Dockerfile

FROM ubuntu:25.10

ENV \
  DEBIAN_FRONTEND=noninteractive \
  INITRD=no \
  TZ="America/Los_Angeles"

# Remove initctl
RUN \
  dpkg-divert --local --rename --add /sbin/initctl && \
  ln -sf /bin/true /sbin/initctl && \
  dpkg-divert --local --rename --add /usr/bin/ischroot && \
  ln -sf /bin/true /usr/bin/ischroot

################################################################################
# update system and install base packages

RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends \
    apt-utils \
    apt-transport-https \
    ca-certificates \
    nano \
    tzdata && \
  apt-get upgrade -y && \
  apt-get clean -y && \
  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN \
  update-alternatives --set editor /bin/nano && \
  ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
  echo $TZ > /etc/timezone && \
  dpkg-reconfigure tzdata && \
  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Add eBay Root CA Certificate
RUN cat <<EOF > /usr/local/share/ca-certificates/ebay-root-ca.crt
-----BEGIN CERTIFICATE-----
MIIGMjCCBBqgAwIBAgIQRQCIgkcAjohM0C1xoDWBDjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJ1czERMA8GA1UEChMIZUJheSBJbmMxFTATBgNVBAMTDGVCYXkg
Um9vdCBDQTAeFw0xNTA5MjQxOTAwNTNaFw0zNTA5MjQxOTA4MDRaMDcxCzAJBgNV
BAYTAnVzMREwDwYDVQQKEwhlQmF5IEluYzEVMBMGA1UEAxMMZUJheSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1wskOGcbS9crEfeqokRt
fZlVAQOIj4fbaZdxrvMqPiqxPyj98NZ8cNyLN+NxkVKEJZZqbb8d7JjVCCr44f7G
5Gi6yO6MYBKCtFqBR+HqDnlioJZm4wgTGTtaFWCWq3eLFJsigbdlGKXZCeawmhj1
75D34vmFWHbUlTej67EzwSz53NgXge34X0FmoeIbiSi25j1TS41RMlDxKGaHu6/t
Z71A53q8Kj4KBEj1XrR5IDuCvdSEwbdsVWcjQUok2WAhmMsLFZhv3SMYGRdzs/ug
EmAZWp4B6i7kgYgRZ2LGZmtXR2Y8q3UrUczPucUUGUV5Iluy6Me9gruLK0LL+rzk
5VrS+79TKoi6UBTqnmGxnPru9oDwuZfnRFmdrTKsvL7fDZO1XsZILNYlj0ve5a8K
tbD/WDEuqPx7YF9jHv/vmEM9468rtYM66yQapH9n8IfIFyVtzaXkrJDzfHV7U6RM
C7bV1S3J2TaYkPhdLoUp/EPzBNRL3PoYOO9C9SSS8rTKB1af0WdabEOTW81Kiy9s
IfAeUwuUaBXnwR6cumR50LkUXHmiWpZO+Qt4QwnvXFxR9/XuFGalcOU2R0JM+EXH
5Rmq2gNUn5/XhcTh0fa8SbuChRf+Dl4O0YB/SRReam1s8SVcEKk6zf/UMMrr4fLd
29ZLWVQITgRgu2LD+2+6wpECAwEAAaOCATgwggE0MAsGA1UdDwQEAwIBhjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSjQ7F8N33X6kfu+UUjsQK+O/j6kzAQBgkr
BgEEAYI3FQEEAwIBADCB4gYDVR0gBIHaMIHXMIHUBgRVHSAAMIHLMIHIBggrBgEF
BQcCAjCBux6BuABQAGwAZQBhAHMAZQAgAGMAbwBuAHQAYQBjAHQAIABQAEsASQBB
AGQAbQBpAG4AcwBAAGUAQgBhAHkALgBjAG8AbQAgAHQAbwAgAG8AYgB0AGEAaQBu
ACAAYQAgAGMAbwBwAHkAIABvAGYAIAB0AGgAZQAgAEMAZQByAHQAaQBmAGkAYwBh
AHQAaQBvAG4AIABQAHIAYQBjAHQAaQBjAGUAcwAgAFMAdABhAHQAZQBtAGUAbgB0
AC4wDQYJKoZIhvcNAQELBQADggIBALRMkpOkBtYeywc9iPssXTkaphzj9DhqgBoM
jVK9kGVwXSwlal1eV2dhG0fr833yqkqaVvjsnsCmCNWZNiEKbSmdkeuT/PMxUajv
7sMaulfSuQCG+/8yuraX7ls10xIVGrdTg43amz1QGSsgvgneksjOkkhQfxJaUncQ
0uGHIOgKGGxLGoikVAmQ4Yy1PN+q5clW19ZvJk+J2qrHOdunvVFtOZStHEkIURjV
5f0J9f+aROfd3PRNrWpif3G6+l2q4jG5SJH0vPbxZgphvjhogZUK7KNR+8wMV/G6
nmd0cmdm444wTalsIKuu6bSZ45L+9ZZaL+9Xeje04rlUOmsOMk4oGbLdiZ8imxYD
O6T5tZnfewABIeFhZcq5QYg8JzBqH0IrfOaB3vG4DyKsbmjvkzL9e7knPQEbXhyF
xnb89kXhuFfZLt0hL24frOI8HlbJUKc/snuESczkwqUteAxHLNfLlozs37SEJ16a
4pNZMIn17v1WlzMe/nh/uTGw9Ov1z9QK1owzHrTIjb20riNq1Au3TzfBIj7kA1uY
LEwFUHfXozeTUvlFPOFkOeFF8V9cqlfl87UuFs4SVgsK+uZI+QJ56G3YTUB7h5R5
O+MnuGpUJq/+cQhEaFAKwF1B/w4ZdkEvlrvMizUGyElE5krpiZzqtSxp5xlL05SS
am1iee2A
-----END CERTIFICATE-----
EOF
RUN update-ca-certificates

################################################################################
# Install basic development tools
RUN apt-get update && apt-get install -y \
    \
    alsa-utils \
    antlr4 \
    build-essential \
    ca-certificates \
    clang \
    clang-format \
    clang-tidy \
    clang-tools \
    cmake \
    cmake-curses-gui \
    curl \
    curl \
    dnsutils \
    emscripten \
    g++ \
    gcc \
    gdb \
    git \
    iproute2 \
    ipset \
    iptables \
    libboost-dev \
    libboost-thread-dev \
    libcereal-dev \
    libcurl4-openssl-dev \
    libfontconfig1-dev \
    libfreetype6-dev \
    libgl1-mesa-dev \
    libglu1-mesa \
    libgtk-3-dev \
    libhowardhinnant-date-dev \
    libjsoncpp-dev  \
    liblz4-dev \
    liblzma-dev \
    libmagic-dev \
    libmagick++-dev \
    libnlopt-cxx-dev \
    libnlopt-dev \
    libpq-dev \
    libpugixml-dev \
    libsqlite3-dev \
    libssl-dev \
    libstdc++-12-dev \
    lldb \
    make \
    mesa-utils \
    mpv \
    nano \
    netcat-traditional \
    ninja-build \
    nlohmann-json3-dev \
    nodejs \
    npm \
    pkg-config \
    pulseaudio \
    python3 \
    python3-pip \
    ragel \
    ripgrep \
    sound-theme-freedesktop \
    sudo \
    terminfo \
    unzip \
    vim \
    wget \
    xz-utils \
    zip \
    \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install basic development tools
RUN apt-get update && apt-get install -y \
    \
    tree \
    valgrind \
    libglfw3-dev \
    black \
    mypy \
    python3-pytest-mypy \
    node-typescript \
    python3-venv \
    libsdl2-dev \
    libpugixml-dev \
    libquantlib0-dev \
    default-jdk \
    \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

RUN \
    apt-get update && apt-get install -y apt-transport-https curl gnupg && \
    echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" | tee /etc/apt/sources.list.d/sbt.list && \
    echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | tee /etc/apt/sources.list.d/sbt_old.list && \
    curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/scalasbt-release.gpg --import && \
    chmod 644 /etc/apt/trusted.gpg.d/scalasbt-release.gpg && \
    apt-get update && \
    apt-get install -y sbt && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

RUN pip install --break-system-packages pyright

# Create user dev with uid 7777
ARG USER_NAME=dev
ARG UID=7777
ARG GID=1000
RUN useradd -m -d "/home/$USER_NAME" -u $UID -g users -s /bin/bash "$USER_NAME"

RUN groupadd -g 17 sound
RUN usermod -G sound $USER_NAME

# Passwordless sudo is disabled.
RUN echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/dev

# Copy the firewall setup script
COPY init-firewall.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/init-firewall.sh && \
  echo "dev ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \
  chmod 0440 /etc/sudoers.d/node-firewall

# Setup working directory
WORKDIR /home/dev

USER dev
RUN git config set --global "credential.helper" "store --file ~/.git-credentials"

ENV EM_FROZEN_CACHE=0
ENV EM_CACHE=/home/dev/.emscripten_cache/
RUN mkdir -p $EM_CACHE
RUN embuilder build MINIMAL

# Install Deno
ENV PATH="/home/dev/.bun/bin:$PATH"
RUN curl -fsSL https://bun.sh/install | bash

RUN bun add -g @anthropic-ai/claude-code

USER root

# Install basic development tools
RUN apt-get update && apt-get install -y \
    \
    default-jdk \
    maven \
    \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install Claude Code CLI
#RUN npm install -g @anthropic-ai/claude-code

# Install OpenAI Codex CLI
#RUN npm install -g @openai/codex

# Set up entrypoint to initialize firewall and execute commands
#ENTRYPOINT ["/usr/local/bin/init-firewall.sh"]
#ENTRYPOINT ["sudo", "-u", "dev"]
#USER $USER_NAME
#CMD ["/bin/bash"]
Add Dockerfile for Claude Code 2025-10-28 14:32:05 -07:00			`FROM ubuntu:25.10`

			`ENV \`
			`DEBIAN_FRONTEND=noninteractive \`
			`INITRD=no \`
			`TZ="America/Los_Angeles"`

			`# Remove initctl`
			`RUN \`
			`dpkg-divert --local --rename --add /sbin/initctl && \`
			`ln -sf /bin/true /sbin/initctl && \`
			`dpkg-divert --local --rename --add /usr/bin/ischroot && \`
			`ln -sf /bin/true /usr/bin/ischroot`

			`################################################################################`
			`# update system and install base packages`

			`RUN \`
			`apt-get update && \`
			`apt-get install -y --no-install-recommends \`
			`apt-utils \`
			`apt-transport-https \`
			`ca-certificates \`
			`nano \`
			`tzdata && \`
			`apt-get upgrade -y && \`
			`apt-get clean -y && \`
			`rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*`

			`RUN \`
			`update-alternatives --set editor /bin/nano && \`
			`ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \`
			`echo $TZ > /etc/timezone && \`
			`dpkg-reconfigure tzdata && \`
			`rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*`

			`# Add eBay Root CA Certificate`
			`RUN cat <<EOF > /usr/local/share/ca-certificates/ebay-root-ca.crt`
			`-----BEGIN CERTIFICATE-----`
			`MIIGMjCCBBqgAwIBAgIQRQCIgkcAjohM0C1xoDWBDjANBgkqhkiG9w0BAQsFADA3`
			`MQswCQYDVQQGEwJ1czERMA8GA1UEChMIZUJheSBJbmMxFTATBgNVBAMTDGVCYXkg`
			`Um9vdCBDQTAeFw0xNTA5MjQxOTAwNTNaFw0zNTA5MjQxOTA4MDRaMDcxCzAJBgNV`
			`BAYTAnVzMREwDwYDVQQKEwhlQmF5IEluYzEVMBMGA1UEAxMMZUJheSBSb290IENB`
			`MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1wskOGcbS9crEfeqokRt`
			`fZlVAQOIj4fbaZdxrvMqPiqxPyj98NZ8cNyLN+NxkVKEJZZqbb8d7JjVCCr44f7G`
			`5Gi6yO6MYBKCtFqBR+HqDnlioJZm4wgTGTtaFWCWq3eLFJsigbdlGKXZCeawmhj1`
			`75D34vmFWHbUlTej67EzwSz53NgXge34X0FmoeIbiSi25j1TS41RMlDxKGaHu6/t`
			`Z71A53q8Kj4KBEj1XrR5IDuCvdSEwbdsVWcjQUok2WAhmMsLFZhv3SMYGRdzs/ug`
			`EmAZWp4B6i7kgYgRZ2LGZmtXR2Y8q3UrUczPucUUGUV5Iluy6Me9gruLK0LL+rzk`
			`5VrS+79TKoi6UBTqnmGxnPru9oDwuZfnRFmdrTKsvL7fDZO1XsZILNYlj0ve5a8K`
			`tbD/WDEuqPx7YF9jHv/vmEM9468rtYM66yQapH9n8IfIFyVtzaXkrJDzfHV7U6RM`
			`C7bV1S3J2TaYkPhdLoUp/EPzBNRL3PoYOO9C9SSS8rTKB1af0WdabEOTW81Kiy9s`
			`IfAeUwuUaBXnwR6cumR50LkUXHmiWpZO+Qt4QwnvXFxR9/XuFGalcOU2R0JM+EXH`
			`5Rmq2gNUn5/XhcTh0fa8SbuChRf+Dl4O0YB/SRReam1s8SVcEKk6zf/UMMrr4fLd`
			`29ZLWVQITgRgu2LD+2+6wpECAwEAAaOCATgwggE0MAsGA1UdDwQEAwIBhjAPBgNV`
			`HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSjQ7F8N33X6kfu+UUjsQK+O/j6kzAQBgkr`
			`BgEEAYI3FQEEAwIBADCB4gYDVR0gBIHaMIHXMIHUBgRVHSAAMIHLMIHIBggrBgEF`
			`BQcCAjCBux6BuABQAGwAZQBhAHMAZQAgAGMAbwBuAHQAYQBjAHQAIABQAEsASQBB`
			`AGQAbQBpAG4AcwBAAGUAQgBhAHkALgBjAG8AbQAgAHQAbwAgAG8AYgB0AGEAaQBu`
			`ACAAYQAgAGMAbwBwAHkAIABvAGYAIAB0AGgAZQAgAEMAZQByAHQAaQBmAGkAYwBh`
			`AHQAaQBvAG4AIABQAHIAYQBjAHQAaQBjAGUAcwAgAFMAdABhAHQAZQBtAGUAbgB0`
			`AC4wDQYJKoZIhvcNAQELBQADggIBALRMkpOkBtYeywc9iPssXTkaphzj9DhqgBoM`
			`jVK9kGVwXSwlal1eV2dhG0fr833yqkqaVvjsnsCmCNWZNiEKbSmdkeuT/PMxUajv`
			`7sMaulfSuQCG+/8yuraX7ls10xIVGrdTg43amz1QGSsgvgneksjOkkhQfxJaUncQ`
			`0uGHIOgKGGxLGoikVAmQ4Yy1PN+q5clW19ZvJk+J2qrHOdunvVFtOZStHEkIURjV`
			`5f0J9f+aROfd3PRNrWpif3G6+l2q4jG5SJH0vPbxZgphvjhogZUK7KNR+8wMV/G6`
			`nmd0cmdm444wTalsIKuu6bSZ45L+9ZZaL+9Xeje04rlUOmsOMk4oGbLdiZ8imxYD`
			`O6T5tZnfewABIeFhZcq5QYg8JzBqH0IrfOaB3vG4DyKsbmjvkzL9e7knPQEbXhyF`
			`xnb89kXhuFfZLt0hL24frOI8HlbJUKc/snuESczkwqUteAxHLNfLlozs37SEJ16a`
			`4pNZMIn17v1WlzMe/nh/uTGw9Ov1z9QK1owzHrTIjb20riNq1Au3TzfBIj7kA1uY`
			`LEwFUHfXozeTUvlFPOFkOeFF8V9cqlfl87UuFs4SVgsK+uZI+QJ56G3YTUB7h5R5`
			`O+MnuGpUJq/+cQhEaFAKwF1B/w4ZdkEvlrvMizUGyElE5krpiZzqtSxp5xlL05SS`
			`am1iee2A`
			`-----END CERTIFICATE-----`
			`EOF`
			`RUN update-ca-certificates`

			`################################################################################`
			`# Install basic development tools`
			`RUN apt-get update && apt-get install -y \`
			`\`
			`alsa-utils \`
			`antlr4 \`
			`build-essential \`
			`ca-certificates \`
			`clang \`
			`clang-format \`
			`clang-tidy \`
			`clang-tools \`
			`cmake \`
			`cmake-curses-gui \`
			`curl \`
			`curl \`
			`dnsutils \`
			`emscripten \`
			`g++ \`
			`gcc \`
			`gdb \`
			`git \`
			`iproute2 \`
			`ipset \`
			`iptables \`
			`libboost-dev \`
			`libboost-thread-dev \`
			`libcereal-dev \`
			`libcurl4-openssl-dev \`
			`libfontconfig1-dev \`
			`libfreetype6-dev \`
			`libgl1-mesa-dev \`
			`libglu1-mesa \`
			`libgtk-3-dev \`
			`libhowardhinnant-date-dev \`
			`libjsoncpp-dev \`
			`liblz4-dev \`
			`liblzma-dev \`
			`libmagic-dev \`
			`libmagick++-dev \`
			`libnlopt-cxx-dev \`
			`libnlopt-dev \`
			`libpq-dev \`
			`libpugixml-dev \`
			`libsqlite3-dev \`
			`libssl-dev \`
			`libstdc++-12-dev \`
			`lldb \`
			`make \`
			`mesa-utils \`
			`mpv \`
			`nano \`
			`netcat-traditional \`
			`ninja-build \`
			`nlohmann-json3-dev \`
			`nodejs \`
			`npm \`
			`pkg-config \`
			`pulseaudio \`
			`python3 \`
			`python3-pip \`
			`ragel \`
			`ripgrep \`
			`sound-theme-freedesktop \`
			`sudo \`
			`terminfo \`
			`unzip \`
			`vim \`
			`wget \`
			`xz-utils \`
			`zip \`
			`\`
			`&& apt-get clean \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Install basic development tools`
			`RUN apt-get update && apt-get install -y \`
			`\`
			`tree \`
			`valgrind \`
			`libglfw3-dev \`
			`black \`
			`mypy \`
			`python3-pytest-mypy \`
			`node-typescript \`
			`python3-venv \`
			`libsdl2-dev \`
			`libpugixml-dev \`
			`libquantlib0-dev \`
			`default-jdk \`
			`\`
			`&& apt-get clean \`
			`&& rm -rf /var/lib/apt/lists/*`

			`RUN \`
			`apt-get update && apt-get install -y apt-transport-https curl gnupg && \`
			`echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" \| tee /etc/apt/sources.list.d/sbt.list && \`
			`echo "deb https://repo.scala-sbt.org/scalasbt/debian /" \| tee /etc/apt/sources.list.d/sbt_old.list && \`
			`curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" \| gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/scalasbt-release.gpg --import && \`
			`chmod 644 /etc/apt/trusted.gpg.d/scalasbt-release.gpg && \`
			`apt-get update && \`
			`apt-get install -y sbt && \`
			`apt-get clean && \`
			`rm -rf /var/lib/apt/lists/*`

			`RUN pip install --break-system-packages pyright`

			`# Create user dev with uid 7777`
			`ARG USER_NAME=dev`
			`ARG UID=7777`
			`ARG GID=1000`
			`RUN useradd -m -d "/home/$USER_NAME" -u $UID -g users -s /bin/bash "$USER_NAME"`

			`RUN groupadd -g 17 sound`
			`RUN usermod -G sound $USER_NAME`

			`# Passwordless sudo is disabled.`
			`RUN echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/dev`

			`# Copy the firewall setup script`
			`COPY init-firewall.sh /usr/local/bin/`
			`RUN chmod +x /usr/local/bin/init-firewall.sh && \`
			`echo "dev ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \`
			`chmod 0440 /etc/sudoers.d/node-firewall`

			`# Setup working directory`
			`WORKDIR /home/dev`

			`USER dev`
			`RUN git config set --global "credential.helper" "store --file ~/.git-credentials"`

			`ENV EM_FROZEN_CACHE=0`
			`ENV EM_CACHE=/home/dev/.emscripten_cache/`
			`RUN mkdir -p $EM_CACHE`
			`RUN embuilder build MINIMAL`

			`# Install Deno`
			`ENV PATH="/home/dev/.bun/bin:$PATH"`
			`RUN curl -fsSL https://bun.sh/install \| bash`

			`RUN bun add -g @anthropic-ai/claude-code`

			`USER root`

			`# Install basic development tools`
			`RUN apt-get update && apt-get install -y \`
			`\`
			`default-jdk \`
			`maven \`
			`\`
			`&& apt-get clean \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Install Claude Code CLI`
			`#RUN npm install -g @anthropic-ai/claude-code`

			`# Install OpenAI Codex CLI`
			`#RUN npm install -g @openai/codex`

			`# Set up entrypoint to initialize firewall and execute commands`
			`#ENTRYPOINT ["/usr/local/bin/init-firewall.sh"]`
			`#ENTRYPOINT ["sudo", "-u", "dev"]`
			`#USER $USER_NAME`
			`#CMD ["/bin/bash"]`