Upload 2 files

Dockerfile

@@ -0,0 +1,78 @@
+FROM debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ=Etc/UTC
+ENV PORT=7860
+ENV HOME=/home/coder
+ENV PIP_DISABLE_PIP_VERSION_CHECK=1
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+# 1) 系统与开发工具（重度版）
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl wget git bash sudo tini gnupg dirmngr jq \
+    # 常用工具
+    unzip zip xz-utils less vim nano openssh-client \
+    # C/C++
+    build-essential gcc g++ make cmake ninja-build gdb lldb clang clangd pkg-config \
+    # Python
+    python3 python3-pip python3-venv python3-dev \
+    # Java + build tools
+    openjdk-17-jdk maven gradle \
+    # Node.js
+    nodejs npm \
+    # 其他
+    ripgrep fd-find \
+    && rm -rf /var/lib/apt/lists/*
+
+# 2) 安装 code-server
+RUN curl -fsSL https://code-server.dev/install.sh | sh
+
+# 3) 安装 Node 包管理器补充
+RUN npm install -g yarn pnpm
+
+# 4) Python 常见依赖（可按需删减）
+RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    python3 -m pip install --no-cache-dir \
+    numpy pandas scipy scikit-learn matplotlib seaborn plotly \
+    jupyter jupyterlab ipykernel notebook \
+    requests httpx aiohttp pyyaml python-dotenv tqdm rich \
+    flask fastapi uvicorn[standard] pydantic \
+    sqlalchemy alembic psycopg2-binary redis \
+    pytest pytest-cov black isort mypy ruff pre-commit
+
+# 5) 安装 Rust（stable）
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+# 6) 安装 Go（Debian 包，稳定即可）
+RUN apt-get update && apt-get install -y --no-install-recommends golang-go && \
+    rm -rf /var/lib/apt/lists/*
+
+# 7) 安装 Codex CLI（若仓库不可用，不阻断）
+RUN npm install -g @openai/codex || true
+
+# 8) 创建用户
+RUN useradd -m -u 1000 -s /bin/bash coder && \
+    echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    mkdir -p /home/coder/.config/code-server /home/coder/.codex && \
+    chown -R coder:coder /home/coder
+
+# 9) 预装常用 VSCode 扩展（失败不阻断）
+RUN code-server --install-extension ms-python.python || true && \
+    code-server --install-extension ms-toolsai.jupyter || true && \
+    code-server --install-extension ms-vscode.cpptools || true && \
+    code-server --install-extension llvm-vs-code-extensions.vscode-clangd || true && \
+    code-server --install-extension vscjava.vscode-java-pack || true && \
+    code-server --install-extension redhat.vscode-yaml || true && \
+    code-server --install-extension esbenp.prettier-vscode || true
+
+COPY --chown=coder:coder start.sh /usr/local/bin/start.sh
+RUN chmod +x /usr/local/bin/start.sh
+
+USER coder
+WORKDIR /home/coder
+
+EXPOSE 7860
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD ["/usr/local/bin/start.sh"]

start.sh

@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PORT="${PORT:-7860}"
+
+# 必须：code-server 登录密码
+if [[ -z "${PASSWORD:-}" && -z "${HASHED_PASSWORD:-}" ]]; then
+  echo "[ERROR] Missing PASSWORD/HASHED_PASSWORD secret."
+  exit 1
+fi
+
+# Hugging Face 持久化目录
+if [[ -d "/data" ]]; then
+  WORKDIR="/data/workspace"
+  EXT_DIR="/data/code-server/extensions"
+  USER_DATA_DIR="/data/code-server/user-data"
+  CODEX_DIR="/data/.codex"
+else
+  WORKDIR="${HOME}/workspace"
+  EXT_DIR="${HOME}/.local/share/code-server/extensions"
+  USER_DATA_DIR="${HOME}/.local/share/code-server/user-data"
+  CODEX_DIR="${HOME}/.codex"
+fi
+
+mkdir -p "$WORKDIR" "$EXT_DIR" "$USER_DATA_DIR" "${HOME}/.config/code-server" "$CODEX_DIR"
+
+# -------------------------
+# code-server 配置
+# -------------------------
+CONFIG_FILE="${HOME}/.config/code-server/config.yaml"
+{
+  echo "bind-addr: 0.0.0.0:${PORT}"
+  echo "auth: password"
+  if [[ -n "${HASHED_PASSWORD:-}" ]]; then
+    echo "hashed-password: ${HASHED_PASSWORD}"
+  else
+    echo "password: ${PASSWORD}"
+  fi
+  echo "cert: false"
+} > "$CONFIG_FILE"
+
+# -------------------------
+# Codex 配置文件 config.toml
+# -------------------------
+# 允许用环境变量覆盖；默认就是你给的参数
+: "${CODEX_MODEL_PROVIDER:=sub2api}"
+: "${CODEX_MODEL:=gpt-5.3-codex}"
+: "${CODEX_REASONING_EFFORT:=high}"
+: "${CODEX_NETWORK_ACCESS:=enabled}"
+: "${CODEX_DISABLE_RESPONSE_STORAGE:=true}"
+: "${CODEX_WSL_ACK:=true}"
+: "${CODEX_VERBOSITY:=high}"
+: "${CODEX_PROVIDER_NAME:=sub2api}"
+: "${CODEX_BASE_URL:=https://ai.qaq.al}"
+: "${CODEX_WIRE_API:=responses}"
+: "${CODEX_REQUIRES_OPENAI_AUTH:=true}"
+
+cat > "${CODEX_DIR}/config.toml" <<EOF
+model_provider = "${CODEX_MODEL_PROVIDER}"
+model = "${CODEX_MODEL}"
+model_reasoning_effort = "${CODEX_REASONING_EFFORT}"
+network_access = "${CODEX_NETWORK_ACCESS}"
+disable_response_storage = ${CODEX_DISABLE_RESPONSE_STORAGE}
+windows_wsl_setup_acknowledged = ${CODEX_WSL_ACK}
+model_verbosity = "${CODEX_VERBOSITY}"
+
+[model_providers.${CODEX_PROVIDER_NAME}]
+name = "${CODEX_PROVIDER_NAME}"
+base_url = "${CODEX_BASE_URL}"
+wire_api = "${CODEX_WIRE_API}"
+requires_openai_auth = ${CODEX_REQUIRES_OPENAI_AUTH}
+EOF
+
+# -------------------------
+# Codex auth.json
+# -------------------------
+# 推荐用 HF Secrets 注入 OPENAI_API_KEY
+# 或者直接放完整 JSON 到 CODEX_AUTH_JSON
+if [[ -n "${CODEX_AUTH_JSON:-}" ]]; then
+  printf '%s\n' "${CODEX_AUTH_JSON}" > "${CODEX_DIR}/auth.json"
+elif [[ -n "${OPENAI_API_KEY:-}" ]]; then
+  cat > "${CODEX_DIR}/auth.json" <<EOF
+{
+  "OPENAI_API_KEY": "${OPENAI_API_KEY}"
+}
+EOF
+else
+  echo "[WARN] No OPENAI_API_KEY/CODEX_AUTH_JSON found. Codex auth.json not generated."
+fi
+
+chmod 600 "${CODEX_DIR}/auth.json" 2>/dev/null || true
+chmod 600 "${CODEX_DIR}/config.toml" 2>/dev/null || true
+
+# 把 /data 的 codex 配置软链到 ~/.codex（避免路径不一致）
+if [[ "$CODEX_DIR" != "${HOME}/.codex" ]]; then
+  rm -rf "${HOME}/.codex"
+  ln -s "$CODEX_DIR" "${HOME}/.codex"
+fi
+
+echo "[INFO] Environment ready."
+echo "[INFO] Java: $(java -version 2>&1 | head -n1 || true)"
+echo "[INFO] Python: $(python3 --version || true)"
+echo "[INFO] Node: $(node --version || true)"
+echo "[INFO] g++: $(g++ --version | head -n1 || true)"
+echo "[INFO] Codex config path: ${HOME}/.codex/config.toml"
+
+exec code-server "$WORKDIR" \
+  --extensions-dir "$EXT_DIR" \
+  --user-data-dir "$USER_DATA_DIR" \
+  --disable-telemetry