From 21d4342728210c5ae9a508f136698dc47b27967a Mon Sep 17 00:00:00 2001
From: Roman Vanicek <roman.vanicek@ivasoft.cz>
Date: Sat, 16 Nov 2024 00:17:26 +0100
Subject: [PATCH] Modern nodejs, optional sudo.

---
 Dockerfile     |  21 +++++++++++++++++++--
 entrypoint.sh  |  12 ++++++++++++
 nodesource.gpg | Bin 0 -> 1185 bytes
 3 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 nodesource.gpg

diff --git a/Dockerfile b/Dockerfile
index 84efe74..55212d9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,26 @@ FROM ubuntu
 
 LABEL maintainer="Roman Vanicek <roman.vanicek@ivasoft.cz>"
 
+# Produced using curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o nodesource.gpg
+COPY nodesource.gpg /usr/share/keyrings/nodesource.gpg
+
 RUN set -x -e; \
-    apt update; \
-    apt install -y supervisor openssh-server wget gpg nano git git-lfs chromium; \
+		# Install -up-to-date nodejs repo
+		apt update -y; \
+		apt install -y --no-install-recommends --no-install-suggests apt-transport-https ca-certificates; \
+		node_version="20.x"; \
+		arch=$(dpkg --print-architecture); \
+		chmod 644 /usr/share/keyrings/nodesource.gpg; \
+		echo "deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$node_version nodistro main" | tee /etc/apt/sources.list.d/nodesource.list > /dev/null; \
+		echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Package: nodejs" | tee /etc/apt/preferences.d/nodejs > /dev/null; \
+    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nodejs > /dev/null; \
+    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nodejs > /dev/null; \
+		# Install packages
+    apt update -y; \
+    apt install -y --no-install-recommends --no-install-suggests supervisor openssh-server wget gpg nano git git-lfs chromium nodejs ffmpeg; \
     git lfs install; \
     mkdir /run/sshd /config /config/workspace; \
     # Install dotnet manually as packaged dotnet does not have all the workloads
diff --git a/entrypoint.sh b/entrypoint.sh
index c6f33d9..4b36155 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,10 +1,15 @@
 #!/bin/bash
 set -e
 
+is_enabled () {
+    echo "$1" | grep -q -i -E "^(yes|on|true|1)$"
+}
+
 CODE_UUID="${BACKUPPC_UUID:-1001}"
 CODE_GUID="${BACKUPPC_GUID:-1001}"
 CODE_USERNAME=$(getent passwd "$CODE_UUID" | cut -d: -f1)
 CODE_GROUPNAME=$(getent group "$CODE_GUID" | cut -d: -f1)
+USER_SUDO="${USER_SUDO:-false}"
 
 if [ -f /firstrun ]; then
 	echo 'First run of the container. Code will be configured.'
@@ -45,6 +50,13 @@ if [ -f /firstrun ]; then
 	rm -rf /firstrun
 fi
 
+# Add or remove user from sudo group
+if is_enabled "${USER_SUDO}"; then
+    groups "${CODE_USERNAME}" | tr " " "\n" | grep -q "^sudo$" || usermod -aG sudo "${CODE_USERNAME}"
+else
+    ! groups "${CODE_USERNAME}" | tr " " "\n" | grep -q "^sudo$" || gpasswd -d "${CODE_USERNAME}" sudo
+fi
+
 export CODE_USERNAME
 
 cd /home/code
diff --git a/nodesource.gpg b/nodesource.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..a8c38d432dbd84d6d385b83ef5d190120a65a879
GIT binary patch
literal 1185
zcmV;S1YY}@0SyFKLpM+X2msnO-^kuQ?VpVuc>`e2xIx(4)B4Ppd#N~PXJQe<p9b-3
zkuL#+)Vl89cY4w6#7w&rO0cn!_t~<V%*vkkFz}(R+Ej_F$~byRaJ`hvR@<^q99N7=
zxh?gHht*>+S;S81<e2mw&!w#Dx*6|nsirRFD2;ST#z5<%E``H|3YkMvM!oj*Nc`?J
zXh%?X|DMWzotWe6#TabTz8%073PB#Ob*jTh0JS>%!{aUTE&G(uy`_;%AEW`9&}K%6
zK+UJGS@)tonv-NeO^^PPGUCnwR?Yz*Y%1HcD!TDX801sIp6(eFc!Oq^h^qpt(#Mnw
zxPaFaIe2)vlH9eR9>)L?0RRECB2H6pY-wa5JZ^JuY-waIXK-ggZf|5|b8mHWV`VO5
zZ*4w_0XPH`0RjLb1p-$?H&6l_0|pBT2nPcK1{DYb2?`4Y76JnS0v-VZ7k~f?2@o$?
zwfUPH;IzxU2mUTGou>Ec+iPKN(Pskui=>=3Gcn>nep6X1{9c&0rJeYk0&Evrubk0>
z98Yn9D*mVYF}MI>%Qbl;u1x0ppTDTZOdTI+g0y%_hjMG$WN_9?I|Z>>JRVA#Oh;%y
zUoAcz_>XmF<sCh8e$gfD_6+0=y!z!xXwP-D-Kd4|cZ=kcKt+*EY;nz0y*X1`6B#g$
zw(qrb{r7)#?v)SMXLdM;0fMBrv`+ru?7DY|vl%gF4-u^z?Jh3z7r7upP%YmZ6UgPY
z#4oMd_ZDv?BVu3#nUtA+4@vlLOd(oF{GJNk)S+)Y-Mc+4_S4LaeGHMQM2oy*LJQr#
zERXT1Wm>rb4Fp$1H&6ix0IJhyF1Bkd>Ntbi?sUD-5yx^)8Q*rcwUK|ihxhXnPKzam
zg+DGO;b=`U=j9|S<XdvPg10MY+ish#`~%PzPC#l{^HxB{G{v~3DIhtk9m>f3-&ZcO
z%Ew=1SW9iNgUux9FUP`Yc^8gfXiJU8#eQu3d!Y3zx0(7F%zWbU58f?)6fk1an|}xN
zCk#+mk}W|R@^|I_O~5ywE5%wOd{;kqP5ojUwtii!8flSV*pTkVh?!|7Snl?>_mHIs
zLo$$C5o~NA4<LFLzq-fu6tRFft%Z9=>4-T;R-Og2T0GUu_X<g15?hGK<N#K);2(Ju
z>Y1B*`=EQEh#{;UeE<;w00D^s9|RZy0ssjG0#`#fPy!na0162ZFIlzun;YP?PtFJZ
z6*tcVM|L-U>ay-yzjoMUpRnqi))#h)*_U$l=Vyc<Up(2NycA99W!8%tG!Ei~p#vjU
znHSO;>Iczr5nKX2pGy3jiGwo{I<C|Ew0Et`{!H^7!cQxVgC0gKHiS~}ZnAX4`}_ZV
z6EH-t+-KKr<n)H&9(1nTE&7Hs3udUtf;LJB?HBhL?Xd!}km;8;tv7ft--G0F(jf67
z#{pSO;NES{>4SPK(Xy8k%8a%vZ=t}YI17)RdP2)i4=avzQ9Al%S7NPbNjk3*tsxOZ
z3WO(v%pWG=46HLszNT;$5v}dU?^}}sp5gp55-mDkRK}ff9-g4JtN(|=sp!C3WVJ3Y

literal 0
HcmV?d00001