From c8bf7daf027a0b698d075c717d496cf42981b835 Mon Sep 17 00:00:00 2001
From: Myve <forge@myvelabs.com>
Date: Thu, 18 Jul 2024 21:34:48 +0000
Subject: [PATCH] Alpine images

---
 base/Dockerfile             | 43 +++++++++++++++++++++
 base/app/entrypoint         | 24 ++++++++++++
 base/app/init.d/01-init.sh  |  9 +++++
 base/app/init.d/10-nginx.sh | 46 ++++++++++++++++++++++
 base/app/init.d/10-novnc.sh | 35 +++++++++++++++++
 base/build                  |  8 ++++
 basei3/10-tigervnc.sh       | 77 +++++++++++++++++++++++++++++++++++++
 basei3/90-tigervnc.sh       |  3 ++
 basei3/Dockerfile           | 18 +++++++++
 basei3/build                |  6 +++
 firefox/20-firefox.sh       | 56 +++++++++++++++++++++++++++
 firefox/Dockerfile          | 17 ++++++++
 firefox/build               |  5 +++
 remmina/20-remmina.sh       | 20 ++++++++++
 remmina/Dockerfile          | 20 ++++++++++
 remmina/build               |  5 +++
 16 files changed, 392 insertions(+)
 create mode 100644 base/Dockerfile
 create mode 100755 base/app/entrypoint
 create mode 100755 base/app/init.d/01-init.sh
 create mode 100755 base/app/init.d/10-nginx.sh
 create mode 100755 base/app/init.d/10-novnc.sh
 create mode 100755 base/build
 create mode 100755 basei3/10-tigervnc.sh
 create mode 100755 basei3/90-tigervnc.sh
 create mode 100644 basei3/Dockerfile
 create mode 100755 basei3/build
 create mode 100755 firefox/20-firefox.sh
 create mode 100644 firefox/Dockerfile
 create mode 100755 firefox/build
 create mode 100755 remmina/20-remmina.sh
 create mode 100644 remmina/Dockerfile
 create mode 100755 remmina/build

diff --git a/base/Dockerfile b/base/Dockerfile
new file mode 100644
index 0000000..e290612
--- /dev/null
+++ b/base/Dockerfile
@@ -0,0 +1,43 @@
+# syntax = docker/dockerfile:1.2
+FROM alpine:edge
+USER root
+
+# Build ARG for additional pacman packages to install (eg, openssh)
+ARG addpkg
+
+# Copy app folder
+COPY app /app
+
+# Install noVNC
+RUN printf '%s\n' 'https://dl-cdn.alpinelinux.org/alpine/edge/main/' \
+    'https://dl-cdn.alpinelinux.org/alpine/edge/community/' \
+    'https://dl-cdn.alpinelinux.org/alpine/edge/testing/' >/etc/apk/repositories \
+    && apk update \
+    && apk upgrade \
+    && apk add --no-cache ${addpkg} \
+        doas \
+        bash bash-completion \
+        novnc websockify \
+        nginx \
+    && adduser -s /bin/bash -D user \
+    && printf '%s' 'permit nopass user as root cmd /usr/sbin/nginx' >/etc/doas.conf \
+    && passwd -l root >/dev/null 2>&1 \
+    && sed '/^http {/a\ \
+   include /app/nginx/\*.conf;\n\ \
+   types_hash_max_size 4096;\n\ \
+   server_names_hash_bucket_size 128;\n' -i /etc/nginx/nginx.conf \
+    && chown -R user /app /usr/share/novnc/
+
+# Default environment
+USER user
+WORKDIR /home/user
+ENV HOME=/home/user
+ENV DISPLAY=:0
+ENV SHELL=/bin/bash
+ENV PS1="[\u@\h \W \$?]\$ "
+
+# Expose nginx port for VNC webui
+EXPOSE 6900
+
+# Docker entrypoint
+ENTRYPOINT ["/app/entrypoint"]
diff --git a/base/app/entrypoint b/base/app/entrypoint
new file mode 100755
index 0000000..e489770
--- /dev/null
+++ b/base/app/entrypoint
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Export all variables
+set -a
+
+# Abort if an error is encountered
+set -e
+
+# SSH config
+if [ -f ~/.ssh/id_ed25519 ]
+then
+    chmod 0600 ~/.ssh/id_ed25519
+fi
+
+# Run all scripts in init folder
+for file in /app/init.d/*.sh
+do
+    /bin/bash -c ${file} >>/app/logs/$(echo ${file} | sed 's|/app/init.d/||;s|\.sh$||').log
+done
+
+# Read cli parameters
+exec "${@}" &
+
+# Monitor log
+tail -f /app/logs/*.log
diff --git a/base/app/init.d/01-init.sh b/base/app/init.d/01-init.sh
new file mode 100755
index 0000000..18f3be1
--- /dev/null
+++ b/base/app/init.d/01-init.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# Create base directories
+for dir in vnc config ssh
+do
+    [ -d ~/.${dir} ] || mkdir -p ~/.${dir}
+done
+
+## OPTIONAL: More commands may be added below
+
diff --git a/base/app/init.d/10-nginx.sh b/base/app/init.d/10-nginx.sh
new file mode 100755
index 0000000..17493bd
--- /dev/null
+++ b/base/app/init.d/10-nginx.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+# Reformat path
+if [[ ${MYVNC_PROXYPATH} == "/" ]]
+then
+    unset _MYVNC_PROXYPATH
+elif [ ${MYVNC_PROXYPATH} ]
+then
+    _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH} | sed "s|^/*||g;s|/*$||g;s|/*/|/|g;s|^|/|")
+fi
+
+# Add novnc virtual proxy conf
+cat >/app/nginx/novnc.conf <<- novnc
+upstream vnc_proxy {
+    server 127.0.0.1:6080;
+}
+
+server {
+    listen 6900;
+
+    location ${_MYVNC_PROXYPATH}/websockify {
+        proxy_http_version 1.1;
+        proxy_pass http://vnc_proxy/;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # VNC connection timeout
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+
+        # Disable cache
+        proxy_buffering off;
+    }
+
+    location ${_MYVNC_PROXYPATH}/ {
+        index vnc.html;
+        alias /usr/share/novnc/;
+        try_files \$uri \$uri/ /vnc.html;
+
+        # In the location block related to noVNC
+        add_header Cache-Control no-cache;
+    }
+}
+novnc
+
+# Start nginx
+doas /usr/sbin/nginx -g "daemon off;" &
diff --git a/base/app/init.d/10-novnc.sh b/base/app/init.d/10-novnc.sh
new file mode 100755
index 0000000..96baf21
--- /dev/null
+++ b/base/app/init.d/10-novnc.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Turn vnc sharing on/off
+if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]]
+then
+    _MYVNC_VNCSHARING=true
+else
+    _MYVNC_VNCSHARING=false
+fi
+
+# Always default to remote scaling
+sed -i "/UI.initSetting\|resize/ s/resize', '.*');/resize', 'scale');/" /usr/share/novnc/app/ui.js
+
+# Always default to autoconnect=true
+sed -i "/let autoconnect/ s/autoconnect', .*);/autoconnect', true);/" /usr/share/novnc/app/ui.js
+
+# Change vnc shared view settings (defaults to false/off)
+sed -i "/UI.initSetting\|shared/ s/shared', .*);/shared', ${_MYVNC_VNCSHARING});/" /usr/share/novnc/app/ui.js
+
+# NoVNC custom title
+sed -i "/<title>noVNC<\/title>/ s/noVNC/${MYVNC_CUSTOM_TITLE:-noVNC}/g" /usr/share/novnc/*.html
+
+# Apply subpath to websocket
+if [[ ${MYVNC_PROXYPATH} == "/" ]]
+then
+    unset _MYVNC_PROXYPATH
+elif [ ${MYVNC_PROXYPATH} ]
+then
+    _MYVNC_PROXYPATH=$(echo ${MYVNC_PROXYPATH} | sed "s|^/*||g;s|/*$||g;s|/*/|/|g")
+    sed -i "/UI.initSetting/ s|websockify|${_MYVNC_PROXYPATH}/&|" /usr/share/novnc/app/ui.js
+fi
+
+# Start NoVNC
+novnc_server \
+    --vnc ${MYVNC_VNCSERVER_HOST:-localhost}:${MYVNC_VNCSERVER_PORT:-5900} \
+    --file-only &
diff --git a/base/build b/base/build
new file mode 100755
index 0000000..bc5283a
--- /dev/null
+++ b/base/build
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+# Docker build
+# Optional buildtag, addpkg
+# addpkg=openssh \
+DOCKER_BUILDKIT=1 \
+docker build ./. \
+    --build-arg pkg=${addpkg:-""} \
+    --tag ${buildtag:-alpine/base}
diff --git a/basei3/10-tigervnc.sh b/basei3/10-tigervnc.sh
new file mode 100755
index 0000000..03c02ac
--- /dev/null
+++ b/basei3/10-tigervnc.sh
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# Check for MYVNC_VNCPASS variable
+if [ -z ${MYVNC_VNCPASS} ]
+then
+    echo "MYVNC_VNCPASS env variable is missing"
+    exit 1
+fi
+
+# Configure tigervnc auth
+if [ ! -f ~/.vnc/passwd ]
+then
+    echo "${MYVNC_VNCPASS}" | vncpasswd -f >~/.vnc/passwd
+    chmod 0600 ~/.vnc/passwd
+fi
+
+# Remove VNCPASS env
+unset MYVNC_VNCPASS
+
+# VNC xstartup
+install /dev/stdin ~/.vnc/xstartup <<- xstartup
+#!/usr/bin/env bash
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+exec ${STARTXBIN}
+xstartup
+
+# Turn vnc sharing on/off
+if [[ ${MYVNC_VNCSHARING} == "true" ]] || [[ ${MYVNC_VNCSHARING} == "1" ]]
+then
+    _MYVNC_VNCSHARING=alwaysshared
+else
+    _MYVNC_VNCSHARING=nevershared
+fi
+
+# VNC config
+cat >~/.vnc/config <<- vncconfig
+session=i3
+geometry=1920x1080
+framerate=60
+depth=32
+${_MYVNC_VNCSHARING}
+vncconfig
+
+# i3 preferences
+mkdir -p ~/.config/i3/config.d
+cat >~/.config/i3/config <<- 'i3config'
+# Font
+font pango:DejaVu Sans Mono 8
+
+# Include custom config
+include ~/.config/i3/config.d/*.conf
+
+# Binds for killing application
+bindsym Mod1+Mod4+Shift+q kill
+bindsym Mod1+Mod4+Shift+f fullscreen toggle
+
+# Binds for cycling workspaces
+bindsym Mod1+Mod4+Shift+Right workspace next
+bindsym Mod1+Mod4+Shift+Left workspace prev
+
+# Locked mode
+mode locked {
+    bindsym Mod4+Mod1+Escape mode default
+}
+bindsym Mod4+Mod1+Escape mode locked
+
+# Hide bar permanently
+exec --no-startup-id i3-msg bar mode invisible
+
+# Always open window in fullscreen
+for_window [all] fullscreen enable
+for_window [all] border none
+default_border none
+
+# Execute startup script for webapp
+exec --no-startup-id /bin/bash ~/.config/i3/startapp.sh
+i3config
diff --git a/basei3/90-tigervnc.sh b/basei3/90-tigervnc.sh
new file mode 100755
index 0000000..70cf0a9
--- /dev/null
+++ b/basei3/90-tigervnc.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+# Launch Tigervnc
+vncserver :0 &
diff --git a/basei3/Dockerfile b/basei3/Dockerfile
new file mode 100644
index 0000000..535417a
--- /dev/null
+++ b/basei3/Dockerfile
@@ -0,0 +1,18 @@
+# syntax = docker/dockerfile:1.2
+FROM alpine/base
+USER root
+
+# X session environment variable
+ENV STARTXBIN i3
+
+# Run
+RUN apk add --no-cache \
+    tigervnc \
+    i3wm \
+    font-dejavu
+
+# Tigervnc initialization scripts
+COPY *.sh /app/init.d/
+
+# Reset user home directory
+USER user
diff --git a/basei3/build b/basei3/build
new file mode 100755
index 0000000..c15f8cc
--- /dev/null
+++ b/basei3/build
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+# Docker build
+# Optional: buildtag
+DOCKER_BUILDKIT=1 \
+docker build ./. \
+    --tag ${buildtag:-alpine/base:i3}
diff --git a/firefox/20-firefox.sh b/firefox/20-firefox.sh
new file mode 100755
index 0000000..89659cf
--- /dev/null
+++ b/firefox/20-firefox.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+# Create firefox profile directory
+mkdir -p /app/firefox
+
+# Firefox custom user.js
+cat >/app/firefox/user.js <<- 'firefox'
+// First run
+user_pref("app.normandy.first_run", false);
+user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
+user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
+user_pref("browser.startup.homepage_override.mstone", "ignore");
+
+// Homepage
+// user_pref("browser.startup.page", 1);
+// user_pref("browser.startup.homepage", "https://myvelabs.app/");
+
+// Security/privacy section
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("browser.contentblocking.category", "standard");
+user_pref("datareporting.healthreport.uploadEnabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("dom.private-attribution.submission.enabled", false);
+user_pref("network.trr.mode", 5);
+
+// Disable sponsored content on Firefox Home (Activity Stream)
+user_pref("browser.newtabpage.activity-stream.showSearch", false);
+user_pref("browser.newtabpage.activity-stream.showSponsored", false);
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+user_pref("browser.newtabpage.activity-stream.default.sites", "");
+user_pref("browser.newtabpage.activity-stream.topSitesRows", 4);
+
+// Disable about:config warning
+user_pref("browser.aboutConfig.showWarning", false);
+
+// Disable url autocomplete
+user_pref("browser.search.suggest.enabled", false);
+user_pref("browser.urlbar.suggest.recentsearches", false);
+user_pref("browser.urlbar.suggest.searches", false);
+
+// Closing firefox properties
+user_pref("browser.warnOnQuitShortcut", false);
+user_pref("browser.tabs.closeWindowWithLastTab", false);
+
+// Disable autohide toolbar on fullscreen
+user_pref("browser.fullscreen.autohide", false);
+firefox
+
+# i3/firefox startup
+install /dev/stdin ~/.config/i3/startapp.sh <<- startup
+#!/usr/bin/env bash
+# Run firefox
+while true
+do
+    firefox --profile /app/firefox ${MYVNC_FIREFOX_OPTS} --new-window ${MYVNC_FIREFOX_URL}
+done
+startup
diff --git a/firefox/Dockerfile b/firefox/Dockerfile
new file mode 100644
index 0000000..98d5d01
--- /dev/null
+++ b/firefox/Dockerfile
@@ -0,0 +1,17 @@
+# syntax = docker/dockerfile:1.2
+FROM alpine/base:i3
+USER root
+
+# # ENV variables
+# ENV MYVNC_FIREFOX_URL   # optional
+# ENV MYVNC_FIREFOX_OPTS  # eg, --kiosk
+ 
+# Install packages
+RUN apk add --no-cache \
+    firefox
+
+# Tigervnc
+COPY *.sh /app/init.d/
+
+# Reset user home directory
+USER user
diff --git a/firefox/build b/firefox/build
new file mode 100755
index 0000000..8e95743
--- /dev/null
+++ b/firefox/build
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# Docker build
+# Optional buildtag
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag ${buildtag:-alpine/firefox}
diff --git a/remmina/20-remmina.sh b/remmina/20-remmina.sh
new file mode 100755
index 0000000..75ca135
--- /dev/null
+++ b/remmina/20-remmina.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# Remmina config
+cat >~/.config/i3/config.d/remmina.conf <<- 'remmina.conf'
+# Open terminal
+exec --no-startup-id i3-msg 'workspace "2"; exec ${TERMINAL}'
+
+# Maximize
+for_window [class="remmina"] move container to workspace "1"
+for_window [class="${TERMINAL}"] move container to workspace "2"
+remmina.conf
+
+# Remmina startup
+install /dev/stdin ~/.config/i3/startapp.sh <<- startapp.sh
+#!/usr/bin/env bash
+# Run remmina
+while true
+do
+    remmina
+done
+startapp.sh
diff --git a/remmina/Dockerfile b/remmina/Dockerfile
new file mode 100644
index 0000000..5999d87
--- /dev/null
+++ b/remmina/Dockerfile
@@ -0,0 +1,20 @@
+# syntax = docker/dockerfile:1.2
+FROM alpine/base:i3
+USER root
+
+# Choose a terminal
+ENV TERMINAL=xterm
+ 
+# Install packages
+RUN apk add --no-cache \
+    openssh \
+    remmina \
+    ${TERMINAL}
+
+# Tigervnc
+COPY *.sh /app/init.d/
+RUN chmod +x /app/init.d/*
+
+# Reset user home directory
+USER user
+WORKDIR /home/user
diff --git a/remmina/build b/remmina/build
new file mode 100755
index 0000000..03fb6ea
--- /dev/null
+++ b/remmina/build
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# Docker build
+# Optional buildtag
+DOCKER_BUILDKIT=1 docker build ./. \
+    --tag ${buildtag:-alpine/remmina}