Collection of personal dockerfiles
debian images are "FROM debian:jessie-backports" arch images are "FROM base/archlinux:latest"
The most generic image runs "bash -l"
docker run -d -ti voobscout/base-deb:latest
apt-get install apache2
Bind your own certs /etc/apache2/ssl/key.pem /etc/apache2/ssl/cert.pem
docker run -d -ti -p 443:443/tcp -p 80:80/tcp -v /your/html/root:/var/www/html \
voobscout/base-deb:httpd
jail.local example:
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
findtime = 3600
maxretry = 3
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/host/secure
maxretry = 1
docker run -d -ti --privileged --net host -v /var/log:/var/log/host \
-v /your/jail.local:/etc/fail2ban/jail.local voobscout/base-deb:fail2ban
Yandex Disk native linux client
docker run -d -ti -v /your/files:/root/Yandex.Disk:rw voobscout/base-deb:yadisk <uname> <passwd>
1.6 debs repo with g729 compiled from Deepwalker ipp sources
docker run -d -ti --name freeswitch voobscout/base-deb:freeswitch freeswitch
Bind your own "/etc/samba/smb.conf" and/or "/etc/exports" into this container if additional shares are required
Don't forget to add the defaults from provided files.
The unencrypted contents are accessible by:
NFS: sudo mount :/exports /path/of/your/choosing
CIFS: sudo mount ///exports /path/of/your/choosing -o username=cryfs -o password=samba123
docker run -d -ti --cap-add SYS_ADMIN --device /dev/fuse -v /your/encrypted/folder:/.exports:rw \
voobscout/base-deb:cryfs4share ${cryfs_mount_password}
Oneway sync from /mnt/sync_src to a webdav of your choice, using lsyncd and davfs2 under the hood
docker run -d -ti --privileged -v /your/files:/mnt/sync_src:ro \
voobscout/base-deb:sync2davfs <http://davfs.server.com> <uname> <passwd>
Stolen from here - I didn't like the lack of backports repo
docker run -d -ti --privileged voobscout/base-deb:samba \
-u "adminuser;adminpasswd123" -u "user;userpass123" \
-s "smb_share1;/path/to/share;yes;no;no;user;adminuser" \
-s "smb_share2;/path/to/share2;yes;yes;no;all;adminuser"
Stolen from here - I wanted a debian base, not ubuntu
This expects some ENV and a data dir volume
docker run -d -ti \
-e AUTH=yes \
-e STORAGE_ENGINE=wiredTiger \
-e JOURNALING=yes \
-e OPLOG_SIZE=8192 \
-e MONGODB_USER=admin \
-e MONGODB_DATABASE=admin \
-e MONGODB_PASS=kaka123 \
-v /opt/mongodb_data:/data/db \
voobscout/base-deb:mongodb
This container expects a working copy of ~/.znc
docker run -d -ti -v ~/.znc:/home/znc/.znc:rw voobscout/base-deb:znc
docker run -d -ti \
-v /path/to/prosody/etc:/etc/prosody:rw \
-v /path/to/prosody/var:/var/lib/prosody:rw \
voobscout/base-deb:prosody
This works without additional security capabilities, ie. no need for '--cap-add SYS_ADMIN', but there seems to be a difference of opinion on the issue and the --security-opt=seccomp:unconfined
is nessesary!
docker run -d -ti \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--tmpfs /tmp \
--tmpfs /run:rw \
--security-opt=seccomp:unconfined voobscout/base-arch:systemd
Currently I found no way to successfully run containerized libvirt, without the --privileged
flag!
domrun.service will expect a single qcow2 image to be available at /var/lib/libvirt/images/image.qcow2
, please mount accordingly or provide VM_DISK variable.
Container will not run without variables mounted to /etc/default/domrun
or /etc/default/domrun.d/*
inside the container:
Provide DOMRUN
to run a script that emits an xml and starts the VM, I chose to use ruby...
cat <<EOF > /etc/default/domrun
DOMRUN=''
VM_TEMPLATE='URI to either file or http/ftp resource'
VM_NAME='instance name'
VM_TITLE='instance title to appear in virt-manager alike GUI'
VM_MEM='8 gb' #specify mem units in any form, ie. 0.1tb
VM_CPUS='2'
VM_DISK='/path/to/your/image.qcow2'
VM_NET='name of network adapter to connect this domain to'
EOF
To actually run it:
docker run -d \
-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-v /path/to/images/image.qcow2:/var/lib/libvirt/images/image.qcow2:rw \
-v /path/to/environment/domrun:/etc/default/domrun:rw \
-e VM_NAME='' \
-e VM_TITLE='' \
-e VM_MEM='' \
-e VM_CPUS='' \
-e VM_NET='' \
--tmpfs /tmp \
--tmpfs /run:rw \
--privileged \
voobscout/base-arch:libvirt
docker run --name xfce -ti --rm -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp --tmpfs /run --security-opt=seccomp:unconfined
docker run -d -ti \
-v $HOME/.offlineimap:/home/offlineimap/.offlineimap:rw \
-v $HOME/.config/offlineimap/config:/home/offlineimap/.config/offlineimap/config:rw \
-v $HOME/Documents/Maildir:/home/offlineimap/Documents/Maildir:rw \
voobscout/base-arch:offlineimap #{config account name to sync}
docker run --rm -ti \
--env DISPLAY="${DISPLAY}" \
--memory 1024M \
--cpus 0.5 \
--memory-swap 0B \
--memory-swappiness 0 \
--env PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native \
--env TZ=Europe/Amsterdam \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /etc/localtime:/etc/localtime:ro \
-v $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse \
-v ${HOME}/.Xauthority:/home/firefox/.Xauthority \
-v ${HOME}/.mozilla:/home/firefox/.mozilla \
-v /dev/dri:/dev/dri \
voobscout/base-arch:firefox