More layered approach

2024-10-25 02:42:48 +03:00 · 2024-10-25 02:42:48 +03:00 · b0d58c8616
commit b0d58c8616
parent eed013d284
3 changed files with 147 additions and 166 deletions
--- a/102
+++ b/102
@ -15,12 +15,104 @@ ENV DEBIAN_FRONTEND=noninteractive \
 		DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
 		INST_DIR=$STARTUPDIR/install
-# Copy install scripts
+# Setup repos
-COPY ./install-stuff.sh $INST_DIR
+RUN \
-
+	wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc \
-# Run installations
+	&& echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list \
 	&& apt-get update \
 	&& apt-get upgrade -y
 # Fonts whee
 RUN apt-get install -y fonts-recommended fonts-symbola fonts-glasstty fonts-firacode
 # Essential stuff
 RUN apt-get install -y \
 	xdotool nano zip wget curl htop iotop \
 	vlc \
 	git \
 	build-essential \
 	python-is-python3
 # Java
 RUN apt-get install -y default-jre
 # Firefox
 RUN apt-get install -y firefox-esr firefox-esr-l10n-fi
 COPY firefox-policies.json /etc/firefox/policies/policies.json
 # Thunderbird
 RUN apt-get install -y thunderbird thunderbird-l10n-fi
 # Libreoffice
 RUN apt-get install -y libreoffice libreoffice-l10n-fi
 # GIMP
 RUN apt-get install -y gimp
 # VSCodium
 RUN \
 	apt-get install codium \
 	&& sed -i 's#/usr/share/codium/codium#/usr/share/codium/codium --no-sandbox##' /usr/share/applications/codium.desktop
 # Desktop icons
 RUN \
 	cp \
 	/usr/share/applications/codium.desktop \
 	/usr/share/applications/thunderbird.desktop \
 	/usr/share/applications/libreoffice-startcenter.desktop \
 	/usr/share/applications/gimp.desktop \
 	/usr/share/applications/firefox-esr.desktop \
 	/usr/share/applications/xfce4-terminal.desktop \
 	$HOME/Desktop \
 	&& chmod +x $HOME/Desktop/*.desktop \
 	&& chown 1000:1000 $HOME/Desktop/*.desktop
 # Cleanup and stuff
 # Services we don't want to start disable in xfce init
 RUN \
 	rm -f \
 		/etc/xdg/autostart/blueman.desktop \
 		/etc/xdg/autostart/geoclue-demo-agent.desktop \
 		/etc/xdg/autostart/gnome-keyring-pkcs11.desktop \
 		/etc/xdg/autostart/gnome-keyring-secrets.desktop \
 		/etc/xdg/autostart/gnome-keyring-ssh.desktop \
 		/etc/xdg/autostart/gnome-shell-overrides-migration.desktop \
 		/etc/xdg/autostart/light-locker.desktop \
 		/etc/xdg/autostart/org.gnome.Evolution-alarm-notify.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.A11ySettings.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Color.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Datetime.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Housekeeping.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Keyboard.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.MediaKeys.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Power.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.PrintNotifications.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Rfkill.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.ScreensaverProxy.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Smartcard.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Sound.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.UsbProtection.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Wacom.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.Wwan.desktop \
 		/etc/xdg/autostart/org.gnome.SettingsDaemon.XSettings.desktop \
 		/etc/xdg/autostart/pulseaudio.desktop \
 		/etc/xdg/autostart/xfce4-power-manager.desktop \
 		/etc/xdg/autostart/xfce4-screensaver.desktop \
 		/etc/xdg/autostart/xfce-polkit.desktop \
 		/etc/xdg/autostart/xscreensaver.desktop
 # Bins we don't want in the final image
 RUN \
 	if which gnome-keyring-daemon; then \
  		rm -f $(which gnome-keyring-daemon); \
 	fi
 # File cleanups
 RUN \
 	rm -Rf \
 		/home/kasm-default-profile/.cache \
 		/home/kasm-user/.cache \
 		/tmp \
 		/var/lib/apt/lists/* \
 		/var/tmp/* \
 	&& mkdir -m 1777 /tmp
 # Finalize
 RUN \
 	bash ${INST_DIR}/install-stuff.sh || exit 1; \
 	$STARTUPDIR/set_user_permission.sh $HOME && \
 	rm -f /etc/X11/xinit/Xclients && \
 	chown 1000:0 $HOME && \
--- a/firefox-policies.json
+++ b/firefox-policies.json
@ -0,0 +1,50 @@
 {
 	"policies": {
 		"DisableTelemetry":true,
 		"NoDefaultBookmarks": true,
 		"OverrideFirstRunPage": "",
 		"OverridePostUpdatePage": "",
 		"RequestedLocales": "fi,en-US",
 		"SearchSuggestEnabled": true,
 		"ExtensionUpdate": true,
 		"ExtensionSettings": {
 			"{26ffe8a2-401b-4bf0-a79c-501c361de5af}": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/firefox-alpenglow/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"@testpilot-containers": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"uBlock0@raymondhill.net": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"{446900e4-71c2-419f-a6a7-df9c091e268b}": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi",
 				"installation_mode": "force_installed"
 			}
 		},
 		"SearchEngines": {
 			"Default": "Brave",
 			"PreventInstalls": true,
 			"Add": [
 				{
 					"Name": "Brave",
 					"URLTemplate": "https://search.brave.com/search?q={searchTerms}",
 					"Method": "GET",
 					"IconURL": "https://brave.com/static-assets/images/brave-favicon.png",
 					"Description": "Has privacy, yeahh",
 					"SuggestURLTemplate": "https://search.brave.com/api/suggest?q={searchTerms}"
 				}
 			],
 			"Remove": [
 				"Google",
 				"Bing",
 				"DuckDuckGo",
 				"Wikipedia (en)",
 				"Wikipedia (fi)"
 			]
 		}
 	}
 }
--- a/install-stuff.sh
+++ b/install-stuff.sh
@ -1,161 +0,0 @@
 #/usr/bin/env bash
 set -ex
 # VSCodium repo
 wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc
 echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
 apt-get update
 apt-get upgrade -y
 # Software yay
 apt-get install -y \
 	xdotool nano zip wget curl htop iotop \
 	vlc \
 	git \
 	build-essential \
 	firefox-esr \
 	firefox-esr-l10n-fi \
 	thunderbird \
 	thunderbird-l10n-fi \
 	libreoffice \
 	libreoffice-l10n-fi \
 	python-is-python3 \
 	gimp \
 	codium
 # Fonts whee
 apt-get install -y \
 	fonts-recommended \
 	fonts-symbola \
 	fonts-glasstty \
 	fonts-firacode
 # Customize Firefox
 mkdir -p /etc/firefox/policies
 cat > /etc/firefox/policies/policies.json <<EOF
 {
 	"policies": {
 		"DisableTelemetry":true,
 		"NoDefaultBookmarks": true,
 		"OverrideFirstRunPage": "",
 		"OverridePostUpdatePage": "",
 		"RequestedLocales": "fi,en-US",
 		"SearchSuggestEnabled": true,
 		"ExtensionUpdate": true,
 		"ExtensionSettings": {
 			"{26ffe8a2-401b-4bf0-a79c-501c361de5af}": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/firefox-alpenglow/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"@testpilot-containers": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"uBlock0@raymondhill.net": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
 				"installation_mode": "force_installed"
 			},
 			"{446900e4-71c2-419f-a6a7-df9c091e268b}": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi",
 				"installation_mode": "force_installed"
 			}
 		},
 		"SearchEngines": {
 			"Default": "Brave",
 			"PreventInstalls": true,
 			"Add": [
 				{
 					"Name": "Brave",
 					"URLTemplate": "https://search.brave.com/search?q={searchTerms}",
 					"Method": "GET",
 					"IconURL": "https://brave.com/static-assets/images/brave-favicon.png",
 					"Description": "Has privacy, yeahh",
 					"SuggestURLTemplate": "https://search.brave.com/api/suggest?q={searchTerms}"
 				}
 			],
 			"Remove": [
 				"Google",
 				"Bing",
 				"DuckDuckGo",
 				"Wikipedia (en)",
 				"Wikipedia (fi)"
 			]
 		}
 	}
 }
 EOF
 # Fix VSCodium
 sed -i 's#/usr/share/codium/codium#/usr/share/codium/codium --no-sandbox##' /usr/share/applications/codium.desktop
 # Desktop entries
 cp \
 	/usr/share/applications/codium.desktop \
 	/usr/share/applications/thunderbird.desktop \
 	/usr/share/applications/libreoffice-startcenter.desktop \
 	/usr/share/applications/gimp.desktop \
 	/usr/share/applications/firefox-esr.desktop \
 	/usr/share/applications/xfce4-terminal.desktop \
 	$HOME/Desktop
 chmod +x $HOME/Desktop/*.desktop
 chown 1000:1000 $HOME/Desktop/*.desktop
 # Clean up
 apt-get autoremove -y
 apt-get autoclean -y
 # File cleanups
 rm -Rf \
  /home/kasm-default-profile/.cache \
  /home/kasm-user/.cache \
  /tmp \
  /var/lib/apt/lists/* \
  /var/tmp/*
 mkdir -m 1777 /tmp
 # Services we don't want to start disable in xfce init
 rm -f \
  /etc/xdg/autostart/blueman.desktop \
  /etc/xdg/autostart/geoclue-demo-agent.desktop \
  /etc/xdg/autostart/gnome-keyring-pkcs11.desktop \
  /etc/xdg/autostart/gnome-keyring-secrets.desktop \
  /etc/xdg/autostart/gnome-keyring-ssh.desktop \
  /etc/xdg/autostart/gnome-shell-overrides-migration.desktop \
  /etc/xdg/autostart/light-locker.desktop \
  /etc/xdg/autostart/org.gnome.Evolution-alarm-notify.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.A11ySettings.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Color.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Datetime.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Housekeeping.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Keyboard.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.MediaKeys.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Power.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.PrintNotifications.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Rfkill.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.ScreensaverProxy.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Smartcard.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Sound.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.UsbProtection.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Wacom.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.Wwan.desktop \
  /etc/xdg/autostart/org.gnome.SettingsDaemon.XSettings.desktop \
  /etc/xdg/autostart/pulseaudio.desktop \
  /etc/xdg/autostart/xfce4-power-manager.desktop \
  /etc/xdg/autostart/xfce4-screensaver.desktop \
  /etc/xdg/autostart/xfce-polkit.desktop \
  /etc/xdg/autostart/xscreensaver.desktop
 # Bins we don't want in the final image
 if which gnome-keyring-daemon; then
  rm -f $(which gnome-keyring-daemon)
 fi