initial: NAS agent runner setup

Dockerfile

@@ -0,0 +1,85 @@
+# syntax=docker/dockerfile:1.6
+
+FROM ubuntu:22.04
+
+# ----- system deps -------------------------------------------------------
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Europe/Amsterdam \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        ca-certificates curl git tini gosu jq xz-utils \
+        build-essential python3 \
+        tzdata logrotate \
+    && ln -fs /usr/share/zoneinfo/$TZ /etc/localtime \
+    && dpkg-reconfigure --frontend=noninteractive tzdata \
+    && rm -rf /var/lib/apt/lists/*
+
+# ----- node 22 LTS -------------------------------------------------------
+# Voor zowel Claude Code (de native installer heeft geen node nodig, maar
+# scrum4me-mcp draait op tsx) als de health-server.
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && rm -rf /var/lib/apt/lists/* \
+    && npm install -g pnpm@9 tsx@4 \
+    && npm cache clean --force
+
+# ----- claude code via native installer ---------------------------------
+# Zet PATH zodat het user-binary gevonden wordt; native installer plaatst
+# in $HOME/.local/bin standaard. We installeren als root om in /usr/local
+# te belanden, of fallback naar /opt.
+ARG CLAUDE_CODE_VERSION=latest
+RUN curl -fsSL https://claude.ai/install.sh | bash -s ${CLAUDE_CODE_VERSION} \
+    && cp /root/.local/bin/claude /usr/local/bin/claude \
+    && chmod +x /usr/local/bin/claude \
+    && claude --version
+
+# ----- scrum4me-mcp ------------------------------------------------------
+# Clone met submodules zodat vendor/scrum4me (Prisma-schema) meekomt.
+# Pin via build-arg; default = main, in productie altijd op een commit-sha.
+ARG MCP_GIT_REPO=https://github.com/madhura68/scrum4me-mcp.git
+ARG MCP_GIT_REF=main
+
+RUN git clone --recurse-submodules --branch ${MCP_GIT_REF} --depth 1 \
+        ${MCP_GIT_REPO} /opt/scrum4me-mcp \
+    && cd /opt/scrum4me-mcp \
+    && npm ci --omit=dev --omit=optional || npm install --omit=dev \
+    && (npm run sync-schema || true) \
+    && npx prisma generate
+
+# ----- non-root user -----------------------------------------------------
+# UID 1000 zodat bind-mounted /share/Agent/* schrijfrechten matchen met de
+# admin op QNAP. Pas aan via build-arg als je een andere UID gebruikt.
+ARG AGENT_UID=1000
+ARG AGENT_GID=1000
+RUN groupadd -g ${AGENT_GID} agent \
+    && useradd  -u ${AGENT_UID} -g ${AGENT_GID} -m -s /bin/bash agent \
+    && mkdir -p /var/cache/repos /var/cache/npm /var/log/agent /var/run/agent \
+    && chown -R agent:agent /var/cache /var/log/agent /var/run/agent /home/agent
+
+# ----- runner files ------------------------------------------------------
+WORKDIR /opt/agent
+COPY --chown=agent:agent bin/        ./bin/
+COPY --chown=agent:agent etc/        ./etc/
+COPY --chown=agent:agent CLAUDE.md   ./
+COPY --chown=agent:agent mcp-config.json ./
+
+RUN chmod +x ./bin/*.sh
+
+# ----- runtime config ----------------------------------------------------
+ENV PATH=/opt/agent/bin:/usr/local/bin:/usr/bin:/bin \
+    HOME=/home/agent \
+    NPM_CONFIG_CACHE=/var/cache/npm \
+    PNPM_HOME=/var/cache/pnpm \
+    AGENT_STATE_DIR=/var/run/agent \
+    AGENT_LOG_DIR=/var/log/agent \
+    AGENT_REPO_CACHE=/var/cache/repos \
+    AGENT_JOB_ROOT=/tmp \
+    AGENT_HEALTH_PORT=8080
+
+EXPOSE 8080
+
+# tini als PID 1 → correcte signal handling, geen zombies
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD ["/opt/agent/bin/entrypoint.sh"]