Fill out README
This commit is contained in:
parent
5d748b36b1
commit
47caa15d90
1 changed files with 65 additions and 17 deletions
82
README.md
82
README.md
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
> Dockerfiles and scripts to build various Docker images I rely on.
|
> Dockerfiles and scripts to build various Docker images I rely on.
|
||||||
|
|
||||||
|
This repository contains a bunch of Dockerfiles that I've written myself. I run them on my Hashicorp [Consul](https://consul.io/) and [Nomad](https://www.nomadproject.io/) cluster, which is comprised of 5 Raspberry Pi 4B+ boards (3 server nodes for both Consul and Nomad).
|
||||||
|
|
||||||
|
|
||||||
## System Requirements
|
## System Requirements
|
||||||
- Linux
|
- Linux
|
||||||
|
@ -16,6 +18,56 @@ The script that does the magic is called `imagebuilder.sh` in the root of this r
|
||||||
./imagebuilder.sh
|
./imagebuilder.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## FAQ
|
||||||
|
|
||||||
|
### Why write your own Dockerfiles for services that already ship with one?
|
||||||
|
Multiple reasons:
|
||||||
|
|
||||||
|
1. Educational purposes (learning how to write Dockerfiles; how Docker works, etc)
|
||||||
|
2. Bandwidth reduction / speed: basing them on my custom base image that proxies apt through a local [apt-cacher-ng](https://wiki.debian.org/AptCacherNg) instance
|
||||||
|
3. Security: I know precisely how the Dockerfile works and everything it depends on, because I've written it myself
|
||||||
|
4. Compatibility:
|
||||||
|
- I use [Hashicorp Nomad](https://www.nomadproject.io/), so some of these Dockerfiles are written explicitly with Hashicorp Nomad in mind.
|
||||||
|
- My Hashicorp Nomad cluster is comprised chiefly of Raspberry Pis (currently running armv7l, but an upgrade to arm64 is planned eventually), and many Docker containers on the Docker Hub are built by default for amd64
|
||||||
|
5. Maintainability: I want to ensure I keep my Docker images up-to-date, so I rebuild them myself regularly via my [Continuous Integration server](https://laminar.ohwg.net/)
|
||||||
|
|
||||||
|
### Why do I need to run a private Docker registry for `imagebuilder.sh` to work?
|
||||||
|
`imagebuild.sh` is designed to automatically build the specified Docker image and then push it to a private Docker registry because then the hosts in my Hashicorp Nomad
|
||||||
|
|
||||||
|
### I've found a security issue, how can I contact you?
|
||||||
|
Please use the contact details on my website and _privately_ get in touch (don't leave a public comment on my blog): <https://starbeamrainbowlabs.com/>
|
||||||
|
|
||||||
|
|
||||||
|
## Image Catalogue
|
||||||
|
|
||||||
|
Image | Purpose
|
||||||
|
--------------------|----------------
|
||||||
|
`certbot` | Dockerised certbot via certbot-auto - currently doesn't build anymore because "certbot doesn't support your OS anymore" or something like that, but the version pushed to our private registry works just fine until we can rectify the issue
|
||||||
|
`docker-registry-ui`| [docker registry ui](https://github.com/Joxit/docker-registry-ui), dockerised
|
||||||
|
`etherpad` | Dockerised [etherpad](https://etherpad.org/) (currently faulty, see [this GitHub issue](https://github.com/ether/etherpad-lite/issues/4962))
|
||||||
|
`gossa` | Dockerised [gossa](https://github.com/pldubouilh/gossa/)
|
||||||
|
`jellyfin` | Dockerised [jellyfin](https://jellyfin.org/)
|
||||||
|
`minetest` | Dockerised server for [minetest](https://github.com/minetest/minetest),, currently under construction
|
||||||
|
`minetest-mapserver`| Dockerised [minetest-mapserver](https://github.com/minetest-mapserver/mapserver)
|
||||||
|
`minideb` | Our main base image for (most) other images. Built from [minideb](https://github.com/bitnami/minideb), but customised to use our local apt-cacher-ng instance.
|
||||||
|
`minideb-node` | `minideb` with the latest Node.js installed via our [apt repository](https://apt.starbeamrainbowlabs.com/)
|
||||||
|
`node-serve` | `minideb-node` with [serve](https://www.npmjs.com/package/serve) installed & set as the entrypoint
|
||||||
|
`paperless-ng` | Dockerised [paperless-ng](https://github.com/jonaswinkler/paperless-ng) - currently under construction
|
||||||
|
`redis` | Dockerised [redis](https://redis.io/)
|
||||||
|
|
||||||
|
|
||||||
|
## Docker container UID/GID map
|
||||||
|
|
||||||
|
UID | GID | Container | Notes
|
||||||
|
--------|-------|-----------------------|-----------------
|
||||||
|
3 | 3 | docker-registry-ui |
|
||||||
|
60 | 60 | minetest-mapserver |
|
||||||
|
70 | 70 | etherpad |
|
||||||
|
80 | 80 | serve | Static HTTP Server based on Node.js
|
||||||
|
90 | 90 | jellyfin |
|
||||||
|
999 | 994 | certbot | The same user & group as fabio, because file permissions
|
||||||
|
2100 | 2100 | redis |
|
||||||
|
|
||||||
## Development Notes
|
## Development Notes
|
||||||
|
|
||||||
At present, 3 image types are present:
|
At present, 3 image types are present:
|
||||||
|
@ -24,23 +76,19 @@ At present, 3 image types are present:
|
||||||
- **`base-nopush`:** A variant of the above that doesn't automatically much to the docker registry on completion.
|
- **`base-nopush`:** A variant of the above that doesn't automatically much to the docker registry on completion.
|
||||||
- **`docker`:** A `Dockerfile` is is built with `docker build` before being pushed to the docker registry.
|
- **`docker`:** A `Dockerfile` is is built with `docker build` before being pushed to the docker registry.
|
||||||
|
|
||||||
|
### Creating a new image
|
||||||
|
Each image should have it's own subdirectory inside the `image` directory. The following files should be present for a `docker` image type:
|
||||||
|
|
||||||
Image | Purpose
|
- `type.txt`: Should contain the word `docker`
|
||||||
--------------------|----------------
|
- `Dockerfile`: The Dockerfile to build
|
||||||
`minideb` | Our main base image for (most) other images. Built from [minideb](https://github.com/bitnami/minideb), but customised to use our [[Wopplefox/apt-cacher-ng|apt-cacher-ng]] instance.
|
|
||||||
`docker-registry-ui`| [docker registry ui](https://github.com/Joxit/docker-registry-ui), dockerised
|
|
||||||
`jellyfin` | Dockerised [jellyfin](https://jellyfin.org/)
|
|
||||||
`etherpad` | Dockerised [etherpad](https://etherpad.org/)
|
|
||||||
|
|
||||||
## Docker container UID/GID map
|
Any other files are given to Docker as [build context](https://stackoverflow.com/a/44466648/1460422).
|
||||||
|
|
||||||
UID | GID | Container | Notes
|
For `base` and `base-nopush` image types, the following files should be present:
|
||||||
--------|-------|-----------------------|-----------------
|
|
||||||
3 | 3 | docker-registry-ui |
|
- `IMAGE_NAME.sh`: A `.sh` file named after the name of the parent directory. For example, the `minideb` image contains the script `minideb.sh`
|
||||||
50 | 995 | image-wrangler | 995 = docker group, deprecated
|
- `type.txt`: Should contain either the word `base` or `base-nopush`
|
||||||
60 | 60 | minetest-mapserver |
|
|
||||||
70 | 70 | etherpad |
|
Optionally, any image type can contain the following files:
|
||||||
80 | 80 | serve | Static HTTP Server based on Node.js
|
|
||||||
90 | 90 | jellyfin |
|
- `dependents.txt`: The names of images that depend on this image - 1 image name per file. This is read by my continuous integration system to queue rebuilds of dependent Docker containers once the current image has finished building & pushing automatically.
|
||||||
999 | 994 | certbot | The same user & group as fabio, because file permissions
|
|
||||||
2100 | 2100 | redis |
|
|
||||||
|
|
Loading…
Reference in a new issue