From b0d58c86168be443fefea6b424859c94822cb0ca Mon Sep 17 00:00:00 2001 From: Jarkko Toivanen Date: Fri, 25 Oct 2024 02:42:48 +0300 Subject: [PATCH] More layered approach --- Dockerfile | 102 ++++++++++++++++++++++++-- firefox-policies.json | 50 +++++++++++++ install-stuff.sh | 161 ------------------------------------------ 3 files changed, 147 insertions(+), 166 deletions(-) create mode 100644 firefox-policies.json delete mode 100644 install-stuff.sh diff --git a/Dockerfile b/Dockerfile index e1c9f05..359ef0e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,12 +15,104 @@ ENV DEBIAN_FRONTEND=noninteractive \ DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \ INST_DIR=$STARTUPDIR/install -# Copy install scripts -COPY ./install-stuff.sh $INST_DIR - -# Run installations +# Setup repos +RUN \ + wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc \ + && echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list \ + && apt-get update \ + && apt-get upgrade -y + +# Fonts whee +RUN apt-get install -y fonts-recommended fonts-symbola fonts-glasstty fonts-firacode +# Essential stuff +RUN apt-get install -y \ + xdotool nano zip wget curl htop iotop \ + vlc \ + git \ + build-essential \ + python-is-python3 +# Java +RUN apt-get install -y default-jre +# Firefox +RUN apt-get install -y firefox-esr firefox-esr-l10n-fi +COPY firefox-policies.json /etc/firefox/policies/policies.json +# Thunderbird +RUN apt-get install -y thunderbird thunderbird-l10n-fi +# Libreoffice +RUN apt-get install -y libreoffice libreoffice-l10n-fi +# GIMP +RUN apt-get install -y gimp +# VSCodium +RUN \ + apt-get install codium \ + && sed -i 's#/usr/share/codium/codium#/usr/share/codium/codium --no-sandbox##' /usr/share/applications/codium.desktop + + + +# Desktop icons +RUN \ + cp \ + /usr/share/applications/codium.desktop \ + /usr/share/applications/thunderbird.desktop \ + /usr/share/applications/libreoffice-startcenter.desktop \ + /usr/share/applications/gimp.desktop \ + /usr/share/applications/firefox-esr.desktop \ + /usr/share/applications/xfce4-terminal.desktop \ + $HOME/Desktop \ + && chmod +x $HOME/Desktop/*.desktop \ + && chown 1000:1000 $HOME/Desktop/*.desktop + +# Cleanup and stuff +# Services we don't want to start disable in xfce init +RUN \ + rm -f \ + /etc/xdg/autostart/blueman.desktop \ + /etc/xdg/autostart/geoclue-demo-agent.desktop \ + /etc/xdg/autostart/gnome-keyring-pkcs11.desktop \ + /etc/xdg/autostart/gnome-keyring-secrets.desktop \ + /etc/xdg/autostart/gnome-keyring-ssh.desktop \ + /etc/xdg/autostart/gnome-shell-overrides-migration.desktop \ + /etc/xdg/autostart/light-locker.desktop \ + /etc/xdg/autostart/org.gnome.Evolution-alarm-notify.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.A11ySettings.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Color.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Datetime.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Housekeeping.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Keyboard.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.MediaKeys.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Power.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.PrintNotifications.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Rfkill.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.ScreensaverProxy.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Smartcard.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Sound.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.UsbProtection.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Wacom.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.Wwan.desktop \ + /etc/xdg/autostart/org.gnome.SettingsDaemon.XSettings.desktop \ + /etc/xdg/autostart/pulseaudio.desktop \ + /etc/xdg/autostart/xfce4-power-manager.desktop \ + /etc/xdg/autostart/xfce4-screensaver.desktop \ + /etc/xdg/autostart/xfce-polkit.desktop \ + /etc/xdg/autostart/xscreensaver.desktop +# Bins we don't want in the final image +RUN \ + if which gnome-keyring-daemon; then \ + rm -f $(which gnome-keyring-daemon); \ + fi +# File cleanups +RUN \ + rm -Rf \ + /home/kasm-default-profile/.cache \ + /home/kasm-user/.cache \ + /tmp \ + /var/lib/apt/lists/* \ + /var/tmp/* \ + && mkdir -m 1777 /tmp + +# Finalize RUN \ - bash ${INST_DIR}/install-stuff.sh || exit 1; \ $STARTUPDIR/set_user_permission.sh $HOME && \ rm -f /etc/X11/xinit/Xclients && \ chown 1000:0 $HOME && \ diff --git a/firefox-policies.json b/firefox-policies.json new file mode 100644 index 0000000..9f0dd57 --- /dev/null +++ b/firefox-policies.json @@ -0,0 +1,50 @@ +{ + "policies": { + "DisableTelemetry":true, + "NoDefaultBookmarks": true, + "OverrideFirstRunPage": "", + "OverridePostUpdatePage": "", + "RequestedLocales": "fi,en-US", + "SearchSuggestEnabled": true, + "ExtensionUpdate": true, + "ExtensionSettings": { + "{26ffe8a2-401b-4bf0-a79c-501c361de5af}": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/firefox-alpenglow/latest.xpi", + "installation_mode": "force_installed" + }, + "@testpilot-containers": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi", + "installation_mode": "force_installed" + }, + "uBlock0@raymondhill.net": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi", + "installation_mode": "force_installed" + }, + "{446900e4-71c2-419f-a6a7-df9c091e268b}": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi", + "installation_mode": "force_installed" + } + }, + "SearchEngines": { + "Default": "Brave", + "PreventInstalls": true, + "Add": [ + { + "Name": "Brave", + "URLTemplate": "https://search.brave.com/search?q={searchTerms}", + "Method": "GET", + "IconURL": "https://brave.com/static-assets/images/brave-favicon.png", + "Description": "Has privacy, yeahh", + "SuggestURLTemplate": "https://search.brave.com/api/suggest?q={searchTerms}" + } + ], + "Remove": [ + "Google", + "Bing", + "DuckDuckGo", + "Wikipedia (en)", + "Wikipedia (fi)" + ] + } + } +} \ No newline at end of file diff --git a/install-stuff.sh b/install-stuff.sh deleted file mode 100644 index 542a432..0000000 --- a/install-stuff.sh +++ /dev/null @@ -1,161 +0,0 @@ -#/usr/bin/env bash -set -ex - -# VSCodium repo -wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc -echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list - - - -apt-get update -apt-get upgrade -y - -# Software yay -apt-get install -y \ - xdotool nano zip wget curl htop iotop \ - vlc \ - git \ - build-essential \ - firefox-esr \ - firefox-esr-l10n-fi \ - thunderbird \ - thunderbird-l10n-fi \ - libreoffice \ - libreoffice-l10n-fi \ - python-is-python3 \ - gimp \ - codium - -# Fonts whee -apt-get install -y \ - fonts-recommended \ - fonts-symbola \ - fonts-glasstty \ - fonts-firacode - -# Customize Firefox -mkdir -p /etc/firefox/policies -cat > /etc/firefox/policies/policies.json <