FROM ghcr.io/linuxserver/baseimage-kasmvnc:debianbookworm USER root # Create app dir and ensure X socket dir exists RUN mkdir -p /app /defaults \ && mkdir -p /tmp/.X11-unix \ && chown root:root /tmp/.X11-unix \ && chmod 1777 /tmp/.X11-unix RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ firefox-esr gnumeric xdg-utils xdg-desktop-portal xdg-desktop-portal-gtk \ python3-pyxdg ca-certificates \ shared-mime-info desktop-file-utils \ fonts-liberation fonts-dejavu-core \ libgtk2.0-0 libx11-6 libxext6 libxrender1 libxtst6 libxi6 \ libxrandr2 libxinerama1 libxcomposite1 libxss1 \ libgdk-pixbuf2.0-0 libpango1.0-0 libatk1.0-0 \ libcups2 libnss3 libwebkit2gtk-4.0-37 \ inotify-tools gosu \ && rm -rf /var/lib/apt/lists/* # Copy Fiscality app into image and set owner to abc COPY --chown=abc:abc Fiscality /app/Fiscality RUN chmod -R a+rX /app/Fiscality \ && chmod a+x /app/Fiscality/Fiscality # cont-init script to fix ownership at container start RUN mkdir -p /etc/cont-init.d && \ cat > /etc/cont-init.d/99-fix-perms <<'EOF' #!/usr/bin/with-contenv bash set -e # Ensure abc owns application files (handles files created by root during build) chown -R abc:abc /app/Fiscality 2>/dev/null || true find /app/Fiscality -user root -exec chown abc:abc {} + 2>/dev/null || true chmod a+x /app/Fiscality/Fiscality 2>/dev/null || true chown -R abc:abc /config/FiscalityMio 2>/dev/null || true EOF RUN chmod +x /etc/cont-init.d/99-fix-perms # Override xdg-open to use Firefox for PDFs RUN if [ -f /usr/bin/xdg-open ]; then mv /usr/bin/xdg-open /usr/bin/xdg-open.real; fi RUN cat > /usr/bin/xdg-open <<'EOF' #!/bin/bash ARG="$1" if [ -z "$ARG" ]; then if [ -x /usr/bin/xdg-open.real ]; then exec /usr/bin/xdg-open.real "$@" else exit 1 fi fi ARG="${ARG#file://}" case "${ARG,,}" in *.pdf) # Open PDF with Firefox (disable sandbox for container) if command -v gosu >/dev/null 2>&1; then gosu abc env MOZ_DISABLE_CONTENT_SANDBOX=1 MOZ_DISABLE_GMP_SANDBOX=1 \ DISPLAY="${DISPLAY:-:1}" \ nohup firefox --no-remote --new-window "file://${ARG}" \ >/dev/null 2>&1 & else su -s /bin/bash abc -c "env MOZ_DISABLE_CONTENT_SANDBOX=1 \ MOZ_DISABLE_GMP_SANDBOX=1 DISPLAY='${DISPLAY:-:1}' \ nohup firefox --no-remote --new-window 'file://${ARG}' \ >/dev/null 2>&1 &" || true fi exit 0 ;; *.xlsx|*.xls|*.xlsm|*.ods) # Open spreadsheets with Gnumeric (lightweight reader) if command -v gosu >/dev/null 2>&1; then gosu abc env DISPLAY="${DISPLAY:-:1}" \ nohup gnumeric "${ARG}" \ >/dev/null 2>&1 & else su -s /bin/bash abc -c "env DISPLAY='${DISPLAY:-:1}' \ nohup gnumeric '${ARG}' \ >/dev/null 2>&1 &" || true fi exit 0 ;; *.xml|*.txt|*.wri) # Open text files with Firefox if command -v gosu >/dev/null 2>&1; then gosu abc env MOZ_DISABLE_CONTENT_SANDBOX=1 MOZ_DISABLE_GMP_SANDBOX=1 \ DISPLAY="${DISPLAY:-:1}" \ nohup firefox --no-remote --new-window "file://${ARG}" \ >/dev/null 2>&1 & else su -s /bin/bash abc -c "env MOZ_DISABLE_CONTENT_SANDBOX=1 \ MOZ_DISABLE_GMP_SANDBOX=1 DISPLAY='${DISPLAY:-:1}' \ nohup firefox --no-remote --new-window 'file://${ARG}' \ >/dev/null 2>&1 &" || true fi exit 0 ;; *) if [ -x /usr/bin/xdg-open.real ]; then exec /usr/bin/xdg-open.real "$@" else if command -v gosu >/dev/null 2>&1; then gosu abc env MOZ_DISABLE_CONTENT_SANDBOX=1 DISPLAY="${DISPLAY:-:1}" \ nohup firefox --no-remote "file://${ARG}" >/dev/null 2>&1 & else su -s /bin/bash abc -c "env MOZ_DISABLE_CONTENT_SANDBOX=1 DISPLAY='${DISPLAY:-:1}' \ nohup firefox --no-remote 'file://${ARG}' >/dev/null 2>&1 &" || true fi exit 0 fi ;; esac EOF RUN chmod +x /usr/bin/xdg-open && chown root:root /usr/bin/xdg-open # Default app mapping so PDFs use Firefox for abc user RUN mkdir -p /home/abc/.config && \ echo -e "[Default Applications]\napplication/pdf=firefox-esr.desktop;" \ > /home/abc/.config/mimeapps.list && \ chown -R abc:abc /home/abc/.config # Prepare Firefox profile directories for abc RUN mkdir -p /home/abc/.mozilla /home/abc/.cache /home/abc/.local/share && \ chown -R abc:abc /home/abc # Applications directory for desktop files RUN mkdir -p /usr/local/share/applications # Firefox PDF handler .desktop file RUN cat > /usr/local/share/applications/firefox-pdf.desktop <<'EOF' [Desktop Entry] Name=Firefox (PDF) GenericName=Web Browser (PDF) Comment=View PDF files in Firefox Exec=firefox %u Terminal=false Type=Application Icon=firefox Categories=Network;WebBrowser; MimeType=application/pdf;application/x-pdf;application/vnd.adobe.pdf; NoDisplay=true EOF RUN chmod 644 /usr/local/share/applications/firefox-pdf.desktop && \ chown root:root /usr/local/share/applications/firefox-pdf.desktop && \ update-desktop-database /usr/local/share/applications || true && \ update-desktop-database /usr/share/applications || true && \ update-mime-database /usr/share/mime || true # Update per-user MIME default (in image build) RUN gosu abc xdg-mime default firefox-esr.desktop application/pdf || true RUN gosu abc xdg-mime default firefox-pdf.desktop application/pdf || true # Copy the autostart script to /defaults/ (LinuxServer base image uses this location) COPY defaults/autostart /defaults/autostart RUN chmod +x /defaults/autostart # Set environment and entrypoint ENV GTK_USE_PORTAL=1 ENV TITLE="Fiscality" EXPOSE 3000 USER root ENTRYPOINT ["/init"]