From e9e246a0cf8206bdb354d32aa2ed592197957287 Mon Sep 17 00:00:00 2001
From: Mahesh Kommareddi <em@blndin.com>
Date: Tue, 23 Jul 2024 16:40:12 -0400
Subject: [PATCH] Main files for making user envs

---
 Dockerfile                  | 31 +++++++++++++++++++++++
 create_ubuntu_user.sh       | 21 ++++++++++++++++
 create_user.sh              | 49 +++++++++++++++++++++++++++++++++++++
 docker-compose.networks.yml |  7 ++++++
 docker-compose.yml          | 18 ++++++++++++++
 start.sh                    | 13 ++++++++++
 6 files changed, 139 insertions(+)
 create mode 100644 Dockerfile
 create mode 100755 create_ubuntu_user.sh
 create mode 100755 create_user.sh
 create mode 100644 docker-compose.networks.yml
 create mode 100644 docker-compose.yml
 create mode 100755 start.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..4718804
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,31 @@
+FROM ubuntu:latest
+
+RUN apt-get update && apt-get install -y \
+    openssh-server \
+    xvfb \
+    x11vnc \
+    xfce4 \
+    xfce4-goodies \
+    sudo \
+    && apt-get clean
+
+RUN mkdir /var/run/sshd
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+# Enable X11 forwarding
+RUN sed -i 's/#X11UseLocalhost yes/X11UseLocalhost no/' /etc/ssh/sshd_config
+RUN echo "X11Forwarding yes" >> /etc/ssh/sshd_config
+RUN echo "AddressFamily inet" >> /etc/ssh/sshd_config
+
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+# Add script to create user
+COPY create_ubuntu_user.sh /usr/local/bin/create_ubuntu_user.sh
+RUN chmod +x /usr/local/bin/create_ubuntu_user.sh
+
+EXPOSE 22 5901
+CMD ["/usr/sbin/sshd", "-D"]
diff --git a/create_ubuntu_user.sh b/create_ubuntu_user.sh
new file mode 100755
index 0000000..0e65129
--- /dev/null
+++ b/create_ubuntu_user.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+USERNAME=$1
+PASSWORD=$2
+
+# Create user
+useradd -m -s /bin/bash $USERNAME
+
+# Set password
+echo "$USERNAME:$PASSWORD" | chpasswd
+
+# Add user to sudo group
+usermod -aG sudo $USERNAME
+
+# Set up VNC for the user
+su - $USERNAME -c "mkdir -p ~/.vnc && x11vnc -storepasswd $PASSWORD ~/.vnc/passwd"
+
+# Set up X11 forwarding for the user
+echo "export DISPLAY=host.docker.internal:0" >> /home/$USERNAME/.bashrc
+
+echo "User $USERNAME created with the provided password."
diff --git a/create_user.sh b/create_user.sh
new file mode 100755
index 0000000..44ef083
--- /dev/null
+++ b/create_user.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+USER_NAME=$1
+USER_ID=$2
+SSH_PORT=$3
+VNC_PORT=$4
+PASSWORD=$5  # New parameter for password
+
+# Create user directory
+mkdir -p ./data/$USER_ID
+
+# Create a docker-compose file for this user
+cat << EOF > docker-compose.user_${USER_ID}.yml
+version: '3'
+
+services:
+  user_${USER_ID}:
+    build: .
+    image: ubuntu_dev_env:latest
+    networks:
+      - frontend
+      - backend
+    volumes:
+      - ./data/${USER_ID}:/home/${USER_NAME}
+    environment:
+      - USER_NAME=${USER_NAME}
+      - USER_ID=${USER_ID}
+      - USER_PASSWORD=${PASSWORD}
+    ports:
+      - "${SSH_PORT}:22"
+      - "${VNC_PORT}:5901"
+    cap_add:
+      - SYS_ADMIN
+    security_opt:
+      - seccomp:unconfined
+    command: ["/bin/bash", "-c", "/usr/local/bin/create_ubuntu_user.sh ${USER_NAME} ${PASSWORD} && /usr/sbin/sshd -D"]
+
+networks:
+  frontend:
+    external: true
+    name: frontend
+  backend:
+    external: true
+    name: backend
+
+EOF
+
+# Start the new service
+docker-compose -f docker-compose.user_${USER_ID}.yml up -d
diff --git a/docker-compose.networks.yml b/docker-compose.networks.yml
new file mode 100644
index 0000000..81ae26f
--- /dev/null
+++ b/docker-compose.networks.yml
@@ -0,0 +1,7 @@
+version: '3'
+
+networks:
+  frontend:
+    name: frontend
+  backend:
+    name: backend
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..4a5f1b7
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,18 @@
+version: '3'
+
+services:
+  reverse_proxy:
+    image: nginx:latest
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    networks:
+      - frontend
+
+networks:
+  frontend:
+    name: frontend
+  backend:
+    name: backend
diff --git a/start.sh b/start.sh
new file mode 100755
index 0000000..5ec791c
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Start SSH
+/usr/sbin/sshd
+
+# Start Xvfb
+Xvfb :1 -screen 0 1024x768x16 &
+
+# Start VNC server
+vncserver :1 -geometry 1024x768 -depth 16 -SecurityTypes None
+
+# Keep the container running
+tail -f /dev/null