universal-dind: initial release

2026-06-29 03:33:19 -04:00 · 2021-04-06 16:46:57 -04:00
parent d1dc6e5858
commit 16eb7b6d87
9 changed files with 171 additions and 78 deletions
@@ -0,0 +1,57 @@
+#!/usr/bin/with-contenv bash
+
+ABC_USER=$(id -nu ${PUID:-911})
+mkdir -p /config/{logs/dockerd,var/lib/docker}
+chown -R ${ABC_USER}:${ABC_USER} /config/logs
+
+echo "**** installing docker and docker compose ****"
+if [ -f /usr/bin/apt ]; then
+  DISTRONAME="ubuntu"
+  apt-get update && \
+  apt-get install -y \
+    btrfs-progs \
+    ca-certificates \
+    curl \
+    e2fsprogs \
+    iptables \
+    openssh-client \
+    openssl \
+    pigz \
+    xfsprogs \
+    xz-utils
+else
+  DISTRONAME="alpine"
+  apk add --no-cache \
+    btrfs-progs \
+    curl \
+		e2fsprogs \
+		e2fsprogs-extra \
+		ip6tables \
+		iptables \
+		openssl \
+    pigz \
+		xfsprogs \
+		xz
+fi
+ARCH=$(uname -m)
+if [ -f "/docker-compose-${DISTRONAME}/docker-compose_${ARCH}" ] ; then
+  echo "Copying over docker and docker-compose binaries"
+  mv "/docker-compose-${DISTRONAME}/docker-compose_${ARCH}" /usr/local/bin/docker-compose
+  chmod +x /usr/local/bin/docker-compose
+  rm -rf /docker-compose-ubuntu /docker-compose-alpine
+  tar xf /docker-tgz/docker_${ARCH}.tgz \
+    --strip-components=1 -C \
+    /usr/local/bin/
+  rm -rf /docker-tgz
+else
+  echo "**** docker and docker-compose already installed, skipping ****"
+fi
+
+# delete PID if exists
+find /run /var/run -iname 'docker*.pid' -delete || :
+
+# create docker group and add abc to it
+groupadd -f docker
+if ! id -nG ${ABC_USER} | grep -q "docker"; then 
+  usermod -aG docker ${ABC_USER}
+fi
@@ -1,27 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Determine if setup is needed
-if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
-[ -f /usr/bin/apt ]; then
-  ## Ubuntu
-  apt-get update
-  apt-get install --no-install-recommends -y \
-    iptables \
-    openssh-client \
-    python3 \
-    python3-pip 
-  pip3 install sshuttle
-fi
-if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
-[ -f /sbin/apk ]; then
-  # Alpine
-  apk add --no-cache \
-    iptables \
-    openssh \
-    py3-pip \
-    python3 
-  pip3 install sshuttle
-fi
-
-chown -R root:root /root
-chmod -R 600 /root/.ssh
@@ -0,0 +1,6 @@
+#!/usr/bin/with-contenv bash
+
+ABC_USER=$(id -nu ${PUID:-911})
+
+exec \
+    s6-setuidgid ${ABC_USER} s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/logs/dockerd
@@ -0,0 +1,27 @@
+#!/usr/bin/with-contenv bash
+
+## dind hack from https://github.com/moby/moby/blob/master/hack/dind
+export container=docker
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
+    mount -t securityfs none /sys/kernel/security || {
+        echo 'Could not mount /sys/kernel/security.'
+        echo 'AppArmor detection and --privileged mode might break.'
+    }
+fi
+# Mount /tmp (conditionally)
+if ! mountpoint -q /tmp; then
+    mount -t tmpfs none /tmp
+fi
+# cgroup v2: enable nesting
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+    # move the init process (PID 1) from the root group to the /init group,
+    # otherwise writing subtree_control fails with EBUSY.
+    mkdir -p /sys/fs/cgroup/init
+    echo 1 > /sys/fs/cgroup/init/cgroup.procs
+    # enable controllers
+    sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+        > /sys/fs/cgroup/cgroup.subtree_control
+fi
+
+exec 2>&1 /usr/local/bin/dockerd \
+    --data-root "/config/var/lib/docker"
@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16