe \
&& yum -y install cairo-devel \
&& curl --silent --location https://rpm.nodesource.com/setup_<%= node_version %> | bash \
&& yum -y install nodejs \
&& npm -g up \
&& curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo \
&& yum -y install yarn
<% end %>
COPY authorized_keys /authorized_keys
RUN ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
RUN ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N ''
# Create <%= user %> user and make it a sudoer
RUN set -xe \
&& useradd -s /bin/bash -c "<%= user %>" <%= user %> \
&& mkhomedir_helper <%= user %> \
&& mkdir -p /home/<%= user %>/.ssh \
&& cp /authorized_keys/<%= app %>_id_rsa.pub /home/<%= user %>/.ssh/authorized_keys \
&& chown -R <%= user %>:<%= user %> /home/<%= user %>/.ssh \
&& mkdir -p /etc/sudoers.d \
&& touch /etc/sudoers.d/<%= user %> \
&& echo "<%= user %> ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/<%= user %>
WORKDIR /usr/local/builds
RUN git init
RUN git config receive.denyCurrentBranch ignore
RUN chown -R <%= user %>:<%= user %> /usr/local/builds
RUN echo "export LANG=en_US.UTF-8" >> /home/<%= user %>/.profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]