FROM debian:bookworm LABEL maintainer="stephane.lesimple+bastion@ovhcloud.com" # first, copy everything we need COPY . /opt/bastion # then do a big RUN to squash layers (--squash is still experimental, we can't use it yet) RUN \ # ensure the OS is up to date apt update -y && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \ # install packages (-i), including dev ones (-d) and syslog-ng (-s) \ /opt/bastion/bin/admin/packages-check.sh -i -d -s && \ # download and install the ttyrec deb package (-d) \ /opt/bastion/bin/admin/install-ttyrec.sh -d && \ # download and install the yubico-piv-checker deb package (-d) \ /opt/bastion/bin/admin/install-yubico-piv-checker.sh -d && \ # download and install the the-bastion-mkhash-helper deb package (-d) \ /opt/bastion/bin/admin/install-mkhash-helper.sh -d && \ # cleanup packages cache to save space \ rm -rf /var/cache/apt && \ # handle locales \ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen && \ # disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log \ sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf && \ # accountUidMax & ttyrecGroupIdOffset change: fixes https://github.com/ovh/the-bastion/issues/24 \ sed -i -re 's/^"accountUidMax":.+/"accountUidMax": 9999,/;s/^"ttyrecGroupIdOffset":.+/"ttyrecGroupIdOffset": 10000,/' /opt/bastion/etc/bastion/bastion.conf.dist && \ # install the software \ /opt/bastion/bin/admin/install --new-install # We'll expose our port 22 EXPOSE 22/tcp # start at entrypoint ENTRYPOINT /opt/bastion/docker/entrypoint.sh --sandbox