Merge pull request #107 from ublue-os/docker-fix

fix: make the docker-dbox work

.github/workflows/build-docker-app.yml

@@ -36,28 +36,6 @@ jobs:
           pubkey: https://raw.githubusercontent.com/ublue-os/toolboxes/main/cosign.pub
           registry: ghcr.io/ublue-os
 
-      # Build metadata
-      - name: Image Metadata
-        uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: |
-            ${{ env.IMAGE_NAME }}
-          labels: |
-            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md
-
-      # Build image using Buildah action
-      - name: Build Image
-        id: build_image
-        uses: redhat-actions/buildah-build@v2
-        with:
-          containerfiles: |
-            ./apps/docker/Containerfile.docker
-          image: ${{ env.IMAGE_NAME }}
-          tags: ${{ env.IMAGE_TAGS }}
-          labels: ${{ steps.meta.outputs.labels }}
-          oci: false
-
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
       - name: Lowercase Registry
@@ -66,20 +44,19 @@ jobs:
         with:
           string: ${{ env.IMAGE_REGISTRY }}
 
-      # Push the image to GHCR (Image Registry)
-      - name: Push To GHCR
-        uses: redhat-actions/push-to-registry@v2
-        if: github.event_name != 'pull_request'
-        id: push
-        env:
-          REGISTRY_USER: ${{ github.actor }}
-          REGISTRY_PASSWORD: ${{ github.token }}
+      # Build metadata
+      - name: Image Metadata
+        uses: docker/metadata-action@v5
+        id: meta
         with:
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
-          registry: ${{ steps.registry_case.outputs.lowercase }}
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
+          images: |
+            ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}
+          labels: |
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md
+          tags: |
+            ${{ env.IMAGE_TAGS }}
+
+      # Login to Contaier Registry if not a PR
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         if: github.event_name != 'pull_request'
@@ -88,6 +65,16 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # Build and Push Image
+      - name: Build and Push Image
+        id: build_image
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          file: ./apps/docker/Containerfile.docker
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{  steps.meta.outputs.tags  }}
+
       # Sign container
       - uses: sigstore/[email protected]
         if: github.event_name != 'pull_request'
@@ -99,10 +86,10 @@ jobs:
           wc -c cosign.key
           cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
         env:
-          TAGS: ${{ steps.push.outputs.digest }}
+          TAGS: ${{ steps.build_image.outputs.digest }}
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
       - name: Echo outputs
         run: |
-          echo "${{ toJSON(steps.push.outputs) }}"
+          echo "${{ toJSON(steps.build_image.outputs) }}"

README.md

@@ -14,6 +14,8 @@ Centralized repository of containers designed for Toolbox/Distrobox with batteri
 - `wolfi-toolbox` - a WolfiOS base image
 - `bluefin-cli` - a WolfiOS based image with Homebrew and a strongly opinionated default experience
 - `powershell-toolbox` - a WolfiOS based image with PowerShell and other Microsoft related tooling
+- `docker-distrobox` - an Ubuntu distrobox with Docker-CE. It will export the docker socket to the host.
+- `incus-distrobox` - an Ubuntu distrobox with Incus packages from Zabbly.
 
 It is strongly recommended that the [Ptyxis terminal](https://gitlab.gnome.org/chergert/ptyxis) be used with these toolboxes and is the default experience in both [Bazzite](https://bazzite.gg) and [Bluefin](https://projectbluefin.io).
 
@@ -57,6 +59,9 @@ Both `bluefin-cli` and `wolfi-toolbox` have Wolfi developer variants built from
 
 `powershell-toolbox` is based on `WolfiOS`. Its primary purpose is to be a dedicated container for Microsoft related technologies used during development. It contains [PowerShell](https://github.com/PowerShell/PowerShell), [Azure CLI](https://github.com/Azure/azure-cli) and [.NET](https://github.com/dotnet/core) (latest LTS) configured out of the box. It also includes a small selection of other useful CLI utilities to improve the overall experience.
 
+### Incus and Docker Distrobox
+Both `incus-distrobox` and `docker-distrobox` are designed to be run with a rootful, init distrobox. [Incus](https://linuxcontainers.org/incus/) uses packages built by [Zabbly](https://github.com/zabbly/incus). [Docker](https://www.docker.com/) uses the [convience install script](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script) from Docker.  Both are built from the ubuntu-toolbox built in this repo. Example distrobox-assemble files are with each of them. Both work well with a volume mount for their respective files in `/var/lib/{docker,incus}`. Both can be setup to autostart on boot with a `systemd service`. However, your user sockets for `Xorg`, `Wayland`, and `Pulseaudio` will not be setup until you login. For the `docker-distrobox` you can customize the group of the exported `docker socket` by setting an environment variable at distrobox creation time for `DOCKERGROUP`. The assemble file has more information. Both the `incus-distrobox` and `docker-distrobox` set the unix-groups. For incus, matching `incus-admin` inside the distrobox and on the host will enable you to use the `incus socket` from the host.
+
 # Stats
 
 ## Star History

apps/docker/Containerfile.docker

@@ -1,23 +1,27 @@
 FROM ghcr.io/ublue-os/ubuntu-toolbox
 
-RUN apt-get update && \
-    apt-get install -y \
-        ca-certificates \
-        curl \
-        systemd && \
-    mkdir -p /etc/apt/keyrings/ && \
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o \
-        /etc/apt/keyrings/docker.asc && \
-    echo "deb [arch=$(dpkg --print-architecture) \
-         signed-by=/etc/apt/keyrings/docker.asc] \
-         https://download.docker.com/linux/ubuntu \
-         $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
-         > /etc/apt/sources.list.d/docker.list && \
-    apt-get update && \
-    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
-    apt-get clean && \
-    mkdir -p /var/lib/docker && \
-    groupmod -g 252 docker && \
-    systemctl enable docker.socket
-
+RUN <<EOF
+apt-get update
+DEBIAN_FRONTEND=noninteractive apt-get install -y ca-certificates curl socat systemd
+mkdir -p /etc/apt/keyrings/
+curl -fsSL https://get.docker.com -o /tmp/get-docker.sh
+sh /tmp/get-docker.sh
+apt-get clean
+mkdir -p /var/lib/docker
+rm -rf /var/lib/docker/**
+rm -f /usr/local/bin/docker
+cat > /usr/lib/systemd/system/docker-setup.service <<- EEOF
+[Unit]
+Description=Setup Docker Socket in /var/run/
+After=docker.socket
+[Service]
+PassEnvironment=DOCKERGROUP
+ExecStart=/usr/bin/bash -c "while true; do sleep 1; /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=\${DOCKERGROUP:-docker},umask=007 UNIX-CONNECT:/var/run/docker.sock; done"
+[Install]
+WantedBy=sockets.target
+EEOF
+groupmod -g 252 docker
+systemctl enable docker-setup.service
+rm -rf /tmp /var/tmp
+EOF
 CMD ["/sbin/init"]

apps/docker/distrobox.ini

@@ -0,0 +1,10 @@
+[docker]
+image=ghcr.io/ublue-os/docker-distrobox:latest
+# Change the group name to your desired group. Otherwise falls back to docker @ gid 252
+#additional_flags="-e DOCKERGROUP=$group"
+init=true
+nvidia=true
+root=true
+entry=false
+volume="/var/lib/docker"
+init_hooks="usermod -aG docker ${USER}"

apps/incus/distrobox.ini

@@ -0,0 +1,8 @@
+[incus]
+image=ghcr.io/ublue-os/incus-distrobox:latest
+init=true
+nvidia=true
+root=true
+entry=false
+volume="/var/lib/incus:/var/lib/incus /lib/modules:/lib/modules:ro"
+init_hooks="usermod -aG incus-admin ${USER}"