-
Notifications
You must be signed in to change notification settings - Fork 108
Expand file tree
/
Copy pathDockerfile
More file actions
103 lines (83 loc) · 3.37 KB
/
Dockerfile
File metadata and controls
103 lines (83 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# @license
# Copyright 2022-2026 Matter.js Authors
# SPDX-License-Identifier: Apache-2.0
# matter.js devcontainer
# Includes dev tools required for matter.js, claude code, quality-of-life tweaks, and attempts to lock down the
# "matter" user so that it cannot run arbitrary code as root
FROM mcr.microsoft.com/devcontainers/javascript-node:22-bookworm
ARG TZ
ENV TZ="$TZ"
ARG CLAUDE_CODE_VERSION=latest
# Install firewall utilities and developer tools
RUN apt-get update && apt-get install -y --no-install-recommends \
less \
procps \
fzf \
zsh \
man-db \
unzip \
gnupg2 \
gh \
iptables \
ipset \
iproute2 \
dnsutils \
aggregate \
jq \
nano \
vim \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
# Rename the base image's default "node" user to "matter"
ARG USERNAME=matter
RUN usermod -l $USERNAME -d /home/$USERNAME -m node && \
groupmod -n $USERNAME node && \
sed -i "s/^node:/$USERNAME:/" /etc/subuid /etc/subgid
# Configure bash history mount
RUN mkdir /home/$USERNAME/.commandhistory \
&& touch /home/$USERNAME/.commandhistory/history \
&& chown -R $USERNAME:$USERNAME /home/$USERNAME/.commandhistory
ENV DEVCONTAINER=true
# Create Claude config directory
RUN mkdir -p /home/$USERNAME/.claude && \
chown -R $USERNAME:$USERNAME /home/$USERNAME/.claude
# Install git-delta for better diffs
ARG GIT_DELTA_VERSION=0.18.2
RUN ARCH=$(dpkg --print-architecture) && \
wget "https://github.com/dandavison/delta/releases/download/${GIT_DELTA_VERSION}/git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
dpkg -i "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
rm "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb"
# Prep for Playwright
RUN npx playwright install-deps
# Configure scripts we run as sudo; these must be copied at build time to prevent edits from within container
COPY ./bin/set-permissions.sh ./bin/init-firewall.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/init-firewall.sh && \
echo "$USERNAME ALL=(root) NOPASSWD: /usr/local/share/docker-init.sh" > /etc/sudoers.d/$USERNAME-docker && \
echo "$USERNAME ALL=(root) NOPASSWD: /usr/local/bin/set-permissions.sh" > /etc/sudoers.d/$USERNAME-permissions && \
echo "$USERNAME ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/$USERNAME-firewall && \
chmod 0440 /etc/sudoers.d/$USERNAME-* && \
rm -f /etc/sudoers.d/$USERNAME
# Configure non-privileged user
USER $USERNAME
# Set the default shell to zsh
ENV SHELL=/bin/zsh
ENV EDITOR=vim
ENV VISUAL=nano
# Configure zsh to improve quality of life
ARG ZSH_IN_DOCKER_VERSION=1.2.0
RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v${ZSH_IN_DOCKER_VERSION}/zsh-in-docker.sh)" -- \
-p git \
-p fzf \
-a "source /usr/share/doc/fzf/examples/key-bindings.zsh" \
-a "source /usr/share/doc/fzf/examples/completion.zsh" \
-a "export PROMPT_COMMAND='history -a' && export HISTFILE=/home/$USERNAME/.commandhistory/history" \
-x
# Add shell configuration to zshr
COPY ./bin/shell-vars.sh /usr/local/bin/
RUN echo 'source /usr/local/bin/shell-vars.sh' >> /home/$USERNAME/.bashrc
RUN echo 'source /usr/local/bin/shell-vars.sh' >> /home/$USERNAME/.zshrc
# Install Claude Code globally
RUN curl -fsSL https://claude.ai/install.sh | bash
# The user we use for LLMs should not have elevated privileges beyond the sudoable scripts below
RUN rm -f /etc/sudoers.d/$USERNAME
# Do not run as superuser by default
USER $USERNAME