Merge pull request #405 from linuxserver/universal-docker-in-docker-s6v3

Switch to hybrid (universal-docker-in-docker)
2026-06-28 03:03:51 -04:00 · 2022-08-27 08:29:18 -04:00
parent 223be75cf9 fafe7ee709
commit b6980b1359
17 changed files with 96 additions and 0 deletions
@@ -0,0 +1,56 @@
+#!/usr/bin/with-contenv bash
+
+ABC_USER=$(id -nu ${PUID:-911})
+mkdir -p /config/{logs/dockerd,var/lib/docker}
+chown -R ${ABC_USER}:${ABC_USER} /config/logs
+
+echo "**** installing docker and docker compose ****"
+if [ -f /usr/bin/apt ]; then
+    echo "**** Adding docker-in-docker dependency packages to install list ****"
+    echo "\
+        btrfs-progs \
+        ca-certificates \
+        curl \
+        e2fsprogs \
+        iptables \
+        openssh-client \
+        openssl \
+        pigz \
+        xfsprogs \
+        xz-utils" >> /mod-repo-packages-to-install.list
+else
+    echo "**** Adding docker-in-docker dependency packages to install list ****"
+    echo "\
+        btrfs-progs \
+        curl \
+        e2fsprogs \
+        e2fsprogs-extra \
+        ip6tables \
+        iptables \
+        openssl \
+        pigz \
+        xfsprogs \
+        xz" >> /mod-repo-packages-to-install.list
+fi
+ARCH=$(uname -m)
+if [ -d "/docker-tgz" ] ; then
+    echo "Copying over docker and docker-compose binaries"
+    mkdir -p /usr/local/lib/docker/cli-plugins
+    mv "/docker-tgz/docker-compose_${ARCH}" /usr/local/lib/docker/cli-plugins/docker-compose
+    mv "/docker-tgz/compose-switch_${ARCH}" /usr/local/bin/docker-compose
+    tar xf /docker-tgz/docker_${ARCH}.tgz \
+        --strip-components=1 -C \
+        /usr/local/bin/
+    rm -rf /docker-tgz
+else
+    echo "**** docker and docker-compose already installed, skipping ****"
+fi
+
+# delete PID if exists
+find /run /var/run -iname 'docker*.pid' -delete || :
+
+# create docker group and add abc to it
+groupadd -f docker
+if ! id -nG ${ABC_USER} | grep -q "docker"; then 
+    usermod -aG docker ${ABC_USER}
+fi
@@ -0,0 +1 @@
+oneshot
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run
@@ -0,0 +1 @@
+svc-mod-universal-docker-in-docker
@@ -0,0 +1 @@
+mod-universal-docker-in-docker-pipeline
@@ -0,0 +1,6 @@
+#!/usr/bin/with-contenv bash
+
+ABC_USER=$(id -nu ${PUID:-911})
+
+exec \
+    s6-setuidgid ${ABC_USER} s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/logs/dockerd
@@ -0,0 +1 @@
+longrun
@@ -0,0 +1 @@
+svc-mod-universal-docker-in-docker-log
@@ -0,0 +1,27 @@
+#!/usr/bin/with-contenv bash
+
+## dind hack from https://github.com/moby/moby/blob/master/hack/dind
+export container=docker
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
+    mount -t securityfs none /sys/kernel/security || {
+        echo 'Could not mount /sys/kernel/security.'
+        echo 'AppArmor detection and --privileged mode might break.'
+    }
+fi
+# Mount /tmp (conditionally)
+if ! mountpoint -q /tmp; then
+    mount -t tmpfs none /tmp
+fi
+# cgroup v2: enable nesting
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+    # move the init process (PID 1) from the root group to the /init group,
+    # otherwise writing subtree_control fails with EBUSY.
+    mkdir -p /sys/fs/cgroup/init
+    echo 1 > /sys/fs/cgroup/init/cgroup.procs
+    # enable controllers
+    sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+        > /sys/fs/cgroup/cgroup.subtree_control
+fi
+
+exec 2>&1 /usr/local/bin/dockerd \
+    --data-root "/config/var/lib/docker"
@@ -0,0 +1 @@
+longrun
				`@@ -0,0 +1 @@`
				`/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run`