Why Gemfury? Push, build, and install  RubyGems npm packages Python packages Maven artifacts PHP packages Go Modules Debian packages RPM packages NuGet packages

ericmichael / omni-code python

Repository URL to install this package:

Version: 
0.4.38  ▾
Details    
omni-code / sandbox / entrypoint.sh
Size: Mime: 
#!/usr/bin/env bash
set -euo pipefail

uid="${LOCAL_UID:-1000}"
gid="${LOCAL_GID:-1000}"

existing_user_name=""
if getent passwd "${uid}" >/dev/null 2>&1; then
  existing_user_name="$(getent passwd "${uid}" | cut -d: -f1)"
fi

existing_group_name=""
if getent group "${gid}" >/dev/null 2>&1; then
  existing_group_name="$(getent group "${gid}" | cut -d: -f1)"
fi

group_name="${existing_group_name:-hostgroup}"

if ! getent group "${group_name}" >/dev/null 2>&1; then
  groupadd -g "${gid}" "${group_name}"
fi

if [[ -z "${existing_user_name}" ]]; then
  # No user with this uid exists yet
  if id -u user >/dev/null 2>&1; then
    usermod -u "${uid}" -g "${gid}" user >/dev/null 2>&1 || true
  else
    useradd -m -u "${uid}" -g "${gid}" -s /bin/bash user
  fi
elif [[ "${existing_user_name}" != "user" ]]; then
  # A user with this uid exists but isn't named "user" (e.g. "ubuntu" from
  # the base image). Rename it so everything uses /home/user consistently.
  usermod -l user -d /home/user -m "${existing_user_name}" >/dev/null 2>&1 || true
fi

export HOME=/home/user
mkdir -p "${HOME}"
chown "${uid}:${gid}" "${HOME}" >/dev/null 2>&1 || true

vnc_enabled="${OMNI_CODE_VNC:-0}"
if [[ "${vnc_enabled}" == "1" || "${vnc_enabled}" == "true" ]]; then
  mkdir -p /tmp/.ICE-unix /tmp/.X11-unix
  chmod 1777 /tmp/.ICE-unix /tmp/.X11-unix
  gosu "${uid}:${gid}" bash /usr/local/bin/start-vnc.sh
fi

code_server_enabled="${OMNI_CODE_CODE_SERVER:-0}"
if [[ "${code_server_enabled}" == "1" || "${code_server_enabled}" == "true" ]]; then
  code_server_port="${CODE_SERVER_PORT:-8080}"
  code_server_auth="${CODE_SERVER_AUTH:-password}"
  code_server_workspace="${CODE_SERVER_WORKSPACE:-/home/user/workspace}"
  code_server_log_dir="${CODE_SERVER_LOG_DIR:-/home/user/.local/share/code-server}"
  mkdir -p "${code_server_log_dir}" >/dev/null 2>&1 || true
  chown -R "${uid}:${gid}" "${code_server_log_dir}" >/dev/null 2>&1 || true
  mkdir -p "${HOME}/.config" >/dev/null 2>&1 || true
  chown -R "${uid}:${gid}" "${HOME}/.config" >/dev/null 2>&1 || true

  gosu "${uid}:${gid}" bash -lc "nohup code-server --bind-addr 0.0.0.0:${code_server_port} --auth ${code_server_auth} ${code_server_workspace} > '${code_server_log_dir}/omni-code.log' 2>&1 &" || true
fi

# Restore persisted gitconfig from volume directory
if [[ -f "${HOME}/.gitconfig.d/gitconfig" ]]; then
  cp "${HOME}/.gitconfig.d/gitconfig" "${HOME}/.gitconfig"
  chown "${uid}:${gid}" "${HOME}/.gitconfig" >/dev/null 2>&1 || true
fi

# Ensure git trusts the bind-mounted workspace
gosu "${uid}:${gid}" git config --global --add safe.directory /home/user/workspace

# Persist gitconfig back to the volume for next restart
mkdir -p "${HOME}/.gitconfig.d" >/dev/null 2>&1 || true
cp "${HOME}/.gitconfig" "${HOME}/.gitconfig.d/gitconfig" 2>/dev/null || true

# Apply network isolation rules (if OMNI_SANDBOX_NETWORK_ALLOWLIST is set)
source /usr/local/bin/apply-network-isolation.sh

exec gosu "${uid}:${gid}" "$@"

Products

About

Resources

Contact Gemfury