Infrastructure: Modernize the Dockerfile (#626)

* Infrastructure: Modernize the Dockerfile * Fix CTFd * Add ca-certificates * Fix aws * Fix CTFd * Fix typo * Add recommends back
pwncollege · Dec 17, 2024 · ff59085 · ff59085
1 parent 0ea8d9c
commit ff59085
Showing 1 changed file with 59 additions and 43 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,65 +1,81 @@
+# syntax=docker/dockerfile:1
+
 FROM ubuntu:24.04
 
+SHELL ["/bin/bash", "-ceox", "pipefail"]
+
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LC_CTYPE=C.UTF-8
 
-RUN apt-get update && \
-    apt-get install -y \
-        build-essential \
-        btrfs-progs \
-        curl \
-        git \
-        host \
-        htop \
-        iproute2 \
-        iputils-ping \
-        jq \
-        kmod \
-        unzip \
-        wget \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && xargs apt-get install -yqq <<EOF && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+        build-essential
+        btrfs-progs
+        curl
+        git
+        host
+        htop
+        iproute2
+        iputils-ping
+        jq
+        kmod
+        unzip
+        wget
         wireguard
+EOF
 
-RUN curl -fsSL https://get.docker.com | /bin/sh && \
-    echo '{ "data-root": "/data/docker", "hosts": ["unix:///run/docker.sock"], "builder": {"Entitlements": {"security-insecure": true}} }' > /etc/docker/daemon.json && \
-    sed -i 's|-H fd:// ||' /lib/systemd/system/docker.service && \
-    wget -O /etc/docker/seccomp.json https://raw.githubusercontent.com/moby/moby/master/profiles/seccomp/default.json
+RUN <<EOF
+curl -fsSL https://get.docker.com | /bin/sh
+sed -i 's|-H fd:// ||' /lib/systemd/system/docker.service
+EOF
 
-RUN cd /tmp && \
-    wget -O awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \
-    unzip awscliv2.zip && \
-    ./aws/install && \
-    rm -rf awscliv2.zip aws
+COPY <<EOF /etc/docker/daemon.json
+{
+    "data-root": "/data/docker",
+    "hosts": ["unix:///run/docker.sock"],
+    "builder": {
+        "Entitlements": {
+            "security-insecure": true
+        }
+    }
+}
+EOF
 
-RUN git clone --branch 3.6.0 https://github.com/CTFd/CTFd /opt/CTFd
+ADD https://raw.githubusercontent.com/moby/moby/master/profiles/seccomp/default.json /etc/docker/seccomp.json
 
-RUN echo 'tmpfs /run/dojofs tmpfs defaults,mode=755,shared 0 0' > /etc/fstab && \
-    echo '/data/homes /run/homefs none defaults,bind,nosuid 0 0' >> /etc/fstab
+RUN <<EOF
+cd /tmp
+wget -O aws.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
+unzip aws.zip
+./aws/install
+rm -rf aws.zip aws
+EOF
 
-RUN cat <<EOF > /etc/sysctl.d/90-dojo.conf
+ADD https://github.com/CTFd/CTFd.git#3.6.0 /opt/CTFd
+
+COPY <<EOF /etc/fstab
+tmpfs /run/dojofs tmpfs defaults,mode=755,shared 0 0
+/data/homes /run/homefs none defaults,bind,nosuid 0 0
+EOF
+
+COPY <<EOF /etc/sysctl.d/90-dojo.conf
 kernel.pty.max = 1048576
 kernel.core_pattern = core
 kernel.apparmor_restrict_unprivileged_userns = 0
 EOF
 
-RUN ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/system/pwn.college.service && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.service /etc/systemd/system/pwn.college.backup.service && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/pwn.college.backup.timer && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cachewarmer.service /etc/systemd/system/pwn.college.cachewarmer.service && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cachewarmer.timer /etc/systemd/system/pwn.college.cachewarmer.timer && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.imagepuller.service /etc/systemd/system/pwn.college.imagepuller.service && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.imagepuller.timer /etc/systemd/system/pwn.college.imagepuller.timer && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.service /etc/systemd/system/pwn.college.cloud.backup.service && \
-    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.timer /etc/systemd/system/pwn.college.cloud.backup.timer && \
-    ln -s /etc/systemd/system/pwn.college.service /etc/systemd/system/multi-user.target.wants/pwn.college.service && \
-    ln -s /etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/timers.target.wants/pwn.college.backup.timer && \
-    ln -s /etc/systemd/system/pwn.college.cachewarmer.timer /etc/systemd/system/timers.target.wants/pwn.college.cachewarmer.timer && \
-    ln -s /etc/systemd/system/pwn.college.imagepuller.timer /etc/systemd/system/timers.target.wants/pwn.college.imagepuller.timer && \
-    ln -s /etc/systemd/system/pwn.college.cloud.backup.timer /etc/systemd/system/timers.target.wants/pwn.college.cloud.backup.timer
-
 WORKDIR /opt/pwn.college
 COPY . .
 
-RUN find /opt/pwn.college/dojo -type f -exec ln -s {} /usr/bin/ \;
+RUN <<EOF
+find /opt/pwn.college/etc/systemd/system -type f -exec ln -s {} /etc/systemd/system/ \;
+find /opt/pwn.college/etc/systemd/system -type f -name '*.timer' -exec sh -c \
+    'ln -s "/etc/systemd/system/$(basename "{}")" "/etc/systemd/system/timers.target.wants/$(basename "{}")"' \;
+ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/system/multi-user.target.wants/
+find /opt/pwn.college/dojo -type f -exec ln -s {} /usr/bin/ \;
+EOF
 
 EXPOSE 22
 EXPOSE 80