61 lines
1.3 KiB
Docker
61 lines
1.3 KiB
Docker
FROM archlinux:latest
|
|
|
|
# Update system and install dependencies
|
|
# wayland, kitty, fonts, coreutils, curl, iputils
|
|
RUN pacman -Syu --noconfirm && \
|
|
pacman -S --noconfirm \
|
|
kitty \
|
|
wayland \
|
|
mesa \
|
|
vulkan-intel \
|
|
vulkan-radeon \
|
|
noto-fonts \
|
|
noto-fonts-emoji \
|
|
noto-fonts-cjk \
|
|
ttf-jetbrains-mono \
|
|
ttf-dejavu \
|
|
bash \
|
|
base-devel \
|
|
git \
|
|
coreutils \
|
|
curl \
|
|
iputils \
|
|
libpulse \
|
|
pipewire \
|
|
sudo \
|
|
starship \
|
|
eza \
|
|
git \
|
|
hyfetch \
|
|
fastfetch \
|
|
&& pacman -Scc --noconfirm
|
|
|
|
# Create non-root user 'arch-user' (matching typical UID 1000)
|
|
RUN useradd -m -u 1000 -s /bin/bash arch-user && \
|
|
echo "arch-user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/arch-user
|
|
|
|
# Switch to user to build yay
|
|
USER arch-user
|
|
WORKDIR /home/arch-user
|
|
|
|
# Install yay AUR helper
|
|
RUN cd /tmp && \
|
|
git clone https://aur.archlinux.org/yay.git && \
|
|
cd yay && \
|
|
makepkg -si --noconfirm && \
|
|
cd .. && \
|
|
rm -rf yay
|
|
|
|
# Hardening: Set password to 'arch' and remove NOPASSWD for runtime security
|
|
USER root
|
|
RUN echo "arch-user:arch" | chpasswd && \
|
|
sed -i 's/NOPASSWD: //g' /etc/sudoers.d/arch-user
|
|
USER arch-user
|
|
|
|
# Ensure .config/kitty exists
|
|
RUN mkdir -p /home/arch-user/.config/kitty
|
|
|
|
ENV MOZ_ENABLE_WAYLAND=1
|
|
ENV XDG_RUNTIME_DIR=/tmp
|
|
|
|
CMD ["kitty"]
|