diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..ed4b49c --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing to mods + +## Gotchas + +* While contributing make sure to make all your changes before creating a Pull Request, as our pipeline builds each commit after the PR is open. +* Read, and fill the Pull Request template + * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR + * If the PR is addressing an existing issue include, closes #\, in the body of the PR commit message +* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..5e42ab8 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,43 @@ + + +[linuxserverurl]: https://linuxserver.io +[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] + + + + + + + + + + + + + + + + + +------------------------------ + + - [ ] I have read the [contributing](https://github.com/linuxserver/docker-mods/blob/main/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications + +------------------------------ + + + +## Description: + + +## Benefits of this PR and context: + + +## How Has This Been Tested? + + + + + +## Source / References: + diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml deleted file mode 100644 index 58ccaf5..0000000 --- a/.github/workflows/BuildImage.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Build Image - -on: [push, pull_request, workflow_dispatch] - -env: - ENDPOINT: "user/endpoint" - BRANCH: "master" - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2.3.3 - - - name: Build image - run: | - docker build --no-cache -t ${{ github.sha }} . - - - name: Tag image - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.ENDPOINT != 'user/endpoint' }} - run: | - docker tag ${{ github.sha }} ${ENDPOINT} - docker tag ${{ github.sha }} ${ENDPOINT}:${{ github.sha }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${{ github.sha }} - - - name: Credential check - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.ENDPOINT != 'user/endpoint' }} - run: | - echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV - echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV - echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV - echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV - if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then - echo "::error::Push credential secrets missing." - echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings." - echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions." - exit 1 - fi - - - name: Login to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.CR_USER && env.CR_PAT && env.ENDPOINT != 'user/endpoint' }} - run: | - echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin - - - name: Push tags to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.CR_USER && env.CR_PAT && env.ENDPOINT != 'user/endpoint' }} - run: | - docker push ghcr.io/${ENDPOINT}:${{ github.sha }} - docker push ghcr.io/${ENDPOINT} - - - name: Login to DockerHub - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.DOCKERUSER && env.DOCKERPASS && env.ENDPOINT != 'user/endpoint' }} - run: | - echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin - - - name: Push tags to DockerHub - if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.DOCKERUSER && env.DOCKERPASS && env.ENDPOINT != 'user/endpoint' }} - run: | - docker push ${ENDPOINT}:${{ github.sha }} - docker push ${ENDPOINT} diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml deleted file mode 100644 index 1447bc5..0000000 --- a/.github/workflows/permissions.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: Permission check -on: - pull_request_target: - paths: - - '**/run' - - '**/finish' - - '**/check' -jobs: - permission_check: - uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 2f24b20..0000000 --- a/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM scratch - -# copy local files -COPY root/ / diff --git a/Dockerfile.complex b/Dockerfile.complex deleted file mode 100644 index 3196da5..0000000 --- a/Dockerfile.complex +++ /dev/null @@ -1,21 +0,0 @@ -## Buildstage ## -FROM ghcr.io/linuxserver/baseimage-alpine:3.12 as buildstage - -RUN \ - echo "**** install packages ****" && \ - apk add --no-cache \ - curl && \ - echo "**** grab rclone ****" && \ - mkdir -p /root-layer && \ - curl -o \ - /root-layer/rclone.deb -L \ - "https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb" - -# copy local files -COPY root/ /root-layer/ - -## Single layer deployed image ## -FROM scratch - -# Add files from buildstage -COPY --from=buildstage /root-layer/ / diff --git a/README.md b/README.md index 725266e..d9d1a24 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This allows: * Zero cost hosting and build pipelines for these modifications leveraging GitHub Container Registry and Dockerhub * Full custom configuration management layers for hooking containers into each other using environment variables contained in a compose file -It is important to note to end users of this system that there are not only extreme security implications to consuming files from souces outside of our control, but by leveraging community Mods you essentially lose direct support from the core LinuxServer team. Our first and foremost troubleshooting step will be to remove the `DOCKER_MODS` environment variable when running into issues and replace the container with a clean LSIO one. +It is important to note to end users of this system that there are not only extreme security implications to consuming files from sources outside of our control, but by leveraging community Mods you essentially lose direct support from the core LinuxServer team. Our first and foremost troubleshooting step will be to remove the `DOCKER_MODS` environment variable when running into issues and replace the container with a clean LSIO one. Again, when pulling in logic from external sources practice caution and trust the sources/community you get them from. @@ -17,7 +17,7 @@ Again, when pulling in logic from external sources practice caution and trust th We host and publish official Mods at the [linuxserver/mods](https://github.com/orgs/linuxserver/packages/container/mods/versions) endpoint as separate tags. Each tag is in the format of `-` for the latest versions, and `--` for the specific versions. -Here's a list of the official Mods we host: +Here's a list of the official Mods we host: [https://mods.linuxserver.io/](https://mods.linuxserver.io/) ## Using a Docker Mod @@ -31,49 +31,53 @@ Consumption of a Docker Mod is intended to be as user friendly as possible and c Full example: docker run + ```bash docker create \ --name=nzbget \ - -e DOCKER_MODS=taisun/nzbget-mod:latest \ + -e DOCKER_MODS=lscr.io/linuxserver/mods:universal-tshoot \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/London \ -p 6789:6789 \ - -v :/config \ - -v :/downloads \ + -v /path/to/nzbget/data:/config \ + -v /path/to/downloads:/downloads \ --restart unless-stopped \ - linuxserver/nzbget + lscr.io/linuxserver/nzbget ``` + docker compose + ```yaml --- services: nzbget: - image: linuxserver/nzbget:latest + image: lscr.io/linuxserver/nzbget:latest container_name: nzbget environment: - - DOCKER_MODS=taisun/nzbget-mod:latest + - DOCKER_MODS=lscr.io/linuxserver/mods:universal-tshoot - PUID=1000 - PGID=1000 - TZ=Europe/London volumes: - - /path/to/data:/config + - /path/to/nzbget/data:/config - /path/to/downloads:/downloads #optional ports: - 6789:6789 restart: unless-stopped ``` -This will spinup an nzbget container and apply the custom logic found in the following repository: +This will spin up an nzbget container and apply the custom logic found in the following repository: - +[https://github.com/linuxserver/docker-mods/tree/universal-tshoot](https://github.com/linuxserver/docker-mods/tree/universal-tshoot) -This basic demo installs Pip and a couple dependencies for plugins some users leverage with nzbget. +This mod installs some basic troubleshooting tools such as dig, netstat, nslookup, etc. ## Creating and maintaining a Docker Mod -We will always recommend to our users consuming Mods that they leverage ones from active community members or projects so transparency is key here. We understand that image layers can be pushed on the back end behind these pipelines, but every little bit helps. -In this repository we will be going over two basic methods of making a Mod along with an example of the GitHub Actions build logic to get this into a Dockerhub and/or GitHub Container Registry endpoint. Though we are not officially endorsing GitHub Actions here it is built in to GitHub repositories and forks making it very easy to get started. If you prefer others feel free to use them as long as build jobs are transparent. +**All of the example files referenced in this section are available in the [template](https://github.com/linuxserver/docker-mods/tree/template) branch of this repo.** + +We will always recommend to our users consuming Mods that they leverage ones from active community members or projects so transparency is key here. We understand that image layers can be pushed on the back end behind these pipelines, but every little bit helps. In this repository we will be going over two basic methods of making a Mod along with an example of the GitHub Actions build logic to get this into a Dockerhub and/or GitHub Container Registry endpoint. Though we are not officially endorsing GitHub Actions here it is built in to GitHub repositories and forks making it very easy to get started. If you prefer others feel free to use them as long as build jobs are transparent. > **Note** > One of the core ideas to remember when creating a Mod is that it can only contain a **single image layer**, the examples below will show you how to add files standardly and how to run complex logic to assemble the files in a build layer to copy them over into this single layer. @@ -186,7 +190,7 @@ In this repository you will find the `Dockerfile.complex` containing: ```Dockerfile ## Buildstage ## -FROM ghcr.io/linuxserver/baseimage-alpine:3.12 as buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:3.20 as buildstage RUN \ echo "**** install packages ****" && \ @@ -208,14 +212,14 @@ FROM scratch COPY --from=buildstage /root-layer/ / ``` -Here we are leveraging a multi stage DockerFile to run custom logic and pull down an Rclone deb from the Internet to include in our image layer for distribution. Any amount of logic can be run in this build stage or even multiple build stages as long as the files in the end are combined into a single folder for the COPY command in the final output. +Here we are leveraging a multi stage DockerFile to run custom logic and pull down an rclone deb from the Internet to include in our image layer for distribution. Any amount of logic can be run in this build stage or even multiple build stages as long as the files in the end are combined into a single folder for the COPY command in the final output. ## Getting a Mod to Dockerhub To publish a Mod to DockerHub you will need the following accounts: -* Github- -* DockerHub- +* Github- [https://github.com/join](https://github.com/join) +* DockerHub- [https://hub.docker.com/signup](https://hub.docker.com/signup) We recommend using this repository as a template for your first Mod, so in this section we assume the code is finished and we will only concentrate on plugging into GitHub Actions/Dockerhub. @@ -232,7 +236,7 @@ Head over to `https://github.com/user/endpoint/settings/secrets` and click on `N Add `DOCKERUSER` (your DockerHub username) and `DOCKERPASS` (your DockerHub password or token). -You can create a token by visiting +You can create a token by visiting [https://hub.docker.com/settings/security](https://hub.docker.com/settings/security) GitHub Actions will trigger a build off of your repo when you commit. The image will be pushed to Dockerhub on success. This Dockerhub endpoint is the Mod variable you can use to customize your container now. @@ -240,7 +244,7 @@ GitHub Actions will trigger a build off of your repo when you commit. The image To publish a Mod to GitHub Container Registry you will need the following accounts: -* Github- +* Github- [https://github.com/join](https://github.com/join) We recommend using this repository as a template for your first Mod, so in this section we assume the code is finished and we will only concentrate on plugging into GitHub Actions/GitHub Container Registry. @@ -251,13 +255,13 @@ The only code change you need to make to the build logic file `.github/workflows BRANCH: "master" ``` -User is your GitHub user and endpoint is your own custom name (typically the name of the repository where your mod is). You do not need to create this endpoint beforehand, the build logic will push it and create it on first run. +`user` is your GitHub user and `endpoint` is your own custom name (typically the name of the repository where your mod is). You do not need to create this endpoint beforehand, the build logic will push it and create it on first run. -Head over to `https://github.com/user/endpoint/settings/secrets` and click on `New secret` +Head over to `https://github.com///settings/secrets` and click on `New secret` Add `CR_USER` (your GitHub username) and `CR_PAT` (a personal access token with `read:packages` and `write:packages` scopes). -You can create a personal access token by visiting +You can create a personal access token by visiting [https://github.com/settings/tokens](https://github.com/settings/tokens) GitHub Actions will trigger a build off of your repo when you commit. The image will be pushed to GitHub Container Registry on success. This GitHub Container Registry endpoint is the Mod variable you can use to customize your container now. @@ -284,18 +288,20 @@ s6 init files must be encoded in plain `UTF-8`, and not `UTF-8 with BOM`. You ca To inspect the file contents of external Mods dive is a great CLI tool: - +[https://github.com/wagoodman/dive](https://github.com/wagoodman/dive) Basic usage: -**Unix w/ Docker** +#### With Docker + ```bash docker run --rm -it \ -v /var/run/docker.sock:/var/run/docker.sock \ wagoodman/dive:latest ``` -**w/o Docker** +#### Without Docker + ```bash dive ``` diff --git a/root/etc/cont-init.d/98-vpn-config b/root/etc/cont-init.d/98-vpn-config deleted file mode 100644 index 93f1382..0000000 --- a/root/etc/cont-init.d/98-vpn-config +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ -f /usr/bin/apt ]; then - ## Ubuntu - apt-get update - apt-get install --no-install-recommends -y \ - iptables \ - openssh-client \ - python3 \ - python3-pip - pip3 install sshuttle -fi -if [ -f /sbin/apk ]; then - # Alpine - apk add --no-cache \ - iptables \ - openssh \ - py3-pip \ - python3 - pip3 install sshuttle -fi - -chown -R root:root /root -chmod -R 600 /root/.ssh diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/dependencies.d/init-mods b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/dependencies.d/init-mods deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/run deleted file mode 100755 index dd7b5f9..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/run +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ -f /usr/bin/apt ]; then - ## Ubuntu - echo "\ - iptables \ - openssh-client \ - python3 \ - python3-pip" >> /mod-repo-packages-to-install.list -fi - -if [ -f /sbin/apk ]; then - # Alpine - echo "\ - iptables \ - openssh \ - python3 \ - py3-pip" >> /mod-repo-packages-to-install.list -fi - -echo "\ - sshuttle" >> /mod-pip-packages-to-install.list - -chown -R root:root /root -chmod -R 600 /root/.ssh diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/type b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/type deleted file mode 100644 index bdd22a1..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/type +++ /dev/null @@ -1 +0,0 @@ -oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/up b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/up deleted file mode 100644 index 51966eb..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/init-mod-universal-sshvpn/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-mods-package-install/dependencies.d/init-mod-universal-sshvpn b/root/etc/s6-overlay/s6-rc.d/init-mods-package-install/dependencies.d/init-mod-universal-sshvpn deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/dependencies.d/init-services deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/run deleted file mode 100755 index 7d49e79..0000000 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/type b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/type deleted file mode 100644 index 5883cff..0000000 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-sshvpn/type +++ /dev/null @@ -1 +0,0 @@ -longrun diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-universal-sshvpn b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-universal-sshvpn deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-mod-universal-sshvpn b/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-mod-universal-sshvpn deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/services.d/sshvpn/run b/root/etc/services.d/sshvpn/run deleted file mode 100755 index 7d49e79..0000000 --- a/root/etc/services.d/sshvpn/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16