# Ubuntu-based sandbox to run LLMs via OpenCode # Build with: # docker build -t opencode-ubuntu-sandbox:conda_codex . # Usage example: # SESSION_DIR=$(mktemp -d /tmp/opencode_session-XXXXXX) && chmod 1777 "$SESSION_DIR" # docker run --rm -it -p 1455:1456 \ # -v "$HOME/miniconda3/envs:/opt/miniconda/envs" \ # -v "$PWD/opencode_full_config.json:/workspace/opencode.json:ro" \ # -e OPENCODE_CONFIG=/workspace/opencode.json \ # -v "$SESSION_DIR:/tmp" \ # -v "$HOME/opencode_workspace:/opencode_workspace" \ # --name opencode-ubuntu-sandbox opencode-ubuntu-sandbox:conda_codex # Then inside container: # opencode auth login (or codex auth login) # Now we can run opencode! For OpenAI, gpt-5.1-codex-high or any model # signaling (OAuth) works # To open a different terminal inside the same container: # docker exec -it codex-opencode bash # We use a node-25 image with preinstalled npm, avoiding as many # vulnerabilities as we can FROM node:25-bookworm # Install additional necessary packages RUN apt update && apt install -y socat nano RUN npm install -g @openai/codex opencode-ai # download conda installer, install into /opt/miniconda, remove installer RUN wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh \ && bash Miniconda3-latest-Linux-x86_64.sh -b -p /opt/miniconda \ && rm Miniconda3-latest-Linux-x86_64.sh ENV PATH=/opt/miniconda/bin:$PATH # init conda and accept terms of service for necessary channels RUN conda init && \ conda tos accept --override-channels --channel https://repo.anaconda.com/pkgs/main \ && conda tos accept --override-channels --channel https://repo.anaconda.com/pkgs/r # Create an ENTRYPOINT script that starts socat in the background, # to reroute any incoming port 1456 traffic to port 1455. # This is necessary for codex login/auth via browser, # in combination with the -p 1455:1456 flag when calling docker run. RUN cat <<'EOF' > /usr/local/bin/docker-entrypoint.sh #!/usr/bin/env bash set -e socat TCP-LISTEN:1456,fork,reuseaddr TCP:127.0.0.1:1455 & # background exec "$@" # hand off process to bash EOF RUN chmod +x /usr/local/bin/docker-entrypoint.sh RUN mkdir -p /workspace WORKDIR /workspace # run the socat port forward in the background, and then switch to terminal ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] CMD ["bash"]