iximiuz · April 8, 2023 19:21
diff --git a/Ubuntu-22.04-firecracker b/Ubuntu-22.04-firecracker
 # syntax=docker/dockerfile:1
 FROM ubuntu:22.04

 ENV DEBIAN_FRONTEND=noninteractive
 ENV TZ=UTC

 RUN <<EOF
 set -eu

 apt-get update
 apt-get upgrade -y

 apt-get install -y \
  bash-completion \
  ca-certificates \
  curl \
  dbus \
  git \
  gnupg \
  htop \
  iproute2 \
  iptables \
  iputils-ping \
  jq \
  kmod \
  lsb-release \
  make \
  net-tools \
  ripgrep \
  sudo \
  systemd \
  udev \
  vim \
  wget

 update-alternatives --set iptables /usr/sbin/iptables-legacy
 update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

 # Doesn't seem to be needed and produces extra noise in journald.
 systemctl mask networkd-dispatcher.service

 rm -rf /etc/update-motd.d/*

 yes | unminimize
 EOF

 RUN <<EOF
 set -eu

 apt-get install -y haveged

 sed -i -e 's/^ConditionVirtualization=!container$/#ConditionVirtualization=!container/' /lib/systemd/system/haveged.service

 systemctl enable haveged
 systemctl mask systemd-random-seed.service
 EOF

 RUN <<EOF
 set -eu

 apt-get install -y openssh-server

 ssh-keygen -A
 chmod 600 /etc/ssh/ssh_host_*

 echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
 echo "AuthenticationMethods publickey" >> /etc/ssh/sshd_config
 echo "PrintLastLog no" >> /etc/ssh/sshd_config
 echo "AddressFamily inet" >> /etc/ssh/sshd_config
 echo "UseDNS no" >> /etc/ssh/sshd_config

 systemctl mask [email protected]
 systemctl mask sshd-keygen.target
 EOF

 RUN echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id

 RUN echo "root:root" | chpasswd
	# syntax=docker/dockerfile:1
	FROM ubuntu:22.04

	ENV DEBIAN_FRONTEND=noninteractive
	ENV TZ=UTC

	RUN <<EOF
	set -eu

	apt-get update
	apt-get upgrade -y

	apt-get install -y \
	bash-completion \
	ca-certificates \
	curl \
	dbus \
	git \
	gnupg \
	htop \
	iproute2 \
	iptables \
	iputils-ping \
	jq \
	kmod \
	lsb-release \
	make \
	net-tools \
	ripgrep \
	sudo \
	systemd \
	udev \
	vim \
	wget

	update-alternatives --set iptables /usr/sbin/iptables-legacy
	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

	# Doesn't seem to be needed and produces extra noise in journald.
	systemctl mask networkd-dispatcher.service

	rm -rf /etc/update-motd.d/*

	yes \| unminimize
	EOF

	RUN <<EOF
	set -eu

	apt-get install -y haveged

	sed -i -e 's/^ConditionVirtualization=!container$/#ConditionVirtualization=!container/' /lib/systemd/system/haveged.service

	systemctl enable haveged
	systemctl mask systemd-random-seed.service
	EOF

	RUN <<EOF
	set -eu

	apt-get install -y openssh-server

	ssh-keygen -A
	chmod 600 /etc/ssh/ssh_host_*

	echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
	echo "AuthenticationMethods publickey" >> /etc/ssh/sshd_config
	echo "PrintLastLog no" >> /etc/ssh/sshd_config
	echo "AddressFamily inet" >> /etc/ssh/sshd_config
	echo "UseDNS no" >> /etc/ssh/sshd_config

	systemctl mask [email protected]
	systemctl mask sshd-keygen.target
	EOF

	RUN echo "" > /etc/machine-id && echo "" > /var/lib/dbus/machine-id

	RUN echo "root:root" \| chpasswd