More layered approach

This commit is contained in:
Jarkko Toivanen 2024-10-25 02:42:48 +03:00
parent eed013d284
commit b0d58c8616
Signed by: jt
GPG key ID: 9151B109B73ECAD5
3 changed files with 147 additions and 166 deletions

View file

@ -15,12 +15,104 @@ ENV DEBIAN_FRONTEND=noninteractive \
DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
INST_DIR=$STARTUPDIR/install
# Copy install scripts
COPY ./install-stuff.sh $INST_DIR
# Run installations
# Setup repos
RUN \
wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc \
&& echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list \
&& apt-get update \
&& apt-get upgrade -y
# Fonts whee
RUN apt-get install -y fonts-recommended fonts-symbola fonts-glasstty fonts-firacode
# Essential stuff
RUN apt-get install -y \
xdotool nano zip wget curl htop iotop \
vlc \
git \
build-essential \
python-is-python3
# Java
RUN apt-get install -y default-jre
# Firefox
RUN apt-get install -y firefox-esr firefox-esr-l10n-fi
COPY firefox-policies.json /etc/firefox/policies/policies.json
# Thunderbird
RUN apt-get install -y thunderbird thunderbird-l10n-fi
# Libreoffice
RUN apt-get install -y libreoffice libreoffice-l10n-fi
# GIMP
RUN apt-get install -y gimp
# VSCodium
RUN \
apt-get install codium \
&& sed -i 's#/usr/share/codium/codium#/usr/share/codium/codium --no-sandbox##' /usr/share/applications/codium.desktop
# Desktop icons
RUN \
cp \
/usr/share/applications/codium.desktop \
/usr/share/applications/thunderbird.desktop \
/usr/share/applications/libreoffice-startcenter.desktop \
/usr/share/applications/gimp.desktop \
/usr/share/applications/firefox-esr.desktop \
/usr/share/applications/xfce4-terminal.desktop \
$HOME/Desktop \
&& chmod +x $HOME/Desktop/*.desktop \
&& chown 1000:1000 $HOME/Desktop/*.desktop
# Cleanup and stuff
# Services we don't want to start disable in xfce init
RUN \
rm -f \
/etc/xdg/autostart/blueman.desktop \
/etc/xdg/autostart/geoclue-demo-agent.desktop \
/etc/xdg/autostart/gnome-keyring-pkcs11.desktop \
/etc/xdg/autostart/gnome-keyring-secrets.desktop \
/etc/xdg/autostart/gnome-keyring-ssh.desktop \
/etc/xdg/autostart/gnome-shell-overrides-migration.desktop \
/etc/xdg/autostart/light-locker.desktop \
/etc/xdg/autostart/org.gnome.Evolution-alarm-notify.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.A11ySettings.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Color.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Datetime.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Housekeeping.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Keyboard.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.MediaKeys.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Power.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.PrintNotifications.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Rfkill.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.ScreensaverProxy.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Smartcard.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Sound.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.UsbProtection.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Wacom.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Wwan.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.XSettings.desktop \
/etc/xdg/autostart/pulseaudio.desktop \
/etc/xdg/autostart/xfce4-power-manager.desktop \
/etc/xdg/autostart/xfce4-screensaver.desktop \
/etc/xdg/autostart/xfce-polkit.desktop \
/etc/xdg/autostart/xscreensaver.desktop
# Bins we don't want in the final image
RUN \
if which gnome-keyring-daemon; then \
rm -f $(which gnome-keyring-daemon); \
fi
# File cleanups
RUN \
rm -Rf \
/home/kasm-default-profile/.cache \
/home/kasm-user/.cache \
/tmp \
/var/lib/apt/lists/* \
/var/tmp/* \
&& mkdir -m 1777 /tmp
# Finalize
RUN \
bash ${INST_DIR}/install-stuff.sh || exit 1; \
$STARTUPDIR/set_user_permission.sh $HOME && \
rm -f /etc/X11/xinit/Xclients && \
chown 1000:0 $HOME && \

50
firefox-policies.json Normal file
View file

@ -0,0 +1,50 @@
{
"policies": {
"DisableTelemetry":true,
"NoDefaultBookmarks": true,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"RequestedLocales": "fi,en-US",
"SearchSuggestEnabled": true,
"ExtensionUpdate": true,
"ExtensionSettings": {
"{26ffe8a2-401b-4bf0-a79c-501c361de5af}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/firefox-alpenglow/latest.xpi",
"installation_mode": "force_installed"
},
"@testpilot-containers": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
"installation_mode": "force_installed"
},
"uBlock0@raymondhill.net": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
"installation_mode": "force_installed"
},
"{446900e4-71c2-419f-a6a7-df9c091e268b}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi",
"installation_mode": "force_installed"
}
},
"SearchEngines": {
"Default": "Brave",
"PreventInstalls": true,
"Add": [
{
"Name": "Brave",
"URLTemplate": "https://search.brave.com/search?q={searchTerms}",
"Method": "GET",
"IconURL": "https://brave.com/static-assets/images/brave-favicon.png",
"Description": "Has privacy, yeahh",
"SuggestURLTemplate": "https://search.brave.com/api/suggest?q={searchTerms}"
}
],
"Remove": [
"Google",
"Bing",
"DuckDuckGo",
"Wikipedia (en)",
"Wikipedia (fi)"
]
}
}
}

View file

@ -1,161 +0,0 @@
#/usr/bin/env bash
set -ex
# VSCodium repo
wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg -O /usr/share/keyrings/vscodium-archive-keyring.asc
echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
apt-get update
apt-get upgrade -y
# Software yay
apt-get install -y \
xdotool nano zip wget curl htop iotop \
vlc \
git \
build-essential \
firefox-esr \
firefox-esr-l10n-fi \
thunderbird \
thunderbird-l10n-fi \
libreoffice \
libreoffice-l10n-fi \
python-is-python3 \
gimp \
codium
# Fonts whee
apt-get install -y \
fonts-recommended \
fonts-symbola \
fonts-glasstty \
fonts-firacode
# Customize Firefox
mkdir -p /etc/firefox/policies
cat > /etc/firefox/policies/policies.json <<EOF
{
"policies": {
"DisableTelemetry":true,
"NoDefaultBookmarks": true,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"RequestedLocales": "fi,en-US",
"SearchSuggestEnabled": true,
"ExtensionUpdate": true,
"ExtensionSettings": {
"{26ffe8a2-401b-4bf0-a79c-501c361de5af}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/firefox-alpenglow/latest.xpi",
"installation_mode": "force_installed"
},
"@testpilot-containers": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
"installation_mode": "force_installed"
},
"uBlock0@raymondhill.net": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
"installation_mode": "force_installed"
},
"{446900e4-71c2-419f-a6a7-df9c091e268b}": {
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi",
"installation_mode": "force_installed"
}
},
"SearchEngines": {
"Default": "Brave",
"PreventInstalls": true,
"Add": [
{
"Name": "Brave",
"URLTemplate": "https://search.brave.com/search?q={searchTerms}",
"Method": "GET",
"IconURL": "https://brave.com/static-assets/images/brave-favicon.png",
"Description": "Has privacy, yeahh",
"SuggestURLTemplate": "https://search.brave.com/api/suggest?q={searchTerms}"
}
],
"Remove": [
"Google",
"Bing",
"DuckDuckGo",
"Wikipedia (en)",
"Wikipedia (fi)"
]
}
}
}
EOF
# Fix VSCodium
sed -i 's#/usr/share/codium/codium#/usr/share/codium/codium --no-sandbox##' /usr/share/applications/codium.desktop
# Desktop entries
cp \
/usr/share/applications/codium.desktop \
/usr/share/applications/thunderbird.desktop \
/usr/share/applications/libreoffice-startcenter.desktop \
/usr/share/applications/gimp.desktop \
/usr/share/applications/firefox-esr.desktop \
/usr/share/applications/xfce4-terminal.desktop \
$HOME/Desktop
chmod +x $HOME/Desktop/*.desktop
chown 1000:1000 $HOME/Desktop/*.desktop
# Clean up
apt-get autoremove -y
apt-get autoclean -y
# File cleanups
rm -Rf \
/home/kasm-default-profile/.cache \
/home/kasm-user/.cache \
/tmp \
/var/lib/apt/lists/* \
/var/tmp/*
mkdir -m 1777 /tmp
# Services we don't want to start disable in xfce init
rm -f \
/etc/xdg/autostart/blueman.desktop \
/etc/xdg/autostart/geoclue-demo-agent.desktop \
/etc/xdg/autostart/gnome-keyring-pkcs11.desktop \
/etc/xdg/autostart/gnome-keyring-secrets.desktop \
/etc/xdg/autostart/gnome-keyring-ssh.desktop \
/etc/xdg/autostart/gnome-shell-overrides-migration.desktop \
/etc/xdg/autostart/light-locker.desktop \
/etc/xdg/autostart/org.gnome.Evolution-alarm-notify.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.A11ySettings.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Color.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Datetime.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Housekeeping.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Keyboard.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.MediaKeys.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Power.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.PrintNotifications.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Rfkill.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.ScreensaverProxy.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Sharing.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Smartcard.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Sound.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.UsbProtection.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Wacom.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.Wwan.desktop \
/etc/xdg/autostart/org.gnome.SettingsDaemon.XSettings.desktop \
/etc/xdg/autostart/pulseaudio.desktop \
/etc/xdg/autostart/xfce4-power-manager.desktop \
/etc/xdg/autostart/xfce4-screensaver.desktop \
/etc/xdg/autostart/xfce-polkit.desktop \
/etc/xdg/autostart/xscreensaver.desktop
# Bins we don't want in the final image
if which gnome-keyring-daemon; then
rm -f $(which gnome-keyring-daemon)
fi