Skip to content

Latest commit

 

History

History
250 lines (191 loc) · 6.34 KB

README.md

File metadata and controls

250 lines (191 loc) · 6.34 KB

voobscout/dockerfiles

Intro

Collection of personal dockerfiles

Version

debian images are "FROM debian:jessie-backports" arch images are "FROM base/archlinux:latest"

base

The most generic image runs "bash -l"

docker run -d -ti voobscout/base-deb:latest

debian

httpd

apt-get install apache2

Bind your own certs /etc/apache2/ssl/key.pem /etc/apache2/ssl/cert.pem

docker run -d -ti -p 443:443/tcp -p 80:80/tcp -v /your/html/root:/var/www/html \
voobscout/base-deb:httpd

fail2ban

jail.local example:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 3600
findtime  = 3600
maxretry = 3

[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/host/secure
maxretry = 1
docker run -d -ti --privileged --net host -v /var/log:/var/log/host \
-v /your/jail.local:/etc/fail2ban/jail.local voobscout/base-deb:fail2ban

yadisk

Yandex Disk native linux client

docker run -d -ti -v /your/files:/root/Yandex.Disk:rw voobscout/base-deb:yadisk <uname> <passwd>

freeswitch

1.6 debs repo with g729 compiled from Deepwalker ipp sources

docker run -d -ti --name freeswitch voobscout/base-deb:freeswitch freeswitch

cryfs4share

Bind your own "/etc/samba/smb.conf" and/or "/etc/exports" into this container if additional shares are required

Don't forget to add the defaults from provided files.

The unencrypted contents are accessible by:

NFS: sudo mount :/exports /path/of/your/choosing

CIFS: sudo mount ///exports /path/of/your/choosing -o username=cryfs -o password=samba123

docker run -d -ti --cap-add SYS_ADMIN --device /dev/fuse -v /your/encrypted/folder:/.exports:rw \
voobscout/base-deb:cryfs4share ${cryfs_mount_password}

sync2davfs

Oneway sync from /mnt/sync_src to a webdav of your choice, using lsyncd and davfs2 under the hood

docker run -d -ti --privileged -v /your/files:/mnt/sync_src:ro \
voobscout/base-deb:sync2davfs <http://davfs.server.com> <uname> <passwd>

samba

Stolen from here - I didn't like the lack of backports repo

docker run -d -ti --privileged voobscout/base-deb:samba \
    -u "adminuser;adminpasswd123" -u "user;userpass123" \
    -s "smb_share1;/path/to/share;yes;no;no;user;adminuser" \
    -s "smb_share2;/path/to/share2;yes;yes;no;all;adminuser"

mongodb

Stolen from here - I wanted a debian base, not ubuntu

This expects some ENV and a data dir volume

docker run -d -ti \
    -e AUTH=yes \
    -e STORAGE_ENGINE=wiredTiger \
    -e JOURNALING=yes \
    -e OPLOG_SIZE=8192 \
    -e MONGODB_USER=admin \
    -e MONGODB_DATABASE=admin \
    -e MONGODB_PASS=kaka123 \
    -v /opt/mongodb_data:/data/db \
    voobscout/base-deb:mongodb

znc

This container expects a working copy of ~/.znc

docker run -d -ti -v ~/.znc:/home/znc/.znc:rw voobscout/base-deb:znc

prosody

docker run -d -ti \
-v /path/to/prosody/etc:/etc/prosody:rw \
-v /path/to/prosody/var:/var/lib/prosody:rw \
voobscout/base-deb:prosody

arch-systemd

This works without additional security capabilities, ie. no need for '--cap-add SYS_ADMIN', but there seems to be a difference of opinion on the issue and the --security-opt=seccomp:unconfined is nessesary!

docker run -d -ti \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--tmpfs /tmp \
--tmpfs /run:rw \
--security-opt=seccomp:unconfined voobscout/base-arch:systemd

libvirt

Currently I found no way to successfully run containerized libvirt, without the --privileged flag!

domrun.service will expect a single qcow2 image to be available at /var/lib/libvirt/images/image.qcow2, please mount accordingly or provide VM_DISK variable. Container will not run without variables mounted to /etc/default/domrun or /etc/default/domrun.d/* inside the container:

Provide DOMRUN to run a script that emits an xml and starts the VM, I chose to use ruby...

cat <<EOF > /etc/default/domrun
DOMRUN=''
VM_TEMPLATE='URI to either file or http/ftp resource'
VM_NAME='instance name'
VM_TITLE='instance title to appear in virt-manager alike GUI'
VM_MEM='8 gb' #specify mem units in any form, ie. 0.1tb
VM_CPUS='2'
VM_DISK='/path/to/your/image.qcow2'
VM_NET='name of network adapter to connect this domain to'
EOF

To actually run it:

docker run -d \
-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-v /path/to/images/image.qcow2:/var/lib/libvirt/images/image.qcow2:rw \
-v /path/to/environment/domrun:/etc/default/domrun:rw \
-e VM_NAME='' \
-e VM_TITLE='' \
-e VM_MEM='' \
-e VM_CPUS='' \
-e VM_NET='' \
--tmpfs /tmp \
--tmpfs /run:rw \
--privileged \
voobscout/base-arch:libvirt

xorg-dummy

docker run --name xfce -ti --rm -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /tmp --tmpfs /run --security-opt=seccomp:unconfined

offlineimap

docker run -d -ti \
-v $HOME/.offlineimap:/home/offlineimap/.offlineimap:rw \
-v $HOME/.config/offlineimap/config:/home/offlineimap/.config/offlineimap/config:rw \
-v $HOME/Documents/Maildir:/home/offlineimap/Documents/Maildir:rw \
voobscout/base-arch:offlineimap #{config account name to sync}

firefox

docker run --rm -ti \
--env DISPLAY="${DISPLAY}" \
--memory 1024M \
--cpus 0.5 \
--memory-swap 0B \
--memory-swappiness 0 \
--env PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native \
--env TZ=Europe/Amsterdam \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /etc/localtime:/etc/localtime:ro \
-v $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse \
-v ${HOME}/.Xauthority:/home/firefox/.Xauthority \
-v ${HOME}/.mozilla:/home/firefox/.mozilla \
-v /dev/dri:/dev/dri \
voobscout/base-arch:firefox