-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
75 lines (63 loc) · 2.62 KB
/
Dockerfile
File metadata and controls
75 lines (63 loc) · 2.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
FROM debian:trixie-slim
ENV DEBIAN_FRONTEND=noninteractive
# Core utilities + build essentials for native npm/python packages
# Docker CLI only (no daemon — we talk to the socket proxy)
RUN apt-get update && apt-get install -y \
bash \
curl \
git \
jq \
unzip \
xz-utils \
zstd \
build-essential \
ca-certificates \
libssl-dev \
libffi-dev \
ripgrep \
vim \
docker.io \
docker-compose \
# Python (for projects that need it at the system level, mise handles versioned installs)
python3 \
python3-pip \
python3-venv \
&& rm -rf /var/lib/apt/lists/*
# Container user — UID/GID 1000 matches the default on most Linux desktops.
# On macOS, Docker Desktop maps container UIDs to the host user transparently.
RUN groupadd -g 1000 boxout \
&& useradd -m -u 1000 -g 1000 -s /bin/bash boxout \
&& usermod -aG docker boxout
# mise binary installed system-wide.
# Build-time tools go to /opt/mise-seed (owned by boxout) so USER boxout can
# write there during the image build. The home volume is mounted at /home/boxout
# at runtime, which would hide anything installed there; /opt/mise-seed is outside
# the home dir so it stays accessible. The entrypoint seeds MISE_DATA_DIR from
# /opt/mise-seed on first run so tools are immediately available without a fresh
# download, and any subsequently installed tools persist in the home volume.
ENV MISE_DATA_DIR=/opt/mise-seed
ENV MISE_CONFIG_DIR=/etc/mise
RUN curl https://mise.run | MISE_INSTALL_PATH=/usr/local/bin/mise bash \
&& echo 'eval "$(mise activate bash)"' >> /etc/bash.bashrc \
&& mkdir -p /opt/mise-seed /etc/mise \
&& chown boxout:boxout /opt/mise-seed /etc/mise
# Install tools as boxout so all tool files are owned correctly from the start
USER boxout
RUN mise use --global node@lts && mise install
# Other AI agent CLIs
# Claude Code is installed at runtime by entrypoint.sh into the persistent home
# volume so that auto-updates survive container restarts.
RUN mise exec -- npm install -g @openai/codex
# Back to root for system file installation
USER root
# At runtime, MISE_DATA_DIR lives in the home volume so tool installs persist
# across container restarts and project-specific versions are cached.
ENV MISE_DATA_DIR=/home/boxout/.local/share/mise
# Entrypoint handles runtime home-volume initialisation (skills, plugins, MCP config)
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
COPY config/claude/settings.json /etc/claude/settings.json
ENV PATH="/home/boxout/.local/share/mise/shims:$PATH"
USER boxout
WORKDIR /workspace
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]