Compare commits
2 commits
19856f4f69
...
1c49dcd856
Author | SHA1 | Date | |
---|---|---|---|
1c49dcd856 | |||
0368929002 |
4 changed files with 83 additions and 4 deletions
24
README.md
24
README.md
|
@ -27,13 +27,28 @@ Multiple reasons:
|
||||||
2. Bandwidth reduction / speed: basing them on my custom base image that proxies apt through a local [apt-cacher-ng](https://wiki.debian.org/AptCacherNg) instance
|
2. Bandwidth reduction / speed: basing them on my custom base image that proxies apt through a local [apt-cacher-ng](https://wiki.debian.org/AptCacherNg) instance
|
||||||
3. Security: I know precisely how the Dockerfile works and everything it depends on, because I've written it myself
|
3. Security: I know precisely how the Dockerfile works and everything it depends on, because I've written it myself
|
||||||
4. Compatibility:
|
4. Compatibility:
|
||||||
- I use [Hashicorp Nomad](https://www.nomadproject.io/), so some of these Dockerfiles are written explicitly with Hashicorp Nomad in mind.
|
- I use [Hashicorp Nomad](https://www.nomadproject.io/), so some of these Dockerfiles are written explicitly with Hashicorp Nomad in mind - e.g. the [`NOMAD_PORT_*` environment variables](https://www.nomadproject.io/docs/job-specification/network#port-parameters).
|
||||||
- My Hashicorp Nomad cluster is comprised chiefly of Raspberry Pis (currently running armv7l, but an upgrade to arm64 is planned eventually), and many Docker containers on the Docker Hub are built by default for amd64
|
- My Hashicorp Nomad cluster is comprised chiefly of Raspberry Pis (currently running armv7l, but an upgrade to arm64 is planned eventually), and many Docker containers on the Docker Hub are built by default for amd64
|
||||||
5. Maintainability: I want to ensure I keep my Docker images up-to-date, so I rebuild them myself regularly via my [Continuous Integration server](https://laminar.ohwg.net/)
|
5. Maintainability: I want to ensure I keep my Docker images up-to-date, so I rebuild them myself regularly via my [Continuous Integration server](https://laminar.ohwg.net/)
|
||||||
|
|
||||||
### Why do I need to run a private Docker registry for `imagebuilder.sh` to work?
|
### Why do I need to run a private Docker registry for `imagebuilder.sh` to work?
|
||||||
`imagebuild.sh` is designed to automatically build the specified Docker image and then push it to a private Docker registry because then the hosts in my Hashicorp Nomad
|
`imagebuild.sh` is designed to automatically build the specified Docker image and then push it to a private Docker registry because then the hosts in my Hashicorp Nomad
|
||||||
|
|
||||||
|
### These Dockerfiles don't work for me!
|
||||||
|
These Dockerfiles are specific to my environment. They depend on a patched version of `minideb` as a base image, which this package is also responsible for building. The key changes to `minideb` include:
|
||||||
|
|
||||||
|
1. Config directive to tell `apt` to use my local apt-cacher-ng instance to save bandwidth / speed things up
|
||||||
|
2. Apt repository definition for [my personal apt repository](https://apt.starbeamrainbowlabs.com/).
|
||||||
|
|
||||||
|
To set your own apt caching proxy address, do this before calling `imagebuilder.sh build minideb`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export proxy_address="http://example.com:3142";
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that an apt caching proxy is *required* for it to work. If you don't yet have one setup, I have a blog post about it here: [Cluster, Part 5: Staying current | Automating apt updates and using apt-cacher-ng](https://starbeamrainbowlabs.com/blog/article.php?article=posts/411-cluster-5-staying-current.html)
|
||||||
|
|
||||||
|
|
||||||
### I've found a security issue, how can I contact you?
|
### I've found a security issue, how can I contact you?
|
||||||
Please use the contact details on my website and _privately_ get in touch (don't leave a public comment on my blog): <https://starbeamrainbowlabs.com/>
|
Please use the contact details on my website and _privately_ get in touch (don't leave a public comment on my blog): <https://starbeamrainbowlabs.com/>
|
||||||
|
|
||||||
|
@ -53,8 +68,8 @@ Image | Purpose
|
||||||
`minideb-node` | `minideb` with the latest Node.js installed via our [apt repository](https://apt.starbeamrainbowlabs.com/)
|
`minideb-node` | `minideb` with the latest Node.js installed via our [apt repository](https://apt.starbeamrainbowlabs.com/)
|
||||||
`node-serve` | `minideb-node` with [serve](https://www.npmjs.com/package/serve) installed & set as the entrypoint
|
`node-serve` | `minideb-node` with [serve](https://www.npmjs.com/package/serve) installed & set as the entrypoint
|
||||||
`paperless-ng` | Dockerised [paperless-ng](https://github.com/jonaswinkler/paperless-ng) - currently under construction
|
`paperless-ng` | Dockerised [paperless-ng](https://github.com/jonaswinkler/paperless-ng) - currently under construction
|
||||||
`redis` | Dockerised [redis](https://redis.io/)
|
`redis` | Dockerised [redis](https://redis.io/), installs the latest stable version
|
||||||
|
`shiori` | Dockerised [shiori](https://github.com/go-shiori/shiori), built from source
|
||||||
|
|
||||||
## Docker container UID/GID map
|
## Docker container UID/GID map
|
||||||
|
|
||||||
|
@ -65,6 +80,7 @@ UID | GID | Container | Notes
|
||||||
70 | 70 | etherpad |
|
70 | 70 | etherpad |
|
||||||
80 | 80 | serve | Static HTTP Server based on Node.js
|
80 | 80 | serve | Static HTTP Server based on Node.js
|
||||||
90 | 90 | jellyfin |
|
90 | 90 | jellyfin |
|
||||||
|
95 | 95 | shiorio | Shiori bookmark system, built from source
|
||||||
999 | 994 | certbot | The same user & group as fabio, because file permissions
|
999 | 994 | certbot | The same user & group as fabio, because file permissions
|
||||||
2100 | 2100 | redis |
|
2100 | 2100 | redis |
|
||||||
|
|
||||||
|
|
37
images/shiori/Dockerfile
Normal file
37
images/shiori/Dockerfile
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
ARG REPO_LOCATION
|
||||||
|
|
||||||
|
FROM ${REPO_LOCATION}minideb AS builder
|
||||||
|
|
||||||
|
RUN install_packages software-properties-common git gpg dirmngr gpg-agent gcc libc-dev
|
||||||
|
|
||||||
|
# Add the golang apt repository
|
||||||
|
# Note that install_packages runs apt update automatically
|
||||||
|
# Apparentl apt-add-repository doesn't properly import the GPG key :-/
|
||||||
|
RUN add-apt-repository --yes ppa:longsleep/golang-backports \
|
||||||
|
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6BC817356A3D45E
|
||||||
|
|
||||||
|
RUN install_packages golang-go
|
||||||
|
|
||||||
|
RUN git clone https://github.com/go-shiori/shiori.git /srv/shiori
|
||||||
|
|
||||||
|
WORKDIR /srv/shiori
|
||||||
|
|
||||||
|
RUN git checkout "$(git describe --tags "$(git rev-list --tags --max-count=1)")"
|
||||||
|
|
||||||
|
# armv7l+, GOARM can be set as low as 5 if you have an old board (but I have Raspberry Pi 4B+ boards)
|
||||||
|
RUN GOOS=linux GOARCH=arm GOARM=7 go build -v
|
||||||
|
|
||||||
|
|
||||||
|
FROM ${REPO_LOCATION}minideb
|
||||||
|
|
||||||
|
COPY --from=builder /srv/shiori/shiori /srv/shiori
|
||||||
|
|
||||||
|
VOLUME /srv/data
|
||||||
|
|
||||||
|
WORKDIR /srv/data
|
||||||
|
|
||||||
|
USER 95:95
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/srv/run.sh" ]
|
||||||
|
|
||||||
|
CMD [ "serve" ]
|
25
images/shiori/run.sh
Executable file
25
images/shiori/run.sh
Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
data_dir="/srv/data";
|
||||||
|
|
||||||
|
# The port number to listen on
|
||||||
|
port="${NOMAD_PORT_SHIORI:-8080}";
|
||||||
|
|
||||||
|
echo "[run.sh] I am running as UID $UID" >&2;
|
||||||
|
echo "[run.sh] Arguments to pass to shiori: '${*}'";
|
||||||
|
if [[ "${1}" == "serve" ]]; then
|
||||||
|
echo "[run.sh] Going to tell Shiori to listen on port ${port}." >&2;
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -d "${data_dir}" ]]; then
|
||||||
|
echo "[run.sh] Error: The data directory at '${data_dir}' does not appear to exist." >&2;
|
||||||
|
exit 2;
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${data_dir}" || { echo "Error: Failed to cd into '${data_dir}' (have you checked the permissions?)"; exit 2; };
|
||||||
|
|
||||||
|
if [[ "${1}" == "serve" ]]; then
|
||||||
|
exec /srv/shiori/shiori "$@" -port "${port}";
|
||||||
|
else
|
||||||
|
exec /srv/shiori/shiori "$@";
|
||||||
|
fi
|
1
images/shiori/type.txt
Normal file
1
images/shiori/type.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
docker
|
Loading…
Reference in a new issue