.

Toolbox/base/Dockerfile

@@ -0,0 +1,61 @@
+FROM debian:stable
+
+# Prevent interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install fish shell and other basic utilities as root during build
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        fish=4.0.2-1 \
+        curl=8.14.1-2 \
+        wget=1.25.0-2 \
+        jq=1.7.1-6+deb13u1 \
+        git=1:2.47.3-0+deb13u1 \
+        openssh-client=1:10.0p1-7 \
+        vim=2:9.1.1230-2 \
+        netcat-openbsd=1.229-1 \
+        ripgrep=14.1.1-1+b4 \
+        fzf=0.60.3-1+b2 \
+        unzip=6.0-29 \
+        zip=3.0-15 \
+        htop=3.4.1-5 \
+        tree=2.2.1-1 \
+        less=668-1 \
+        rsync=3.4.1+ds1-5 \
+        iputils-ping=3:20240905-3 \
+        procps=2:4.0.4-9 \
+        lsof=4.99.4+dfsg-2 \
+        strace=6.13+ds-1 \
+        tcpdump=4.99.5-2 \
+        gnupg2=2.4.7-21 \
+        gnupg-agent=2.4.7-21 \
+        apt-transport-https=3.0.3 \
+        lsb-release=12.1-1 \
+        bind9-dnsutils=1:9.20.15-1~deb13u1 \
+        ca-certificates=20250419 \
+        docker.io=26.1.5+dfsg1-9+b9 \
+        docker-cli=26.1.5+dfsg1-9+b9 \
+        && \
+    # Clean up package cache \
+    rm -rf /var/lib/apt/lists/*
+
+# Create the user during build process with specific UID/GID
+RUN groupadd -r tsysdevstack && useradd -r -m -g tsysdevstack -s /usr/bin/fish tsysdevstack
+
+# Add tsysdevstack user to the existing docker group
+RUN usermod -aG docker tsysdevstack
+
+# Set the fish shell as default for the user
+RUN echo "if [ \"\$SHELL\" != \"/usr/bin/fish\" ]; then exec fish; fi" >> /home/tsysdevstack/.bashrc
+
+# Change to the tsysdevstack user
+USER tsysdevstack
+
+# Set the home directory
+WORKDIR /home/tsysdevstack
+
+# Set default shell to fish
+SHELL ["/usr/bin/fish"]
+
+# Default command when container starts
+CMD ["fish"]

Toolbox/base/README.md

@@ -0,0 +1,116 @@
+# TSYS DevStack Toolbox Base Container
+
+This is the base development container for the TSYS DevStack project. It provides a secure, non-root development environment with common utilities and tools for day-to-day development tasks.
+
+## Overview
+
+- **Base Image**: Debian stable
+- **Default User**: `tsysdevstack` (non-root)
+- **Default Shell**: Fish shell
+- **Security**: No sudo/su access for the tsysdevstack user
+- **Purpose**: Interactive development and container orchestration
+- **Docker Client**: Includes Docker CLI for orchestrating containers on the host
+
+## Pre-installed Tools
+
+### Development & Version Control
+- Git (`git`)
+- Vim editor (`vim`)
+
+### Network & Web Tools
+- cURL (`curl`)
+- Wget (`wget`)
+- Ping (`iputils-ping`)
+- Netcat (`netcat-openbsd`)
+- DNS utilities (`bind9-dnsutils` - includes `nslookup`, `dig`, etc.)
+
+### Container Orchestration
+- Docker Client (`docker.io` and `docker-cli`)
+
+### Data Processing & Formatting
+- JQ for JSON processing (`jq`)
+- Ripgrep for fast searching (`ripgrep`)
+- FZF for fuzzy finding (`fzf`)
+- Less pager (`less`)
+
+### Archiving & File Management
+- Zip/Unzip (`zip`, `unzip`)
+- Rsync for file sync (`rsync`)
+- Tree for directory visualization (`tree`)
+
+### System Monitoring & Debugging
+- HTop system monitor (`htop`)
+- Lsof for listing open files (`lsof`)
+- Strace for system call tracing (`strace`)
+- Tcpdump for network packet capture (`tcpdump`)
+- Procps for process utilities (`procps`)
+
+### Security & Encryption
+- GnuPG for encryption (`gnupg2`, `gnupg-agent`)
+
+### SSH
+- OpenSSH client (`openssh-client`)
+
+## Usage
+
+### Building the Image
+
+```bash
+./build.sh
+```
+
+### Running the Container
+
+```bash
+./run.sh
+```
+
+### Running Commands
+
+```bash
+# Run a single command
+docker run --rm tsysdevstack-toolboxstack-toolbox-base [command]
+
+# Run with interactive shell
+docker run -it --rm tsysdevstack-toolboxstack-toolbox-base
+```
+
+### Testing
+
+To verify all tools work properly:
+
+```bash
+./test.sh
+```
+
+## Security
+
+- The container runs as the `tsysdevstack` user, not root
+- No sudo or su access available to prevent privilege escalation
+- Built with security best practices in mind
+- Regular vulnerabilities are monitored and addressed in base image updates
+
+## Quality of Life Features
+
+- Fish shell provides advanced command-line features
+- FZF enables fuzzy-finding for faster navigation
+- Ripgrep offers fast file searching capabilities
+- HTop provides an interactive process viewer
+- All common development tools are pre-installed
+
+## Purpose
+
+This container is designed for:
+- Interactive development work
+- Container orchestration tasks
+- Running as a headless orchestrator for other specialized containers
+- Providing a consistent development environment
+
+It is **not** designed for:
+- Running system-wide language runtimes (Python, Rust, Node, etc.) - those will be in specialized containers
+- Production workloads
+- Long-running services
+
+## Integration with DevStack
+
+This container serves as the base for the TSYS DevStack toolbox stack and will be used to orchestrate other specialized containers in the development lifecycle.

Toolbox/base/build.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Build script for tsysdevstack-toolboxstack-toolbox-base Docker image
+
+set -e  # Exit immediately if a command exits with a non-zero status
+
+IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-base"
+CONTEXT_DIR="."
+
+echo "Building Docker image: $IMAGE_NAME"
+
+# Build the Docker image
+docker build -t "$IMAGE_NAME" "$CONTEXT_DIR"
+
+echo "Build completed successfully!"
+echo "To run the container, use: ./run.sh"

Toolbox/base/run.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Run script for tsysdevstack-toolboxstack-toolbox-base Docker container
+
+set -e  # Exit immediately if a command exits with a non-zero status
+
+IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-base"
+
+echo "Starting Docker container from image: $IMAGE_NAME"
+
+# Check if Docker socket exists on the host
+if [ ! -S /var/run/docker.sock ]; then
+    echo "Warning: Docker socket not found at /var/run/docker.sock"
+    echo "Docker commands inside the container will not work without access to the host's Docker daemon."
+    echo "Please ensure your user is in the 'docker' group on the host system."
+    echo "Running container without Docker socket access..."
+    
+    # Run the Docker container interactively with a pseudo-TTY without Docker socket
+    docker run -it --rm \
+        --name tsysdevstack-container \
+        "$IMAGE_NAME"
+else
+    echo "Docker socket found. Mounting to container for Docker access..."
+    
+    # Run the Docker container interactively with a pseudo-TTY
+    # Mount Docker socket to enable Docker commands inside container
+    docker run -it --rm \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        --name tsysdevstack-container \
+        "$IMAGE_NAME"
+fi

Toolbox/base/test.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+# Test script to verify all tooling works as tsysdevstack user
+
+set -e  # Exit immediately if a command exits with a non-zero status
+
+echo "Testing all installed tools as tsysdevstack user..."
+
+# Verify fish shell
+echo "Testing fish shell..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base fish -c "echo 'Fish shell works'"
+
+# Verify curl
+echo "Testing curl..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base curl --version
+
+# Verify wget
+echo "Testing wget..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base wget --version | head -n 1
+
+# Verify jq
+echo "Testing jq..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base jq --version
+
+# Verify git
+echo "Testing git..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base git --version
+
+# Verify ssh
+echo "Testing ssh..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base ssh -V 2>&1 | head -n 1
+
+# Verify vim
+echo "Testing vim..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base vim --version | head -n 1
+
+# Verify netcat
+echo "Testing netcat..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base nc -h 2>&1 | head -n 1
+
+# Verify ripgrep
+echo "Testing ripgrep..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base rg --version
+
+# Verify fzf
+echo "Testing fzf..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base bash -c "command -v fzf"
+
+# Verify unzip
+echo "Testing unzip..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base unzip -v | head -n 1
+
+# Verify zip
+echo "Testing zip..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base zip --version | head -n 1
+
+# Verify htop
+echo "Testing htop..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base htop --version
+
+# Verify tree
+echo "Testing tree..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base tree --version
+
+# Verify less
+echo "Testing less..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base less --version | head -n 1
+
+# Verify rsync
+echo "Testing rsync..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base rsync --version | head -n 1
+
+# Verify ping (from iputils-ping)
+echo "Testing ping..."
+docker run --rm --cap-add=NET_RAW tsysdevstack-toolboxstack-toolbox-base ping -c 1 127.0.0.1
+
+# Verify nslookup (from bind9-dnsutils)
+echo "Testing nslookup..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base nslookup -version 2>&1 | head -n 1
+
+# Verify Docker client
+echo "Testing docker client..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base docker --version
+
+# Verify ps (from procps)
+echo "Testing ps..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base ps --version
+
+# Verify lsof
+echo "Testing lsof..."
+docker run --rm tsysdevstack-toolboxstack-toolbox-base lsof -v | head -n 1
+
+echo "All tools are working correctly as tsysdevstack user!"