Compare commits

..

No commits in common. "1c49dcd85624daee1977ed5f9452514988bfea14" and "19856f4f69e5a3356446fd5452ca4bff6f05b791" have entirely different histories.

4 changed files with 4 additions and 83 deletions

View file

@ -27,28 +27,13 @@ Multiple reasons:
2. Bandwidth reduction / speed: basing them on my custom base image that proxies apt through a local [apt-cacher-ng](https://wiki.debian.org/AptCacherNg) instance 2. Bandwidth reduction / speed: basing them on my custom base image that proxies apt through a local [apt-cacher-ng](https://wiki.debian.org/AptCacherNg) instance
3. Security: I know precisely how the Dockerfile works and everything it depends on, because I've written it myself 3. Security: I know precisely how the Dockerfile works and everything it depends on, because I've written it myself
4. Compatibility: 4. Compatibility:
- I use [Hashicorp Nomad](https://www.nomadproject.io/), so some of these Dockerfiles are written explicitly with Hashicorp Nomad in mind - e.g. the [`NOMAD_PORT_*` environment variables](https://www.nomadproject.io/docs/job-specification/network#port-parameters). - I use [Hashicorp Nomad](https://www.nomadproject.io/), so some of these Dockerfiles are written explicitly with Hashicorp Nomad in mind.
- My Hashicorp Nomad cluster is comprised chiefly of Raspberry Pis (currently running armv7l, but an upgrade to arm64 is planned eventually), and many Docker containers on the Docker Hub are built by default for amd64 - My Hashicorp Nomad cluster is comprised chiefly of Raspberry Pis (currently running armv7l, but an upgrade to arm64 is planned eventually), and many Docker containers on the Docker Hub are built by default for amd64
5. Maintainability: I want to ensure I keep my Docker images up-to-date, so I rebuild them myself regularly via my [Continuous Integration server](https://laminar.ohwg.net/) 5. Maintainability: I want to ensure I keep my Docker images up-to-date, so I rebuild them myself regularly via my [Continuous Integration server](https://laminar.ohwg.net/)
### Why do I need to run a private Docker registry for `imagebuilder.sh` to work? ### Why do I need to run a private Docker registry for `imagebuilder.sh` to work?
`imagebuild.sh` is designed to automatically build the specified Docker image and then push it to a private Docker registry because then the hosts in my Hashicorp Nomad `imagebuild.sh` is designed to automatically build the specified Docker image and then push it to a private Docker registry because then the hosts in my Hashicorp Nomad
### These Dockerfiles don't work for me!
These Dockerfiles are specific to my environment. They depend on a patched version of `minideb` as a base image, which this package is also responsible for building. The key changes to `minideb` include:
1. Config directive to tell `apt` to use my local apt-cacher-ng instance to save bandwidth / speed things up
2. Apt repository definition for [my personal apt repository](https://apt.starbeamrainbowlabs.com/).
To set your own apt caching proxy address, do this before calling `imagebuilder.sh build minideb`:
```bash
export proxy_address="http://example.com:3142";
```
Note that an apt caching proxy is *required* for it to work. If you don't yet have one setup, I have a blog post about it here: [Cluster, Part 5: Staying current | Automating apt updates and using apt-cacher-ng](https://starbeamrainbowlabs.com/blog/article.php?article=posts/411-cluster-5-staying-current.html)
### I've found a security issue, how can I contact you? ### I've found a security issue, how can I contact you?
Please use the contact details on my website and _privately_ get in touch (don't leave a public comment on my blog): <https://starbeamrainbowlabs.com/> Please use the contact details on my website and _privately_ get in touch (don't leave a public comment on my blog): <https://starbeamrainbowlabs.com/>
@ -68,8 +53,8 @@ Image | Purpose
`minideb-node` | `minideb` with the latest Node.js installed via our [apt repository](https://apt.starbeamrainbowlabs.com/) `minideb-node` | `minideb` with the latest Node.js installed via our [apt repository](https://apt.starbeamrainbowlabs.com/)
`node-serve` | `minideb-node` with [serve](https://www.npmjs.com/package/serve) installed & set as the entrypoint `node-serve` | `minideb-node` with [serve](https://www.npmjs.com/package/serve) installed & set as the entrypoint
`paperless-ng` | Dockerised [paperless-ng](https://github.com/jonaswinkler/paperless-ng) - currently under construction `paperless-ng` | Dockerised [paperless-ng](https://github.com/jonaswinkler/paperless-ng) - currently under construction
`redis` | Dockerised [redis](https://redis.io/), installs the latest stable version `redis` | Dockerised [redis](https://redis.io/)
`shiori` | Dockerised [shiori](https://github.com/go-shiori/shiori), built from source
## Docker container UID/GID map ## Docker container UID/GID map
@ -80,7 +65,6 @@ UID | GID | Container | Notes
70 | 70 | etherpad | 70 | 70 | etherpad |
80 | 80 | serve | Static HTTP Server based on Node.js 80 | 80 | serve | Static HTTP Server based on Node.js
90 | 90 | jellyfin | 90 | 90 | jellyfin |
95 | 95 | shiorio | Shiori bookmark system, built from source
999 | 994 | certbot | The same user & group as fabio, because file permissions 999 | 994 | certbot | The same user & group as fabio, because file permissions
2100 | 2100 | redis | 2100 | 2100 | redis |

View file

@ -1,37 +0,0 @@
ARG REPO_LOCATION
FROM ${REPO_LOCATION}minideb AS builder
RUN install_packages software-properties-common git gpg dirmngr gpg-agent gcc libc-dev
# Add the golang apt repository
# Note that install_packages runs apt update automatically
# Apparentl apt-add-repository doesn't properly import the GPG key :-/
RUN add-apt-repository --yes ppa:longsleep/golang-backports \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6BC817356A3D45E
RUN install_packages golang-go
RUN git clone https://github.com/go-shiori/shiori.git /srv/shiori
WORKDIR /srv/shiori
RUN git checkout "$(git describe --tags "$(git rev-list --tags --max-count=1)")"
# armv7l+, GOARM can be set as low as 5 if you have an old board (but I have Raspberry Pi 4B+ boards)
RUN GOOS=linux GOARCH=arm GOARM=7 go build -v
FROM ${REPO_LOCATION}minideb
COPY --from=builder /srv/shiori/shiori /srv/shiori
VOLUME /srv/data
WORKDIR /srv/data
USER 95:95
ENTRYPOINT [ "/srv/run.sh" ]
CMD [ "serve" ]

View file

@ -1,25 +0,0 @@
#!/usr/bin/env bash
data_dir="/srv/data";
# The port number to listen on
port="${NOMAD_PORT_SHIORI:-8080}";
echo "[run.sh] I am running as UID $UID" >&2;
echo "[run.sh] Arguments to pass to shiori: '${*}'";
if [[ "${1}" == "serve" ]]; then
echo "[run.sh] Going to tell Shiori to listen on port ${port}." >&2;
fi
if [[ ! -d "${data_dir}" ]]; then
echo "[run.sh] Error: The data directory at '${data_dir}' does not appear to exist." >&2;
exit 2;
fi
cd "${data_dir}" || { echo "Error: Failed to cd into '${data_dir}' (have you checked the permissions?)"; exit 2; };
if [[ "${1}" == "serve" ]]; then
exec /srv/shiori/shiori "$@" -port "${port}";
else
exec /srv/shiori/shiori "$@";
fi

View file

@ -1 +0,0 @@
docker