Initial commit: Triple-C app, container, and CI
Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
94
container/Dockerfile
Normal file
94
container/Dockerfile
Normal file
@@ -0,0 +1,94 @@
|
||||
FROM ubuntu:24.04
|
||||
|
||||
# Avoid interactive prompts during package install
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# ── System packages ──────────────────────────────────────────────────────────
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
git \
|
||||
curl \
|
||||
wget \
|
||||
openssh-client \
|
||||
build-essential \
|
||||
ripgrep \
|
||||
jq \
|
||||
sudo \
|
||||
ca-certificates \
|
||||
gnupg \
|
||||
locales \
|
||||
unzip \
|
||||
pkg-config \
|
||||
libssl-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set UTF-8 locale
|
||||
RUN locale-gen en_US.UTF-8
|
||||
ENV LANG=en_US.UTF-8
|
||||
ENV LC_ALL=en_US.UTF-8
|
||||
|
||||
# ── GitHub CLI ───────────────────────────────────────────────────────────────
|
||||
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
|
||||
| dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
|
||||
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
|
||||
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
|
||||
> /etc/apt/sources.list.d/github-cli.list \
|
||||
&& apt-get update && apt-get install -y gh \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# ── Node.js LTS (22.x) + pnpm ───────────────────────────────────────────────
|
||||
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
|
||||
&& apt-get install -y nodejs \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& npm install -g pnpm
|
||||
|
||||
# ── Python 3 + pip + uv + ruff ──────────────────────────────────────────────
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
python3 \
|
||||
python3-pip \
|
||||
python3-venv \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& curl -LsSf https://astral.sh/uv/install.sh | sh \
|
||||
&& curl -LsSf https://astral.sh/ruff/install.sh | sh
|
||||
|
||||
# ── Docker CLI (not daemon) ─────────────────────────────────────────────────
|
||||
RUN install -m 0755 -d /etc/apt/keyrings \
|
||||
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
|
||||
| gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
|
||||
&& chmod a+r /etc/apt/keyrings/docker.gpg \
|
||||
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
|
||||
> /etc/apt/sources.list.d/docker.list \
|
||||
&& apt-get update && apt-get install -y docker-ce-cli \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# ── Non-root user with passwordless sudo ─────────────────────────────────────
|
||||
RUN useradd -m -s /bin/bash claude \
|
||||
&& echo "claude ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/claude \
|
||||
&& chmod 0440 /etc/sudoers.d/claude
|
||||
|
||||
# ── Mount points (created as root, owned by claude) ──────────────────────────
|
||||
RUN mkdir -p /workspace && chown claude:claude /workspace
|
||||
|
||||
# ── Rust (installed as claude user) ──────────────────────────────────────────
|
||||
USER claude
|
||||
WORKDIR /home/claude
|
||||
|
||||
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
|
||||
ENV PATH="/home/claude/.cargo/bin:${PATH}"
|
||||
|
||||
# Add uv/ruff to PATH (installed to /root by default, reinstall for claude user)
|
||||
RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
|
||||
&& curl -LsSf https://astral.sh/ruff/install.sh | sh
|
||||
ENV PATH="/home/claude/.local/bin:/home/claude/.cargo/bin:${PATH}"
|
||||
|
||||
# ── Claude Code ──────────────────────────────────────────────────────────────
|
||||
RUN curl -fsSL https://claude.ai/install.sh | bash
|
||||
ENV PATH="/home/claude/.claude/bin:${PATH}"
|
||||
|
||||
RUN mkdir -p /home/claude/.claude /home/claude/.ssh
|
||||
|
||||
WORKDIR /workspace
|
||||
|
||||
COPY --chown=claude:claude entrypoint.sh /home/claude/entrypoint.sh
|
||||
RUN chmod +x /home/claude/entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/home/claude/entrypoint.sh"]
|
||||
49
container/entrypoint.sh
Normal file
49
container/entrypoint.sh
Normal file
@@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# ── SSH key permissions ──────────────────────────────────────────────────────
|
||||
# If SSH keys were mounted, fix permissions (bind mounts may have wrong perms)
|
||||
if [ -d /home/claude/.ssh ]; then
|
||||
chmod 700 /home/claude/.ssh
|
||||
find /home/claude/.ssh -type f -name "id_*" ! -name "*.pub" -exec chmod 600 {} \;
|
||||
find /home/claude/.ssh -type f -name "*.pub" -exec chmod 644 {} \;
|
||||
# Write known_hosts fresh (not append) to avoid duplicates across restarts
|
||||
ssh-keyscan -t ed25519,rsa github.com gitlab.com bitbucket.org > /home/claude/.ssh/known_hosts 2>/dev/null || true
|
||||
chmod 644 /home/claude/.ssh/known_hosts
|
||||
fi
|
||||
|
||||
# ── Git credential helper (for HTTPS token) ─────────────────────────────────
|
||||
if [ -n "$GIT_TOKEN" ]; then
|
||||
# Use git credential-store with a protected file instead of embedding in config
|
||||
CRED_FILE="/home/claude/.git-credentials"
|
||||
: > "$CRED_FILE"
|
||||
chmod 600 "$CRED_FILE"
|
||||
echo "https://oauth2:${GIT_TOKEN}@github.com" >> "$CRED_FILE"
|
||||
echo "https://oauth2:${GIT_TOKEN}@gitlab.com" >> "$CRED_FILE"
|
||||
echo "https://oauth2:${GIT_TOKEN}@bitbucket.org" >> "$CRED_FILE"
|
||||
git config --global credential.helper "store --file=$CRED_FILE"
|
||||
# Clear the env var so it's not visible in /proc/*/environ
|
||||
unset GIT_TOKEN
|
||||
fi
|
||||
|
||||
# ── Git user config ──────────────────────────────────────────────────────────
|
||||
if [ -n "$GIT_USER_NAME" ]; then
|
||||
git config --global user.name "$GIT_USER_NAME"
|
||||
fi
|
||||
if [ -n "$GIT_USER_EMAIL" ]; then
|
||||
git config --global user.email "$GIT_USER_EMAIL"
|
||||
fi
|
||||
|
||||
# ── Docker socket permissions ────────────────────────────────────────────────
|
||||
if [ -S /var/run/docker.sock ]; then
|
||||
DOCKER_GID=$(stat -c '%g' /var/run/docker.sock)
|
||||
if ! getent group "$DOCKER_GID" > /dev/null 2>&1; then
|
||||
sudo groupadd -g "$DOCKER_GID" docker-host
|
||||
fi
|
||||
DOCKER_GROUP=$(getent group "$DOCKER_GID" | cut -d: -f1)
|
||||
sudo usermod -aG "$DOCKER_GROUP" claude
|
||||
fi
|
||||
|
||||
# ── Stay alive ───────────────────────────────────────────────────────────────
|
||||
echo "Triple-C container ready."
|
||||
exec sleep infinity
|
||||
Reference in New Issue
Block a user