Repository: jessfraz/dockerfiles Branch: master Commit: 8ff991327fd1 Files: 316 Total size: 518.1 KB Directory structure: gitextract_xz9jgwmz/ ├── .github/ │ ├── FUNDING.yml │ └── workflows/ │ └── make-test.yml ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── ab/ │ └── Dockerfile ├── afterthedeadline/ │ └── Dockerfile ├── android-tools/ │ └── Dockerfile ├── ansible/ │ └── Dockerfile ├── apt-file/ │ └── Dockerfile ├── aspell/ │ └── Dockerfile ├── atom/ │ └── Dockerfile ├── audacity/ │ └── Dockerfile ├── awscli/ │ └── Dockerfile ├── azure-cli/ │ └── Dockerfile ├── bashrc ├── bcc-tools/ │ ├── Dockerfile │ └── entrypoint.sh ├── beeswithmachineguns/ │ └── Dockerfile ├── bpftrace/ │ └── Dockerfile ├── brok/ │ └── Dockerfile ├── browsh/ │ └── Dockerfile ├── build-all.sh ├── buttslock/ │ ├── Dockerfile │ ├── buttslock.py │ └── buttslock.sh ├── cathode/ │ └── Dockerfile ├── certbot/ │ └── Dockerfile ├── cf-reset-cache/ │ ├── Dockerfile │ └── reset-cache.py ├── cfssl/ │ └── Dockerfile ├── checkup/ │ └── Dockerfile ├── cheese/ │ └── Dockerfile ├── chrome/ │ ├── beta/ │ │ ├── Dockerfile │ │ └── local.conf │ └── stable/ │ ├── Dockerfile │ └── local.conf ├── chromium/ │ └── Dockerfile ├── clair/ │ └── Dockerfile ├── cli53/ │ └── Dockerfile ├── clisp/ │ ├── .clisprc.lisp │ └── Dockerfile ├── cloudapp/ │ └── Dockerfile ├── consul/ │ └── Dockerfile ├── coredns/ │ └── Dockerfile ├── couchpotato/ │ └── Dockerfile ├── cura/ │ └── Dockerfile ├── curl/ │ └── Dockerfile ├── dcos-cli/ │ └── Dockerfile ├── debootstrap/ │ └── Dockerfile ├── distcc/ │ ├── Dockerfile │ └── distccd-init ├── doctor/ │ └── Dockerfile ├── dunnet/ │ └── Dockerfile ├── evince/ │ └── Dockerfile ├── figma-wine/ │ └── Dockerfile ├── firefox/ │ ├── Dockerfile │ ├── alpine/ │ │ └── Dockerfile │ ├── entrypoint.sh │ └── local.conf ├── fleet/ │ └── Dockerfile ├── fontforge/ │ └── Dockerfile ├── fontpatcher/ │ ├── Dockerfile │ └── README.md ├── foss-heartbeat/ │ └── Dockerfile ├── freeradius/ │ └── Dockerfile ├── gcalcli/ │ └── Dockerfile ├── gcc/ │ └── Dockerfile ├── gcloud/ │ └── Dockerfile ├── geary/ │ └── Dockerfile ├── ghostscript/ │ └── Dockerfile ├── gimp/ │ └── Dockerfile ├── github-dev/ │ ├── Dockerfile │ ├── cleanup-pr-branch │ ├── release-email-notification │ └── upload-assets ├── gitiles/ │ ├── Dockerfile │ └── start.sh ├── gitserver/ │ ├── Dockerfile │ ├── create_repo │ └── start.sh ├── gitsome/ │ └── Dockerfile ├── gixy/ │ └── Dockerfile ├── glxgears/ │ └── Dockerfile ├── gmail-britta/ │ └── Dockerfile ├── gnuplot/ │ └── Dockerfile ├── golinks/ │ └── Dockerfile ├── gparted/ │ └── Dockerfile ├── guetzli/ │ └── Dockerfile ├── hollywood/ │ └── Dockerfile ├── htop/ │ └── Dockerfile ├── htpasswd/ │ └── Dockerfile ├── httpbin/ │ └── Dockerfile ├── httpie/ │ └── Dockerfile ├── iceweasel/ │ ├── Dockerfile │ └── local.conf ├── imagemagick/ │ └── Dockerfile ├── imagemin/ │ └── Dockerfile ├── inkscape/ │ └── Dockerfile ├── irssi/ │ └── Dockerfile ├── john/ │ ├── Dockerfile │ ├── john.ini │ └── passwd.lst ├── jq/ │ └── Dockerfile ├── k8scan/ │ ├── Dockerfile │ ├── main.go │ └── main_test.go ├── keepass2/ │ └── Dockerfile ├── keepassxc/ │ └── Dockerfile ├── kernel-builder/ │ ├── Dockerfile │ └── build_kernel ├── kicad/ │ └── Dockerfile ├── kvm/ │ ├── Dockerfile │ └── start.sh ├── latest-versions.sh ├── libreoffice/ │ └── Dockerfile ├── libvirt-client/ │ └── Dockerfile ├── lilyterm/ │ └── Dockerfile ├── linapple/ │ ├── Dockerfile │ ├── Frogger.dsk │ └── quest1.dsk ├── lkp-tests/ │ ├── Dockerfile │ └── runbench ├── lpass/ │ └── Dockerfile ├── lynx/ │ └── Dockerfile ├── mailgun/ │ ├── Dockerfile │ └── sendemail ├── mars/ │ └── Dockerfile ├── masscan/ │ └── Dockerfile ├── mc/ │ └── Dockerfile ├── mdp/ │ └── Dockerfile ├── micro/ │ └── Dockerfile ├── mitmproxy/ │ ├── Dockerfile │ └── docker-entrypoint.sh ├── mop/ │ └── Dockerfile ├── mpd/ │ ├── Dockerfile │ ├── mpd.conf │ └── mpd.sh ├── mpsyt/ │ ├── Dockerfile │ └── README ├── mutt/ │ ├── .mutt/ │ │ ├── mailcap │ │ ├── mutt-colors-solarized-dark-16.muttrc │ │ ├── mutt-patch-highlighting.muttrc │ │ ├── muttrc │ │ └── signature │ ├── Dockerfile │ └── entrypoint.sh ├── ncmpc/ │ └── Dockerfile ├── neoman/ │ └── Dockerfile ├── nerdy/ │ ├── Dockerfile │ ├── clippy.cow │ └── lolcat ├── nes/ │ ├── Dockerfile │ └── games/ │ ├── supermariobros.rom │ └── zelda.rom ├── netcat/ │ └── Dockerfile ├── nginx-extras/ │ └── Dockerfile ├── nmap/ │ └── Dockerfile ├── no_new_privs/ │ ├── Dockerfile │ ├── nnp │ └── nnp.c ├── node-sonos/ │ └── Dockerfile ├── nomad/ │ └── Dockerfile ├── notify-osd/ │ ├── Dockerfile │ └── org.freedesktop.Notifications.service ├── nzbget/ │ ├── Dockerfile │ └── nzbget.conf ├── oauth2-proxy/ │ └── Dockerfile ├── openbmc/ │ └── Dockerfile ├── openscad/ │ └── Dockerfile ├── openvpn/ │ ├── Dockerfile │ ├── README.md │ └── docker-compose.yml ├── osquery/ │ ├── Dockerfile │ └── osquery.example.conf ├── packer/ │ └── Dockerfile ├── pandoc/ │ └── Dockerfile ├── parrot-live/ │ └── Dockerfile ├── pdp-10/ │ └── its/ │ └── Dockerfile ├── perkeep/ │ └── Dockerfile ├── pivman/ │ └── Dockerfile ├── plex-home-theater/ │ └── Dockerfile ├── plexpy/ │ └── Dockerfile ├── pms/ │ └── Dockerfile ├── pomerium/ │ └── Dockerfile ├── pop/ │ ├── .gitignore │ ├── Dockerfile │ └── pop ├── postfix/ │ ├── Dockerfile │ ├── rsyslog.conf │ ├── runit_bootstrap │ └── service/ │ ├── postfix/ │ │ ├── run │ │ └── supervise/ │ │ └── .gitignore │ └── rsyslog/ │ ├── run │ └── supervise/ │ └── .gitignore ├── powershell/ │ └── Dockerfile ├── powershell-azure/ │ └── Dockerfile ├── privoxy/ │ ├── Dockerfile │ └── privoxy.conf ├── protocol/ │ └── Dockerfile ├── pulseaudio/ │ ├── Dockerfile │ ├── client.conf │ ├── daemon.conf │ └── default.pa ├── radarr/ │ ├── Dockerfile │ └── entrypoint.sh ├── rainbowstream/ │ └── Dockerfile ├── rdesktop/ │ └── Dockerfile ├── registry-auth/ │ └── Dockerfile ├── remmina/ │ └── Dockerfile ├── requestbin/ │ └── Dockerfile ├── ricochet/ │ └── Dockerfile ├── routersploit/ │ └── Dockerfile ├── rstudio/ │ └── Dockerfile ├── rt-tests/ │ └── Dockerfile ├── run.sh ├── runc-rootless/ │ ├── Dockerfile │ └── start.sh ├── s3cmd/ │ └── Dockerfile ├── scudcloud/ │ └── Dockerfile ├── shellcheck/ │ └── Dockerfile ├── shellcheck.sh ├── shorewall/ │ ├── Dockerfile │ └── etc/ │ ├── interfaces │ ├── masq │ ├── policy │ ├── rules │ ├── shorewall.conf │ └── zones ├── sickbeard/ │ └── Dockerfile ├── skype/ │ ├── Dockerfile │ └── run-skype-and-wait-for-exit ├── slack/ │ └── Dockerfile ├── slapd/ │ ├── Dockerfile │ └── start.sh ├── sonarr/ │ ├── Dockerfile │ └── entrypoint.sh ├── spotify/ │ └── Dockerfile ├── spotify-wine/ │ └── Dockerfile ├── strace/ │ └── Dockerfile ├── stress/ │ └── Dockerfile ├── sublime-text-3/ │ ├── Dockerfile │ └── run.sh ├── t/ │ └── Dockerfile ├── tarsnap/ │ └── Dockerfile ├── telize/ │ ├── Dockerfile │ ├── country-code3.conf │ ├── mime.types │ ├── nginx.conf │ ├── telize.conf │ ├── timezone-offset.conf │ └── tz-offset.lua ├── telnet/ │ └── Dockerfile ├── termboy/ │ ├── Dockerfile │ └── games/ │ ├── donkey-kong-lang.gb │ ├── mspacman.gb │ └── zelda.gb ├── terraform/ │ └── Dockerfile ├── test.sh ├── tetris/ │ └── Dockerfile ├── texlive/ │ └── Dockerfile ├── tor-browser/ │ ├── alpha/ │ │ ├── Dockerfile │ │ └── local.conf │ └── stable/ │ ├── Dockerfile │ └── local.conf ├── tor-proxy/ │ ├── Dockerfile │ └── torrc.default ├── tor-relay/ │ ├── Dockerfile │ ├── README.md │ ├── run.sh │ ├── torrc.bridge │ ├── torrc.exit │ └── torrc.middle ├── tor-router/ │ ├── Dockerfile │ └── torrc.default ├── traceroute/ │ └── Dockerfile ├── transfer-sh/ │ └── Dockerfile ├── transmission/ │ └── Dockerfile ├── transmission-ui/ │ └── Dockerfile ├── travis/ │ └── Dockerfile ├── troff/ │ └── Dockerfile ├── unifi/ │ ├── Dockerfile │ └── entrypoint.sh ├── unixbench/ │ └── Dockerfile ├── vagrant/ │ └── Dockerfile ├── vault/ │ └── Dockerfile ├── viewdocs/ │ └── Dockerfile ├── virt-viewer/ │ └── Dockerfile ├── virtualbox/ │ └── Dockerfile ├── vlc/ │ └── Dockerfile ├── vscode/ │ ├── Dockerfile │ └── start.sh ├── wargames/ │ └── Dockerfile ├── watchtower/ │ └── Dockerfile ├── wee-slack/ │ └── Dockerfile ├── weechat/ │ └── Dockerfile ├── weechat-matrix/ │ └── Dockerfile ├── wine/ │ └── Dockerfile ├── wireguard/ │ ├── install/ │ │ ├── Dockerfile │ │ └── entrypoint.sh │ └── tools/ │ └── Dockerfile ├── wireshark/ │ └── Dockerfile ├── wrk/ │ └── Dockerfile ├── ykman/ │ ├── Dockerfile │ └── entrypoint.sh ├── ykpersonalize/ │ ├── Dockerfile │ └── entrypoint.sh ├── yubico-piv-tool/ │ ├── Dockerfile │ └── entrypoint.sh ├── znc/ │ └── Dockerfile ├── zookeeper/ │ ├── 3.4/ │ │ └── Dockerfile │ └── 3.6/ │ └── Dockerfile ├── zoom-us/ │ └── Dockerfile └── zsh/ ├── .zshrc └── Dockerfile ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/FUNDING.yml ================================================ # You can add one username per supported platform and one custom link patreon: jessfraz ================================================ FILE: .github/workflows/make-test.yml ================================================ on: push name: make test jobs: test: name: make test runs-on: ubuntu-latest steps: - uses: actions/checkout@master with: fetch-depth: '2' - name: make test run: make test shell: bash ================================================ FILE: .gitignore ================================================ ###Linux### *~ # KDE directory preferences .directory ###OSX### .DS_Store .AppleDouble .LSOverride # Icon must ends with two \r. Icon # Thumbnails ._* # Files that might appear on external disk .Spotlight-V100 .Trashes znc/conf/ *.swp *.swo itunes/iTunesSetup.exe yubikey/ kiwi-builder/artifacts ================================================ FILE: LICENSE ================================================ The MIT License (MIT) Copyright (c) 2017 Jessie Frazelle Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: Makefile ================================================ .PHONY: build build: ## Builds all the dockerfiles in the repository. @$(CURDIR)/build-all.sh .PHONY: latest-versions latest-versions: ## Checks all the latest versions of the Dockerfile contents. @$(CURDIR)/latest-versions.sh check_defined = \ $(strip $(foreach 1,$1, \ $(call __check_defined,$1,$(strip $(value 2))))) __check_defined = \ $(if $(value $1),, \ $(error Undefined $1$(if $2, ($2))$(if $(value @), \ required by target `$@'))) .PHONY: run run: ## Run a Dockerfile from the command at the top of the file (ex. DIR=telnet). @:$(call check_defined, DIR, directory of the Dockefile) @$(CURDIR)/run.sh "$(DIR)" REGISTRY := r.j3ss.co .PHONY: image image: ## Build a Dockerfile (ex. DIR=telnet). @:$(call check_defined, DIR, directory of the Dockefile) docker build --rm --force-rm -t $(REGISTRY)/$(subst /,:,$(patsubst %/,%,$(DIR))) ./$(DIR) .PHONY: test test: dockerfiles shellcheck ## Runs the tests on the repository. .PHONY: dockerfiles dockerfiles: ## Tests the changes to the Dockerfiles build. @$(CURDIR)/test.sh # if this session isn't interactive, then we don't want to allocate a # TTY, which would fail, but if it is interactive, we do want to attach # so that the user can send e.g. ^C through. INTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0) ifeq ($(INTERACTIVE), 1) DOCKER_FLAGS += -t endif .PHONY: shellcheck shellcheck: ## Runs the shellcheck tests on the scripts. docker run --rm -i $(DOCKER_FLAGS) \ --name df-shellcheck \ -v $(CURDIR):/usr/src:ro \ --workdir /usr/src \ r.j3ss.co/shellcheck ./shellcheck.sh .PHONY: help help: @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' ================================================ FILE: README.md ================================================ ## dockerfiles [![make test](https://github.com/jessfraz/dockerfiles/workflows/make%20test/badge.svg)](https://github.com/jessfraz/dockerfiles/actions?query=workflow%3A%22make+test%22+branch%3Amaster) This is a repo to hold various Dockerfiles for images I create. **Table of Contents** - [About](#about) - [Resources](#resources) * [My dotfiles](#my-dotfiles) - [Contributing](#contributing) * [Using the `Makefile`](#using-the-makefile) ## About Almost all of these live on dockerhub under [jess](https://hub.docker.com/u/jess/). Because you cannot use notary with autobuilds on dockerhub I also build these continuously on a private registry at [r.j3ss.co](https://r.j3ss.co/) for public download. (You're welcome.) ## Resources ### My dotfiles You may also want to checkout my [dotfiles](https://github.com/jessfraz/dotfiles), specifically the aliases for all these files which are here: [github.com/jessfraz/dotfiles/blob/master/.dockerfunc](https://github.com/jessfraz/dotfiles/blob/master/.dockerfunc). ## Contributing I try to make sure each Dockerfile has a command at the top to document running it, if a file you are looking at does not have a command, please pull request it! ### Using the `Makefile` ``` $ make help build Builds all the dockerfiles in the repository. dockerfiles Tests the changes to the Dockerfiles build. image Build a Dockerfile (ex. DIR=telnet). latest-versions Checks all the latest versions of the Dockerfile contents. run Run a Dockerfile from the command at the top of the file (ex. DIR=telnet). shellcheck Runs the shellcheck tests on the scripts. test Runs the tests on the repository. ``` ================================================ FILE: ab/Dockerfile ================================================ # ab (apache benchmark) # in a container # # docker run --rm -it \ # jess/ab # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ apache2-ssl \ apache2-utils \ ca-certificates \ htop ENTRYPOINT [ "ab" ] ================================================ FILE: afterthedeadline/Dockerfile ================================================ FROM openjdk:8-alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ curl \ tar ENV LANG C.UTF-8 # https://open.afterthedeadline.com/download/download-source-code/ ENV ATD_VERSION 081310 RUN curl -sSL "http://www.polishmywriting.com/download/atd_distribution${ATD_VERSION}.tgz" -o /tmp/atd.tar.gz \ && mkdir -p /usr/src/atd \ && tar -xzf /tmp/atd.tar.gz -C /usr/src/atd --strip-components 1 \ && rm /tmp/atd.tar.gz* WORKDIR /usr/src/atd EXPOSE 1049 ENTRYPOINT [ "sh", "-c", "/usr/src/atd/run.sh" ] ================================================ FILE: android-tools/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ adb \ android-tools* \ ca-certificates \ curl \ fastboot \ usbutils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "bash" ] ================================================ FILE: ansible/Dockerfile ================================================ # https://www.ansible.com/ # # docker run --rm \ # -it \ # -v ${PWD}/hosts:/etc/ansible/hosts \ # -v ${PWD}/ansible.cfg:/etc/ansible/ansible.cfg \ # -v ${HOME}/.ssh:/root/.ssh:ro \ # ansible all -m ping # FROM python:3-alpine LABEL maintainer "Christian Koep " RUN builddeps=' \ musl-dev \ openssl-dev \ libffi-dev \ gcc \ ' \ && apk --no-cache add \ ca-certificates \ $builddeps \ && pip install \ ansible \ && apk del --purge $builddeps ENTRYPOINT [ "ansible" ] ================================================ FILE: apt-file/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ apt-file \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* CMD [ "bash" ] ================================================ FILE: aspell/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ aspell \ aspell-en ENTRYPOINT ["aspell"] ================================================ FILE: atom/Dockerfile ================================================ # DESCRIPTION: Create the atom editor in a container # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build the atom editor # in a container with all dependencies installed. # Note: atom is not a node-webkit app, # found this out a little too late into this example # it uses electron(https://github.com/atom/electron) # Tested on Debian Jessie. # USAGE: # # Download atom Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/atom/Dockerfile # # # Build atom image # docker build -t atom . # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY atom # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Tell debconf to run in non-interactive mode ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ gnupg \ wget \ --no-install-recommends # Add the atom debian repo RUN wget -qO- https://packagecloud.io/AtomEditor/atom/gpgkey | apt-key add - RUN sh -c 'echo "deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main" > /etc/apt/sources.list.d/atom.list' # Install dependencies RUN apt-get update && apt-get install -y \ atom \ git \ gconf2 \ gconf-service \ gvfs-bin \ libasound2 \ libcap2 \ libgconf-2-4 \ libgtk2.0-0 \ libnotify4 \ libnss3 \ libxkbfile1 \ libxss1 \ libxtst6 \ libx11-xcb-dev \ xdg-utils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Autorun atom ENTRYPOINT [ "atom", "--foreground" ] ================================================ FILE: audacity/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ audacity \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "audacity" ] ================================================ FILE: awscli/Dockerfile ================================================ # Run awscli in a container and list s3 buckets # # docker run --rm -it \ # --name awscli \ # jess/awscli \ # s3 ls # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ groff \ less \ python3 \ && pip3 install awscli \ && mkdir -p /root/.aws \ && { \ echo '[default]'; \ echo 'output = json'; \ echo 'region = $AWS_DEFAULT_REGION'; \ echo 'aws_access_key_id = $AMAZON_ACCESS_KEY_ID'; \ echo 'aws_secret_access_key = $AMAZON_SECRET_ACCESS_KEY'; \ } > /root/.aws/config ENTRYPOINT [ "aws" ] ================================================ FILE: azure-cli/Dockerfile ================================================ FROM python:3-alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ bash RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ libffi-dev \ openssl-dev \ && pip install --upgrade \ --pre azure-cli \ --extra-index-url https://azurecliprod.blob.core.windows.net/edge \ --no-cache-dir \ && apk del .build-deps ENTRYPOINT [ "az" ] ================================================ FILE: bashrc ================================================ #!/bin/bash command_not_found_handle () { # Check if there is a container image with that name if ! docker inspect --format '{{ .Author }}' "$1" >&/dev/null; then echo "$0: $1: command not found" return fi # Check that it's really the name of the image, not a prefix if docker inspect --format '{{ .Id }}' "$1" | grep -q "^$1" ;then echo "$0: $1: command not found" return fi # Add a bunch of (optional) devices # (Don't add them unconditionally: if they don't exist, it # would prevent the container from starting) DEVICES= for DEV in /dev/kvm /dev/ttyUSB* /dev/dri/* /dev/snd/*; do if [ -b "$DEV" ] || [ -c "$DEV" ]; then DEVICES="$DEVICES --device $DEV:$DEV" fi done # And a few (optional) files # (Here again, they don't always exist everywhere) VOLUMES= for VOL in /tmp/.X11-unix /run/user; do if [ -e "$VOL" ]; then VOLUMES="$VOLUMES --volume $VOL:$VOL" fi done # Check if we are on a tty to decide whether to allocate one DASHT= tty -s && DASHT=-t # shellcheck disable=SC2086 # shellcheck disable=SC2046 docker run $DASHT -i -u $(whoami) -w "$HOME" \ $(env | cut -d= -f1 | awk '{print "-e", $1}') \ $DOCKERFILES_RUN_FLAGS \ $DEVICES \ $VOLUMES \ -v /etc/passwd:/etc/passwd:ro \ -v /etc/group:/etc/group:ro \ -v /etc/localtime:/etc/localtime:ro \ -v /home:/home \ "$@" } ================================================ FILE: bcc-tools/Dockerfile ================================================ # Usage: # docker run --rm -it \ # --privileged \ # -v /lib/modules:/lib/modules:ro \ # -v /usr/src:/usr/src:ro \ # -v /etc/localtime:/etc/localtime:ro \ # r.j3ss.co/bcc-tools # FROM debian:sid-slim MAINTAINER Jessica Frazelle ENV PATH /usr/share/bcc/tools:$PATH # Add non-free apt sources RUN sed -i "s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g" /etc/apt/sources.list RUN apt-get update && apt-get install -y \ ca-certificates \ clang \ curl \ gcc \ git \ g++ \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Install dependencies for libbcc # FROM: https://github.com/iovisor/bcc/blob/master/INSTALL.md#install-build-dependencies RUN apt-get update && apt-get install -y \ debhelper \ cmake \ libllvm3.9 \ llvm-dev \ libclang-dev \ libelf-dev \ bison \ flex \ libedit-dev \ clang-format \ python \ python3-pyroute2 \ luajit \ libluajit-5.1-dev \ arping \ iperf \ ethtool \ devscripts \ zlib1g-dev \ libfl-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Build libbcc ENV BCC_VERSION v0.14.0 RUN git clone --depth 1 --branch "$BCC_VERSION" https://github.com/iovisor/bcc.git /usr/src/bcc \ && ( \ cd /usr/src/bcc \ && mkdir build \ && cd build \ && cmake .. -DCMAKE_INSTALL_PREFIX=/usr \ && make \ && make install \ ) \ && rm -rf /usr/src/bcc COPY entrypoint.sh /usr/local/bin/entrypoint.sh ENTRYPOINT ["entrypoint.sh"] ================================================ FILE: bcc-tools/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail mount -t debugfs none /sys/kernel/debug/ exec "$@" ================================================ FILE: beeswithmachineguns/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ python \ py-boto \ py-future \ py-paramiko RUN buildDeps=' \ build-base \ git \ python-dev \ ' \ set -x \ && apk --no-cache add $buildDeps \ && git clone --depth 1 https://github.com/newsapps/beeswithmachineguns /usr/src/beeswithmachineguns \ && cd /usr/src/beeswithmachineguns \ && python setup.py install \ && rm -rf /usr/src/beeswithmachineguns \ && apk del $buildDeps ENTRYPOINT [ "bees" ] ================================================ FILE: bpftrace/Dockerfile ================================================ FROM r.j3ss.co/bcc MAINTAINER Jessica Frazelle ENV PATH /usr/share/bcc/tools:$PATH # Add non-free apt sources RUN sed -i "s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g" /etc/apt/sources.list RUN apt-get update && apt-get install -y \ ca-certificates \ clang \ curl \ gcc \ git \ g++ \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Build bpftrace ENV BPFTRACE_VERSION v0.10.0 RUN git clone --depth 1 --branch "$BPFTRACE_VERSION" https://github.com/iovisor/bpftrace.git /usr/src/bpftrace \ && ( \ cd /usr/src/bpftrace \ && mkdir build \ && cd build \ && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr .. \ && make -j8 \ && make install \ ) \ && rm -rf /usr/src/bpftrace ENTRYPOINT ["bpftrace"] ================================================ FILE: brok/Dockerfile ================================================ FROM haskell:8.8 LABEL maintainer "Jessie Frazelle " RUN cabal update && cabal install brok CMD ["brok"] ================================================ FILE: browsh/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install bash and other deps so we have them. RUN apt-get update && apt-get install -y \ bash \ bzip2 \ ca-certificates \ libdbus-glib-1-2 \ libgtk-3-0 \ libx11-xcb1 \ libxt6 \ tar \ wget \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN wget "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts" -O /etc/hosts # Create user and change ownership RUN addgroup --gid 666 browsh \ && adduser --uid 666 --home /home/browsh --ingroup browsh browsh WORKDIR /home/browsh USER browsh RUN mkdir -p /home/browsh/bin ENV PATH="/bin:/usr/bin:/usr/local/bin:/home/browsh/bin:${PATH}" # Install firefox. ENV FIREFOX_VERSION 60.0 RUN set -x \ && wget "https://ftp.mozilla.org/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/firefox-${FIREFOX_VERSION}.tar.bz2" -O /tmp/firefox.tar.bz2 \ && ( \ cd /tmp \ && bzip2 -d /tmp/firefox.tar.bz2 \ && tar -xf /tmp/firefox.tar -C /home/browsh/bin/ --strip-components 1 \ ) \ && rm -rf /tmp/firefox* \ && firefox --version # Install browsh. ENV BROWSH_VERSION 1.6.4 RUN wget "https://github.com/browsh-org/browsh/releases/download/v${BROWSH_VERSION}/browsh_${BROWSH_VERSION}_linux_amd64" -O /home/browsh/bin/browsh \ && chmod a+x /home/browsh/bin/browsh # Firefox behaves quite differently to normal on its first run, so by getting # that over and done with here when there's no user to be dissapointed means # that all future runs will be consistent. RUN TERM=xterm browsh & \ pidsave=$!; \ sleep 10; kill $pidsave || true; ENTRYPOINT [ "browsh" ] ================================================ FILE: build-all.sh ================================================ #!/bin/bash set -e set -o pipefail SCRIPT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/$(basename "${BASH_SOURCE[0]}")" REPO_URL="${REPO_URL:-r.j3ss.co}" JOBS=${JOBS:-2} ERRORS="$(pwd)/errors" build_and_push(){ base=$1 suite=$2 build_dir=$3 echo "Building ${REPO_URL}/${base}:${suite} for context ${build_dir}" docker build --rm --force-rm -t "${REPO_URL}/${base}:${suite}" "${build_dir}" || return 1 # on successful build, push the image echo " --- " echo "Successfully built ${base}:${suite} with context ${build_dir}" echo " --- " # try push a few times because notary server sometimes returns 401 for # absolutely no reason n=0 until [ $n -ge 5 ]; do docker push --disable-content-trust=false "${REPO_URL}/${base}:${suite}" && break echo "Try #$n failed... sleeping for 15 seconds" n=$((n+1)) sleep 15 done # also push the tag latest for "stable" (chrome), "tools" (wireguard) or "3.5" tags for zookeeper if [[ "$suite" == "stable" ]] || [[ "$suite" == "3.6" ]] || [[ "$suite" == "tools" ]]; then docker tag "${REPO_URL}/${base}:${suite}" "${REPO_URL}/${base}:latest" docker push --disable-content-trust=false "${REPO_URL}/${base}:latest" fi } dofile() { f=$1 image=${f%Dockerfile} base=${image%%\/*} build_dir=$(dirname "$f") suite=${build_dir##*\/} if [[ -z "$suite" ]] || [[ "$suite" == "$base" ]]; then suite=latest fi { $SCRIPT build_and_push "${base}" "${suite}" "${build_dir}" } || { # add to errors echo "${base}:${suite}" >> "$ERRORS" } echo echo } main(){ # get the dockerfiles IFS=$'\n' mapfile -t files < <(find -L . -iname '*Dockerfile' | sed 's|./||' | sort) unset IFS # build all dockerfiles echo "Running in parallel with ${JOBS} jobs." parallel --tag --verbose --ungroup -j"${JOBS}" "$SCRIPT" dofile "{1}" ::: "${files[@]}" if [[ ! -f "$ERRORS" ]]; then echo "No errors, hooray!" else echo "[ERROR] Some images did not build correctly, see below." >&2 echo "These images failed: $(cat "$ERRORS")" >&2 exit 1 fi } run(){ args=$* f=$1 if [[ "$f" == "" ]]; then main "$args" else $args fi } run "$@" ================================================ FILE: buttslock/Dockerfile ================================================ # # This container will listen to DBus events to be notified when your # computer goes to sleep. When such events happen, it will lock the # screen with a fancy lock. # # It needs to be started with a few bind-mounts: # - /etc/passwd, /etc/shadow (read-only) # - /var/run/dbus, the X11 socket (typically /tmp/.X11-unix) # And it also requires the USER and DISPLAY environment variables to be set. # FROM alpine:latest RUN apk --no-cache add \ i3lock \ imagemagick \ py-dbus \ py-gobject \ scrot \ ttf-liberation \ xkeyboard-config COPY buttslock.py buttslock.sh lock.png / CMD ["/buttslock.py"] ================================================ FILE: buttslock/buttslock.py ================================================ #!/usr/bin/env python # Shamelessly pasted from: # https://serverfault.com/questions/573379/system-suspend-dbus-upower-signals-are-not-seen from datetime import datetime import dbus import gobject from dbus.mainloop.glib import DBusGMainLoop import os def handle_sleep(*args): print "%s PrepareForSleep%s" % (datetime.now().ctime(), args) if len(args)>0 and args[0]: os.system("/buttslock.sh") DBusGMainLoop(set_as_default=True) # integrate into gobject main loop bus = dbus.SystemBus() # connect to system wide dbus bus.add_signal_receiver( # define the signal to listen to handle_sleep, # callback function 'PrepareForSleep', # signal name 'org.freedesktop.login1.Manager', # interface 'org.freedesktop.login1' # bus name ) loop = gobject.MainLoop() loop.run() ================================================ FILE: buttslock/buttslock.sh ================================================ #!/bin/sh # Shamelessly copied from: # https://github.com/meskarune/i3lock-fancy # All options are here: https://www.imagemagick.org/Usage/blur/#blur_args #BLURTYPE="0x5" # 7.52s #BLURTYPE="0x2" # 4.39s #BLURTYPE="5x3" # 3.80s BLURTYPE="2x8" # 2.90s #BLURTYPE="2x3" # 2.92s # I still have to figure out how to get imagemagick fonts to work in Alpine #FONT="-font Liberation-Sans" FONT= scrot /tmp/scrot.png convert /tmp/scrot.png \ -level 0%,100%,0.6 -blur "$BLURTYPE" "$FONT" \ -pointsize 26 -fill white -gravity center \ -annotate +0+200 'Type password to unlock' \ /tmp/conv.png composite -gravity center /lock.png /tmp/conv.png /tmp/lock.png #i3lock --textcolor=ffffff00 --insidecolor=ffffff1c --ringcolor=ffffff3e --linecolor=ffffff00 --keyhlcolor=00000080 --ringvercolor=00000000 --insidevercolor=0000001c --ringwrongcolor=00000055 --insidewrongcolor=0000001c -i $IMAGE i3lock -i /tmp/lock.png --ignore-empty-password ================================================ FILE: cathode/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ build-essential \ ca-certificates \ git \ qmlscene \ qt5-qmake \ qt5-default \ qtdeclarative5-dev \ qml-module-qtquick-controls \ qml-module-qtgraphicaleffects \ qml-module-qtquick-dialogs \ qml-module-qtquick-localstorage \ qml-module-qtquick-window2 \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN git clone --depth 1 --recursive https://github.com/Swordfish90/cool-retro-term.git /src WORKDIR /src RUN qmake \ && make ENTRYPOINT [ "/src/cool-retro-term" ] ================================================ FILE: certbot/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ bash \ certbot ENTRYPOINT [ "certbot" ] ================================================ FILE: cf-reset-cache/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ py-boto COPY ./reset-cache.py /bin/reset-cache.py CMD [ "/usr/bin/python", "/bin/reset-cache.py" ] ================================================ FILE: cf-reset-cache/reset-cache.py ================================================ #!/usr/local/bin/python import boto import os import sys access_key = os.getenv("AWS_ACCESS_KEY") access_secret = os.getenv("AWS_SECRET_KEY") cloudfront_dist = os.getenv("AWS_CF_DISTRIBUTION_ID") bucket = os.getenv("AWS_S3_BUCKET") if access_key == "" or access_key is None: print "Please set AWS_ACCESS_KEY env variable." sys.exit(1) elif access_secret == "" or access_secret is None: print "Please set AWS_SECRET_KEY env variable." sys.exit(1) elif cloudfront_dist == "" or cloudfront_dist is None: print "Please set AWS_CF_DISTRIBUTION_ID env variable." sys.exit(1) elif bucket == "" or bucket is None: print "Please set AWS_S3_BUCKET env variable." sys.exit(1) # get the paths from s3 s3_conn = boto.connect_s3(access_key, access_secret) docs = s3_conn.get_bucket(bucket) items = [] for key in docs.list(): index_file = "/index.html" if key.name.endswith((index_file)): # append the file without the postfix as well items.append(key.name.replace(index_file, "")) items.append(key.name.replace(index_file, "/")) items.append(key.name) cf_conn = boto.connect_cloudfront(access_key, access_secret) inval_req = cf_conn.create_invalidation_request(cloudfront_dist, items) print "Invalidating these files: " print items print inval_req sys.exit(0) ================================================ FILE: cfssl/Dockerfile ================================================ FROM golang:alpine AS builder ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk --no-cache add \ gcc \ git \ libc-dev ENV CFSSL_VERSION v1.4.1 RUN git clone --depth 1 --branch "$CFSSL_VERSION" https://github.com/cloudflare/cfssl.git /go/src/github.com/cloudflare/cfssl RUN set -x && \ go get github.com/cloudflare/cfssl_trust/... && \ go get github.com/GeertJohan/go.rice/rice && \ cd /go/src/github.com/cloudflare/cfssl && rice embed-go -i=./cli/serve && \ mkdir bin && cd bin && \ go build ../cmd/cfssl && \ go build ../cmd/cfssljson && \ go build ../cmd/mkbundle && \ go build ../cmd/multirootca && \ echo "Build complete." FROM alpine:latest COPY --from=builder /go/src/github.com/cloudflare/cfssl_trust /etc/cfssl COPY --from=builder /go/src/github.com/cloudflare/cfssl/bin/ /usr/bin WORKDIR /etc/cfssl EXPOSE 8888 ENTRYPOINT ["cfssl"] CMD ["--help"] ================================================ FILE: checkup/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ gcc \ git \ libc-dev ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN go get github.com/sourcegraph/checkup/cmd/checkup FROM alpine:latest COPY --from=builder /go/bin/checkup /usr/bin/checkup COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "checkup" ] ================================================ FILE: cheese/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ cheese \ libgl1-mesa-dri \ libgl1-mesa-glx \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "cheese" ] ================================================ FILE: chrome/beta/Dockerfile ================================================ # Run Chrome in a container # # docker run -it \ # --net host \ # may as well YOLO # --cpuset-cpus 0 \ # control the cpu # --memory 512mb \ # max memory it can use # -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket # -e DISPLAY=unix$DISPLAY \ # -v $HOME/Downloads:/home/chrome/Downloads \ # -v $HOME/.config/google-chrome/:/data \ # if you want to save state # --security-opt seccomp=$HOME/chrome.json \ # --device /dev/snd \ # so we have sound # --device /dev/dri \ # -v /dev/shm:/dev/shm \ # --name chrome \ # jess/chrome:beta # # You will want the custom seccomp profile: # wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install Chrome RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ hicolor-icon-theme \ libcanberra-gtk* \ libgl1-mesa-dri \ libgl1-mesa-glx \ libpangox-1.0-0 \ libpulse0 \ libv4l-0 \ fonts-symbola \ --no-install-recommends \ && curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \ && echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list \ && apt-get update && apt-get install -y \ google-chrome-beta \ --no-install-recommends \ && apt-get purge --auto-remove -y curl \ && rm -rf /var/lib/apt/lists/* # Add chrome user RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \ && mkdir -p /home/chrome/Downloads && chown -R chrome:chrome /home/chrome COPY local.conf /etc/fonts/local.conf # Run Chrome as non privileged user USER chrome # Autorun chrome ENTRYPOINT [ "google-chrome" ] CMD [ "--user-data-dir=/data" ] ================================================ FILE: chrome/beta/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: chrome/stable/Dockerfile ================================================ # Run Chrome in a container # # docker run -it \ # --net host \ # may as well YOLO # --cpuset-cpus 0 \ # control the cpu # --memory 512mb \ # max memory it can use # -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket # -e DISPLAY=unix$DISPLAY \ # -v $HOME/Downloads:/home/chrome/Downloads \ # -v $HOME/.config/google-chrome/:/data \ # if you want to save state # --security-opt seccomp=$HOME/chrome.json \ # --device /dev/snd \ # so we have sound # --device /dev/dri \ # -v /dev/shm:/dev/shm \ # --name chrome \ # jess/chrome # # You will want the custom seccomp profile: # wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install Chrome RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ hicolor-icon-theme \ libcanberra-gtk* \ libgl1-mesa-dri \ libgl1-mesa-glx \ libpangox-1.0-0 \ libpulse0 \ libv4l-0 \ fonts-symbola \ --no-install-recommends \ && curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \ && echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list \ && apt-get update && apt-get install -y \ google-chrome-stable \ --no-install-recommends \ && apt-get purge --auto-remove -y curl \ && rm -rf /var/lib/apt/lists/* # Add chrome user RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \ && mkdir -p /home/chrome/Downloads && chown -R chrome:chrome /home/chrome COPY local.conf /etc/fonts/local.conf # Run Chrome as non privileged user USER chrome # Autorun chrome ENTRYPOINT [ "google-chrome" ] CMD [ "--user-data-dir=/data" ] ================================================ FILE: chrome/stable/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: chromium/Dockerfile ================================================ # Run Chromium in a container # # docker run -it \ # --net host \ # may as well YOLO # --cpuset-cpus 0 \ # control the cpu # --memory 512mb \ # max memory it can use # -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket # -e DISPLAY=unix$DISPLAY \ # -v $HOME/Downloads:/home/chromium/Downloads \ # -v $HOME/.config/chromium/:/data \ # if you want to save state # --security-opt seccomp=$HOME/chrome.json \ # --device /dev/snd \ # so we have sound # -v /dev/shm:/dev/shm \ # --name chromium \ # jess/chromium # # You will want the custom seccomp profile: # wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install Chromium # Yes, including the Google API Keys sucks but even debian does the same: https://packages.debian.org/stretch/amd64/chromium/filelist RUN apt-get update && apt-get install -y \ chromium \ chromium-l10n \ fonts-liberation \ fonts-roboto \ hicolor-icon-theme \ libcanberra-gtk-module \ libexif-dev \ libgl1-mesa-dri \ libgl1-mesa-glx \ libpangox-1.0-0 \ libv4l-0 \ fonts-symbola \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /etc/chromium.d/ \ && /bin/echo -e 'export GOOGLE_API_KEY="AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k"\nexport GOOGLE_DEFAULT_CLIENT_ID="811574891467.apps.googleusercontent.com"\nexport GOOGLE_DEFAULT_CLIENT_SECRET="kdloedMFGdGla2P1zacGjAQh"' > /etc/chromium.d/googleapikeys # Add chromium user RUN groupadd -r chromium && useradd -r -g chromium -G audio,video chromium \ && mkdir -p /home/chromium/Downloads && chown -R chromium:chromium /home/chromium # Run as non privileged user USER chromium ENTRYPOINT [ "/usr/bin/chromium" ] CMD [ "--user-data-dir=/data" ] ================================================ FILE: clair/Dockerfile ================================================ FROM golang:alpine as builder RUN apk --no-cache add \ ca-certificates \ git \ make ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN go get github.com/quay/clair/cmd/clair || true ENV CLAIR_VERSION v2.1.4 WORKDIR /go/src/github.com/quay/clair RUN git checkout "${CLAIR_VERSION}" RUN go install ./cmd/clair FROM alpine:latest RUN apk --no-cache add \ ca-certificates \ git \ rpm \ xz COPY --from=builder /go/bin/clair /usr/bin/clair ENTRYPOINT [ "clair" ] ================================================ FILE: cli53/Dockerfile ================================================ FROM alpine:latest RUN apk --no-cache add \ ca-certificates \ python \ py2-pip \ && pip install cli53 ENTRYPOINT [ "cli53" ] ================================================ FILE: clisp/.clisprc.lisp ================================================ ;;; The following lines added by ql:add-to-init-file: #-quicklisp (let ((quicklisp-init (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))) (when (probe-file quicklisp-init) (load quicklisp-init))) ================================================ FILE: clisp/Dockerfile ================================================ FROM alpine:latest AS cl-k8s RUN apk add --no-cache \ git RUN git clone https://github.com/brendandburns/cl-k8s.git /cl-k8s FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ clisp \ wget \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* COPY .clisprc.lisp /home/user/.clisprc.lisp COPY --from=cl-k8s /cl-k8s /home/user/quicklisp/local-projects/cl-k8s # Install quicklisp RUN wget -O /home/user/quicklisp.lisp https://beta.quicklisp.org/quicklisp.lisp ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME USER user WORKDIR $HOME # Install quicklisp RUN clisp -x '(load "quicklisp.lisp") (quicklisp-quickstart:install)' ENTRYPOINT [ "clisp" ] ================================================ FILE: cloudapp/Dockerfile ================================================ FROM ruby:alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ libcurl RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ && gem install cloudapp --no-document \ && apk del .build-deps ENTRYPOINT ["cloudapp"] ================================================ FILE: consul/Dockerfile ================================================ FROM golang:latest as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gcc \ git \ make \ ruby-dev \ ruby \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Add yarn to apt repos. RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list # Setup node install. RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - RUN apt-get update && apt-get install -y \ nodejs \ yarn \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV CONSUL_VERSION v1.8.0-beta2 RUN go get github.com/hashicorp/consul || true WORKDIR /go/src/github.com/hashicorp/consul RUN git checkout "${CONSUL_VERSION}" # Install deps for UI. RUN gem install \ bundler \ --no-ri --no-rdoc RUN cd ui-v2 \ && yarn install \ && make \ && rm -rf ../pkg/web_ui \ && mkdir -p ../pkg \ && cp -r dist ../pkg/web_ui RUN TERM=xterm XC_ARCH="amd64" XC_OS="linux" LD_FLAGS=" -extldflags -static" make tools static-assets bin \ && mv bin/consul /usr/bin/consul FROM alpine:latest COPY --from=builder /usr/bin/consul /usr/bin/consul COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "consul" ] CMD [ "--help" ] ================================================ FILE: coredns/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jessie Frazelle " ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk --no-cache add \ bash \ ca-certificates \ git \ make ENV COREDNS_VERSION v1.6.9 RUN git clone --depth 1 --branch ${COREDNS_VERSION} https://github.com/coredns/coredns /go/src/github.com/coredns/coredns WORKDIR /go/src/github.com/coredns/coredns RUN make all \ && mv coredns /usr/bin/coredns FROM alpine:latest COPY --from=builder /usr/bin/coredns /usr/bin/coredns COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "coredns", "-log" ] ================================================ FILE: couchpotato/Dockerfile ================================================ # Couchpotato in a container # # docker run -d \ # --restart always \ # -p 5050:5050 \ # -v /etc/localtime:/etc/localtime:ro \ # -v /volumes/couchpotato:/data \ # --link transmission:transmission \ # --name couchpotato \ # jess/couchpotato # FROM python:2-alpine LABEL maintainer "Jessie Frazelle " # machine parsable metadata, for https://github.com/pycampers/dockapt LABEL "registry_image"="r.j3ss.co/couchpotato" LABEL "docker_run_flags"="-d \ --restart always \ -p 5050:5050 \ -v /etc/localtime:/etc/localtime:ro \ -v /volumes/couchpotato:/data \ --link transmission:transmission \ --name couchpotato" RUN apk add --no-cache \ ca-certificates \ gcc \ git \ libffi-dev \ libxml2-dev \ libxslt-dev \ musl-dev \ openssl-dev \ && rm -rf /var/lib/apt/lists/* RUN pip install \ lxml \ pyopenssl EXPOSE 5050 ENV COUCHPOTATO_VERSION master RUN git clone https://github.com/RuudBurger/CouchPotatoServer.git /usr/src/couchpotato \ && ( \ cd /usr/src/couchpotato \ && git checkout "${COUCHPOTATO_VERSION}" \ ) WORKDIR /usr/src/couchpotato ENTRYPOINT [ "python", "CouchPotato.py", "--debug" ] CMD [ "--data_dir", "/data" ] ================================================ FILE: cura/Dockerfile ================================================ FROM ubuntu:bionic RUN apt-get update && apt-get install -y \ ca-certificates \ libgfortran4 \ libssl-dev \ wget \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN wget https://gitlab.com/lulzbot3d/cura-le/cura-lulzbot/uploads/0676b39295476b93181fa8a512f34265/cura-lulzbot_3.2.21_amd64.deb -O /tmp/cura.deb \ && apt update \ && dpkg -i /tmp/cura.deb || true \ && apt-get -yf install \ && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/cura.deb CMD ["cura-lulzbot"] ================================================ FILE: curl/Dockerfile ================================================ # # This Dockerfile builds a recent curl with HTTP/2 client support, using # a recent nghttp2 build. # # See the Makefile for how to tag it. If Docker and that image is found, the # Go tests use this curl binary for integration tests. # FROM alpine:latest RUN apk add --no-cache \ ca-certificates \ nghttp2 \ openssl ENV CURL_VERSION 7.70.0 RUN set -x \ && apk add --no-cache --virtual .build-deps \ g++ \ make \ nghttp2-dev \ openssl-dev \ perl \ gnupg \ && wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2 \ && wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2.asc \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \ && gpg --verify curl-$CURL_VERSION.tar.bz2.asc \ && tar xjvf curl-$CURL_VERSION.tar.bz2 \ && rm curl-$CURL_VERSION.tar.bz2 \ && ( \ cd curl-$CURL_VERSION \ && ./configure \ --with-nghttp2=/usr \ --with-ssl \ --enable-ipv6 \ --enable-unix-sockets \ --without-libidn \ --disable-static \ --disable-ldap \ --with-pic \ && make \ && make install \ ) \ && rm -r curl-$CURL_VERSION \ && rm -r /usr/share/man \ && apk del .build-deps ENTRYPOINT ["/usr/local/bin/curl"] CMD ["-h"] ================================================ FILE: dcos-cli/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ python \ py2-pip \ && pip install dcoscli # path to the DCOS CLI binary RUN echo 'export PATH=$PATH:/dcos/bin;' >> ~/.bashrc ENTRYPOINT [ "dcos" ] ================================================ FILE: debootstrap/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ debootstrap \ git \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "debootstrap" ] ================================================ FILE: distcc/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ distcc \ git \ make \ libncurses5-dev \ libssl-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /root WORKDIR $HOME COPY distccd-init /usr/local/bin/distccd-init ENTRYPOINT [ "distccd-init" ] ================================================ FILE: distcc/distccd-init ================================================ #! /bin/sh # # distccd Debian init.d script contributed by Jason Thomas. (Debian #161136) # # skeleton example file to build /etc/init.d/ scripts. # This file should be used to construct scripts for /etc/init.d. # # Written by Miquel van Smoorenburg . # Modified for Debian GNU/Linux # by Ian Murdock . # # Version: @(#)skeleton 1.9.1 08-Apr-2002 miquels@cistron.nl # set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/distccd NAME=distccd DAEMON_ARGS="--nice=10 --port=4200 --pid-file=/var/run/${NAME}.pid --no-detach $*" test -x $DAEMON || exit 0 # we need permission to write to the pid file touch /var/run/$NAME.pid chown distccd /var/run/$NAME.pid # shellcheck disable=SC2086 exec $DAEMON $DAEMON_ARGS ================================================ FILE: doctor/Dockerfile ================================================ # DESCRIPTION: Run text-based emacs doctor in a container # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build doctor in a container with all # dependencies installed. # Tested on Debian Jessie # USAGE: # # Download doctor Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/doctor/Dockerfile # # # Build doctor image # docker build -t doctor . # # docker run -it jess/doctor # # Base docker image FROM alpine:latest LABEL maintainer "Jessie Frazelle " # Install emacs: # Note: Emacs is only community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64 RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \ emacs # Autorun doctor CMD ["/usr/bin/emacs", "-f", "doctor"] ================================================ FILE: dunnet/Dockerfile ================================================ # DESCRIPTION: Run text-based game dunnet in a container # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build dunnet in a container with all # dependencies installed. # Tested on Debian Jessie # USAGE: # # Download dunnet Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/dunnet/Dockerfile # # # Build dunnet image # docker build -t dunnet . # # docker run -it dunnet # # Base docker image FROM alpine:latest LABEL maintainer "Jessie Frazelle " # Install emacs: # Note: Emacs is only in community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64 RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \ emacs # Autorun dunnet CMD ["/usr/bin/emacs", "-batch", "-l", "dunnet"] ================================================ FILE: evince/Dockerfile ================================================ # Evince in a container # # docker run -it \ # -v $HOME/documents/:/root/documents/ \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=$DISPLAY \ # evince # FROM alpine:latest LABEL maintainer "Christian Koep " RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ evince \ ttf-opensans CMD ["/usr/bin/evince"] ================================================ FILE: figma-wine/Dockerfile ================================================ # Run figma windows app in a container with wine # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # --cpuset-cpus 0 \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd:/dev/snd \ # --name figma-wine \ # jess/figma-wine bash # FROM r.j3ss.co/wine LABEL maintainer "Jessie Frazelle " ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && curl -sSL "https://desktop.figma.com/win/FigmaSetup.exe" > ${HOME}/FigmaSetup.exe \ && chown -R user:user $HOME WORKDIR $HOME USER user RUN echo "wine runas /trustlevel:0x20000 FigmaSetup.exe" > /home/user/.bash_history RUN echo "winetricks dotnet45" >> /home/user/.bash_history RUN echo "winecfg" >> /home/user/.bash_history CMD [ "bash" ] ================================================ FILE: firefox/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ dirmngr \ gnupg \ --no-install-recommends \ && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0AB215679C571D1C8325275B9BDB3D89CE49EC21 \ && echo "deb http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu xenial main" >> /etc/apt/sources.list.d/firefox.list \ && apt-get update && apt-get install -y \ apulse \ ca-certificates \ ffmpeg \ firefox \ hicolor-icon-theme \ libasound2 \ libgl1-mesa-dri \ libgl1-mesa-glx \ libpulse0 \ fonts-noto \ fonts-noto-cjk \ fonts-noto-color-emoji \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV LANG en-US COPY local.conf /etc/fonts/local.conf RUN echo 'pref("browser.tabs.remote.autostart", false);' >> /etc/firefox/syspref.js COPY entrypoint.sh /usr/bin/startfirefox ENTRYPOINT [ "startfirefox" ] ================================================ FILE: firefox/alpine/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Christian Koep " RUN apk add --no-cache \ alsa-lib \ ca-certificates \ firefox-esr \ hicolor-icon-theme \ mesa-dri-intel \ mesa-gl \ ttf-dejavu ENTRYPOINT ["/usr/bin/firefox"] ================================================ FILE: firefox/entrypoint.sh ================================================ #!/bin/bash if [[ -e /dev/snd ]]; then exec apulse firefox "$@" else exec firefox "$@" fi ================================================ FILE: firefox/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: fleet/Dockerfile ================================================ FROM golang:alpine AS builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk add --no-cache \ ca-certificates \ gcc \ git \ make \ npm \ yarn ENV FLEET_VERSION 2.6.0 RUN git clone --depth 1 --branch "${FLEET_VERSION}" https://github.com/kolide/fleet.git /go/src/github.com/kolide/fleet WORKDIR /go/src/github.com/kolide/fleet ENV GO111MODULE on RUN make deps generate RUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /usr/bin/fleet ./cmd/fleet RUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /usr/bin/fleetctl ./cmd/fleetctl FROM r.j3ss.co/osquery AS osquery FROM scratch COPY --from=builder /usr/bin/fleet /usr/bin/fleet COPY --from=builder /usr/bin/fleetctl /usr/bin/fleetctl COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs COPY --from=osquery /usr/share/osquery/packs /packs ENTRYPOINT [ "fleet" ] CMD [ "--help" ] ================================================ FILE: fontforge/Dockerfile ================================================ # Run Fontforge in a container # # state=$HOME # mkdir -p $state/fontforge # docker run --rm \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # -v $state/fontforge:/home/fontforge \ # --name fontforge \ # fghj/fontforge # Base docker image FROM ubuntu:16.04 LABEL maintainer "Axel Svensson " RUN apt-get update \ && apt-get install -y \ software-properties-common \ --no-install-recommends \ && add-apt-repository ppa:fontforge/fontforge \ && apt-get update \ && apt-get install -y \ fontforge \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/fontforge RUN useradd --create-home --home-dir $HOME fontforge WORKDIR $HOME USER fontforge CMD [ "fontforge" ] ================================================ FILE: fontpatcher/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ python-fontforge \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN buildDeps=' \ ca-certificates \ git \ ' \ set -x \ && apt-get update \ && apt-get install -y $buildDeps --no-install-recommends \ && git clone --depth 1 --branch develop https://github.com/Lokaltog/vim-powerline.git /pwrline \ && ( \ cd /pwrline \ && mv fontpatcher/fontpatcher /usr/bin/ \ && mv fontpatcher/PowerlineSymbols.sfd /usr/bin/ \ ) \ && rm -rf /pwrline \ && apt-get purge -y --auto-remove $buildDeps \ && rm -rf /var/lib/apt/lists/* \ && echo "Build complete." ENTRYPOINT [ "fontpatcher" ] ================================================ FILE: fontpatcher/README.md ================================================ # fontpatcher How to use: 1. Enter the directory where the font file lives you wish to patch. 2. Run: $ docker run --rm -it \ -v $(pwd):/workdir \ --workdir /workdir \ r.j3ss.co/fontpatcher myfontfile.otf 3. You should have a `myfontfile-Powerline.otf` as an artifact. 4. Copy the font file into ``~/.fonts`` (or another X font directory):: $ cp MyFontFile-Powerline.otf ~/.fonts **Note:** If the font is a pure bitmap font (e.g. a PCF font) it will be stored in the BDF format. This is usually not a problem, and you may convert the font back to the PCF format using ``bdftopcf`` if you want to. All other fonts will be stored in the OTF format regardless of the original format. 5. Update your font cache:: $ sudo fc-cache -vf **Note:** If you use vim in rxvt-unicode in the client/daemon mode, you may need to close all running terminals as well for the font to be updated. ================================================ FILE: foss-heartbeat/Dockerfile ================================================ FROM python:3-alpine RUN apk add --no-cache \ ca-certificates \ bash \ gfortran \ lapack \ openjdk8-jre-base \ py3-numpy \ py3-scipy # Install the requirements RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ git \ lapack-dev \ libffi-dev \ openssl-dev \ && ln -s /usr/include/locale.h /usr/include/xlocale.h \ && git clone --depth 1 https://github.com/sarahsharp/foss-heartbeat.git /usr/src/foss-heartbeat \ && ( \ cd /usr/src/foss-heartbeat \ && cat requirements.txt | grep -v numpy | grep -v scipy | tee requirements.txt \ && pip install -r requirements.txt \ && pip install statistics \ ) \ && apk del .build-deps WORKDIR /usr/src/foss-heartbeat ================================================ FILE: freeradius/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ freeradius \ freeradius-python \ freeradius-radclient \ freeradius-sql \ freeradius-sqlite \ openssl-dev \ python2 \ sqlite ENTRYPOINT [ "radiusd" ] CMD [ "-xx","-f" ] ================================================ FILE: gcalcli/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " ENV HOME /home/gcalcli RUN apk --no-cache add \ python3 \ python3-dev \ build-base \ && adduser -S gcalcli \ && chown -R gcalcli $HOME \ && pip3 install vobject parsedatetime gcalcli WORKDIR $HOME USER gcalcli ENTRYPOINT [ "gcalcli" ] ================================================ FILE: gcc/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ gcc \ libc6-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ================================================ FILE: gcloud/Dockerfile ================================================ FROM python:2-alpine ENV PATH $PATH:/usr/src/google-cloud-sdk/bin ENV CLOUD_SDK_DOCKER_VERSION 295.0.0 RUN set -x \ && apk add --no-cache --virtual .build-deps \ curl \ ca-certificates \ tar \ && curl -sSL -o /tmp/google-cloud-sdk.tar.gz "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_DOCKER_VERSION}-linux-x86_64.tar.gz" \ && mkdir -p /usr/src/google-cloud-sdk \ && tar -xzf /tmp/google-cloud-sdk.tar.gz -C /usr/src/google-cloud-sdk --strip-components 1 \ && rm /tmp/google-cloud-sdk.tar.gz \ && ( \ cd /usr/src/google-cloud-sdk \ && ./install.sh \ --usage-reporting false \ --path-update false \ ) \ && apk del .build-deps \ && gcloud components update \ && gcloud version WORKDIR /root ENTRYPOINT ["gcloud"] ================================================ FILE: geary/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ geary \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "geary" ] ================================================ FILE: ghostscript/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ghostscript ENTRYPOINT ["gs"] ================================================ FILE: gimp/Dockerfile ================================================ # Run gimp in a contianer # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # -v $HOME/Pictures:/root/Pictures \ # --name gimp \ # jess/gimp # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ gimp \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "gimp" ] ================================================ FILE: github-dev/Dockerfile ================================================ FROM golang:alpine MAINTAINER Jessica Frazelle RUN apk add --no-cache \ bash \ ca-certificates \ curl \ gcc \ git \ gnupg \ jq \ make \ musl-dev \ libseccomp-dev \ linux-headers RUN go get golang.org/x/lint/golint RUN go get honnef.co/go/tools/cmd/staticcheck # TODO: remove this eventually RUN go get golang.org/x/crypto/ssh/terminal COPY upload-assets /usr/bin/upload-assets COPY release-email-notification /usr/bin/release-email-notification COPY cleanup-pr-branch /usr/bin/cleanup-pr-branch ================================================ FILE: github-dev/cleanup-pr-branch ================================================ #!/bin/bash set -e set -o pipefail if [[ -n "$TOKEN" ]]; then GITHUB_TOKEN=$TOKEN fi if [[ -z "$GITHUB_TOKEN" ]]; then echo "Set the GITHUB_TOKEN env variable." exit 1 fi if [[ -z "$GITHUB_REPOSITORY" ]]; then echo "Set the GITHUB_REPOSITORY env variable." exit 1 fi URI=https://api.github.com API_VERSION=v3 API_HEADER="Accept: application/vnd.github.${API_VERSION}+json" AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" main(){ action=$(jq --raw-output .action "$GITHUB_EVENT_PATH") merged=$(jq --raw-output .pull_request.merged "$GITHUB_EVENT_PATH") echo "action: $action merged: $merged" if [[ "$action" == "closed" ]] && [[ "$merged" == "true" ]]; then # delete the branch. ref=$(jq --raw-output .pull_request.head.ref "$GITHUB_EVENT_PATH") owner=$(jq --raw-output .pull_request.head.repo.owner.login "$GITHUB_EVENT_PATH") repo=$(jq --raw-output .pull_request.head.repo.name "$GITHUB_EVENT_PATH") if [[ "$ref" == "master" ]]; then # Never delete the master branch. echo "Will not delete master branch for ${owner}/${repo}, exiting." exit 0 fi echo "Deleting branch ref $ref for owner ${owner}/${repo}..." curl -XDELETE -sSL \ -H "${AUTH_HEADER}" \ -H "${API_HEADER}" \ "${URI}/repos/${owner}/${repo}/git/refs/heads/${ref}" echo "Branch delete success!" fi } main "$@" ================================================ FILE: github-dev/release-email-notification ================================================ #!/bin/bash set -e set -o pipefail set -x if [[ -z "$MAILGUN_API_KEY" ]]; then echo "Set the MAILGUN_API_KEY env variable." exit 1 fi if [[ -n "$MAILGUN_DOMAIN" ]]; then MAILGUN_DOMAIN_NAME=$MAILGUN_DOMAIN fi if [[ -z "$MAILGUN_DOMAIN_NAME" ]]; then echo "Set the MAILGUN_DOMAIN_NAME env variable." exit 1 fi if [[ -z "$TO_NAME" ]]; then echo "Set the TO_NAME env variable." exit 1 fi if [[ -z "$TO_EMAIL" ]]; then echo "Set the TO_EMAIL env variable." exit 1 fi curl -sSL --user "api:${MAILGUN_API_KEY}" \ "https://api.mailgun.net/v3/${MAILGUN_DOMAIN_NAME}/messages" \ -F 'from="Mailgun API "' \ -F "to=${TO_NAME}" \ -F "to=${TO_EMAIL}" \ -F 'subject="[github action]: Release '"${GITHUB_REPOSITORY}"':'"${GITHUB_REF}"' uploaded"' \ -F 'text="The release has been uploaded for https://github.com/'"${GITHUB_REPOSITORY}"'/releases"' ================================================ FILE: github-dev/upload-assets ================================================ #!/bin/bash if [[ -n "$TOKEN" ]]; then GITHUB_TOKEN=$TOKEN fi if [[ -z "$GITHUB_TOKEN" ]]; then echo "Set the GITHUB_TOKEN env variable." exit 1 fi if [[ -z "$GITHUB_REPOSITORY" ]]; then echo "Set the GITHUB_REPOSITORY env variable." exit 1 fi if [[ -z "$GITHUB_REF" ]]; then echo "Set the GITHUB_REF env variable." exit 1 fi URI=https://api.github.com API_VERSION=v3 API_HEADER="Accept: application/vnd.github.${API_VERSION}+json" AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" main(){ local files if [ "$#" -eq 0 ]; then echo "Must pass files to be uploaded..." exit 1 fi files=( "$@" ) # Validate the GitHub token. curl -o /dev/null -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${GITHUB_REPOSITORY}" || { echo "Error: Invalid repo, token or network issue!"; exit 1; } echo "Github ref: ${GITHUB_REF}" # Get the tags. tag_response=$(curl -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${GITHUB_REPOSITORY}/tags") tag_name=$(echo "$tag_response" | jq -e --raw-output .[0].name) # Get the latest release. latest_response=$(curl -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${GITHUB_REPOSITORY}/releases/latest") latest_release=$(echo "$latest_response" | jq -e --raw-output .tag_name) release_id=$(echo "$latest_response" | jq -e --raw-output .id) if [[ "$tag_name" != "$latest_release" ]] || [[ "$release_id" == "null" ]]; then # Create the release. echo "Creating release for tag name: ${tag_name}" response=$(curl -XPOST -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${GITHUB_REPOSITORY}/releases" --data '{"tag_name": "'"${tag_name}"'","name":"'"${tag_name}"'","draft":false,"prerelease":false}') release_id=$(echo "$response" | jq -e --raw-output .id) fi if [[ "$release_id" == "null" ]]; then echo "Release ID cannot be null." exit 1 fi # Upload the files. echo "Uploading files: ${files[*]}" echo "For tag name: ${tag_name}" # shellcheck disable=SC2068 for file in ${files[@]}; do filename=$(basename "$file") rp=$(realpath "$file") curl -sSL -H "${AUTH_HEADER}" \ --data-binary @"$rp" \ -H "Content-Type: application/octet-stream" \ "https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${release_id}/assets?name=${filename}&access_token=${GITHUB_TOKEN}" echo "Successfully uploaded: ${rp}" done echo "Uploading assets to ${tag_name} complete!" } main "$@" ================================================ FILE: gitiles/Dockerfile ================================================ FROM l.gcr.io/google/bazel:latest LABEL maintainer "Jessie Frazelle " # https://gerrit.googlesource.com/gitiles/ ENV GITILES_VERSION v0.4 RUN apt-get update && apt-get install -y \ bash \ ca-certificates \ curl \ git \ openjdk-8-jdk \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # install bazel RUN set -x \ && git clone --depth 1 --branch "${GITILES_VERSION}" https://gerrit.googlesource.com/gitiles /usr/src/gitiles \ && ( \ cd /usr/src/gitiles \ && bazel build java/com/google/gitiles/dev \ && cp -rL bazel-bin bin \ && rm -rf bazel-bin \ ) COPY start.sh /usr/bin/start.sh ENTRYPOINT [ "/usr/bin/start.sh" ] ================================================ FILE: gitiles/start.sh ================================================ #!/bin/bash set -e ROOT=/usr/src/gitiles PROPERTIES= if [ "x$1" != "x" ]; then PROPERTIES="--jvm_flag=-Dcom.google.gitiles.configPath=$1" else PROPERTIES="--jvm_flag=-Dcom.google.gitiles.configPath=/gitfiles.config" cat > /gitfiles.config <<-EOF [gitiles] # Repositories placed here basePath = /home/git # Do not check they are exported exportAll = true # This URL will be displayed as clone URL. DO NOT FORGET TRAILING SLASH! baseGitUrl = ${BASE_GIT_URL}: # Title of site (doh) siteTitle = Gitiles - ${SITE_TITLE} # I dunno why, but it is have to be configured. canonicalHostName = ${SITE_TITLE} [google] analyticsId = UA-${GA_ID} EOF fi PROPERTIES="$PROPERTIES --jvm_flag=-Dcom.google.gitiles.sourcePath=$ROOT" # shellcheck disable=SC2086 exec "${ROOT}/bin/java/com/google/gitiles/dev/dev" $PROPERTIES ================================================ FILE: gitserver/Dockerfile ================================================ # Run a git server in a container. # # docker run --rm -it -p 1234:22 \ # -e DEBUG=true \ # -e "PUBKEY=$(cat ~/.ssh/id_ed25519.pub)" \ # --name gitserver \ # jess/gitserver FROM alpine:latest LABEL maintainer "Jessie Frazelle " ENV HOME /root RUN apk --no-cache add \ bash \ git \ openssh \ && sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config \ && sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config \ && echo -e "AllowUsers git\n" >> /etc/ssh/sshd_config \ && echo -e "Port 22\n" >> /etc/ssh/sshd_config \ && addgroup git \ && adduser -D -S -s /usr/bin/git-shell -h /home/git -g git git \ && mkdir -p /home/git/.ssh \ && chown -R git:git /home/git \ && passwd -u git ENV HOME /home/git EXPOSE 22 WORKDIR $HOME COPY ./start.sh / COPY create_repo /usr/bin/create_repo ENTRYPOINT ["/start.sh"] CMD ["/usr/sbin/sshd", "-D", "-e", "-f", "/etc/ssh/sshd_config"] ================================================ FILE: gitserver/create_repo ================================================ #!/bin/bash set -e set -o pipefail repo=$1 if [[ "$repo" != *.git ]]; then repo="${repo}.git" fi echo "Creating $repo" ( cd "$HOME" git init --bare "$repo" chown -R git:git "$repo" ) ================================================ FILE: gitserver/start.sh ================================================ #!/bin/bash set -e set -o pipefail [ "$DEBUG" == 'true' ] && set -x DAEMON=sshd HOSTKEY=/etc/ssh/ssh_host_ed25519_key # create the host key if not already created if [[ ! -f "${HOSTKEY}" ]]; then ssh-keygen -A fi mkdir -p "${HOME}/.ssh" # shellcheck disable=SC1091 source /etc/profile [ "$PUBKEY" ] && echo "$PUBKEY" > "${HOME}/.ssh/authorized_keys" chown -R git:git "${HOME}" chmod -R 755 "${HOME}" # Fix permissions, if writable if [[ -w "${HOME}/.ssh" ]]; then chown git:git "${HOME}/.ssh" && chmod 700 "${HOME}/.ssh/" fi if [[ -w "${HOME}/.ssh/authorized_keys" ]]; then chown git:git "${HOME}/.ssh/authorized_keys" chmod 600 "${HOME}/.ssh/authorized_keys" fi # Warn if no config if [[ ! -e "${HOME}/.ssh/authorized_keys" ]]; then echo "WARNING: No SSH authorized_keys found for git" fi # set the default shell mkdir -p "${HOME}/git-shell-commands" cat > "${HOME}/git-shell-commands/no-interactive-login" <<\EOF #!/bin/sh printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" printf '%s\n' "provide interactive shell access." exit 128 EOF chmod +x "${HOME}/git-shell-commands/no-interactive-login" stop() { echo "Received SIGINT or SIGTERM. Shutting down $DAEMON" # Get PID pid=$(cat "/var/run/${DAEMON}/${DAEMON}.pid") # Set TERM kill -SIGTERM "${pid}" # Wait for exit wait "${pid}" # All done. echo "Done." } # shellcheck disable=SC2145 echo "Running $@" if [[ "$(basename "$1")" == "$DAEMON" ]]; then trap stop SIGINT SIGTERM # shellcheck disable=SC2068 $@ & pid="$!" mkdir -p "/var/run/${DAEMON}" && echo "${pid}" > "/var/run/${DAEMON}/${DAEMON}.pid" wait "${pid}" && exit $? else exec "$@" fi ================================================ FILE: gitsome/Dockerfile ================================================ # Run gitsome command line tool: # https://github.com/donnemartin/gitsome # # Usage: # docker run --rm -it \ # -v ${HOME}/.gitsomeconfig:/home/anon/.gitsomeconfig \ # -v ${HOME}/.gitsomeconfigurl:/home/anon/.gitsomeconfigurl \ # r.j3ss.co/gitsome # FROM python:3.5-alpine RUN apk add --no-cache \ bash RUN pip3 install gitsome ENV HOME /home/anon RUN adduser -S anon \ && chown -R anon $HOME WORKDIR $HOME USER anon ENTRYPOINT ["gitsome"] ================================================ FILE: gixy/Dockerfile ================================================ # Run gixy command line tool for static nginx analysis: # https://github.com/yandex/gixy # # Usage: # docker run --rm -it \ # -v /etc/nginx:/etc/nginx \ # r.j3ss.co/gixy /etc/nginx/nginx.conf # FROM python:2-alpine RUN pip install gixy ENTRYPOINT ["gixy"] ================================================ FILE: glxgears/Dockerfile ================================================ # To use: # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/dri \ # jess/glxgears # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install all the things RUN apt-get update && apt-get install -y \ mesa-utils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV LIBGL_DEBUG verbose ENTRYPOINT [ "glxgears" ] ================================================ FILE: gmail-britta/Dockerfile ================================================ FROM ruby:alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ coreutils RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ && gem install gmail-britta --no-document \ && apk del .build-deps ================================================ FILE: gnuplot/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \ gnuplot ENTRYPOINT ["gnuplot"] ================================================ FILE: golinks/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ git ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN go get github.com/kellegous/go || true \ && cd /go/src/github.com/kellegous/go \ && go build ./cmd/go \ && mv go /usr/bin/go FROM alpine:latest COPY --from=builder /usr/bin/go /usr/bin/go COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "go" ] ================================================ FILE: gparted/Dockerfile ================================================ # DESCRIPTION: Create gparted container with its dependencies # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build a gparted container with all # dependencies installed. It uses native X11 unix socket. # Tested on Debian Jessie # USAGE: # # Download gparted Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/gparted/Dockerfile # # # Build gparted image # docker build -t gparted . # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # --device=/dev/sda:/dev/sda \ # --device=/dev/mem:/dev/mem \ # --cap-add SYS_RAWIO \ # -e DISPLAY=unix$DISPLAY gparted # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install Gparted and its dependencies RUN apt-get update && apt-get install -y \ dosfstools \ gparted \ libcanberra-gtk-module \ procps \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Autorun gparted CMD ["/usr/sbin/gparted"] ================================================ FILE: guetzli/Dockerfile ================================================ # guetzli # # docker run --rm -it \ # -v ${PWD}:/tmp \ # r.j3ss.co/guetzli:latest \ # --verbose /tmp/example.jpg /tmp/example.compressed.jpg FROM alpine:latest LABEL maintainer "Christian Koep " RUN apk --no-cache add \ libpng \ libstdc++ \ libgcc ENV GUETZLI_VERSION v1.0.1 ENV APPDIR /usr/src/guetzli RUN buildDeps=' \ g++ \ git \ libpng-dev \ make \ ' \ set -x \ && apk --no-cache add $buildDeps \ && git clone --depth 1 --branch "${GUETZLI_VERSION}" "https://github.com/google/guetzli.git" "${APPDIR}" \ && ( \ cd "${APPDIR}" \ && make \ && mv "${APPDIR}/bin/Release/guetzli" /usr/local/bin/guetzli \ ) \ && apk del $buildDeps \ && rm -rf "${APPDIR}" \ && echo "Build complete." ENTRYPOINT [ "/usr/local/bin/guetzli" ] ================================================ FILE: hollywood/Dockerfile ================================================ FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:hollywood/ppa && \ apt-get update && \ apt-get install -y \ byobu \ hollywood \ locate \ mlocate \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && updatedb ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME WORKDIR $HOME USER user CMD [ "hollywood" ] ================================================ FILE: htop/Dockerfile ================================================ # htop in a container # # docker run --rm -it \ # --pid host \ # jess/htop # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ htop CMD [ "htop" ] ================================================ FILE: htpasswd/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ apache2-utils ENTRYPOINT [ "htpasswd" ] ================================================ FILE: httpbin/Dockerfile ================================================ # Run HTTPBin in a container # # USAGE # # docker run -d \ # -p 8080:8080 \ # --name httpbin \ # jess/httpbin # FROM python:3-alpine RUN apk add --no-cache --virtual .build-deps \ build-base \ libffi-dev \ && pip3 install --no-cache-dir \ gevent \ gunicorn \ httpbin \ && apk del .build-deps CMD ["gunicorn", "-b", "0.0.0.0:8080", "httpbin:app", "-k", "gevent"] ================================================ FILE: httpie/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ python \ py2-pip \ && pip install httpie httpie-unixsocket ENTRYPOINT [ "http" ] ================================================ FILE: iceweasel/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ hicolor-icon-theme \ firefox-esr \ libgl1-mesa-dri \ libgl1-mesa-glx \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* COPY local.conf /etc/fonts/local.conf ENTRYPOINT [ "firefox" ] ================================================ FILE: iceweasel/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: imagemagick/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ imagemagick CMD [ "echo", "Use one of the following commands [ animate | compare | composite | conjure | convert | display | identify | import | mogrify | montage | stream ]" ] ================================================ FILE: imagemin/Dockerfile ================================================ # Run imagemin in a container: # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # -v $HOME/Pictures:/root/Pictures \ # --entrypoint bash \ # jess/imagemin # FROM node:alpine LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ file \ libpng RUN set -x \ && apk add --no-cache --virtual .build-deps \ autoconf \ automake \ build-base \ libpng-dev \ nasm \ && npm install --global imagemin-cli \ && apk del .build-deps CMD [ "imagemin", "--help" ] ================================================ FILE: inkscape/Dockerfile ================================================ # Run inkscape in a container # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /inkscape/:/workspace \ # -e DISPLAY=unix$DISPLAY \ # jess/inkscape # FROM ubuntu:16.04 LABEL maintainer "Daniel Romero " ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ python-software-properties \ software-properties-common RUN add-apt-repository ppa:inkscape.dev/stable && \ apt-get update && apt-get install -y \ inkscape \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* VOLUME /workspace WORKDIR /workspace ENTRYPOINT [ "inkscape" ] ================================================ FILE: irssi/Dockerfile ================================================ FROM alpine:latest RUN apk --no-cache add \ ca-certificates \ perl-datetime \ perl-timedate ENV HOME /home/user RUN adduser -u 1001 -D user \ && mkdir -p $HOME/.irssi \ && chown -R user:user $HOME ENV LANG C.UTF-8 ENV IRSSI_VERSION 1.2.2 # https://otr.cypherpunks.ca/index.php#downloads ENV LIB_OTR_VERSION 4.1.1 # https://github.com/cryptodotis/irssi-otr/releases ENV IRSSI_OTR_VERSION 1.0.2 RUN set -x \ && apk add --no-cache --virtual .build-deps \ autoconf \ automake \ curl \ gcc \ glib-dev \ gnupg \ libc-dev \ libgcrypt-dev \ libtool \ lynx \ make \ ncurses-dev \ openssl-dev \ perl-dev \ pkgconf \ tar \ xz \ && curl -sSL "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz" -o /tmp/irssi.tar.xz \ && curl -sSL "https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz.asc" -o /tmp/irssi.tar.xz.asc \ && export GNUPGHOME="$(mktemp -d)" \ # gpg: key DDBEF0E1: public key "The Irssi project " imported && gpg --no-tty --keyserver ha.pool.sks-keyservers.net --recv-keys 7EE65E3082A5FB06AC7C368D00CCB587DDBEF0E1 \ && gpg --batch --verify /tmp/irssi.tar.xz.asc /tmp/irssi.tar.xz \ && rm -rf "$GNUPGHOME" /tmp/irssi.tar.xz.asc \ && mkdir -p /usr/src \ && tar -xJf /tmp/irssi.tar.xz -C /usr/src \ && rm /tmp/irssi.tar.xz \ && ( \ cd /usr/src/irssi-$IRSSI_VERSION \ && ./configure \ --enable-true-color \ --with-bot \ --with-proxy \ --with-socks \ --prefix=/usr \ && make -j$(getconf _NPROCESSORS_ONLN) \ && make install \ ) \ && curl -sSL "https://otr.cypherpunks.ca/libotr-${LIB_OTR_VERSION}.tar.gz" -o /tmp/libotr.tar.gz \ && curl -sSL "https://otr.cypherpunks.ca/libotr-${LIB_OTR_VERSION}.tar.gz.asc" -o /tmp/libotr.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ # gpg: key 42C2ABAD: public key "OTR Dev Team (Signing Key) " imported && curl -sSL https://otr.cypherpunks.ca/gpgkey.asc | gpg --no-tty --import \ && gpg --batch --verify /tmp/libotr.tar.gz.asc /tmp/libotr.tar.gz \ && rm -rf "$GNUPGHOME" /tmp/libotr.tar.gz.asc \ && mkdir -p /usr/src/libotr \ && tar -xzf /tmp/libotr.tar.gz -C /usr/src/libotr --strip-components 1 \ && rm /tmp/libotr.tar.gz \ && ( \ cd /usr/src/libotr \ && ./configure \ --with-pic \ --prefix=/usr \ && make \ && make install \ ) \ && mkdir -p /usr/src/irssi-otr \ && curl -sSL "https://github.com/cryptodotis/irssi-otr/archive/v${IRSSI_OTR_VERSION}.tar.gz" -o /tmp/irssi-otr.tar.gz \ && mkdir -p /usr/src/irssi-otr \ && tar -xf /tmp/irssi-otr.tar.gz -C /usr/src/irssi-otr --strip-components 1 \ && rm -f /tmp/irssi-otr.tar.gz \ && ( \ cd /usr/src/irssi-otr \ && ./bootstrap \ && ./configure \ --prefix=/usr \ && make \ && make install \ ) \ && rm -rf /usr/src/irssi-$IRSSI_VERSION \ && rm -rf /usr/src/libotr \ && rm -rf /usr/src/irssi-otr \ && runDeps="$( \ scanelf --needed --nobanner --recursive /usr \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ && apk add --no-cache --virtual .irssi-rundeps $runDeps perl-libwww \ && apk del .build-deps WORKDIR $HOME VOLUME $HOME/.irssi USER user CMD ["irssi"] ================================================ FILE: john/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ gmp \ libgomp RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ gcc \ git \ gmp-dev \ krb5-dev \ libressl-dev \ make \ perl \ && git clone --depth 1 https://github.com/magnumripper/JohnTheRipper.git /usr/src/johntheripper \ && ( \ cd /usr/src/johntheripper/src \ && ./configure || cat config.log \ && make \ && cp -r ../run/* /usr/local/bin/ \ ) \ && rm -rf /usr/src/johntheripper \ && apk del .build-deps COPY john.ini /root/john.ini COPY passwd.lst /root/passwd.lst WORKDIR /root ENTRYPOINT [ "john" ] ================================================ FILE: john/john.ini ================================================ # # This file is part of John the Ripper password cracker, # Copyright (c) 1996-98 by Solar Designer # [Options] # Wordlist file name, to be used in batch mode Wordfile = ~/passwd.lst # Use idle cycles only Idle = N # Crash recovery file saving delay in seconds Save = 600 # Beep when a password is found (who needs this anyway?) Beep = N ================================================ FILE: john/passwd.lst ================================================ _ !@#$% !@#$%^ !@#$%^& !@#$%^&* !@#$%^&* !@#$%^& !@#$%^ !@#$% @#$%^& @#$%^& * 0000 00000 000000 000000 00000000 00000000 0007 0007 007 007 007007 007007 010203 012345 0123456 0123456789 0246 0249 0852 098765 0987654321 1 1 101010 102030 1022 1022 10sne1 10sne1 1111 11111 111111 111111 11111111 112233 11235813 1212 121212 121212 1213 1214 1225 1225 123 123 123123 123123 123123123 123321 1234 1234 12345 12345 123456 123456 1234567 1234567 12345678 12345678 123456789 1234567890 12345678910 123456a 1234qwer 1234qwer 123654 123789 123abc 123abc 123go 123go 123qwe 1313 1313 131313 131313 1316 1332 13579 13579 1412 141414 1430 14430 147258 147258369 147852 147852369 151515 159357 159753 1701d 1701d 171717 1818 181818 1911 1928 1928 1948 1950 1951 1952 1953 1955 1956 1960 1964 1969 1973 1975 1977 1978 1991 1996 1998 1a2b3c 1a2b3c 1chris 1kitty 1p2o3i 1q2w3e 1q2w3e 1q2w3e4r 1qaz2wsx 1qw23e 1qw23e 1sanjose 2000 2001 2020 202020 2112 2112 21122112 21122112 212121 22 2200 2222 2222 222222 2252 232323 242424 246810 252525 2580 2kids 2welcome 3010 3112 3141 333 333333 3533 369 369 3bears 4055 4444 4444 444444 456123 456789 4788 4854 4runner 4runner 5050 50cent 5201314 5252 5252 54321 54321 5555 5555 55555 555555 5683 5683 57chevy 6262 6301 654321 654321 666666 666666 6969 6969 696969 696969 741852 741852963 777 777 7777 7777 777777 7777777 789456 789456123 7dwarfs 80486 8675309 8675309 87654321 888888 888888 88888888 90210 90210 911 911 92072 987654 987654321 999999 99999999 99999999 999999999 a a a12345 a12345 a123456 a1b2c3 a1b2c3 a1b2c3d4 a1b2c3d4 aa aaa aaa aaaa aaaaaa aaaaaa Aaaaaa aaliyah aardvark aaron aaron abacab abbott abby abby abc abc abc123 abc123 ABC123 ABC123 abcd abcd abcd123 abcd1234 abcd1234 abcde abcde abcdef abcdef Abcdef Abcdef abcdefg abcdefg Abcdefg abigail abigail absolut absolut access access accord account ace acropolis action action Action active active acura acura adam adam adg adi adidas adidas Adidas admin admin1 adrian adrian adriana adrock advil aeh aerobics africa agent Aggies Aikman airborne Airhead airwolf aki123 alaska alaska Alaska albert albert Albert alberto alejandra alejandro alex alex alex1 alex1 alexande alexander alexandr alexandr alexandra alexis alexis Alexis alfaro alfred alfred alfredo ali alice alice alice1 alicia Alicia alien aliens aliens alina aline alison alison allegro allen allen allison allison allo allo allstate aloha alpha alpha Alpha alpha1 alpha1 alpine alpine altamira althea altima altima1 alyssa Alyssa amanda amanda Amanda amanda1 amanda1 amazing amber amber amelia amelie amelie america America america7 Amiga amigas amigos amistad amorcito amores amour amour amy amy anaconda anamaria anders anderson anderson andre andre andre1 andrea andrea Andrea andrea1 andreea andrei andres andrew andrew! andrew Andrew Andrew andrew1 andromeda andy andy angel angel angel1 angela angela Angela Angela1 angeles angelica angelina angelito angelo angels angels angie angie angie1 angus angus animal animal Animal Animals Animals anita ann anna anna anne anne anneli annette annie annie antares anthony anthony Anthony Anthony anthony1 antonio anything apache apache apollo apollo apollo13 apollo13 apple apple apple1 apple1 apple2 applepie apples apples Apples april april aptiva aqua aquarius aragorn archie archie Archie Arctic ariana ariane ariane ariel ariel Ariel arizona arizona arlene armando arnold arrow arsenal artemis arthur arthur Arthur artist artist arturo asdf asdf asdf1234 asdfasdf asdfg asdfg asdfgh asdfgh Asdfgh Asdfgh asdfghjk asdfghjk asdfghjkl asdfjkl asdfjkl; asdfjkl; asdfjkl asdf;lkj ashlee ashley ashley Ashley ashley1 ashraf ashton aspen aspen ass ass asshole asshole Asshole assmunch asterix asterix ath athena athena attila attila august august August austin austin Austin Author autumn avalon avalon avatar Avatar avenger avenir awesome awesome Awesome ayelet aylmer aylmer babes Babies baby baby babyblue babyboo babyboy babydoll babyface babygirl babygirl1 babygurl babyko babylon5 babylon5 babylove bach bach backup badboy Badboy badger badger badgirl bailey bailey Bailey Bailey baller Balls bambam bambi bamboo bamboo banana banana Banana bananas Bananas banane bandit bandit Bandit baraka barbara barbara Barbara barbie Barbie barcelona barn barney barney Barney barney1 barnyard barrett barry barry bart bartman Basebal baseball baseball basf basf basil basil basket basket baskeT Basket Basketb basketba Basketba basketball bass Bastard Bastard batista batman batman Batman batman1 bball beaches beagle beagle beaner beaner Beaner beanie beanie beans bear bear bears bears beast beasty beatles beatles Beatles beatrice beatriz beautifu beautiful beauty beaver beaver Beaver beavis beavis Beavis Beavis beavis1 bebe bebita becca beckham beer beer belgium belize bella belle belle belmont ben benfica benjamin benjamin benji benny benny benoit benoit benson benson beowulf bernard bernard bernardo bernie bernie berry bertha bertha beryl best bestfriend bestfriends beta betacam betsy betty betty bettyboop beyonce bfi bharat bhebhe bianca bichon bigal bigben bigbird bigbird BigBird bigboss bigdog bigdog Bigdog Bigfoot biggles bigmac bigmac bigman bigman bigred bigred biker bilbo bilbo bill bill billabong bills billy billy billy1 bimmer bingo bingo binky binky biochem biology biology Biology bird bird bird33 bird33 birdie birdie birdy birthday biscuit bishop Bismillah bitch bitch bitch1 biteme biteme Biteme bitter biz blabla black black Blackie blackjack blah blahblah blanche Blaster blazer blazer Blazer blessed blessing blinds blink182 bliss blitz blizzard blizzard blonde blonde blondie blondie Blondie blood blowfish blowfish blowjob blowme Blowme blue blue bluebird bluebird blueeyes bluefish bluejean blues bluesky bluesky bmw bmw boat bob bob bobby bobby bobcat bobcat bogart bogey bogus bombay bond007 bond007 Bond007 Bond007 Boner bonita bonjour bonjour bonnie bonnie Bonnie Bonzo boobie booboo booboo Booboo Booboo booger booger Booger boogie boogie Bookit boomer boomer Boomer booster booster boots boots bootsie bootsie boris boris bosco boss boss boston boston Boston Boston boulder bourbon Bowling bowwow boxer boxers bozo bozo bradley bradley Bradley brain branch brandi Brandi brandon brandon Brandon brandon1 brandy brandy Brandy Brasil braves braves Braves brazil Brazil brenda brenda Brenda brent brewster brewster brian brian brianna bridge bridge bridges bridges bright bright britain britney brittany Broadway broken broker bronco Broncos bronte brooke brooke brooklyn brother Browns bruce bruce bruno brutus brutus bryan bubba bubba Bubba bubba1 bubba1 bubble bubblegum bubbles bubbles Bubbles bubbles1 buck buck bucks buddha Buddha buddy buddy buddy1 budgie buffalo buffalo Buffalo buffett buffy buffy bugs bugsy bull bull bulldog bulldog bullet bullet bulls bullshit bullshit bunny bunny burns burton business business buster buster Buster butch butch butler butler butter buttercup butterfly butterfly1 butthead butthead Butthead button button Button buttons buttons Buttons buzz buzz byron byteme byteme c00per cactus cactus caesar caesar caitlin caitlin calendar calgary californ california calvin calvin Calvin calvin1 camaro camaro Camaro camay camel camera camera cameron camila camille campbell campbell camping camping canada canada Canada canced cancer Cancer candy candy canela canela cannon cannon cannonda cannondale canon canon cantik capricorn captain captain car carbon cardinal cardinal Cardinal carebear carl carl carlitos carlos carlos Carlos carmen carmen carnage carol carol Carol Carol carol1 carole carole carolina carolina caroline caroline carolyn carrie carrie Carrie carrot carter cascade cascade casey casey Casio casper casper Casper cassandra cassie cassie Cassie castle castle cat cat catalina catalog catalog catch22 catdog catfish catfish catherine cathy catnip cats cats catwoman cccccc cccccc cecile cecilia cedic celeste celica celica celine celine celtic Celtics Celtics cement center center Center cesar cesar cessna cfi cfj cgj chacha chad chainsaw challeng challenge chameleon champion champion Champs Champs chance chance chandler chanel chanel chang change changeit changeme changeme Changeme Changeme ChangeMe ChangeMe chantal chaos chaos chapman chapman charger charity charity charles charles Charles charlie charlie Charlie Charlie charlie1 charlie1 charlott charlotte charmed chat cheche cheerleader cheese cheese Cheese chelsea chelsea Chelsea chelsea1 cherry cherry cheryl cheryl Cheryl chess chester Chester chester1 chester1 chevy chevy Chevy Chevy1 cheyenne chiara chicago chicago Chicago chichi chicken chicken Chicken chico chico chiefs Chiefs china china chinacat chinook chip chip Chipper chiquita chiquita chivas chloe chloe chocolat chocolat chocolate chouette chris chris Chris Chris chris1 chris1 chris123 chrisbrown Chrissy christ Christ christ1 christia christia christian christin christin christina christine christmas christop Christop christoph christopher christy christy chronos chubby chuck chuck Chucky church church cicero cinder cinder cinderella Cindi cindy cindy cindy1 cinema circuit cirque cirrus civic civil claire claire clancy clancy clapton clark clark clarkson class class classroo classroom claude claude claudel claudia claudia Cleaner cleo cliff clipper clipper clock cloclo cloclo Clover clueless cobain cobra cobra cocacola cocacola coco coco cody coffee coffee Coffee coke coke colette colleen colleen Colleen college college colombia color colorado colorado colors colt45 coltrane coltrane columbia columbia comet commander #!comment: #!comment: Common passwords, compiled by Solar Designer. #!comment: For more wordlists, see http://www.openwall.com/wordlists/ #!comment: in 1996 through 2011. It is assumed to be in the public domain. #!comment: Last update: 2011/11/20 (3546 entries) #!comment: occurred in 2006 through 2010. #!comment: of "top N passwords" from major community website compromises that #!comment: revised to also include common website passwords from public lists #!comment: systems in mid-1990's, sorted for decreasing number of occurrences #!comment: (that is, more common passwords are listed first). It has been #!comment: This list has been compiled by Solar Designer of Openwall Project #!comment: This list is based on passwords most commonly seen on a set of Unix compaq compaq Compaq compton compton Compute computer computer Computer Computer concept concept concorde confused connect connect connie connie Connie connor conrad conrad content control control cook cookie cookie Cookie cookie1 cookies cookies cooking cool cool coolbean Coolman coolness cooper cooper Cooper cooter copper copper Copper cora corazon cordelia corky cornflake corona corona corrado corrado corvette corwin corwin cosmo cosmos cosmos cougar cougar Cougar Cougar cougars cougars country country Country courier courtney courtney cowboy cowboy Cowboy COWBOY cowboys cowboys Cowboys cows coyote coyote crack1 cracker cracker Cracker craig craig crapp crawford crawford crazy creative creative Creative crescent cricket cricket Cricket cristian cristina cross crow crow crowley cruise cruise crusader crystal crystal cthulhu cuda cuddles cuddles cuervo cunningham cunt cupcake current curtis curtis Curtis Curtis cuteako cuteme cutie cutie cutiepie cutlass cyber cyclone cyclone cynthia cynthia cyrano cyrano daddy daddy daddy1 daddysgirl daedalus dagger dagger1 daily daisie daisy daisy dakota dakota Dakota dale dallas dallas Dallas damian dammit dan dan dana dance dance dancer dancer dancing daniel daniel Daniel Daniel daniel1 daniela danielle danielle danny danny daphne dark1 darkangel Darkman darkness darkstar darling darren darren darryl darwin darwin Darwin dasha dasha database database dave dave david david david1 david1 davids dawn dawn daytek daytek dead dead deadhead deadhead dean dean death Death debbie debbie deborah december december decker deedee deedee deeznuts Defense delano delete delfin deliver deliver delta delta demo demo demon denali denali denis denise denise Denise Denise dennis dennis Dennis denny Denver depeche depeche derek derek desert design design desiree deskjet destiny detroit detroit Detroit deutsch deutsch devil devine devon dexter dexter Dexter dgj dharma diablo diablo diamond diamond diamonds diana diana diane diane dianne dickens dickhead dickhead diego diesel digger Digger digital digital Digital digital1 dilbert dilbert dillweed dinamo dipper direct1 director director dirk dirk disco disney disney Disney dixie dixie dixon doc doc doctor doctor Doctor dodger dodger dodgers dodgers dog dog dogbert dogbert Doggie doggy Doggy doitnow dollar dollars dollars dolly dolphin dolphin Dolphin dolphins dolphins dominic dominic dominique domino domino don don donald donald donkey donkey donna donna dontknow Doobie doogie doogie dookie dookie Dookie doom doom doom2 doom2 doors dork dorothy dorothy Dorothy doudou doug doug dougie dougie douglas douglas downtown draft dragon dragon Dragon Dragon DRAGON dragon1 dragon1 dragonfl dragonfly Dream dreamer dreamer dreams dreams Dreams driver Drizzt drowssap Drums duck duck duckie duckie dude dude dudley duke duke dumbass dundee dundee dustin Dustin dusty dusty dutch dutchess dwight Dwight dylan dylan e e eagle eagle eagle1 eagle1 eagles eagles Eagles Eagles easter easter eastern Eatme eclipse eclipse eddie eddie edith edmund eduardo edward edward Edward eeyore eeyore effie eieio eight einstein einstein elaine Elaine electric electric element elephant elephant elijah elina1 elissa elizabet elizabeth Elizabeth ella ellen ellen elliot elliot elsie elsie elvis elvis Elvis Elwood e-mail e-mail emerald emily emily eminem emmanuel emmitt Emmitt empire energy energy engage england enigma enigma enrique enter enter enterprise entropy entropy eric eric eric1 erika erin ernie1 escort escort1 Espanol estelle Esther estrella estrellita etoile etoile eugene eugene europe europe evelyn excalibu excalibur excel Except explore explorer explorer export export express express faculty fairview faith faith falcon falcon Falcon familia family family Family Family family1 farmer farmer Farmer Farming farout farside fashion fatboy fatima faust fearless february feedback felipe felix felix fender Fender fenris ferguson fernanda fernando ferrari ferrari ferret ferret ferris fgh fiction fiction fidel Figaro finance fiona fiona fire fire fireball fireball firebird firebird Firebird fireman fireman firenze first first fish fish fish1 fish1 fisher fisher Fisher Fisher fishes fishhead fishie fishing fishing Fishing Fishing flamingo flamingo flanders flash flash fletch fletch fletcher fletcher fleurs flight flight flip flip flipper flipper Flipper flores florida florida Florida florida1 flower flower Flower flowerpot flowers flowers Flowers floyd floyd fluffy fluffy Fluffy flute fly flyboy flyer Flyers foobar foobar fool fool Footbal football football Football football1 ford ford forest forest forever Fortune forum forward foster fountain fountain fox fox foxtrot foxtrot fozzie fozzie france france francesco francine francis francis Francis francisco francois francois frank frank franka frankie Frankie franklin franklin freak1 freak1 fred fred freddie freddy freddy Freddy frederic frederic free freebird freedom freedom Freedom freeman french french1 french1 friday friday Friday Friday friend friend Friend friends friends Friends Friends friendship friendster frisco fritz frodo frodo frog frog frog1 froggie froggies froggy froggy Froggy frogs frogs front242 front242 Front242 frontier Frosty fubar Fubar fucker fucker Fucker fuckface fuckme fuckme Fuckme fuckoff fuckoff fucku fuckyou fuckyou Fuckyou Fuckyou FuckYou FuckYou fuckyou1 fuckyou2 fugazi fugazi fun fun funguy funtime future future fuzz gabby gabriel gabriel gabriela gabriell gabriell gaby gaby gaelic galaxy galaxy galileo galileo gambit gambit Gambit gambler games gammaphi ganda gandako gandalf gandalf Gandalf Gandalf gangsta gangster garcia garden garden Garden garfield garfield Garfield garfunkel gargoyle garlic garlic garnet garnet Garrett garth gary gary gasman gasman gaston gateway gateway gateway2 gatita gatito gator gator gator1 gemini gemini Gemini general general genesis genesis genius genius george george George george1 georgia georgia gerald gerald gerard german German germany germany1 Geronimo getout ggeorge ghost ghost giants giants Giants gibbons gibson gibson gigi gilbert gilgamesh gilles gilles ginger ginger Ginger giselle gizmo gizmo Gizmo Gizmo glenn glenn glider1 glitter global global Global gloria gmoney go go Goalie goat goat goaway goblin goblue goblue gocougs gocougs god godiva godzilla godzilla goethe gofish gofish goforit goforit gold gold golden golden Golden Golden goldfish Goldie golf golf golfer golfer Golfer Golfing gollum gone gone goober goober Goober Goober good good-luck goodluck goofy goofy google goose gopher gopher Gopher gordon gordon Gordon gorgeous grace grace gracie graham gramps grandma grandma Grandma grant grant graphic graphic grateful grateful gravis gray gray graymail greed green green greenday greenday greg greg greg1 gregory gregory gremlin greta gretchen gretchen Gretel gretzky gretzky Griffey grizzly groovy groovy Groovy grover grover Grover grumpy grumpy guess guess guest guest guido guido guinness guinness guitar guitar Guitar guitar1 gumby gundam gunner gunner Gunner gustavo Gymnast h2opolo h2opolo hacker hacker Hacker Hacker haggis haha hahaha hailey hal hal9000 hal9000 hallo halloween hallowell hamid hamilton hamlet hammer hammer Hammer Hammer Hamster hank hanna hanna hannah hannah hannah1 hansolo hansolo hanson hanson Hanson happy happy happy1 happy1 happy123 happyday happyday hardcore harley harley Harley Harley HARLEY harley1 haro harold harold harriet harris harrison harrison harry harry harrypotter harvard harvey harvey Harvey Hatton hawaii Hawaii hawk hawk hawkeye Hawkeye hawkeye1 hayden hazel hazel health health health1 heart heart hearts Hearts heather heather Heather Heather heather1 heather2 heaven hector hector hedgehog heidi heidi Heidi heikki helen helen helena helene hell hell hello hello Hello Hello hello1 hello1 hello123 hello8 hellohello hellokitty help help help123 helper helpme helpme Helpme hendrix hendrix Hendrix Hendrix henry henry Henry herbert herbert herman herman Herman hermes hermes hermosa hernandez Hershey Hershey herzog heythere highland hilbert hilda hillary hiphop histoire history history History hithere hitler hobbes hobbit Hobbit hockey hockey Hockey Hockey1 hola hola holiday holly holly hollywood home home homebrew homebrew homer homer Homer Homer homerj honda honda honda1 honda1 Honda1 honey honey honeyko hongkong hoops hoops hoosier hootie hootie hope horizon horizon hornet hornet Hornets horse horse horses horses hosehead hotdog hotdog Hotdog hotmail hotrod Hotrod hotstuff hottie hottie1 house house houston houston howard howard Howard huang hudson huey hugh hugo hummer hunter hunter Hunter Hunting Huskers huskies hydrogen i ib6ub9 ib6ub9 ibanez icecream icecream iceman iceman Iceman idiot idiot idontknow if6was9 iforget iguana iguana Iguana ihateyou ilmari ilovegod ilovehim ilovejesus iloveme iloveu iloveu2 iloveyou iloveyou! iloveyou iloveyou1 iloveyou2 image image imagine imagine imissyou impact impala impala indian indian indiana indiana indigo indigo indonesia info info informix informix ingvar inlove insane insane inside inside insight instructor integra integral Intel intern intern internet internet Internet Internet intrepid inuyasha iomega ireland ireland irene irene irina iris irish irish irmeli ironman ironman Ironman isaac isaac isabel isabella isabelle isabelle Isabelle isaiah isis island island israel italia italia italy italy iubire iverson izzy j1l2t3 jack jack jackass jackie jackie Jackie jackie1 jackson jackson Jackson Jackson jacob jacob Jaeger jaguar jaguar Jaguar jake jake jakey jamaica jamaica james james james1 james1 jamesbond jamie jamjam jan jan jane jane Janet janice janice janine january January japan japan jared jared jasmin jasmin jasmine jasmine Jasmine jasmine1 jason jason jason1 jason1 jasper jasper Jasper javier jayden jayjay jayson jazmin jazz jazz jean jean jeanette jeanette jeanne jeanne Jeanne Jeanne jedi jeepster jeff jeff jeffrey jeffrey Jeffrey jeffrey1 jenifer jenifer jenni jenni jennie jennifer jennifer Jennifer Jennifer jenny jenny jenny1 jenny1 jensen jensen jer jeremiah jeremy jeremy Jeremy jerome jerry jerry Jersey jesse jesse1 jessica jessica Jessica Jessica jessica1 jessie jessie Jessie jester Jester jesucristo jesus jesus jesus1 jesus1 jesuschrist jethro jethrotull jetta1 jewels jewels jim jim jimbo jimbo Jimbo jimbob Jimbob jimi jimmy jkl123 jkm joanie joanna joanna Joanna joanne joe joe joel joel joelle joey joey johan johanna1 john john john316 john316 johncena johnny johnny Johnny johnson johnson Johnson Johnson jojo jojo joker joker Joker joker1 jonathan jonathan jordan jordan Jordan Jordan jordan1 jordan23 jordan23 jordie jorge josee joseph joseph Joseph josh josh joshua joshua Joshua Joshua joshua1 josie josie journey joy joyce JSBach jubilee judith judith judy judy juhani jules julia julia julia2 julian julian juliana julie julie julie1 julie1 julien juliet julius jumanji jumbo jump junebug Junebug junior junior Junior juniper jupiter jupiter jussi justdoit justice justice justice4 justin justin Justin justin1 justin1 justine justme kalamazoo kali kangaroo karen karen karen1 karin karina karine karla karma kat kate katerina katherin katherine kathleen kathleen Kathryn kathy kathy katie katie Katie katie1 katrina kayla Kayla kcin keeper keepout keith keith keith1 keller kelly kelly kelly1 kelly1 kelsey kelsey kendall kennedy kennedy kenneth kenneth kenny kerala kermit kermit kerrya ketchup kevin kevin kevin1 kevin1 khan khan kidder kids kids killer killer Killer Killer KILLER Killme kim kim kimberly kimberly Kinder king king kingdom kingdom kingfish kingfish kings kirk kissa2 kisses kissme kitkat kitten Kitten Kitten kitten12 Kittens kitty kitty kittycat kiwi kkkkkk kleenex kleenex knicks knicks knight knight Knight Knight Knights koala koala koko koko kombat Kombat kramer kramer kris kristen kristen Kristen kristi kristi Kristi kristin kristin Kristin kristina kristine Kristy Krystal labtec lacrosse lacrosse laddie laddie lady lady ladybug ladybug lakers lakers Lakers Lakota lalala lambda lamer lamer lance larry larry larry1 larry1 Larson laser laser Laser laserjet lassie1 laura laura laurel lauren lauren Lauren laurie laurie law law lawrence lawson lawyer leader leaf leanne leblanc ledzep ledzep lee lee legal legend legend legolas leland lemon Lennon leo leon leon leonard leonard leonardo leslie leslie Leslie lestat lestat Lestat lester letmein letmein Letmein letter Letter letters lexus1 liberty Liberty libra library library Library life light light Light lights liliana lilmama lima lincoln lincoln linda linda lindsay lindsay Lindsay Lindsay lindsey lindsey Lindsey linkinpark lionel lionking lionking lions lipgloss lisa lisa lissabon little Little liverpoo liverpool liz lizard lizard Lizard Lizard lizzie lizzy ljf lloyd lloyd logan logan logger logical logical logos loislane loki lokita lola lolipop lolita lollipop lollypop london london lonely lonestar longer longhorn looking looney looney Looney loren lorena lori lorna lorraine lorraine lorrie loser loser Loser lost lotus lou louis louis louise louise Louise love love love12 love123 lovebug lovelove lovely lovely lovely1 loveme loveme Loveme loveme1 lover Lover lover1 loverboy lovers loves loveu loveya loveyou loveyou loving lucas lucas lucia lucifer lucky lucky lucky1 lucky1 lucky14 lucky7 lucy lucy lulu lulu lupita lynn lynn m m1911a1 mac mac macha macha macintos macintosh macross madalina maddie Maddock maddog maddog Maddog Madeline madison madison madmax madoka madonna maganda maggie maggie Maggie magic magic magic1 magnum magnum mahal mahalkita mahalko maiden mail mailer mailer mailman mailman maine major major majordom majordomo makeitso malcolm malcolm maldita malibu Malibu mallard mamita management manchester manson mantra mantra manuel manutd marathon marc marc marcel marcel marcos marcus marcus margaret margaret Margaret margarita maria maria maria1 mariah mariah mariah1 marian mariana marie marie marie1 marielle marilyn marilyn marina marina marine marine mariner marino Marino mario mario mariposa mariposa marisol marissa mark mark mark1 market market marlboro marlboro marley marley Marley marlon mars mars Marshal marshall mart martha Martha martin martin Martin martin1 martin1 martinez marty marty marvin marvin Marvin mary mary maryjane maryjane master master Master Master master1 master1 Masters math math matrix matrix matt matt matthew matthew Matthew Matthew matthew1 matti1 mattingly maurice maurice mauricio Maveric maverick maverick max max maxime maxime maxine maxmax maxwell maxwell Maxwell Maxwell mayday mayday mazda1 mazda1 me me meatloaf mech mechanic media medical medical megan megan meggie meister melanie melanie melina melissa melissa Melissa Mellon melody melvin mememe memory memory memphis memphis mensuck meow meow mercedes mercedes mercer mercury mercury merde merlin merlin Merlin merlot Merlot mermaid merrill metal metal metallic metallic Metallic metallica mexico mexico mhine miami miamor michael michael. michael Michael Michael michael1 michal micheal michel michel Michel Michel1 michele michele Michell michelle michelle Michelle Michelle michelle1 michigan michou mickel mickey mickey Mickey mickey1 micro micro microsoft midnight midnight midori midori midvale midway mierda miguel mikael mikael mike mike mike1 mike1 mikey mikey Mikey miki miki milagros milano miles miles millenium miller miller Miller millie millie million million mimi mimi mindy mindy mine mine minnie minnie Minnie minou minou miracle mirage mirage miranda miranda miriam mirror mirror misha misha mishka mishka mission mission missy missy misty misty mitch mitch mitchell mitchell Mittens mmm mmmmmm mmouse mobile mobydick modem modem mojo molly molly molly1 molly1 molson molson mom mom mommy mommy1 monday monday Monday Monday monet monet money money Money money1 money1 monica monica monique monique monkey monkey Monkey monkey1 monkey12 monkeys monopoly monopoly monroe monster Monster Monster montana montana Montana montana3 montreal montreal Montreal montrose monty moocow moocow mookie mookie moomoo moomoo moon moon moonbeam moore moose moose mopar morecats morgan morgan moroni moroni morpheus morris morris Morris mortimer mortimer mother mother Mother motor motorola mountain mountain mouse mouse mouse1 mouse1 movies mowgli mozart mozart muffin muffin Muffin mulder mulder1 munchkin murphy murphy Murphy murray muscle music music musica mustang mustang Mustang mustang1 mybaby mylife mylove myself myspace myspace1 nadia nadine nancy nancy naomi naomi napoleon napoleon naruto nascar nascar Nascar nat nat natalia natalie natasha natasha Natasha nathan nathan Nathan nation national nautica nautica ncc1701 ncc1701 NCC1701 NCC1701 ncc1701d ncc1701d ncc1701e ncc1701e ne1410s ne1469 ne1469 ne14a69 nebraska nebraska neil neko nellie nellie nelson nelson Nelson nemesis nemesis nenita nermal nesbit nesbitt nesbitt nestle netware netware network network neutrino new new newaccount newcourt newcourt newlife newpass newpass news news newton newton Newton Newton newuser newuser newyork newyork newyork1 nexus6 nguyen nguyen nicarao nicarao nicholas nicholas Nicholas nichole nick nick nicklaus nicolas nicole nicole Nicole nicole1 nigel nightshade nightwing nike niki niki nikita nikita nikki nimrod nimrod nina niners niners nintendo nirvana nirvana Nirvana nirvana1 nirvana1 nissan nissan Nissan nisse nite nite nokia nomore none none none1 nopass Noriko normal norman norman norton notebook nothing nothing notta1 notused notused nouveau novell november noway nss nugget nugget number1 Number1 number9 number9 numbers nurse nurse nursing nutmeg oatmeal oatmeal oaxaca obiwan obiwan obsession ocean october october October October ohshit oicu812 olive olive oliver oliver Oliver olivia olivia olivier olivier ollie olsen omarion omega one one onelove online online Online open open openup opera opus opus orange orange Orange oranges oranges orchid orchid oregon oreo orion orion orlando Orlando orville oscar oscar otter ou812 ou812 OU812 OU812 overkill oxford oxford ozzy paagal pacers pacers Pacers pacific pacific packard packard Packard packer packer Packer packers packers Packers packrat paint painter painter Paladin Paladin paloma pam pamela pamela Pamela Pamela pancake panda panda pandora pandora panget pangit panic pantera pantera Pantera panther panther Panther panthers paola papa papa paradigm paris paris park parker parker Parker parola parrot parrot partner pasaway pascal pascal pass pass passion passion passw0rd passwd passwd Passwor password password Password Password PASSWORD password1 password2 pat pat patches patches Patches patricia patricia patrick patrick Patrick patriots patton paul paul paula paula pauline pavel payton peace peace peach peaches peaches Peaches Peaches peanut peanut Peanut peanuts Peanuts pearl pearl pearljam pearljam pebbles Pebbles pedro pedro pedro1 peewee peewee Peewee peggy peggy pencil penelope penelope penguin penguin Penguin penny penny pentium pentium Pentium Pentium people People pepper pepper Pepper Pepper pepsi pepsi percy percy perfect performa perry perry person pete pete peter peter Peter Peter peter1 peterk peterpan petey petey petunia petunia Petunia phantom phantom phialpha phil phil philip philip philips Phillip phillips phish phish phishy phoenix phoenix Phoenix phoenix1 phoenix1 phone photo photo piano piano piano1 pianoman pianos picard Picard picasso picasso pickle pickle Pickle picture picture pictures pierce pierce pierre pierre pigeon piglet piglet Piglet Piglet pimpin pineapple pink pinkfloy pinkfloyd pinky pioneer pipeline piper1 pirate pirate pisces pisces pizza pizza planet planet plato plato play play playboy playboy player player players players playgirl please please Please plus pluto pluto pmc poetic poetry pogiako poiuyt poiuyt pokemon polar polaris Polaris pole police police politics politics pollito polo polo pomme pomme pontiac poohbear poohbear pookey pookie pookie Pookie Pookie pookie1 pookie1 poop poopoo popcorn popcorn Popcorn pope popeye popeye Popeye poppy porsche porsche Porsche porsche9 porsche911 porter porter portland portland portugal potter power power ppp ppp PPP praise praise prayer preciosa precious predator prelude premier preston preston pretty primus prince prince Prince princesa princesita princess princess Princess princess1 print printing prof prof promethe prometheus property property protel provider psalms psalms psycho psycho Psycho public public Puckett puddin pulsar pumpkin pumpkin Pumpkin punkin punkin puppies Puppies puppy puppy puppy123 purple purple Purple Purple purple1 pussy pussy1 pussycat pyramid pyramid Pyramid pyro python python q1w2e3 q1w2e3 q1w2e3r4 qazwsx qqq111 quality quality quebec quebec queen queenie quentin quest quest qwaszx qwaszx qwer qwert qwert Qwert Qwert qwerty qwerty Qwerty Qwerty qwerty1 qwerty12 qwerty12 qwertyui qwertyuiop rabbit rabbit Rabbit Rabbit rabbit1 racer racerx racerx rachel rachel Rachel rachelle Racing racoon racoon radar radio radio rafael rafiki Raider raiders raiders Raiders Raiders rain rain rainbow rainbow Rainbow Raistlin Raistlin raleigh ralph ram rambo rambo1 rambo1 rancid random random Random randy randy randy1 ranger ranger Ranger rangers raptor raptor raquel raquel rascal rascal Rasta rasta1 rastafarian ratio raven raven ravens raymond raymond Raymond Reader Reading reality reality Reality rebecca rebecca Rebecca Rebecca rebelde Rebels red red red123 redcloud reddog reddog Reddog RedDog redfish redman redrum redrum Redskin redskins redsox redwing redwing redwood Reebok reed Reefer reggae reggie Reggie regina reliant remember remember remote rene renee renee Renee renegade reptile republic republic rescue research research Retard revolution rex reynolds reynolds reznor reznor rhino rhonda rhonda Rhonda ricardo ricardo1 richard richard Richard richard1 richards richmond ricky ricky riley ripper Ripper ripple rita river river roadrunner rob robbie robbie Robbie robby robert robert Robert Robert robert1 robert1 roberto roberts robin robin robinhoo robinhood robocop robotech robotech robotics roche rock rock rocket rocket rocket1 rockie rocknroll rockon rocky rocky rocky1 rodeo Rodman rodrigo roger roger roger1 rogers roland rolex roman roman rommel ronald ronald Ronald ronaldo roni ronnie rookie Rooster rootbeer Roping rose rose rosebud rosebud Rosebud roses roses rosie rosie Rosie rosita rossignol rotimi rouge route66 roxana roxy roxy roy roy royal royal Royals ruby ruby rufus rufus rugby rugby rugger runner runner Runner running running rush Russel russell russell Russell Russell rusty rusty ruth ruth ruthie ruthless rux ruy ryan ryan sabbath sabina sabrina sabrina sadie sadie safety safety safety1 saigon sailing sailing sailor sailor saint sakura salasana sales sales sally sally salmon salmon salut salut sam sam samantha samantha samiam sammie Sammie sammy sammy Sammy sample123 Sampler sampson sampson samsam samson samson Samson samsung samuel samuel Sanders sandi sandra sandra sandy sandy Sango sanjose sanjose1 santa santa santiago santos saphire sapphire sapphire sarah sarah sarah1 sarah1 Sarah1 sasha sasha saskia saskia sassy sassy sasuke satori saturday saturn saturn Saturn saturn5 savage savage savannah saved sayang sbdc scarecrow scarface scarlet scarlet scarlett scarlett Scarlett schnapps school school School science science Science scooby scooby Scooby scoobydoo scooter scooter Scooter scooter1 scooter1 scorpio scorpio scorpion scorpion scotch scotch scotland scott scott scott1 scottie scotty scotty Scotty scout scout scouts scrooge scruffy scruffy scuba scuba1 scuba1 sean sean search seattle seattle sebastian secret secret Secret secret3 security security seeker Sendit Senior seoul septembe september serena sergei sergei sergey sergio server service service Service Service services seven seven seven7 seven7 sex sexy sexy sexybitch sexygirl sexymama sexyme shadow shadow Shadow Shadow shadow1 shadow1 Shadows shaggy shakira shalom shalom shanghai shannon shannon Shannon shanny shanti shanti shaolin shark shark sharon sharon Sharon shasta shawn shawn shayne shazam sheba sheba sheena sheena sheila sheila shelby shelby shelley shelley shelly shelly Shelly shelter sherry sherry ship shirley shirley Shirley shit shit shithead shithead Shithead shoes shoes shogun Shooter shopping shorty shorty Shorty shotgun shotgun Shotgun Sidekick sidney Sidney sierra sierra Sierra Sierra sigmachi signal signature silver silver Silver silvia simba simba simba1 simon simon simone simple simple Simple simpsons simsim sinatra singer singer single sirius sister skate skater Skater skeeter skeeter Skeeter Skeeter skibum skidoo skidoo Skidoo skiing skiing Skiing Skinny skip skipper skipper skipper1 skippy skippy Skippy skittles skull skunk skydive skyler skyline skywalker slacker slacker slayer slayer Slayer sleepy slick slider slideshow slip slipknot smashing smashing smegma smile smile smile1 smiles smiles Smiles smiley smiley Smiley smiths smiths smitty smoke smokey smokey Smokey Smokey smurfy snake snake snakes snapper snapple snapple Snicker snickers snickers sniper sniper Sniper snoop snoopdog snoopdog snoopy snoopy Snoopy Snoopy snow snow Snowbal snowball snowball snowflake snowman snowman snowski snuffy snuffy sober1 soccer soccer Soccer soccer1 soccer1 softball softball soleil soleil solomon something sonic sonics Sonics sonny sonny sony sophia sophie sophie sound space space spain spain Spanish spanky spanky Spanky sparkle sparks sparky sparky Sparky Sparky sparrow sparrow spartan spazz special special Special Speech speedo speedo speedy speedy Speedy Speedy spencer spencer sphynx spider spider Spider spiderman spike spike spike1 spirit Spirit spitfire spitfire spock sponge spongebob spooky spooky spoon sporting sports sports Sports spot spring spring Spring sprite sprite Sprite sprocket spunky spunky Spunky spurs squash Squirt sss ssssss ssssss stacey stacey Stacey stan stanley stanley Stanley star star star69 star69 starbuck stargate stargate starlight stars start start starter startrek startrek Startrek starwars starwars station station stealth stealth steaua steel steele steele steelers steelers stella stella steph steph steph1 stephani stephani stephanie stephen stephen stephi Sterling steve steve steve1 steven steven Steven Steven steven1 stevens stever stewart stimpy stimpy Stimpy sting sting1 sting1 stingray stingray stinky stinky stivers stocks stone storage storm storm stormy stormy stranger strat strat strato strawber strawberry stretch Strider strong stuart stuart stud student student Student student2 studio Studly stumpy stupid stupid Stupid success success Success sucker suckme sue sugar sugar sultan summer summer Summer Summer summit sun sun sunbird sunbird sundance sundance sunday sunday sunfire sunflowe sunflower sunny sunny sunny1 sunny1 sunrise sunrise sunset sunset Sunshin sunshine sunshine Sunshine SunShine sunshine1 super super superfly superman superman Superman Superman superstar support support supra supra surf surf surfer surfer Surfer surfing susan susan Susan susan1 susana susanna sutton suzanne suzanne suzuki suzuki suzy Sverige swanson sweden sweet sweet16 sweetheart sweetie sweetie Sweetie sweetness sweetpea sweetpea sweets Sweets sweety sweety swim swimmer Swimmer swimming swimming switzer Swoosh swordfish sydney sydney Sydney sylvia sylvia sylvie sylvie symbol symbol system system System system5 tab tabatha tacobell tacobell taffy taffy taiwan talon tamara tamara Tamara tammy tammy tamtam Tandy tango tango Tanker tanner Tanner tanya tanya tapani tara tara Tardis targas target target tarheel tarzan tarzan tasha tasha Tasha tata tatiana tattoo tattoo taurus taurus Taurus Taurus taylor taylor Taylor Taylor tazdevil Tazman tazmania tbird t-bone t-bone teacher teacher Teacher TEACHERS teamo tech tech techno techno teddy teddy teddy1 teddy1 teddybear teflon teiubesc tekiero telecom telecom temp temp temporal temporal tennis tennis Tennis Tennis tequiero tequila tequila teresa teresa Teresa terminal terry terry terry1 test test test1 test1 test123 test123 test2 test2 test3 tester tester Tester testi testing testing testtest testtest texas texas thankyou the theatre theatre thebest theboss theboss theend thejudge theking theking thelorax Theman theresa theresa Theresa Theresa thisisit thomas thomas Thomas Thomas thompson thorne thrasher thumper thumper Thumper thunder thunder Thunder Thunder thunderb thunderbird thursday thursday thx1138 thx1138 tiffany tiffany Tiffany tiger tiger tiger2 tigers tigers Tigers tigger tigger Tigger Tigger tigger1 tightend tigre tigre tika tim tim timber timber time time timothy timothy Timothy tina tina tinker tinker tinkerbell Tinman tintin tintin tnt toby toby today today tokiohotel tokyo tom tom tomcat tomcat Tomcat tommy tommy tony tony tool tootsie tootsie Tootsie topcat topcat topgun topgun topher topher tornado toronto toronto torres toshiba total toto1 tototo toucan toyota toyota Tractor tracy tracy training training transfer transit transport trapper trash travel travel travis Travis tre treasure trebor trebor tree trees trek trek trevor trevor Trevor tricia tricia tricky trident trident trinity trish tristan tristan triton trixie trixie Trixie trojan trombone trophy trouble trouble Trouble trout truck truck trucker Trucks truelove truman trumpet trumpet Trumpet trustno1 tucker tucker tucson tuesday tuesday Tuesday tula turbo turbo Turbo turbo2 turtle turtle Turtle tweety tweety Tweety twilight twinkle twins twins tyler tyler tyler1 ultimate undead undead undertaker unicorn unicorn unique united unity unix upsilon ursula user1 user1 utopia utopia vacation vader vader val valentin valentin valentina valentine valeria valerie valerie valhalla valhalla valley vampire Vampire vanessa Vanessa vanilla vanilla vedder velvet velvet venice venus venus vermont vermont Vernon veronica veronica vette Vette vicki vicky vicky victor victor victor1 victoria victoria Victoria Victoria victory victory video video viking viking Viking Vikings vikram vincent vincent Vincent vincent1 violet violet Violet violin viper viper Viper viper1 viper1 virago virgil virginia virginia visa visa vision vision visual volcano volley volley Volley Volleyb volleyball volvo volvo voodoo voodoo vortex voyager Voyager waiting walden waldo walker walker walleye Walleye wally wally walter walter wanker wanker warcraft warcraft Warez warlock warner warner warren warren Warren warrior warrior Warrior warriors warriors water water water1 Waterloo watson watson wayne wayne wayne1 weasel weasel webmaste webmaster webster webster Webster Webster wedge weezer Weezer welcome welcome Welcome1 wendy wendy wendy1 wesley wesley western western westlife westside whale1 Whales Whateve whatever whatever wheeling wheels wheels Wheels whisky whisky whit white white whitney whitney whocares whoville wibble Wicked wilbur wilbur wildcat Wildcat will william william William william1 williams williams willie willie Willie willow willow Willow willy willy Willy wilma wilson wilson Wilson win95 wind window Windows Windows windsurf windsurf winner winner winnie winnie Winnie winniethepooh winona winston winston winter winter Winter wisdom wisdom wizard wizard Wizard wolf wolf wolf1 wolf1 wolfgang wolfgang wolfMan wolverin wolverine Wolverine wolves wolves Wolves wombat wombat wombat1 wonder wonder Woodland Woodrow woody woody woofwoof word wordpass world wqsb wrangler wrangler Wrestle wright wright www xanadu xanadu Xanadu xanth xavier xavier xbox360 xcountry xcountry xfiles x-files xfiles x-men xxx xxx xxx123 xxxx xxxx xxxxxx xxxxxxxx xyz xyz123 y yamaha yamaha Yamaha yankee yankees yankees Yankees yellow yellow Yellow yoda yoda yogibear yolanda yomama yomama young young yourmom yukon yvette yvonne yvonne zacefron zachary zachary zack zapata zapata zaphod zaphod Zaphod zebra zebra zebras zenith zenith zephyr zephyr zeppelin zeppelin zepplin zeus zeus zhongguo zhongguo ziggy ziggy Ziggy zigzag zoltan zombie zombie Zombie zoomer zorro zorro Zorro zxc zxc123 zxcvb Zxcvb zxcvbn zxcvbnm zxcvbnm Zxcvbnm Zxcvbnm zzz ================================================ FILE: jq/Dockerfile ================================================ FROM alpine:latest RUN apk add --no-cache \ bash \ ca-certificates \ curl \ findutils \ git \ jq \ openssh-client ================================================ FILE: k8scan/Dockerfile ================================================ FROM golang:1.12-alpine as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk add --no-cache \ ca-certificates \ git \ gcc \ libc-dev \ libgcc \ make # Get go deps for tests etc. RUN go get honnef.co/go/tools/cmd/staticcheck \ golang.org/x/lint/golint \ github.com/google/go-cmp/cmp WORKDIR /go/src/k8scan COPY *.go /go/src/k8scan/ RUN set -x \ && go get -d . \ && gofmt -s -l . \ && go test ./... \ && go vet ./... \ && golint ./... \ && staticcheck ./... \ && CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /usr/bin/k8scan *.go \ && echo "Build complete." FROM r.j3ss.co/masscan COPY --from=builder /usr/bin/k8scan /usr/bin/k8scan COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "k8scan" ] CMD [ "--help" ] ================================================ FILE: k8scan/main.go ================================================ package main import ( "context" "crypto/tls" "encoding/json" "errors" "flag" "fmt" "io/ioutil" "log" "net" "net/http" "os" "os/exec" "os/signal" "path/filepath" "strconv" "strings" "sync" "syscall" "time" "github.com/Sirupsen/logrus" mailgun "github.com/mailgun/mailgun-go" ) const ( defaultCIDR = "0.0.0.0/0" arinAPIEndpoint = "http://whois.arin.net/rest/ip/%s" emailSender = "k8scan@jessfraz.com" ) var ( timeoutPing time.Duration timeoutGet time.Duration cidr string defaultPorts = intSlice{80, 443, 8001, 9001} originalPorts string ports intSlice useMasscan bool mailgunDomain string mailgunAPIKey string emailRecipient string debug bool ) // intSlice is a slice of ints type intSlice []int // implement the flag interface for intSlice func (i *intSlice) String() (out string) { for k, v := range *i { if k < len(*i)-1 { out += fmt.Sprintf("%d,", v) } else { out += fmt.Sprintf("%d", v) } } return out } func (i *intSlice) Set(value string) error { originalPorts = value // Set the default if nothing was given. if len(value) <= 0 { *i = defaultPorts return nil } // Split on "," for individual ports and ranges. r := strings.Split(value, ",") for _, pr := range r { // Split on "-" to denote a range. if strings.Contains(pr, "-") { p := strings.SplitN(pr, "-", 2) begin, err := strconv.Atoi(p[0]) if err != nil { return err } end, err := strconv.Atoi(p[1]) if err != nil { return err } if begin > end { return fmt.Errorf("end port can not be greater than the beginning port: %d > %d", end, begin) } for port := begin; port <= end; port++ { *i = append(*i, port) } continue } // It is not a range just parse the port port, err := strconv.Atoi(pr) if err != nil { return err } *i = append(*i, port) } return nil } func init() { flag.DurationVar(&timeoutPing, "timeout-ping", 2*time.Second, "Timeout for checking that the port is open") flag.DurationVar(&timeoutGet, "timeout-get", 10*time.Second, "Timeout for getting the contents of the URL") flag.StringVar(&cidr, "cidr", defaultCIDR, "IP CIDR to scan") flag.Var(&ports, "ports", fmt.Sprintf("Ports to scan (ex. 80-443 or 80,443,8080 or 1-20,22,80-443) (default %q)", defaultPorts.String())) flag.BoolVar(&useMasscan, "masscan", true, "Use masscan binary for scanning (this is faster than using pure golang)") flag.StringVar(&mailgunAPIKey, "mailgun-api-key", "", "Mailgun API Key to use for sending email (optional)") flag.StringVar(&mailgunDomain, "mailgun-domain", "", "Mailgun Domain to use for sending email (optional)") flag.StringVar(&emailRecipient, "email-recipient", "", "Recipient for email notifications (optional)") flag.BoolVar(&debug, "d", false, "Run in debug mode") flag.Usage = func() { flag.PrintDefaults() } flag.Parse() // Set the log level. if debug { logrus.SetLevel(logrus.DebugLevel) } // Set the default ports. if len(ports) <= 0 { ports = defaultPorts } } func main() { // On ^C, or SIGTERM handle exit. c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) signal.Notify(c, syscall.SIGTERM) go func() { for sig := range c { logrus.Infof("Received %s, exiting.", sig.String()) os.Exit(0) } }() // Set the logger to nil so we ignore messages from the Dial that don't matter. // See: https://github.com/golang/go/issues/19895#issuecomment-292793756 log.SetFlags(0) log.SetOutput(ioutil.Discard) logrus.Infof("Scanning for Kubernetes Dashboards and API Servers on %s over port range %s", cidr, originalPorts) if len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 { logrus.Infof("Using Mailgun Domain %s, API Key %s to send emails to %s", mailgunDomain, mailgunAPIKey, emailRecipient) } logrus.Infof("This may take a bit...") var ( startTime = time.Now() wg sync.WaitGroup ) if useMasscan { m, err := doMasscan() if err != nil { logrus.Fatal(err) } logrus.Infof("Found %d open ports", len(m)) for _, result := range m { for _, port := range result.Ports { wg.Add(1) go func(ip string, port int) { defer wg.Done() scanIP(ip, port) }(result.IP, port.Port) } } } else { ip, ipnet, err := net.ParseCIDR(cidr) if err != nil { logrus.Fatal(err) } for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) { for _, port := range ports { wg.Add(1) go func(ip string, port int) { defer wg.Done() // Check if the port is open. ok := portOpen(ip, port) if !ok { return } scanIP(ip, port) }(ip.String(), port) } } } wg.Wait() since := time.Since(startTime) logrus.Infof("Scan took: %s", since.String()) } func scanIP(ip string, port int) { // Check if it's a kubernetes dashboard. ok, uri := isKubernetesDashboard(ip, port) if !ok { return } // Get the info for the ip address. info, err := getIPInfo(ip) if err != nil { logrus.Warnf("ip info err: %v", err) } fmt.Printf("%s:%d\t%s\t%s\t%s\n", ip, port, info.Net.Organization.Handle, info.Net.Organization.Name, info.Net.Organization.Reference) // send an email if len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 { if err := sendEmail(uri, ip, port, info); err != nil { logrus.Warn(err) } } } func portOpen(ip string, port int) bool { c, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", ip, port), timeoutPing) if err != nil { logrus.Debugf("listen at %s:%d failed: %v", ip, port, err) return false } if c != nil { c.Close() } return true } func isKubernetesDashboard(ip string, port int) (bool, string) { client := &http.Client{ Timeout: timeoutGet, Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, } tryAddrs := []string{ fmt.Sprintf("http://%s:%d", ip, port), fmt.Sprintf("https://%s:%d", ip, port), fmt.Sprintf("http://%s:%d/api/", ip, port), fmt.Sprintf("https://%s:%d/api/", ip, port), } var ( resp *http.Response err = errors.New("not yet run") uri string ) for i := 0; i < len(tryAddrs) && err != nil; i++ { uri = tryAddrs[i] resp, err = client.Get(uri) } if err != nil { logrus.Debugf("getting %s:%d failed: %v", ip, port, err) return false, "" } defer resp.Body.Close() b, err := ioutil.ReadAll(resp.Body) if err != nil { return false, "" } body := strings.ToLower(string(b)) if (strings.Contains(body, "kubernetes") && strings.Contains(body, "dashboard")) || (strings.Contains(body, `"versions"`) && strings.Contains(body, `"serverAddress`)) || (strings.Contains(body, `"paths"`) && strings.Contains(body, `"/api"`)) { return true, uri } return false, "" } // ARINResponse describes the data struct that holds the response from ARIN. type ARINResponse struct { Net NetJSON `json:"net,omitempty"` } // NetJSON holds the net data from the ARIN response. type NetJSON struct { Organization OrganizationJSON `json:"orgRef,omitempty"` } // OrganizationJSON holds the organization data from the ARIN response. type OrganizationJSON struct { Handle string `json:"@handle,omitempty"` Name string `json:"@name,omitempty"` Reference string `json:"$,omitempty"` } // MasscanResult holds the masscan results data struct. // Looks like: // [ // { // "ip": "104.198.238.41", // "timestamp": "1531524211", // "ports": [ // { // "port": 22, // "proto": "tcp", // "status": "open", // "reason": "syn-ack", // "ttl": 56 // } // ] // }, // ... // ] type MasscanResult struct { IP string `json:"ip,omitempty"` Timestamp MasscanTime `json:"timestamp,omitempty"` Ports []MasscanPort `json:"ports,omitempty"` } // MasscanPort defines the data struct for a masscan port. type MasscanPort struct { Port int `json:"port,omitempty"` Protocol string `json:"proto,omitempty"` Status string `json:"status,omitempty"` Reason string `json:"reason,omitempty"` TTL int `json:"ttl,omitempty"` } // MasscanTime is the time format returned by masscan. type MasscanTime struct { time.Time } // UnmarshalJSON sets MasscanTime correctly from a string. func (t *MasscanTime) UnmarshalJSON(b []byte) error { s := strings.Trim(strings.TrimSpace(string(b)), `"`) i, err := strconv.ParseInt(s, 10, 64) if err != nil { return err } *t = MasscanTime{time.Unix(i, 0)} return nil } func getIPInfo(ip string) (b ARINResponse, err error) { req, err := http.NewRequest(http.MethodGet, fmt.Sprintf(arinAPIEndpoint, ip), nil) if err != nil { return b, err } req.Header.Set("Accept", "application/json") resp, err := http.DefaultClient.Do(req) if err != nil { return b, err } defer resp.Body.Close() if err := json.NewDecoder(resp.Body).Decode(&b); err != nil { return b, err } return b, nil } func inc(ip net.IP) { for j := len(ip) - 1; j >= 0; j-- { ip[j]++ if ip[j] > 0 { break } } } func sendEmail(uri, ip string, port int, arinInfo ARINResponse) error { mailgunClient := mailgun.NewMailgun(mailgunDomain, mailgunAPIKey) msg, _, err := mailgunClient.Send(context.Background(), mailgunClient.NewMessage( /* From */ fmt.Sprintf("%s <%s>", emailSender, emailSender), /* Subject */ fmt.Sprintf("[k8scan]: found dashboard %s", uri), /* Body */ fmt.Sprintf(`Time: %s IP: %s:%d URL: %s ARIN: %s %s %s `, time.Now().Format(time.UnixDate), ip, port, uri, arinInfo.Net.Organization.Handle, arinInfo.Net.Organization.Name, arinInfo.Net.Organization.Reference, ), /* To */ emailRecipient, )) if err != nil { return fmt.Errorf("sending Mailgun message failed: response: %#v error: %v", msg, err) } return nil } func doMasscan() ([]MasscanResult, error) { // Create a temporary directory for the output. dir, err := ioutil.TempDir(os.TempDir(), "masscan") if err != nil { return nil, fmt.Errorf("creating temporary directory failed: %v", err) } defer os.RemoveAll(dir) file := filepath.Join(dir, "scan.json") cmd := exec.Command("masscan", fmt.Sprintf("-p%s", ports.String()), cidr, "--output-format", "json", "--output-file", file, "--rate", "1000000", "--exclude", "255.255.255.255", ) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr logrus.Infof("Running masscan command: `%s`", strings.Join(cmd.Args, " ")) if err := cmd.Run(); err != nil { return nil, fmt.Errorf("running masscan failed: %v", err) } b, err := cleanMasscanOutputFile(file) if err != nil { return nil, fmt.Errorf("cleaning up masscan file failed: %v", err) } m := []MasscanResult{} // Return early if empty. if len(b) <= 0 { return m, nil } if err := json.Unmarshal(b, &m); err != nil { return nil, fmt.Errorf("unmarshal json failed: %v\nbody: %s", err, string(b)) } logrus.Debugf("masscan result: %#v", m) return m, nil } func cleanMasscanOutputFile(file string) ([]byte, error) { b, err := ioutil.ReadFile(file) if err != nil { return nil, err } s := strings.TrimSpace(string(b)) if len(s) <= 0 { return nil, nil } return []byte(strings.TrimSuffix(s, ",\n]") + "]"), nil } ================================================ FILE: k8scan/main_test.go ================================================ package main import ( "testing" "github.com/google/go-cmp/cmp" ) func TestARINResponse(t *testing.T) { info, err := getIPInfo("104.40.92.107") if err != nil { t.Fatal(err) } if info.Net.Organization.Handle != "MSFT" { t.Fatalf("expected handle to be MSFT, got %s", info.Net.Organization.Handle) } if info.Net.Organization.Name != "Microsoft Corporation" { t.Fatalf("expected handle to be Microsoft Corporation, got %s", info.Net.Organization.Name) } if info.Net.Organization.Reference != "https://whois.arin.net/rest/org/MSFT" { t.Fatalf("expected reference to be https://whois.arin.net/rest/org/MSFT, got %s", info.Net.Organization.Reference) } } func TestParsePortRange(t *testing.T) { testFuncs := []struct { given string expected intSlice }{ { given: "", expected: intSlice{80, 443, 8001, 9001}, }, { given: "80,443,9090", expected: intSlice{80, 443, 9090}, }, { given: "80-90", expected: intSlice{80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90}, }, { given: "22-24,80,8080-8083", expected: intSlice{22, 23, 24, 80, 8080, 8081, 8082, 8083}, }, { given: "80", expected: intSlice{80}, }, } for _, testFunc := range testFuncs { i := intSlice{} if err := i.Set(testFunc.given); err != nil { t.Fatal(err) } if !cmp.Equal(testFunc.expected, i) { t.Fatalf("expected: %#v\ngot: %#v", testFunc.expected, i) } } } ================================================ FILE: keepass2/Dockerfile ================================================ # DESCRIPTION: Create keepass2 container with its dependencies # AUTHOR: Christian Koep # USAGE: # # Build keepass2 image # docker build -t keepass2 . # # # Run the container and mount your keepass2 database file # docker run -it \ # -v /home/$USER/DB.kdbx:/root/DB.kdbx \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /home/$USER/keepass2-plugins:/usr/lib/keepass2/Plugins \ # -e DISPLAY=$DISPLAY \ # keepass2 "$@" # # ISSUES: # # 'Gtk: cannot open display: :0' # Try to set 'DISPLAY=your_host_ip:0' or run 'xhost +' on your host. # (see: https://stackoverflow.com/questions/28392949/running-chromium-inside-docker-gtk-cannot-open-display-0) # FROM debian:sid-slim LABEL maintainer "Christian Koep " ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ keepass2 \ xdotool \ mono-mcs \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT ["/usr/bin/keepass2"] ================================================ FILE: keepassxc/Dockerfile ================================================ # keepassxc # # docker run -d \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /etc/machine-id:/etc/machine-id:ro \ # -v /usr/share/X11/xkb:/usr/share/X11/xkb/:ro \ # -v $HOME/.config/keepassxc:/root/.config/keepassxc \ # -e DISPLAY=unix$DISPLAY \ # jess/keepassxc # FROM alpine:latest LABEL maintainer "Christian Koep " ENV KEEPASSXC_VERSION 2.5.4 RUN buildDeps=' \ automake \ argon2-dev \ bash \ cmake \ curl-dev \ expat \ g++ \ gcc \ git \ libgcrypt-dev \ libmicrohttpd-dev \ libqrencode-dev \ libsodium-dev \ make \ qt5-qtbase-dev \ qt5-qtsvg-dev \ qt5-qttools-dev \ ' \ set -x \ && apk --no-cache add \ $buildDeps \ && git clone --depth 1 --branch ${KEEPASSXC_VERSION} https://github.com/keepassxreboot/keepassxc.git /usr/src/keepassxc \ && cd /usr/src/keepassxc \ && mkdir build \ && cd build \ && cmake -DWITH_TESTS=ON -DWITH_XC_AUTOTYPE=ON -DWITH_XC_HTTP=ON .. \ && make \ && make install \ && apk del $buildDeps \ && rm -rf /usr/src/keepassxc \ && echo "Build complete." RUN apk --no-cache add \ argon2-libs \ libcurl \ libmicrohttpd \ libgcrypt \ libqrencode \ libsodium \ mesa-dri-intel \ qt5-qtbase \ qt5-qtbase-x11 \ qt5-qtsvg \ qt5-qttools \ ttf-dejavu ENTRYPOINT [ "/usr/local/bin/keepassxc" ] ================================================ FILE: kernel-builder/Dockerfile ================================================ FROM r.j3ss.co/wireguard:install LABEL maintainer "Jessie Frazelle " RUN apt update && apt -y install \ bash \ bc \ bison \ ca-certificates \ curl \ fakeroot \ flex \ git \ libgmp-dev \ libncurses-dev \ perl \ tar \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /root WORKDIR $HOME ENV JOBS 4 COPY build_kernel /usr/local/bin/build_kernel RUN echo "build_kernel [version]" > /root/.bash_history ENTRYPOINT [ "bash" ] ================================================ FILE: kernel-builder/build_kernel ================================================ #!/bin/bash set -e set -o pipefail linux_next(){ local dir="/usr/src/linux-next" # Check if we already have the source for linux-next checked out. if [[ -d "$dir" ]]; then echo "Updating linux-next tree git remotes..." ( cd "$dir" git checkout master git remote update ) else echo "Cloning the git source for linux..." git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git "$dir" echo "Adding the linux-next git remote..." ( cd "$dir" git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git ) fi echo "Fetching the linux-next remote and updating tags..." ( cd "$dir" git fetch linux-next git fetch --tags linux-next ) local branch branch="next-$(date +%Y%m%d)" echo "Checking out the correct branch ${branch}..." ( cd "$dir" git checkout -b "$branch" "$branch" ) } install_kernel(){ local VERSION=$1 local OPT=$2 local DIR="/usr/src/linux-${VERSION}" if [[ -z $VERSION ]]; then echo "Please specify a kernel version." exit 1 elif [[ "$VERSION" == "next" ]]; then DIR="/usr/src/linux-next" linux_next fi if [[ "$VERSION" != "next" ]]; then local MAJOR_VERSION=${VERSION:0:1} local V=( "${VERSION//./ }" ) local MAJOR_MINOR_VERSION="${V[0]}.${V[1]}" # Get the kernel source. echo "Getting the kernel source for linux-${VERSION}..." echo "This might take a bit to download. Hang tight!" if [[ "$VERSION" == *-rc* ]]; then [ -d "$DIR" ] || curl -sSL "https://git.kernel.org/torvalds/t/linux-${VERSION}.tar.gz" | tar -C /usr/src -xz MAJOR_MINOR_VERSION="${MAJOR_VERSION}.x-rcN" else [ -d "/usr/src/linux-${VERSION}" ] || curl -sSL "https://cdn.kernel.org/pub/linux/kernel/v${MAJOR_VERSION}.x/linux-${VERSION}.tar.xz" | tar -C /usr/src -xJ fi # Git clone and apply the patches for the aufs filesystem. if [[ "$OPT" == "aufs" ]] && [[ ! -d "${DIR}/fs/aufs" ]]; then aufsdir=/aufs4-standalone echo "Cloning the git patches for the aufs filesystem..." git clone --depth 1 --branch "aufs${MAJOR_MINOR_VERSION}" --single-branch https://github.com/sfjro/aufs4-standalone.git "$aufsdir" ( cd "$DIR" echo "Applying patch for the aufs filesystem..." git apply $aufsdir/aufs4-kbuild.patch git apply $aufsdir/aufs4-base.patch git apply $aufsdir/aufs4-mmap.patch cp -r $aufsdir/{Documentation,fs} . cp $aufsdir/include/uapi/linux/aufs_type.h include/uapi/linux/ ) fi fi # Install Wireguard VPN into the kernel. if [[ "$OPT" == "wireguard" ]] && [[ ! -f "${DIR}/net/wireguard/allowedips.c" ]]; then echo "Applying patch for Wireguard VPN..." ( cd "$DIR" /wireguard/contrib/kernel-tree/create-patch.sh | patch -p1 ) echo "Patch for Wireguard VPN successfully applied!" fi # Copy the config from /usr/src/config if it does not already exist. if [[ ! -f "${DIR}/.config" ]] && [[ -f "/usr/src/config" ]]; then ( cd "$DIR" cp ../config .config # Add the config options for the aufs filesystem. if [[ "$OPT" == "aufs" ]]; then echo "CONFIG_AUFS_FS=y" >> .config fi # Add the config options for Wireguard VPN. if [[ "$OPT" == "wireguard" ]]; then echo "CONFIG_WIREGUARD=y" >> .config fi ) fi ( cd "$DIR" echo "Building the kernel..." make -j"$JOBS" echo "Installing the modules..." make modules_install echo "Installing the kernel..." make install ) ( echo "Stripping the modules..." find /lib/modules/ -name "*.ko" -exec strip --strip-unneeded {} + ) } # shellcheck disable=SC2068 install_kernel $@ echo "Kernel successfully installed!" echo "You will now want to run:" echo " update-initramfs -u -k all" echo "and" echo " update-grub2" echo "or the equivalent for your system." ================================================ FILE: kicad/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ kicad \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "kicad" ] ================================================ FILE: kvm/Dockerfile ================================================ # Run libvirt deamon in a container # # docker run -d \ # --privileged \ # -v /var/run/libvirt:/var/run/libvirt \ # --name kvm \ # jess/kvm # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ dnsmasq \ gir1.2-spiceclientgtk-3.0 \ iproute2 \ iptables \ libgl1-mesa-dri \ libgl1-mesa-glx \ libvirt-daemon-system \ procps \ python-gi \ qemu-kvm \ virtinst \ virt-manager \ virt-viewer \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* COPY ./start.sh /start.sh ENTRYPOINT ["/start.sh"] CMD ["virt-manager", "--no-fork"] ================================================ FILE: kvm/start.sh ================================================ #!/bin/bash set -e set -o pipefail # add the correct user perms echo "Adding the user groups..." gpasswd -a root libvirt gpasswd -a root kvm chown root:kvm /dev/kvm # allow root user to use qemu echo 'user = "root"' >> /etc/libvirt/qemu.conf echo 'group = "root"' >> /etc/libvirt/qemu.conf # create the bridge for networking echo "Creating the bridge for networking..." ip link add name virt0 type bridge ip link set dev virt0 up bridge link ip addr add dev virt0 172.20.0.1/16 iptables -t nat -A POSTROUTING -s 172.20.0.1/16 -j MASQUERADE # start the virtlogd daemon echo "Starting virtlogd..." virtlogd & # start libvirtd echo "Starting libvirtd..." libvirtd & # put in a sleep for services to start echo "Sleeping while services start..." sleep 5 # start the default networking echo "Creating the default networking..." virsh net-start default # import existing vms echo "Importing any existing VMs..." for f in /root/kvm/*.xml; do echo "Importing $(basename "$f")..." virsh define "$f" done echo "Starting virt-manager..." # shellcheck disable=SC2068 exec $@ ================================================ FILE: latest-versions.sh ================================================ #!/bin/bash # This script gets the latest GitHub releases for the specified projects. if [[ -z "$GITHUB_TOKEN" ]]; then echo "Set the GITHUB_TOKEN env variable." exit 1 fi URI=https://api.github.com API_VERSION=v3 API_HEADER="Accept: application/vnd.github.${API_VERSION}+json" AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" get_latest() { local repo=$1 local resp resp=$(curl -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${repo}/releases") if [[ "$repo" != "Radarr/Radarr" ]]; then resp=$(echo "$resp" | jq --raw-output '[.[] | select(.prerelease == false)]') fi local tag tag=$(echo "$resp" | jq -e --raw-output .[0].tag_name) local name name=$(echo "$resp" | jq -e --raw-output .[0].name) if [[ "$tag" == "null" ]]; then # get the latest tag resp=$(curl -sSL -H "${AUTH_HEADER}" -H "${API_HEADER}" "${URI}/repos/${repo}/tags") tag=$(echo "$resp" | jq -e --raw-output .[0].name) tag=${tag#release-} fi if [[ "$name" == "null" ]] || [[ "$name" == "" ]]; then name="-" fi local dir=${repo#*/} if [[ "$dir" == "CouchPotatoServer" ]]; then dir="couchpotato" elif [[ "$dir" == "cri-o" ]]; then dir="crio" elif [[ "$dir" == "byte-unixbench" ]]; then dir="unixbench" elif [[ "$dir" == "Tautulli" ]]; then dir="plexpy" elif [[ "$dir" == "zookeeper" ]]; then dir="zookeeper/3.6" elif [[ "$dir" == "oauth2_proxy" ]]; then dir="oauth2-proxy" fi # Change to upper case for grep local udir udir=$(echo $dir | awk '{print toupper($0)}') # Replace dashes (-) with underscores (_) udir=${udir//-/_} udir=${udir%/*} if [[ "$dir" == "wireguard-tools" ]]; then dir="wireguard/install" udir="WIREGUARD_TOOLS" elif [[ "$dir" == "wireguard-linux-compat" ]]; then dir="wireguard/install" udir="WIREGUARD" fi local current if [[ ! -d "$dir" ]]; then # If the directory does not exist, then grep all for it current=$(grep -m 1 "${udir}_VERSION" -- **/Dockerfile | head -n 1 | awk '{print $(NF)}') else current=$(grep -m 1 "${udir}_VERSION" "${dir}/Dockerfile" | awk '{print $(NF)}') fi compare "$name" "$dir" "$tag" "$current" "https://github.com/${repo}/releases" } get_latest_unifi() { local latest current latest=$(curl -sSL http://www.ubnt.com/downloads/unifi/debian/dists/cloudkey-stable/ubiquiti/binary-armhf/Packages \ | awk 'BEGIN {FS="\n"; RS="";} /^Package: unifi/' \ | awk '/^Version:/ {print $2}' \ | cut -d- -f1) current=$(grep -m 1 UNIFI_VERSION unifi/Dockerfile | tr '"' ' ' | awk '{print $(NF)}') compare unifi unifi "$latest" "$current" https://www.ubnt.com/download/unifi } compare() { local name="$1" dir="$2" tag="$3" current="$4" releases="$5" ignore_dirs=( "mc" "zookeeper/3.6" ) if [[ "$tag" =~ $current ]] || [[ "$name" =~ $current ]] || [[ "$current" =~ $tag ]] || [[ "$current" == "master" ]]; then echo -e "\\e[36m${dir}:\\e[39m current ${current} | ${tag} | ${name}" else # add to the bad versions if [[ ! " ${ignore_dirs[*]} " =~ ${dir} ]]; then bad_versions+=( "${dir}" ) fi echo -e "\\e[31m${dir}:\\e[39m current ${current} | ${tag} | ${name} | ${releases}" fi } projects=( iovisor/bcc iovisor/bpftrace browsh-org/browsh certbot/certbot cloudflare/cfssl quay/clair hashicorp/consul coredns/coredns CouchPotato/CouchPotatoServer curl/curl kolide/fleet GoogleCloudPlatform/cloud-sdk-docker google/gitiles google/guetzli irssi/irssi cryptodotis/irssi-otr keepassxreboot/keepassxc robertdavidgraham/masscan MidnightCommander/mc zyedidia/micro mitmproxy/mitmproxy hashicorp/nomad nzbget/nzbget pusher/oauth2_proxy facebook/osquery hashicorp/packer Tautulli/Tautulli perkeep/perkeep pomerium/pomerium powershell/powershell Radarr/Radarr cesanta/docker_auth ricochet-im/ricochet reverse-shell/routersploit rstudio/rstudio tarsnap/tarsnap nginx/nginx simplresty/ngx_devel_kit openresty/luajit2 openresty/lua-cjson openresty/lua-nginx-module leev/ngx_http_geoip2_module maxmind/libmaxminddb openresty/lua-resty-core openresty/lua-resty-lrucache hashicorp/terraform kdlucas/byte-unixbench mitchellh/vagrant hashicorp/vault containrrr/watchtower wireguard/wireguard-tools wireguard/wireguard-linux-compat znc/znc apache/zookeeper tianon/gosu ) other_projects=( unifi ) bad_versions=() main() { # shellcheck disable=SC2068 for p in ${projects[@]}; do get_latest "$p" done # shellcheck disable=SC2068 for p in ${other_projects[@]}; do get_latest_"$p" done if [[ ${#bad_versions[@]} -ne 0 ]]; then echo echo "These Dockerfiles are not up to date: ${bad_versions[*]}" >&2 exit 1 fi } main ================================================ FILE: libreoffice/Dockerfile ================================================ # Run Libreoffice in a container # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # -v $HOME/slides:/root/slides \ # -e GDK_SCALE \ # -e GDK_DPI_SCALE \ # --name libreoffice \ # jess/libreoffice # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \ libreoffice \ ttf-dejavu ENTRYPOINT [ "libreoffice" ] ================================================ FILE: libvirt-client/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ libvirt-client ENTRYPOINT [ "virsh", "-c", "qemu:///system" ] ================================================ FILE: lilyterm/Dockerfile ================================================ # To use: # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # jess/lilyterm # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install all the things RUN apt-get update && apt-get install -y \ mesa-utils \ dbus \ lilyterm \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "lilyterm" ] ================================================ FILE: linapple/Dockerfile ================================================ FROM alpine:latest RUN apk --no-cache add \ ca-certificates \ libcurl \ libgcc \ libstdc++ \ libzip \ sdl RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ bzip2 \ curl \ curl-dev \ libzip-dev \ make \ sdl-dev \ tar \ && curl -sSL "https://beotiger.com/download/linapple_src-2b" -o /tmp/linapple.tar.bz2 \ && mkdir -p /usr/src/linapple \ && tar -xjf /tmp/linapple.tar.bz2 -C /usr/src/linapple --strip-components=1 \ && rm /tmp/linapple.tar.bz2 \ && ( \ cd /usr/src/linapple/src \ && make \ && make install \ ) \ && apk del .build-deps COPY Frogger.dsk /usr/src/games/ COPY quest1.dsk /usr/src/games/ ENTRYPOINT ["linapple"] CMD ["-1", "/usr/src/games/quest1.dsk"] ================================================ FILE: lkp-tests/Dockerfile ================================================ FROM debian:buster-slim LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive # install deps do this in sections so the layers are not mazzive RUN dpkg --add-architecture i386 \ && apt-get update && apt-get install -y \ automake \ bc \ binutils-dev \ bison \ build-essential \ bzip2 \ ca-certificates \ cpio \ fakeroot \ flex \ gawk \ gcc \ git \ gzip \ hdparm \ iperf \ kmod \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y \ libaudit-dev \ libbabeltrace-ctf-dev \ libc6-dev \ libc6-dev:i386 \ libdw-dev \ libiberty-dev \ libklibc-dev \ liblzma-dev \ libnuma-dev \ libperl-dev \ libslang2-dev \ libssl-dev \ libtool \ libunwind-dev \ linux-libc-dev \ linux-libc-dev:i386 \ linux-perf \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && ln -snf /usr/bin/perf_4.9 /usr/bin/perf RUN apt-get update && apt-get install -y \ make \ nfs-common \ openssl \ patch \ perl \ procps \ psmisc \ python-dev \ rsync \ rt-tests \ ruby \ ruby-dev \ sysstat \ systemtap-sdt-dev \ time \ wget \ zlib1g-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV KERNEL_VERSION v4.13 ENV LKP_GIT_WORK_TREE /usr/src/linux RUN git clone -b "${KERNEL_VERSION}" https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git "${LKP_GIT_WORK_TREE}" ENV LKP_SRC /usr/src/lkp-tests RUN git clone https://github.com/fengguang/lkp-tests.git "${LKP_SRC}" WORKDIR /usr/src/lkp-tests RUN make install \ && lkp install COPY runbench /usr/local/bin/runbench CMD [ "lkp" ] ================================================ FILE: lkp-tests/runbench ================================================ #!/bin/bash set -e set -o pipefail ARG=$1 JOB_FILE="./jobs/${ARG}.yaml" if [[ ! -f "$JOB_FILE" ]]; then echo "$JOB_FILE does not exist, please select a job that is in the jobs directory." 1>&2; echo "For example:" 1>&2; echo " runbench hackbench-100" 1>&2; exit 1 fi # mount the debug filesystem if ! grep -qs '/sys/kernel/debug' /proc/mounts; then mount -t debugfs none /sys/kernel/debug/ fi echo "Installing dependencies for ${ARG}..." lkp install "$JOB_FILE" echo "Running ${ARG}..." lkp run "$JOB_FILE" || true echo "Getting result from ${ARG}..." lkp stat -p "${ARG}" ================================================ FILE: lpass/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ curl \ libxml2 \ libressl \ xclip \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/main RUN set -x \ && apk add --no-cache --virtual .build-deps \ autoconf \ automake \ build-base \ cmake \ curl-dev \ git \ libressl-dev \ libxml2-dev \ && git clone --depth 1 https://github.com/LastPass/lastpass-cli.git /usr/src/lastpass-cli \ && ( \ cd /usr/src/lastpass-cli \ && cmake . \ && make \ && make install \ ) \ && rm -rf /usr/src/lastpass-cli \ && apk del .build-deps ENTRYPOINT [ "lpass" ] ================================================ FILE: lynx/Dockerfile ================================================ # Run Lynx in a conatiner # # docker run --rm -it \ # --name lynx \ # jess/lynx github.com/jessfraz # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ lynx \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "lynx" ] ================================================ FILE: mailgun/Dockerfile ================================================ FROM r.j3ss.co/curl LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ bash COPY sendemail /usr/bin/sendemail ENTRYPOINT [ "sendemail" ] ================================================ FILE: mailgun/sendemail ================================================ #!/bin/bash set -e set -o pipefail set -x if [[ -z "$MAILGUN_API_KEY" ]]; then echo "Set the MAILGUN_API_KEY env variable." exit 1 fi if [[ -n "$MAILGUN_DOMAIN" ]]; then MAILGUN_DOMAIN_NAME=$MAILGUN_DOMAIN fi if [[ -z "$MAILGUN_DOMAIN_NAME" ]]; then echo "Set the MAILGUN_DOMAIN_NAME env variable." exit 1 fi if [[ -z "$TO_NAME" ]]; then echo "Set the TO_NAME env variable." exit 1 fi if [[ -z "$TO_EMAIL" ]]; then echo "Set the TO_EMAIL env variable." exit 1 fi if [[ -z "$SUBJECT" ]]; then echo "Set the SUBJECT env variable." exit 1 fi if [[ -z "$BODY" ]]; then echo "Set the BODY env variable." exit 1 fi curl -sSL --user "api:${MAILGUN_API_KEY}" \ "https://api.mailgun.net/v3/${MAILGUN_DOMAIN_NAME}/messages" \ -F 'from="Mailgun API "' \ -F "to=${TO_NAME}" \ -F "to=${TO_EMAIL}" \ -F 'subject="'"${SUBJECT}"'"' \ -F 'text="'"${BODY}"'"' ================================================ FILE: mars/Dockerfile ================================================ FROM openjdk:8-alpine RUN set -x \ && apk add --no-cache --virtual .build-deps \ ca-certificates \ curl \ && curl -sSL "http://courses.missouristate.edu/KenVollmar/mars/MARS_4_5_Aug2014/Mars4_5.jar" -o /mars.jar \ && apk del .build-deps ENTRYPOINT ["java", "-jar", "/mars.jar", "nc"] ================================================ FILE: masscan/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ libpcap-dev ENV MASSCAN_VERSION 1.0.5 RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ clang \ clang-dev \ git \ linux-headers \ && rm -rf /var/lib/apt/lists/* \ && git clone --depth 1 --branch "$MASSCAN_VERSION" https://github.com/robertdavidgraham/masscan.git /usr/src/masscan \ && ( \ cd /usr/src/masscan \ && make \ && make install \ ) \ && rm -rf /usr/src/masscan \ && apk del .build-deps ENTRYPOINT [ "masscan" ] ================================================ FILE: mc/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ glib \ libintl \ libssh2 \ ncurses-libs ENV TERM xterm # Create user and change ownership RUN addgroup -g 1001 -S mc \ && adduser -u 1001 -SHG mc mc \ && mkdir -p /home/mc/.mc ENV MC_VERSION 4.8.21 RUN set -x \ && apk add --no-cache --virtual .build-deps \ aspell-dev \ autoconf \ automake \ build-base \ ca-certificates \ curl \ e2fsprogs-dev \ gettext-dev \ git \ glib-dev \ libssh2-dev \ libtool \ ncurses-dev \ pcre-dev \ && git clone --depth 1 --branch "$MC_VERSION" https://github.com/MidnightCommander/mc.git /usr/src/mc \ && ( \ cd /usr/src/mc \ && ./autogen.sh \ && ./configure \ --prefix=/usr \ --libexecdir=/usr/lib \ --mandir=/usr/share/man \ --sysconfdir=/etc \ --enable-background \ --enable-charset \ --enable-largefile \ --enable-vfs-sftp \ --with-internal-edit \ --with-mmap \ --with-screen=ncurses \ --with-subshell \ --without-gpm-mouse \ --without-included-gettext \ --without-x \ --enable-aspell \ && make \ && make install \ ) \ && curl -sSL "https://raw.githubusercontent.com/nkulikov/mc-solarized-skin/master/solarized.ini" > /home/mc/.mc/solarized.ini \ && rm -rf /usr/src/mc \ && apk del .build-deps \ && chown -R mc:mc /home/mc ENV HOME=/home/mc ENV MC_SKIN=${HOME}/.mc/solarized.ini WORKDIR ${HOME} ENTRYPOINT [ "mc" ] ================================================ FILE: mdp/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ gcc \ git \ libncurses5 \ libncurses5-dev \ libncursesw5 \ libncursesw5-dev \ make \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN git clone --depth 1 --recursive https://github.com/visit1985/mdp.git /src WORKDIR /src ENV TERM xterm-256color ENV DEBUG 1 RUN make \ && make install ENTRYPOINT [ "/usr/local/bin/mdp" ] ================================================ FILE: micro/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Christian Koep " RUN apk --no-cache add \ ca-certificates \ git \ make ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV MICRO_VERSION v2.0.4 RUN git clone --depth 1 --branch "$MICRO_VERSION" https://github.com/zyedidia/micro /go/src/github.com/zyedidia/micro WORKDIR /go/src/github.com/zyedidia/micro RUN make install FROM alpine:latest COPY --from=builder /go/bin/micro /usr/bin/micro COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "micro" ] ================================================ FILE: mitmproxy/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " ENV LANG=en_US.UTF-8 RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Add our user first to make sure the ID get assigned consistently, # regardless of whatever dependencies get added. RUN groupadd -r mitmproxy && useradd -r -g mitmproxy mitmproxy \ && mkdir -p /home/mitmproxy/.mitmproxy \ && chown -R mitmproxy:mitmproxy /home/mitmproxy # Download the binaries. ENV MITMPROXY_VERSION 5.1.1 RUN curl -sSL "https://snapshots.mitmproxy.org/${MITMPROXY_VERSION}/mitmproxy-${MITMPROXY_VERSION}-linux.tar.gz" | tar -vxzC /usr/local/bin VOLUME /home/mitmproxy/.mitmproxy COPY docker-entrypoint.sh /usr/local/bin/ EXPOSE 8080 8081 ENTRYPOINT ["docker-entrypoint.sh"] CMD ["mitmproxy"] ================================================ FILE: mitmproxy/docker-entrypoint.sh ================================================ #!/bin/sh set -e MITMPROXY_PATH="/home/mitmproxy/.mitmproxy" if [ "$1" = "mitmdump" ] || [ "$1" = "mitmproxy" ] || [ "$1" = "mitmweb" ]; then mkdir -p "$MITMPROXY_PATH" chown -R mitmproxy:mitmproxy "$MITMPROXY_PATH" su mitmproxy -c "$@" else exec "$@" fi ================================================ FILE: mop/Dockerfile ================================================ # Run mop-tracker in a container # # docker run -it --rm \ # -v ~/.moprc:/root/.moprc \ # --name mop \ # r.j3ss.co/mop # FROM golang:alpine as builder RUN apk --no-cache add \ ca-certificates \ git ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN go get github.com/mop-tracker/mop/cmd/mop FROM alpine:latest COPY --from=builder /go/bin/mop /usr/bin/mop COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "mop" ] ================================================ FILE: mpd/Dockerfile ================================================ # Music player daemon # # docker run -d \ # --device /dev/snd \ # -v /etc/localtime:/etc/localtime:ro \ # -v $HOME/.mpd:/var/lib/mpd \ # -p 6600:6600 \ # --name mpd \ # jess/mpd # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ mpc \ mpd \ nfs-common \ sudo \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* run mkdir -p /var/lib/mpd/playlists \ && mkdir -p /var/lib/mpd/music \ && touch /var/lib/mpd/state \ && touch /var/lib/mpd/tag_cache \ && chmod 0777 -R /var/lib/mpd \ && chown -R mpd /var/lib/mpd # my user needs the ability to mount # because all my music is in a nfs mount RUN echo "mpd ALL=NOPASSWD: /usr/bin/mount, /sbin/mount.nfs, /usr/bin/umount" >> /etc/sudoers ENV HOME /home/mpd COPY mpd.conf /etc/mpd.conf COPY mpd.sh /usr/local/bin/mpd.sh WORKDIR $HOME USER mpd ENTRYPOINT [ "/usr/local/bin/mpd.sh" ] ================================================ FILE: mpd/mpd.conf ================================================ # An example configuration file for MPD. # Read the user manual for documentation: http://www.musicpd.org/doc/user/ # or /usr/share/doc/mpd/user-manual.html # Files and directories ####################################################### # # This setting controls the top directory which MPD will search to discover the # available audio files and add them to the daemon's online database. This # setting defaults to the XDG directory, otherwise the music directory will be # be disabled and audio files will only be accepted over ipc socket (using # file:// protocol) or streaming files over an accepted protocol. # music_directory "/var/lib/mpd/music" # # This setting sets the MPD internal playlist directory. The purpose of this # directory is storage for playlists created by MPD. The server will use # playlist files not created by the server but only if they are in the MPD # format. This setting defaults to playlist saving being disabled. # playlist_directory "/var/lib/mpd/playlists" # # This setting sets the location of the MPD database. This file is used to # load the database at server start up and store the database while the # server is not up. This setting defaults to disabled which will allow # MPD to accept files over ipc socket (using file:// protocol) or streaming # files over an accepted protocol. # db_file "/var/lib/mpd/tag_cache" # # These settings are the locations for the daemon log files for the daemon. # These logs are great for troubleshooting, depending on your log_level # settings. # # The special value "syslog" makes MPD use the local syslog daemon. This # setting defaults to logging to syslog, otherwise logging is disabled. # log_file "/var/log/mpd/mpd.log" # # This setting sets the location of the file which stores the process ID # for use of mpd --kill and some init scripts. This setting is disabled by # default and the pid file will not be stored. # pid_file "/var/log/mpd/pid" # # This setting sets the location of the file which contains information about # most variables to get MPD back into the same general shape it was in before # it was brought down. This setting is disabled by default and the server # state will be reset on server start up. # state_file "/var/lib/mpd/state" # # The location of the sticker database. This is a database which # manages dynamic information attached to songs. # sticker_file "/var/lib/mpd/sticker.sql" # ############################################################################### # General music daemon options ################################################ # # This setting specifies the user that MPD will run as. MPD should never run as # root and you may use this setting to make MPD change its user ID after # initialization. This setting is disabled by default and MPD is run as the # current user. # user "mpd" # # This setting specifies the group that MPD will run as. If not specified # primary group of user specified with "user" setting will be used (if set). # This is useful if MPD needs to be a member of group such as "audio" to # have permission to use sound card. # group "audio" # # This setting sets the address for the daemon to listen on. Careful attention # should be paid if this is assigned to anything other then the default, any. # This setting can deny access to control of the daemon. Choose any if you want # to have mpd listen on every address # # For network bind_to_address "localhost" # # And for Unix Socket #bind_to_address "/run/mpd/socket" # # This setting is the TCP port that is desired for the daemon to get assigned # to. # port "6600" # # This setting controls the type of information which is logged. Available # setting arguments are "default", "secure" or "verbose". The "verbose" setting # argument is recommended for troubleshooting, though can quickly stretch # available resources on limited hardware storage. # #log_level "default" # # If you have a problem with your MP3s ending abruptly it is recommended that # you set this argument to "no" to attempt to fix the problem. If this solves # the problem, it is highly recommended to fix the MP3 files with vbrfix # (available as vbrfix in the debian archive), at which # point gapless MP3 playback can be enabled. # #gapless_mp3_playback "yes" # # Setting "restore_paused" to "yes" puts MPD into pause mode instead # of starting playback after startup. # #restore_paused "no" # # This setting enables MPD to create playlists in a format usable by other # music players. # #save_absolute_paths_in_playlists "no" # # This setting defines a list of tag types that will be extracted during the # audio file discovery process. The complete list of possible values can be # found in the mpd.conf man page. #metadata_to_use "artist,album,title,track,name,genre,date,composer,performer,disc" # # This setting enables automatic update of MPD's database when files in # music_directory are changed. # #auto_update "yes" # # Limit the depth of the directories being watched, 0 means only watch # the music directory itself. There is no limit by default. # #auto_update_depth "3" # ############################################################################### # Symbolic link behavior ###################################################### # # If this setting is set to "yes", MPD will discover audio files by following # symbolic links outside of the configured music_directory. # #follow_outside_symlinks "yes" # # If this setting is set to "yes", MPD will discover audio files by following # symbolic links inside of the configured music_directory. # follow_inside_symlinks "yes" # ############################################################################### # Zeroconf / Avahi Service Discovery ########################################## # # If this setting is set to "yes", service information will be published with # Zeroconf / Avahi. # #zeroconf_enabled "yes" # # The argument to this setting will be the Zeroconf / Avahi unique name for # this MPD server on the network. # #zeroconf_name "Music Player" # ############################################################################### # Permissions ################################################################# # # If this setting is set, MPD will require password authorization. The password # can setting can be specified multiple times for different password profiles. # #password "password@read,add,control,admin" # # This setting specifies the permissions a user has who has not yet logged in. # #default_permissions "read,add,control,admin" # ############################################################################### # Database ####################################################################### # #database { # plugin "proxy" # host "other.mpd.host" # port "6600" #} # Input ####################################################################### # input { plugin "curl" # proxy "proxy.isp.com:8080" # proxy_user "user" # proxy_password "password" } # ############################################################################### # Audio Output ################################################################ # # MPD supports various audio output types, as well as playing through multiple # audio outputs at the same time, through multiple audio_output settings # blocks. Setting this block is optional, though the server will only attempt # autodetection for one sound card. # # An example of an ALSA output: # audio_output { type "alsa" name "My ALSA Device" # device "hw:0,0" # optional # mixer_type "hardware" # optional # mixer_device "default" # optional # mixer_control "PCM" # optional # mixer_index "0" # optional } # # An example of an OSS output: # #audio_output { # type "oss" # name "My OSS Device" # device "/dev/dsp" # optional # mixer_type "hardware" # optional # mixer_device "/dev/mixer" # optional # mixer_control "PCM" # optional #} # # An example of a shout output (for streaming to Icecast): # #audio_output { # type "shout" # encoding "ogg" # optional # name "My Shout Stream" # host "localhost" # port "8000" # mount "/mpd.ogg" # password "hackme" # quality "5.0" # bitrate "128" # format "44100:16:1" # protocol "icecast2" # optional # user "source" # optional # description "My Stream Description" # optional # url "http://example.com" # optional # genre "jazz" # optional # public "no" # optional # timeout "2" # optional # mixer_type "software" # optional #} # # An example of a recorder output: # #audio_output { # type "recorder" # name "My recorder" # encoder "vorbis" # optional, vorbis or lame # path "/var/lib/mpd/recorder/mpd.ogg" ## quality "5.0" # do not define if bitrate is defined # bitrate "128" # do not define if quality is defined # format "44100:16:1" #} # # An example of a httpd output (built-in HTTP streaming server): # #audio_output { # type "httpd" # name "mpd" # encoder "vorbis" # optional, vorbis or lame # port "8000" # bind_to_address "0.0.0.0" # optional, IPv4 or IPv6 # quality "5.0" # do not define if bitrate is defined # bitrate "128" # do not define if quality is defined # format "44100:16:1" # max_clients "0" # optional 0=no limit #} # # An example of a pulseaudio output (streaming to a remote pulseaudio server) # Please see README.Debian if you want mpd to play through the pulseaudio # daemon started as part of your graphical desktop session! # #audio_output { # type "pulse" # name "My Pulse Output" # server "remote_server" # optional # sink "remote_server_sink" # optional #} # # An example of a winmm output (Windows multimedia API). # #audio_output { # type "winmm" # name "My WinMM output" # device "Digital Audio (S/PDIF) (High Definition Audio Device)" # optional # or # device "0" # optional # mixer_type "hardware" # optional #} # # An example of an openal output. # #audio_output { # type "openal" # name "My OpenAL output" # device "Digital Audio (S/PDIF) (High Definition Audio Device)" # optional #} # ## Example "pipe" output: # #audio_output { # type "pipe" # name "my pipe" # command "aplay -f cd 2>/dev/null" ## Or if you're want to use AudioCompress # command "AudioCompress -m | aplay -f cd 2>/dev/null" ## Or to send raw PCM stream through PCM: # command "nc example.org 8765" # format "44100:16:2" #} # ## An example of a null output (for no audio output): # #audio_output { # type "null" # name "My Null Output" # mixer_type "none" # optional #} # # If MPD has been compiled with libsamplerate support, this setting specifies # the sample rate converter to use. Possible values can be found in the # mpd.conf man page or the libsamplerate documentation. By default, this is # setting is disabled. # #samplerate_converter "Fastest Sinc Interpolator" # ############################################################################### # Normalization automatic volume adjustments ################################## # # This setting specifies the type of ReplayGain to use. This setting can have # the argument "off", "album", "track" or "auto". "auto" is a special mode that # chooses between "track" and "album" depending on the current state of # random playback. If random playback is enabled then "track" mode is used. # See for more details about ReplayGain. # This setting is off by default. # #replaygain "album" # # This setting sets the pre-amp used for files that have ReplayGain tags. By # default this setting is disabled. # #replaygain_preamp "0" # # This setting sets the pre-amp used for files that do NOT have ReplayGain tags. # By default this setting is disabled. # #replaygain_missing_preamp "0" # # This setting enables or disables ReplayGain limiting. # MPD calculates actual amplification based on the ReplayGain tags # and replaygain_preamp / replaygain_missing_preamp setting. # If replaygain_limit is enabled MPD will never amplify audio signal # above its original level. If replaygain_limit is disabled such amplification # might occur. By default this setting is enabled. # #replaygain_limit "yes" # # This setting enables on-the-fly normalization volume adjustment. This will # result in the volume of all playing audio to be adjusted so the output has # equal "loudness". This setting is disabled by default. # #volume_normalization "no" # ############################################################################### # Character Encoding ########################################################## # # If file or directory names do not display correctly for your locale then you # may need to modify this setting. # filesystem_charset "UTF-8" # # This setting controls the encoding that ID3v1 tags should be converted from. # id3v1_encoding "UTF-8" # ############################################################################### # SIDPlay decoder ############################################################# # # songlength_database: # Location of your songlengths file, as distributed with the HVSC. # The sidplay plugin checks this for matching MD5 fingerprints. # See http://www.c64.org/HVSC/DOCUMENTS/Songlengths.faq # # default_songlength: # This is the default playing time in seconds for songs not in the # songlength database, or in case you're not using a database. # A value of 0 means play indefinitely. # # filter: # Turns the SID filter emulation on or off. # #decoder { # plugin "sidplay" # songlength_database "/media/C64Music/DOCUMENTS/Songlengths.txt" # default_songlength "120" # filter "true" #} # ############################################################################### ================================================ FILE: mpd/mpd.sh ================================================ #!/bin/bash set -e set -o pipefail mkdir -p /var/lib/mpd/{playlists,music} \ && touch /var/lib/mpd/{state,tag_cache} \ && chmod 0777 -R /var/lib/mpd \ && chown -R mpd /var/lib/mpd exec mpd --no-daemon --stdout --verbose /etc/mpd.conf "$@" ================================================ FILE: mpsyt/Dockerfile ================================================ FROM python:3-alpine LABEL maintainer "Justin Garrison " RUN apk add --no-cache \ mplayer \ mpv RUN pip install mps-youtube ENTRYPOINT ["mpsyt"] ================================================ FILE: mpsyt/README ================================================ mps-youtube -------- Docker container for running (mpsyt)[https://github.com/np1/mps-youtube] inside a docker container. Run with ``` docker run -v /dev/snd:/dev/snd -it --rm --privileged rothgar/mpsyt ``` ================================================ FILE: mutt/.mutt/mailcap ================================================ application/octet-stream ; echo %s "can be anything..." ; copiousoutput text/html ; /usr/bin/elinks -dump %s ; nametemplate=%s.html ; copiousoutput application/pdf ; /usr/bin/zathura %s ; copiousoutput image/* ; /usr/bin/mirage %s ; copiousoutput audio/* ; /usr/bin/mplayer %s ; copiousoutput video/* ; /usr/bin/mplayer %s ; copiousoutput ================================================ FILE: mutt/.mutt/mutt-colors-solarized-dark-16.muttrc ================================================ # vim: filetype=muttrc # # # make sure that you are using mutt linked against slang, not ncurses, or # suffer the consequences of weird color issues. use "mutt -v" to check this. # custom body highlights ----------------------------------------------- # highlight my name and other personally relevant strings color body yellow default "(jessie|jessica|frazelle|jfrazelle|jessfraz|jess)" # custom index highlights ---------------------------------------------- # messages which mention my name in the body color index yellow default "~b \"jessie|jessfraz|jfrazelle\" !~N !~T !~F !~p !~P" #color index J_cream brightwhite "~b \"phil(_g|\!| gregory| gold)|pgregory\" ~N !~T !~F !~p !~P" #color index yellow cyan "~b \"phil(_g|\!| gregory| gold)|pgregory\" ~T !~F !~p !~P" #color index yellow J_magent "~b \"phil(_g|\!| gregory| gold)|pgregory\" ~F !~p !~P" ## messages which are in reference to my mails color index brightmagenta default "~x \"(jess|jessie|jessica.frazelle)\\.docker\\.com\" !~N !~T !~F !~p !~P" #color index J_magent brightwhite "~x \"(mithrandir|aragorn)\\.aperiodic\\.net|thorin\\.hillmgt\\.com\" ~N !~T !~F !~p !~P" #color index J_magent cyan "~x \"(mithrandir|aragorn)\\.aperiodic\\.net|thorin\\.hillmgt\\.com\" ~T !~F !~p !~P" #color index J_magent red "~x \"(mithrandir|aragorn)\\.aperiodic\\.net|thorin\\.hillmgt\\.com\" ~F !~p !~P" # for background in 16 color terminal, valid background colors include: # base03, bg, black, any of the non brights # basic colors --------------------------------------------------------- color normal brightyellow default color error red default color tilde black default color message cyan default color markers red white color attachment white default color search brightmagenta default #color status J_black J_status color status brightyellow black color indicator brightblack yellow color tree yellow default # arrow in threads # basic monocolor screen mono bold bold mono underline underline mono indicator reverse mono error bold # index ---------------------------------------------------------------- #color index red default "~D(!~p|~p)" # deleted #color index black default ~F # flagged #color index brightred default ~= # duplicate messages #color index brightgreen default "~A!~N!~T!~p!~Q!~F!~D!~P" # the rest #color index J_base default "~A~N!~T!~p!~Q!~F!~D" # the rest, new color index red default "~A" # all messages color index brightred default "~E" # expired messages color index blue default "~N" # new messages color index blue default "~O" # old messages color index brightmagenta default "~Q" # messages that have been replied to color index brightgreen default "~R" # read messages color index blue default "~U" # unread messages color index blue default "~U~$" # unread, unreferenced messages color index brightyellow default "~v" # messages part of a collapsed thread color index brightyellow default "~P" # messages from me color index cyan default "~p!~F" # messages to me color index cyan default "~N~p!~F" # new messages to me color index cyan default "~U~p!~F" # unread messages to me color index brightgreen default "~R~p!~F" # messages to me color index red default "~F" # flagged messages color index red default "~F~p" # flagged messages to me color index red default "~N~F" # new flagged messages color index red default "~N~F~p" # new flagged messages to me color index red default "~U~F~p" # new flagged messages to me color index black red "~D" # deleted messages color index brightcyan default "~v~(!~N)" # collapsed thread with no unread color index yellow default "~v~(~N)" # collapsed thread with some unread color index green default "~N~v~(~N)" # collapsed thread with unread parent # statusbg used to indicated flagged when foreground color shows other status # for collapsed thread color index red black "~v~(~F)!~N" # collapsed thread with flagged, no unread color index yellow black "~v~(~F~N)" # collapsed thread with some unread & flagged color index green black "~N~v~(~F~N)" # collapsed thread with unread parent & flagged color index green black "~N~v~(~F)" # collapsed thread with unread parent, no unread inside, but some flagged color index cyan black "~v~(~p)" # collapsed thread with unread parent, no unread inside, some to me directly color index yellow red "~v~(~D)" # thread with deleted (doesn't differentiate between all or partial) #color index yellow default "~(~N)" # messages in threads with some unread #color index green default "~S" # superseded messages #color index red default "~T" # tagged messages #color index brightred red "~=" # duplicated messages # message headers ------------------------------------------------------ #color header brightgreen default "^" color hdrdefault brightgreen default color header brightyellow default "^(From)" color header blue default "^(Subject)" # body ----------------------------------------------------------------- color quoted blue default color quoted1 cyan default color quoted2 yellow default color quoted3 red default color quoted4 brightred default color signature brightgreen default color bold black default color underline black default color normal default default # color body brightcyan default "[;:][-o][)/(|]" # emoticons color body brightcyan default "[;:][)(|]" # emoticons color body brightcyan default "[*]?((N)?ACK|CU|LOL|SCNR|BRB|BTW|CWYL|\ |FWIW|vbg|GD&R|HTH|HTHBE|IMHO|IMNSHO|\ |IRL|RTFM|ROTFL|ROFL|YMMV)[*]?" color body brightcyan default "[ ][*][^*]*[*][ ]?" # more emoticon? color body brightcyan default "[ ]?[*][^*]*[*][ ]" # more emoticon? ## pgp color body red default "(BAD signature)" color body cyan default "(Good signature)" color body brightblack default "^gpg: Good signature .*" color body brightyellow default "^gpg: " color body brightyellow red "^gpg: BAD signature from.*" mono body bold "^gpg: Good signature" mono body bold "^gpg: BAD signature from.*" # yes, an insance URL regex mono body underline "([a-z][a-z0-9+-]*://(((([a-z0-9_.!~*'();:&=+$,-]|%[0-9a-f][0-9a-f])*@)?((([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)(:[0-9]+)?)|([a-z0-9_.!~*'()$,;:@&=+-]|%[0-9a-f][0-9a-f])+)(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?(#([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?|(www|ftp)\\.(([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?(:[0-9]+)?(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?(#([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?)[^].,:;!)? \t\r\n<>\"]" # and a heavy handed email regex color body brightmagenta default "((@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]),)*@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]):)?[0-9a-z_.+%$-]+@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\])" # Various smilies and the like color body brightwhite default "<[Gg]>" # color body brightwhite default "<[Bb][Gg]>" # color body yellow default " [;:]-*[})>{(<|]" # :-) etc... # *bold* color body blue default "(^|[[:space:][:punct:]])\\*[^*]+\\*([[:space:][:punct:]]|$)" mono body bold "(^|[[:space:][:punct:]])\\*[^*]+\\*([[:space:][:punct:]]|$)" # _underline_ color body blue default "(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)" mono body underline "(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)" # /italic/ (Sometimes gets directory names) color body blue default "(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)" mono body underline "(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)" # Border lines. #color body blue default "( *[-+=#*~_]){6,}" #folder-hook . "color status J_black J_status " #folder-hook gmail/inbox "color status J_black yellow " #folder-hook gmail/important "color status J_black yellow " ================================================ FILE: mutt/.mutt/mutt-patch-highlighting.muttrc ================================================ # Patch syntax highlighting #color normal white default color body brightwhite default ^[[:space:]].* color body yellow default ^(diff).* #color body white default ^[\-\-\-].* #color body white default ^[\+\+\+].* #color body green default ^[\+].* #color body red default ^[\-].* #color body brightblue default [@@].* color body brightwhite default ^(\s).* color body cyan default ^(Signed-off-by).* color body cyan default ^(Docker-DCO-1.1-Signed-off-by).* color body brightwhite default ^(Cc) color body yellow default "^diff \-.*" color body brightwhite default "^index [a-f0-9].*" color body brightblue default "^---$" color body white default "^\-\-\- .*" color body white default "^[\+]{3} .*" color body green default "^[\+][^\+]+.*" color body red default "^\-[^\-]+.*" color body brightblue default "^@@ .*" color body green default "LGTM" color body brightmagenta default "-- Commit Summary --" color body brightmagenta default "-- File Changes --" color body brightmagenta default "-- Patch Links --" color body green default "^Merged #.*" color body red default "^Closed #.*" color body brightblue default "^Reply to this email.*" ================================================ FILE: mutt/.mutt/muttrc ================================================ # A basic .muttrc for use with Gmail # Change the following six lines to match your Gmail account details set imap_user = "%GMAIL_LOGIN%" set imap_pass = "%GMAIL_PASS%" # leave blank for prompt set smtp_url = "smtps://$imap_user@%SMTP_SERVER%:465/" set smtp_pass = "$imap_pass" # leave blank for prompt set from = "%GMAIL_FROM%" set realname = "%GMAIL_NAME%" set signature = "~/.mutt/signature" # Change the following line to a different editor you prefer (and update the Dockerfile accordingly, of course). set editor = "vim" # I like seeing some headers. :) ignore * unignore date subject x- user-agent posted-to content-type unignore to cc bcc reply-to from set edit_headers = yes my_hdr X-Docker-Image: jess/mutt my_hdr X-Hack-The-Planet: Yes my_hdr X-Acid-Burn: Yes # TODO figure out how to use the sidebar more effectively :) #set sidebar_visible = no # Tianon keybindings and settings, because he's special. bind pager previous-line bind pager next-line set resolve = no # uh, don't randomly take me to other messages when I do things # Basic config, you can leave this as is set folder = "imaps://%IMAP_SERVER%" set spoolfile = "+INBOX" set imap_check_subscribed set hostname = gmail.com set mail_check = 60 set timeout = 300 set imap_keepalive = 300 set postponed = "+[Gmail]/Drafts" set record = "" # gmail automatically handles saving sent emails set header_cache=~/.mutt/cache/headers set message_cachedir=~/.mutt/cache/bodies set certificate_file=~/.mutt/certificates set move = no set include set sort = 'reverse-threads' set sort_aux = 'last-date-received' set auto_tag = yes ignore "Authentication-Results:" ignore "DomainKey-Signature:" ignore "DKIM-Signature:" hdr_order Date From To Cc alternative_order text/plain text/html * auto_view text/html bind editor complete-query bind editor ^T complete bind editor noop set mailcap_path = ~/.mutt/mailcap # Gmail-style keyboard shortcuts macro index,pager Gi "=INBOX" "Go to Inbox" macro index,pager Ga "=[Gmail]/All Mail" "Go to All Mail" macro index,pager Gd "=[Gmail]/Drafts" "Go to Drafts" macro index,pager Gs "=[Gmail]/Sent Mail" "Go to Sent Mail" macro index,pager a "unset resolveunset trashNset resolve" macro index,pager d ";s+[Gmail]/Trash" "Trash" macro index,pager u ";s+INBOX" "Move to Inbox" macro index,pager ! =[Gmail]/Spam "Report spam" macro index,pager + =[Gmail]/Important "Mark as Important" macro index,pager * =[Gmail]/Starred "Star Message" # colors source ~/.mutt/mutt-colors-solarized-dark-16.muttrc source ~/.mutt/mutt-patch-highlighting.muttrc ================================================ FILE: mutt/.mutt/signature ================================================ Jessie Frazelle 4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3 https://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3 ================================================ FILE: mutt/Dockerfile ================================================ # Run Mutt from a container # docker run -it \ # -v /etc/localtime:/etc/localtime:ro \ # -e GMAIL -e GMAIL_NAME \ # pass env variables to config # -e GMAIL_PASS -e GMAIL_FROM \ # -v $HOME/.gnupg:/home/user/.gnupg \ # so you can encrypt ;) # --name mutt \ # jess/mutt # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN addgroup -g 1000 user \ && adduser -D -h /home/user -G user -u 1000 user RUN apk --no-cache add \ ca-certificates \ elinks \ git \ gnupg1 \ lynx \ mutt \ mutt-doc \ vim \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/main # a browser is necessary! ENV BROWSER lynx USER user ENV HOME /home/user ENV TERM xterm-256color RUN mkdir -p $HOME/.mutt/cache/headers $HOME/.mutt/cache/bodies \ && touch $HOME/.mutt/certificates # vim settings RUN git clone --depth 1 https://github.com/jessfraz/.vim.git $HOME/.vim \ && git clone --depth 1 https://github.com/altercation/vim-colors-solarized $HOME/.vim/bundle/vim-colors-solarized \ && cp $HOME/.vim/vimrc $HOME/.vimrc ENV LANG C.UTF-8 COPY entrypoint.sh /entrypoint.sh COPY .mutt $HOME/.mutt ENTRYPOINT ["/entrypoint.sh"] CMD ["mutt", "-F", "~/.mutt/muttrc"] ================================================ FILE: mutt/entrypoint.sh ================================================ #!/bin/sh set -e if [ -z "$GMAIL" ]; then echo >&2 'error: missing GMAIL environment variable' echo >&2 ' try running again with -e GMAIL=your-email@gmail.com' echo >&2 ' optionally, you can also specify -e GMAIL_PASS' echo >&2 ' -e GMAIL_NAME="Your Name" and GMAIL_FROM=email@your-domain.com' echo >&2 ' if not specified, both default to the value of GMAIL' exit 1 fi if [ -z "$GMAIL_NAME" ]; then GMAIL_NAME="$GMAIL" fi if [ -z "$GMAIL_FROM" ]; then GMAIL_FROM="$GMAIL" fi if [ -z "$IMAP_SERVER" ]; then IMAP_SERVER="imap.gmail.com:993" fi if [ -z "$SMTP_SERVER" ]; then SMTP_SERVER="smtp.gmail.com" fi sed -i "s/%GMAIL_LOGIN%/$GMAIL/g" "$HOME/.mutt/muttrc" sed -i "s/%GMAIL_NAME%/$GMAIL_NAME/g" "$HOME/.mutt/muttrc" sed -i "s/%GMAIL_PASS%/$GMAIL_PASS/g" "$HOME/.mutt/muttrc" sed -i "s/%GMAIL_FROM%/$GMAIL_FROM/g" "$HOME/.mutt/muttrc" sed -i "s/%IMAP_SERVER%/$IMAP_SERVER/g" "$HOME/.mutt/muttrc" sed -i "s/%SMTP_SERVER%/$SMTP_SERVER/g" "$HOME/.mutt/muttrc" if [ -d "$HOME/.gnupg" ]; then # sane gpg settings to be a good encryption # social citizen of the world { echo if [ -f "/etc/Muttrc.gpg.dist" ]; then echo 'source /etc/Muttrc.gpg.dist' fi if [ -f "/usr/share/doc/mutt/samples/gpg.rc" ]; then echo 'source /usr/share/doc/mutt/samples/gpg.rc' fi if [ -f "/usr/share/doc/mutt/examples/gpg.rc" ]; then echo 'source /usr/share/doc/mutt/examples/gpg.rc' fi if [ -n "$GPG_ID" ]; then echo "set pgp_sign_as = $GPG_ID" fi echo 'set crypt_replysign=yes' echo 'set crypt_replysignencrypted=yes' echo 'set crypt_verify_sig=yes' # auto encrypt replies to encrypted mail echo 'set pgp_replyencrypt=yes' # auto sign replies to signed mail echo 'set pgp_replysign=yes' # auto sign & encrypt to signed & encrypted mail echo 'set pgp_replysignencrypted=yes' # show which keys are no good anymore echo 'set pgp_show_unusable=no' # auto sign emails echo 'set pgp_autosign=yes' } >> "$HOME/.mutt/muttrc" fi if [ -e "$HOME/.muttrc.local" ]; then echo "source $HOME/.muttrc.local" >> "$HOME/.mutt/muttrc" fi exec "$@" ================================================ FILE: ncmpc/Dockerfile ================================================ # ncmpc is a fully featured MPD client # which runs in a terminal (using ncurses) # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # --link mpd:mpd \ # jess/ncmpc # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ncmpc \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "ncmpc" ] ================================================ FILE: neoman/Dockerfile ================================================ # Run neoman (yubikey-piv-manager) in a container # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/bus/usb \ # --device /dev/usb \ # --name neoman \ # jess/neoman # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:yubico/stable && \ apt-get update && \ apt-get install -y \ python-setuptools \ usbutils \ yubikey-neo-manager \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "neoman" ] ================================================ FILE: nerdy/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ cowsay \ curl \ figlet \ imagemagick \ jp2a \ python \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /root WORKDIR $HOME COPY ./lolcat /usr/bin/lolcat COPY ./clippy.cow /usr/share/cowsay/cows/clippy.cow RUN echo 'image_me() { convert $1 jpg:- | jp2a ${*:2} -; }' >> $HOME/.bashrc RUN echo 'figlet_lolcat() { figlet $1 | lolcat; }' >> $HOME/.bashrc ENTRYPOINT [ "bash" ] ================================================ FILE: nerdy/clippy.cow ================================================ ## ## Would you like some assistance today? ## https://gist.github.com/raggiskula/2351564 ## $the_cow = <] [file ...]') parser.add_option('-p', '--spread', type='float', default=3.0, help='Rainbow spread') parser.add_option('-F', '--freq', type='float', default=0.1, help='Rainbow frequency') parser.add_option('-S', '--seed', type='int', default=0, help='Rainbow seed') parser.add_option('-a', '--animate', action='store_true', default=False, help='Enable psychedelics') parser.add_option('-d', '--duration', type='int', default=12, help='Animation duration') parser.add_option('-s', '--speed', type='float', default=20.0, help='Animation speed') parser.add_option('-f', '--force', action='store_true', default=False, help='Force colour even when stdout is not a tty') parser.add_option('-3', action='store_const', dest='mode', const=8, help='Force 3 bit colour mode') parser.add_option('-4', action='store_const', dest='mode', const=16, help='Force 4 bit colour mode') parser.add_option('-8', action='store_const', dest='mode', const=256, help='Force 8 bit colour mode') options, args = parser.parse_args() options.os = random.randint(0, 256) if options.seed == 0 else options.seed options.mode = options.mode or detect_mode() lolcat = LolCat(mode=options.mode) if not args: args = ['-'] for filename in args: fd = sys.stdin if filename == '-' else file(filename) lolcat.cat(fd, options) if __name__ == '__main__': sys.exit(run()) ================================================ FILE: nes/Dockerfile ================================================ # NES emulator in a container # # docker run --rm -d \ # --device /dev/snd \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/dri \ # jess/nes /games/zelda.rom # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ binutils \ ca-certificates \ gcc \ git \ golang \ libgl1-mesa-dev \ libgl1-mesa-dri \ libxcursor-dev \ libxxf86vm-dev \ libxi-dev \ libxinerama-dev \ libxrandr-dev \ mercurial \ portaudio19-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && ldconfig ENV GOPATH /go ENV PATH /go/bin:$PATH RUN go get github.com/fogleman/nes COPY games /games ENTRYPOINT [ "nes" ] ================================================ FILE: netcat/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ netcat \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "netcat" ] ================================================ FILE: nginx-extras/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ lua-cjson \ lua-iconv \ nginx-extras \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 443 CMD ["nginx", "-g", "daemon off;"] ================================================ FILE: nmap/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ nmap \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "nmap" ] ================================================ FILE: no_new_privs/Dockerfile ================================================ FROM alpine:latest COPY nnp /usr/local/bin/nnp RUN chmod +s /usr/local/bin/nnp CMD ["/usr/local/bin/nnp"] ================================================ FILE: no_new_privs/nnp.c ================================================ #include #include #include int main(int argc, char *argv[]){ printf("Effective uid: %d\n", geteuid()); return 0; } ================================================ FILE: node-sonos/Dockerfile ================================================ FROM node:alpine RUN apk add --no-cache \ build-base \ ca-certificates \ git \ python RUN git clone --depth 1 https://github.com/jishi/node-sonos-http-api.git /opt/app # install dependencies WORKDIR /opt/app RUN npm install --production EXPOSE 3500/tcp 5005/tcp CMD ["npm", "start"] ================================================ FILE: nomad/Dockerfile ================================================ FROM golang:latest as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - RUN apt-get update && apt-get install -y \ gcc \ git \ g++ \ make \ nodejs \ pkgconf \ python \ yarn \ zip \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV NOMAD_VERSION v0.11.2 RUN go get github.com/hashicorp/nomad WORKDIR /go/src/github.com/hashicorp/nomad RUN git checkout "${NOMAD_VERSION}" RUN set -x \ && make bootstrap ember-dist static-assets \ && CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ go build \ -ldflags "-X github.com/hashicorp/nomad/version.GitCommit=$(git rev-parse HEAD) -extldflags -static " \ -tags "ui release" \ -o /usr/bin/nomad FROM alpine:latest COPY --from=builder /usr/bin/nomad /usr/bin/nomad COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "nomad" ] CMD [ "--help" ] ================================================ FILE: notify-osd/Dockerfile ================================================ # To use: # Needs X11 socket and dbus mounted # # docker run -d \ # -v /etc/machine-id:/etc/machine-id:ro \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /var/run/dbus:/var/run/dbus \ # -v /var/run/user/$(id -u):/var/run/user/$(id -u) \ # $(env | cut -d= -f1 | awk '{print "-e", $1}') \ # -e DISPLAY=unix$DISPLAY \ # -e DBUS_SESSION_BUS_ADDRESS="unix:path=/var/run/user/1000/bus" \ # -v /etc/passwd:/etc/passwd:ro \ # -v /etc/group:/etc/group:ro \ # -u $(whoami) -w "$HOME" \ # -v $HOME/.Xauthority:$HOME/.Xauthority \ # --name notify-osd \ # jess/notify-osd FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ at-spi2-core \ dbus \ dbus-x11 \ libgl1-mesa-dri \ libgl1-mesa-glx \ libnotify-bin \ notify-osd \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && mkdir -p $HOME/.cache/dconf \ && mkdir -p $HOME/.dbus \ && chown -R user:user $HOME COPY org.freedesktop.Notifications.service /usr/share/dbus-1/services/org.freedesktop.Notifications.service WORKDIR $HOME USER user ENTRYPOINT ["/usr/lib/x86_64-linux-gnu/notify-osd"] ================================================ FILE: notify-osd/org.freedesktop.Notifications.service ================================================ [D-BUS Service] Name=org.freedesktop.Notifications Exec=/usr/lib/x86_64-linux-gnu/notify-osd ================================================ FILE: nzbget/Dockerfile ================================================ FROM python:2-alpine LABEL maintainer "Jessie Frazelle " ENV LANG "en_US.UTF-8" ENV LANGUAGE "en_US.UTF-8" ENV TERM "xterm" RUN apk add --no-cache \ bash \ ca-certificates \ ffmpeg \ git \ --repository https://dl-4.alpinelinux.org/alpine/edge/testing ENV NZBGET_VERSION 21.0 RUN wget "https://github.com/nzbget/nzbget/releases/download/v${NZBGET_VERSION}/nzbget-${NZBGET_VERSION}-bin-linux.run" -O /tmp/nzbget.run \ && bash /tmp/nzbget.run --destdir /opt/nzbget \ && git clone --depth=1 "https://github.com/clinton-hall/nzbToMedia.git" /opt/nzbget/scripts/nzbToMedia \ && rm -f /tmp/nzbget.bin COPY nzbget.conf /config/nzbget.conf RUN addgroup -g 666 -S nzbget \ && adduser -u 666 -SHG nzbget nzbget \ && mkdir -p /movies /downloads /comics /tvseries \ && chown -R nzbget:nzbget /movies /downloads /comics /tvseries /config /opt/nzbget USER nzbget ENTRYPOINT [ "/opt/nzbget/nzbget", "-s", "-o", "FlushQueue=no", "-o", "OutputMode=loggable", "-c", "/config/nzbget.conf" ] ================================================ FILE: nzbget/nzbget.conf ================================================ # Configuration file for NZBGet ############################################################################## ### PATHS ### # Root directory for all tasks. # # On POSIX you can use "~" as alias for home directory (e.g. "~/downloads"). # On Windows use absolute paths (e.g. "C:\Downloads"). MainDir=${AppDir}/downloads # Destination directory for downloaded files. # # If you want to distinguish between partially downloaded files and # completed downloads, use also option . DestDir=${MainDir}/completed # Directory to store intermediate files. # # If this option is set (not empty) the files are downloaded into # this directory first. After successful download of nzb-file (possibly # after par-repair) the files are moved to destination directory # (option ). If download or unpack fail the files remain in # intermediate directory. # # Using of intermediate directory can significantly improve unpack # performance if you can put intermediate directory (option ) # and destination directory (option ) on separate physical # hard drives. # # NOTE: If the option is set to empty value the downloaded # files are put directly to destination directory (option ). InterDir=${MainDir}/intermediate # Directory for incoming nzb-files. # # If a new nzb-file is added to queue via web-interface or RPC-API, it # is saved into this directory and then processed by extension # scripts (option ). # # This directory is also monitored for new nzb-files. If a new file # is found it is added to download queue. The directory can have # sub-directories. A nzb-file queued from a subdirectory is automatically # assigned to category with sub-directory-name. NzbDir=${MainDir}/nzb # Directory to store program state. # # This directory is used to save download queue, history, information # about fetched RSS feeds, statistics, etc. QueueDir=${MainDir}/queue # Directory to store temporary files. TempDir=${MainDir}/tmp # Directory with web-interface files. # # Example: /usr/local/share/nzbget/webui. # # NOTE: To disable web-interface set the option to an empty value. # This however doesn't disable the built-in web-server completely because # it is also used to serve JSON-/XML-RPC requests. WebDir=${AppDir}/webui # Directory with post-processing and other scripts. # # This option may contain multiple directories separated with commas or semicolons. # # NOTE: For information on writing scripts visit http://nzbget.net/extension-scripts. ScriptDir=${AppDir}/scripts # Lock-file for daemon-mode, POSIX only. # # When started in daemon mode the program creates the lock file and # writes process-id (PID) into it. That info can be used in shell # scripts. If the lock file can not be created or the lock to the file # can not be acquired the daemon terminates, preventing unintentional # starting of multiple daemons. # # Set to empty value to disable the creating of the lock-file and the # check for another running instance (not recommended). LockFile=${MainDir}/nzbget.lock # Where to store log file, if it needs to be created. # # NOTE: See also option . LogFile=${MainDir}/nzbget.log # Configuration file template. # # Put the path to the example configuration file which comes with # NZBGet. Web-interface needs this file to read option descriptions. # # Do not put here your actual configuration file (typically stored # in your home directory or in /etc/nzbget.conf) but instead the unchanged # example configuration file (installed to # /usr/local/share/nzbget/nzbget.conf). # # Example: /usr/local/share/nzbget/nzbget.conf. ConfigTemplate=${AppDir}/webui/nzbget.conf.template # Required directories. # # List of destination directories to be waited for on program start. Directories # must be separated with commas or semicolons. # # The list of directories is checked on program start. The program waits # until all directories become available before starting download or # post-processing. This is useful if the download destination is configured # on network or external drives, which may require some time to mount on boot. # # NOTE: Only directories used in option and option # (global or per-category) can be waited. Other directories, such as # option , option and option must be # available on program start. RequiredDir= # Certificate store file or directory. # # Certificate store contains root certificates used for server certificate # verification when connecting to servers with encryption (TLS/SSL). This # includes communication with news-servers for article downloading and # with web-servers (via https) for fetching of rss feeds and nzb-files. # # The option can point either to one big file containing all root # certificates or to a directory containing certificate files, in PEM format. # # Example: /etc/ssl/certs/ca-certificates.crt. # # NOTE: Certificate verification must be enabled separately via option . # # NOTE: For more details visit http://nzbget.net/certificate-verification. CertStore=${AppDir}/cacert.pem ############################################################################## ### NEWS-SERVERS ### # This section defines which servers NZBGet should connect to. # # The servers should be numbered subsequently without holes. # For example if you configure three servers you should name them as Server1, # Server2 and Server3. If you need to delete Server2 later you should also # change the name of Server3 to Server2. Otherwise it will not be properly # read from the config file. Server number doesn't affect its priority (level). # Use this news server (yes, no). # # Set to "no" to disable the server on program start. Servers can be activated # later via scheduler tasks or manually via web-interface. # # NOTE: Download is not possible when all servers on level 0 are disabled. Servers # on higher levels are used only if at least one server on level 0 was tried. Server1.Active=yes # Name of news server. # # The name is used in UI and for logging. It can be any string, you # may even leave it empty. Server1.Name= # Level (priority) of news server (0-99). # # The servers are ordered by their level. NZBGet first tries to download # an article from one (any) of level-0-servers. If that server fails, # NZBGet tries all other level-0-servers. If all servers fail, it proceeds # with the level-1-servers, etc. # # Put your major download servers at level 0 and your fill servers at # levels 1, 2, etc.. # # Several servers with the same level may be defined, they have # the same priority. Server1.Level=0 # This is an optional non-reliable server (yes, no). # # Marking server as optional tells NZBGet to ignore this server if a # connection to this server cannot be established. Normally NZBGet # doesn't try upper-level servers before all servers on current level # were tried. If a connection to server fails NZBGet waits until the # server becomes available (it may try others from current level at this # time). This is usually what you want to avoid exhausting of # (costly) upper level servers if one of main servers is temporary # unavailable. However, for less reliable servers you may prefer to ignore # connection errors and go on with higher-level servers instead. Server1.Optional=no # Group of news server (0-99). # # If you have multiple accounts with same conditions (retention, etc.) # on the same news server, set the same group (greater than 0) for all # of them. If download fails on one news server, NZBGet does not try # other servers from the same group. # # Value "0" means no group defined (default). Server1.Group=0 # Host name of news server. Server1.Host=my.newsserver.com # Port to connect to (1-65535). Server1.Port=119 # User name to use for authentication. Server1.Username=user # Password to use for authentication. Server1.Password=pass # Server requires "Join Group"-command (yes, no). Server1.JoinGroup=no # Encrypted server connection (TLS/SSL) (yes, no). # # NOTE: By changing this option you should also change the option # accordingly because unsecure and encrypted connections use different ports. Server1.Encryption=no # Cipher to use for encrypted server connection. # # By default (when the option is empty) the underlying encryption library # chooses the cipher automatically. To achieve the best performance # however you can manually select a faster cipher. # # See http://nzbget.net/choosing-cipher for details. # # NOTE: One of the fastest cipher is RC4. To select it use the cipher string # "RC4-MD5" (if NZBGet was configured to use OpenSSL) or # "NONE:+VERS-TLS-ALL:+ARCFOUR-128:+RSA:+MD5:+COMP-ALL" # (if NZBGet was configured to use GnuTLS). Note that RC4 is considered insecure # by the IETF (http://tools.ietf.org/html/rfc7465), but may be sufficient for # the usage of NZBGet. # # NOTE: You may get a TLS handshake error if the news server does # not support the chosen cipher. You can also get an error "Could not # select cipher for TLS" if the cipher string is not valid. Server1.Cipher= # Maximum number of simultaneous connections to this server (0-999). Server1.Connections=4 # Server retention time (days). # # How long the articles are stored on the news server. The articles # whose age exceed the defined server retention time are not tried on # this news server, the articles are instead considered failed on this # news server. # # Value "0" disables retention check. Server1.Retention=0 # IP protocol version (auto, ipv4, ipv6). Server1.IpVersion=auto # User comments on this server. # # Any text you want to save along with the server definition. For your convenience # or for usage in custom extension scripts. Server1.Notes= # Second server, on level 0. #Server2.Level=0 #Server2.Host=my2.newsserver.com #Server2.Port=119 #Server2.Username=me #Server2.Password=mypass #Server2.JoinGroup=yes #Server2.Connections=4 # Third server, on level 1. #Server3.Level=1 #Server3.Host=fills.newsserver.com #Server3.Port=119 #Server3.Username=me2 #Server3.Password=mypass2 #Server3.JoinGroup=yes #Server3.Connections=1 ############################################################################## ### SECURITY ### # IP on which NZBGet server listen and which clients use to contact NZBGet. # # It could be a dns-hostname (e. g. "mypc") or an IP address (e. g. "192.168.1.2" or # "127.0.0.1"). # # Your computer may have multiple network interfaces and therefore multiple IP # addresses. If you want NZBGet to listen to all interfaces and be available from # all IP-addresses use value "0.0.0.0". # # NOTE: When you start NZBGet as client (to send remote commands to NZBGet server) and # the option is set to "0.0.0.0" the client will use IP "127.0.0.1". # # NOTE: If you set the option to "127.0.0.1" you will be able to connect to NZBGet # only from the computer running NZBGet. This restriction applies to web-interface too. # # NOTE: NZBGet also supports listening on Unix domain sockets instead of TCP/IP # sockets. To activate this mode set option to a local path # (e. g. "ControlIP=/var/sock"). ControlIP=0.0.0.0 # Port which NZBGet server and remote client use (1-65535). # # NOTE: The communication via this port is not encrypted. For encrypted # communication see option . ControlPort=6789 # User name which NZBGet server and remote client use. # # Set to empty value to disable user name check (check only password). # # NOTE: This option was added in NZBGet 11. Older versions used predefined # not changeable user name "nzbget". Third-party tools or web-sites written # for older NZBGet versions may not have an option to define user name. In # this case you should set option to the default value # "nzbget" or use empty value. ControlUsername=hacker # Password which NZBGet server and remote client use. # # Set to empty value to disable authorization request. ControlPassword= # User name for restricted access. # # The restricted user can control the program with a few restrictions. # They have access to the web-interface and can see most of the program # settings. They however, can not change program settings, view security # related options or options provided by extension scripts. # # Use this user to connect to NZBGet from other programs and web-sites. # # In terms of RPC-API the user: # - cannot use method "saveconfig"; # - methods "config" and "saveconfig" return string "***" for # options those content is protected from the user. # # Set to empty value to disable restricted user. # # NOTE: Don't forget to change default username/password of the control # user (options and ). RestrictedUsername= # Password for restricted access. # # Set to empty value to disable password check. RestrictedPassword= # User name to add downloads via RPC-API. # # Use the AddUsername/AddPassword to give other programs or web-services # access to NZBGet with only two permissions: # - add new downloads using RPC-method "append"; # - check program version using RPC-method "version". # # In a case the program/web-service needs more rights use the restricted # user instead (options and ). # # Set to empty value to disable add-user. # # NOTE: Don't forget to change default username/password of the control # user (options and ). AddUsername= # Password for user with add downloads access. # # Set to empty value to disable password check. AddPassword= # Authenticate using web-form (yes, no). # # The preferred and default way to authenticate in web-interface is using # HTTP authentication. Web-browsers show a special dialog to enter username # and password which they then send back to NZBGet. Sometimes browser plugins # aided at storing and filling of passwords do not work properly with browser's # built-in dialog. To help with such tools NZBGet provide an alternative # authentication mechanism via web form. FormAuth=no # Secure control of NZBGet server (yes, no). # # Activate the option if you want to access NZBGet built-in web-server # via HTTPS (web-interface and RPC). You should also provide certificate # and key files, see option and option . SecureControl=no # Port which NZBGet server and remote client use for encrypted # communication (1-65535). SecurePort=6791 # Full path to certificate file for encrypted communication. # # In case of Let's Encrypt: full path to fullchain.pem. SecureCert= # Full path to key file for encrypted communication. # # In case of Let's Encrypt: full path to privkey.pem. SecureKey= # IP-addresses allowed to connect without authorization. # # Comma separated list of privileged IPs for easy access to NZBGet # built-in web-server (web-interface and RPC). The connected clients # have full unrestricted access. # # Example: 127.0.0.1,192.168.178.2. # # NOTE: Do not use this option if the program works behind another # web-server because all requests will have the address of this server. AuthorizedIP=127.0.0.1 # TLS certificate verification (yes, no). # # When connecting to a news server (for downloading) or a web server # (for fetching of rss feeds and nzb-files) the authenticity of the server # should be validated using server security certificate. If the check # fails that means the connection cannot be trusted and must be closed # with an error message explaining the security issue. # # Sometimes servers are improperly configured and the certificate verification # fails even if there is no hacker attack in place. In that case you should # inform the server owner about the issue. If you still need to connect to # servers with invalid certificates you can disable the certificate verification # but you should know that your connection is insecure and you might be # connecting to attacker's server without your awareness. # # NOTE: Certificate verification requires a list of trusted root certificates, # which must be configured using option . # # NOTE: For more details visit http://nzbget.net/certificate-verification. CertCheck=yes # Automatically check for new releases (none, stable, testing). # # None - do not show notifcations; # Stable - show notifications about new stable releases; # Testing - show notifications about new stable and testing releases. UpdateCheck=stable # User name for daemon-mode, POSIX only. # # Set the user that the daemon normally runs at (POSIX in daemon-mode only). # Set MainDir with an absolute path to be sure where it will write. # This allows NZBGet daemon to be launched in rc.local (at boot), and # download items as a specific user id. # # NOTE: This option has effect only if the program was started from # root-account, otherwise it is ignored and the daemon runs under # current user id. DaemonUsername=root # Specify default umask (affects file permissions) for newly created # files, POSIX only (000-1000). # # The value should be written in octal form (the same as for "umask" shell # command). # Empty value or value "1000" disable the setting of umask-mode; current # umask-mode (set via shell) is used in this case. UMask=1000 ############################################################################## ### CATEGORIES ### # This section defines categories available in web-interface. # Category name. # # Each nzb-file can be assigned to a category. # Category name is passed to post-processing script and can be used by it # to perform category specific processing. Category1.Name=Movies # Destination directory for this category. # # If this option is empty, then the default destination directory # (option ) is used. In this case if the option # is active, the program creates a subdirectory with category name within # destination directory. Category1.DestDir= # Unpack downloaded nzb-files (yes, no). # # For more information see global option . Category1.Unpack=yes # List of extension scripts for this category. # # For more information see global option . Category1.Extensions= # List of aliases. # # When a nzb-file is added from URL, RSS or RPC the category name # is usually supplied by nzb-site or by application accessing # NZBGet. Using Aliases you can match their categories with your owns. # # Separate aliases with commas or semicolons. Use wildcard characters # * and ? for pattern matching. # # Example: TV - HD, TV - SD, TV* Category1.Aliases= Category2.Name=Series Category3.Name=Music Category4.Name=Software ############################################################################## ### RSS FEEDS ### # Name of RSS Feed. # # The name is used in UI and for logging. It can be any string. #Feed1.Name=my feed # Address (URL) of RSS Feed. # # Example: https://myindexer.com/api?apikey=3544646bfd1c535a9654645609800901&t=search&q=game. #Feed1.URL= # Filter rules for items. # # Use filter to ignore unwanted items in the feed. In its simplest version # the filter is a space separated list of words which must be present in # the item title. # # Example: linux debian dvd. # # MORE INFO: # NOTE: This is a short documentation, for more information visit # http://nzbget.net/rss. # # Feed filter consists of rules - one rule per line. Each rule defines # a search string and a command, which must be performed if the search # string matches. There are five kinds of rule-commands: Accept, # Reject, Require, Options, Comment. # # NOTE: Since options in the configuration file can not span multiple # lines, the lines (rules) must be separated with %-character (percent). # # Definition of a rule: # [A:|A(options):|R:|Q:|O(options):|#] search-string # # A - declares Accept-rule. Rules are accept-rules by default, the # "A:" can be omitted. If the feed item matches to the rule the # item is considered good and no further rules are checked. # R - declares Reject-rule. If the feed item matches to the rule the # item is considered bad and no further rules are checked. # Q - declares Require-rule. If the feed item DOES NOT match to the rule # the item is considered bad and no further rules are checked. # O - declares Options-rule. If the feed item matches to the rule the # options declared in the rule are set for the item. The item is # neither accepted nor rejected via this rule but can be accepted # later by one of Accept-rules. In this case the item will have its # options already set (unless the Accept-rule overrides them). # # - lines starting with # are considered comments and are ignored. You # can use comments to explain complex rules or to temporary disable # rules for debugging. # # Options allow to set properties on nzb-file. It's a comma-separated # list of property names with their values. # # Definition of an option: # name:value # # Options can be defined using long option names or short names: # category (cat, c) - set category name, value is a string; # pause (p) - add nzb in paused or unpaused state, possible # values are: yes (y), no (n); # priority (pr, r) - set priority, value is a signed integer number; # priority+ (pr+, r+) - increase priority, value is a signed integer number; # dupescore (ds, s) - set duplicate score, value is a signed integer number; # dupescore+ (ds+, s+) - increase duplicate score, value is a signed integer number; # dupekey (dk, k) - set duplicate key, value is a string; # dupekey+ (dk+, k+) - add to duplicate key, value is a string; # dupemode (dm, m) - set duplicate check mode, possible values # are: score (s), all (a), force (f); # rageid - generate duplicate key using this rageid # (integer number) and season/episode numbers; # series - generate duplicate key using series identifier # (any unique string) and season/episode numbers. # # Examples of option definitions: # Accept(category:my series, pause:yes, priority:100): my show 1080p; # Options(c:my series, p:y, r:100): 1080p; # Options(s:1000): 1080p; # Options(k+:1080p): 1080p; # Options(dupemode:force): BluRay. # # Rule-options override values set in feed-options. # # The search-string is similar to used in search engines. It consists of # search terms separated with spaces. Every term is checked for a feed # item and if they all succeed the rule is considered matching. # # Definition of a term: # [+|-][field:][command]param # # + - declares a positive term. Terms are positive by default, # the "+" can be omitted; # - - declares a negative term. If the term succeeds the feed # item is ignored; # field - field to which apply the term. If not specified # the default field "title" is used; # command - a special character defining how to interpret the # parameter (followed after the command): # @ - search for string "param". This is default command, # the "@" can be omitted; # $ - "param" defines a regular expression (using POSIX Extended # Regular Expressions syntax); # = - equal; # < - less than; # <= - equal or less than; # > - greater than; # >= - equal or greater than; # param - parameter for command. # # Commands @ and $ are for use with text fields (title, filename, category, # link, description, dupekey). Commands =, <, <=, > and >= are for use # with numeric fields (size, age, imdbid, rageid, season, episode, priority, # dupescore). # # Only fields title, filename and age are always present. The availability of # other fields depend on rss feed provider. # # Any newznab attribute (encoded as "newznab:attr" in the RSS feed) can # be used as search field with prefix "attr-", for example "attr-genre". # # Text search (Command @) supports wildcard characters * (matches # any number of any characters), ? (matches any one character) # and # (matches one digit). # Text search is by default performed against words (word-search mode): the # field content is separated into words and then each word is checked # against pattern. If the search pattern starts and ends with * (star) # the search is performed against the whole field content # (substring-search mode). If the search pattern contains word separator # characters (except * and ?) the search is performed on the whole # field (the word-search would be obviously never successful in this # case). Word separators are: !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~. # # Field "size" can have suffixes "K" or "KB" for kilobytes, "M" or "MB" # for megabytes and "G" or "GB" for gigabytes. Field "age" can have # suffixes "m" for minutes, "h" for hours and "d" for days. If suffix # is not specified default is days. # # Examples (the trailing ; or . is not part of filter): # 1) A: s01* -category:anime; # 2) my show WEB-DL; # 3) *my?show* WEB-DL size:<1.8GB age:>2h; # 4) R: size:>9GB; # 5) Q: HDTV. # # NOTE: This is a short documentation, for more information visit # http://nzbget.net/rss. #Feed1.Filter= # How often to check for new items (minutes). # # Value "0" disables the automatic check of this feed. #Feed1.Interval=15 # Treat all items on first fetch as backlog (yes, no). # # yes - when the feed is fetched for the very first time (or after # changing of URL or filter) all existing items are ignored (marked # as backlog). The items found on subsequent fetches are processed; # no - all items are processed even on first fetch (or after # changing of URL or filter). #Feed1.Backlog=yes # Add nzb-files as paused (yes, no). #Feed1.PauseNzb=no # Category for added nzb-files. # # NOTE: Feed providers may include category name within response when nzb-file # is downloaded. If you want to use the providers category leave the option empty. #Feed1.Category= # Priority for added nzb-files (number). # # Priority can be any integer value. The web-interface however operates # with only six predefined priorities: -100 (very low priority), -50 # (low priority), 0 (normal priority, default), 50 (high priority), # 100 (very high priority) and 900 (force priority). Downloads with # priorities equal to or greater than 900 are downloaded and # post-processed even if the program is in paused state (force mode). #Feed1.Priority=0 # List of rss feed extension scripts to execute for rss content. # # The scripts in the list must be separated with commas or semicolons. All # scripts must be stored in directory set by option and # paths relative to must be entered here. # # NOTE: For developer documentation visit http://nzbget.net/extension-scripts. #Feed1.Extensions= ############################################################################## ### INCOMING NZBS ### # Create subdirectory with category-name in destination-directory (yes, no). AppendCategoryDir=yes # How often incoming-directory (option ) must be checked for new # nzb-files (seconds). # # Value "0" disables the check. # # NOTE: nzb-files are processed by extension scripts. See option . NzbDirInterval=5 # How old nzb-file should at least be for it to be loaded to queue (seconds). # # NZBGet checks if nzb-file was not modified in last few seconds, defined by # this option. That safety interval prevents the loading of files, which # were not yet completely saved to disk, for example if they are still being # downloaded in web-browser. NzbDirFileAge=60 # Check for duplicate titles (yes, no). # # If this option is enabled the program checks by adding of a new nzb-file: # 1) if history contains the same title (see below) with success status # the nzb-file is not added to queue; # 2) if download queue already contains the same title the nzb-file is # added to queue for backup (if the first file fails); # 3) if nzb-file contains duplicate entries. This helps to find errors # in bad nzb-files. # # "Same title" means the nzb file name is same or the duplicate key is # same. Duplicate keys are set by fetching from RSS feeds using title # identifier fields provided by RSS provider (imdbid or rageid/season/episode). # # If duplicates were detected only one of them is downloaded. If download # fails another duplicate is tried. If download succeeds all remaining # duplicates are deleted from queue. # # NOTE: For automatic duplicate handling option must be # set to "Delete", "Park" or "None". If it is set to "Pause" you will need to # manually unpause another duplicate (if any exists in queue). # # NOTE: For more info on duplicates see http://nzbget.net/rss. DupeCheck=yes ############################################################################## ### DOWNLOAD QUEUE ### # Flush download queue to disk (yes, no). # # Immediately flush file buffers for queue state file. This improves # safety for the queue file but may decrease disk performance due to # disabling of disk caching for queue state file. # # You can disable this option if it negatively affects disk performance on your # system. You should create backups of queue-directory (option ) # in that case. Keep the option enabled if your system often crashes. FlushQueue=yes # Continue download of partially downloaded files (yes, no). # # If active the current state (the info about what articles were already # downloaded) is saved every second and is reloaded after restart. This is # about files included in download jobs (usually rar-files), not about # download-jobs (nzb-files) itself. Download-jobs are always # continued regardless of that option. # # Disabling this option may slightly reduce disk access and is # therefore recommended on fast connections. ContinuePartial=yes # Propagation delay to your news servers (minutes). # # The option sets minimum post age for nzb-files. Very recent files # are not downloaded to avoid download failures. The files remain # on hold in the download queue until the propagation delay expires, # after that they are downloaded. PropagationDelay=0 # Memory limit for article cache (megabytes). # # Article cache helps to improve performance. First the amount of disk # operations can be significantly reduced. Second the created files are # less fragmented, which again speeds up the post-processing (unpacking). # # The article cache works best with option which can # effectively use even small cache (like 50 MB). # # If option is disabled the cache should be big enough to # hold all articles of one file (typically up to 200 MB, sometimes even # 500 MB). Otherwise the articles are written into temporary directory # when the cache is full, which degrades performance. # # Value "0" disables article cache. # # In 32 bit mode the maximum allowed value is 1900. # # NOTE: Also see option . ArticleCache=100 # Write decoded articles directly into destination output file (yes, no). # # Files are posted to Usenet in multiple pieces (articles). Each file # typically consists of hundreds of articles. # # When option is disabled and the article cache (option # ) is not active or is full the program saves downloaded # articles into temporary directory and later reads them all to write # again into the destination file. # # When option is enabled the program at first creates the # output destination file with required size (total size of all articles), # then writes the articles directly to this file without creating of any # temporary files. If article cache (option ) is active # the downloaded articles are saved into cache first and are written # into the destination file when the cache flushes. This happen when # all articles of the file are downloaded or when the cache becomes # full to 90%. # # The direct write relies on the ability of file system to create # empty files without allocating the space on the drive (sparse files), # which most modern file systems support including EXT3, EXT4 # and NTFS. The notable exception is HFS+ (default file system on OSX). # # The direct write usually improves performance by reducing the amount # of disk operations but may produce more fragmented files when used # without article cache. DirectWrite=yes # Memory limit for per connection write buffer (kilobytes). # # When downloaded articles are written into disk the OS collects # data in the internal buffer before flushing it into disk. This option # controls the size of this buffer per connection/download thread. # # Larger buffers decrease the amount of disk operations and help # producing less fragmented files speeding up the post-processing # (unpack). # # To calculate the maximum memory required for all download threads multiply # WriteBuffer by number of connections configured in section # "NEWS-SERVERS". The option sets the limit, the actual buffer can be # smaller if the article size (typically about 500 KB) is below the limit. # # Write-buffer is managed by OS (system libraries) and therefore # the effect of the option is highly OS-dependent. # # Recommended value for computers with enough memory: 1024. # # Value "0" disables the setting of buffer size. In this case a buffer # of default size (OS and compiler specific) is used, which is usually # too small (1-4 KB) and therefore not optimal. # # NOTE: Also see option . WriteBuffer=1024 # How to name downloaded files (auto, article, nzb). # # Article - use file names stored in article metadata; # Nzb - use file names as defined in nzb-file; # Auto - prefer names from article metadata; for obfuscated files use # names from nzb-file. # # NOTE: This option sets the naming convention for files listed in nzb. It has no # effect on files extracted from archives. FileNaming=auto # Reorder files within nzbs for optimal download order (yes, no). # # When nzb-file is added to queue the files listed within nzb can be in a random # order. When "ReorderFiles" is active the files are automatically sorted # alphabetically to ensure download of archive parts in correct order. The # par2-files are moved to the end and then sorted by size. # # NOTE: When option is active the files are sorted again after the file # names become known. ReorderFiles=yes # Post-processing strategy (sequential, balanced, aggressive, rocket). # # Sequential - downloaded items are post processed from a queue, one item at a # time, to dedicate the most computer resources to each # item. Therefore, a post process par repair will prevent another # task from running even if the item does not require a par repair; # Balanced - items that do not need par repair are post processed one at a # time while par repair tasks may also run simultaneously one after # another at the same time. This means that a post process par # repair will not prevent another task from running, but at a cost # of using more computer resource; # Aggressive - will simultaneously post process up to three items including # one par repair task; # Rocket - will simultaneously post process up to six items including one # or two par repair tasks. # # NOTE: Computer resources are in heavy demand when post-processing with # simultaneous tasks - make sure the hardware is capable. PostStrategy=balanced # Pause if disk space gets below this value (megabytes). # # Disk space is checked for directories pointed by option and # option . # # Value "0" disables the check. DiskSpace=250 # Delete source nzb-file when it is not needed anymore (yes, no). # # Enable this option for automatic deletion of source nzb-file from # incoming directory when the program doesn't require it anymore (the # nzb-file has been deleted from queue and history). NzbCleanupDisk=yes # Keep the history of downloaded nzb-files (days). # # After download and post-processing the items are added to history where # their status can be checked and they can be post-processed again if # necessary. # # After expiring of defined period: # # If option is active the items become hidden and the amount # of data kept is significantly reduced (for better performance), only # fields necessary for duplicate check are kept. The item remains in the # hidden history (forever); # # If option is NOT active the items are removed from history. # # When a failed item is removed from history or become hidden all downloaded # files of that item are deleted from disk. # # Value "0" disables history. Duplicate check will not work. KeepHistory=30 # Keep the history of outdated feed items (days). # # After fetching of an RSS feed the information about included items (nzb-files) # is saved to disk. This allows to detect new items on next fetch. Feed # providers update RSS feeds constantly. Since the feed length is limited # (usually 100 items or less) the old items get pushed away by new # ones. When an item is not present in the feed anymore it's not necessary # to keep the information about this item on the disk. # # If option is set to "0", the outdated items are deleted from history # immediately. # # Otherwise the items are held in the history for defined number of # days. Keeping of items for few days helps in situations when feed provider # has technical issues and may response with empty feeds (or with missing # items). When the technical issue is fixed the items may reappear in the # feed causing the program to re-download items if they were not found in # the feed history. FeedHistory=7 # Discard downloaded data (do not write into disk) (yes, no). # # This option is for speed test purposes (benchmarking). When enabled the # downloaded data is not written into disk. The destination files are still # created but are either empty or contain zeros (depending on other # options). The post-processing (unpack, repair, etc.) is also completely # disabled. # # NOTE: This option is meant for development purposes. You should not # activate it except maybe for speed tests. SkipWrite=no # Write article raw data (yes, no). # # When enabled the article content is written into disk in raw form without # processing. # # NOTE: This option is meant for development purposes. You should not # activate it. RawArticle=no ############################################################################## ### CONNECTION ### # How many retries should be attempted if a download error occurs (0-99). # # If download fails because of incomplete or damaged article or due to # CRC-error the program tries to re-download the article from the same # news server as many times as defined in this option. If all attempts fail # the program tries another news server. # # If download fails because of "article or group not found error" the # program tries another news server without retrying on the failed server. ArticleRetries=3 # Article retry interval (seconds). # # If download of article fails because of interrupted connection # the server is temporary blocked until the retry interval expires. ArticleInterval=10 # Connection timeout for article downloading (seconds). ArticleTimeout=60 # Number of download attempts for URL fetching (0-99). # # If fetching of nzb-file via URL or fetching of RSS feed fails another # attempt is made after the retry interval (option ). UrlRetries=3 # URL fetching retry interval (seconds). # # If fetching of nzb-file via URL or fetching of RSS feed fails another # attempt is made after the retry interval. UrlInterval=10 # Connection timeout for URL fetching (seconds). # # Connection timeout when fetching nzb-files via URLs and fetching RSS feeds. UrlTimeout=60 # Timeout for incoming connections (seconds). # # Set timeout for connections from clients (web-browsers and API clients). RemoteTimeout=90 # Set the maximum download rate on program start (kilobytes/sec). # # The download rate can be changed later in web-interface or via remote calls. # # Value "0" means no speed control. DownloadRate=0 # Maximum number of simultaneous connections for nzb URL downloads (0-999). # # When NZB-files are added to queue via URL, the program downloads them # from the specified URL. The option limits the maximal number of connections # used for this purpose, when multiple URLs were added at the same time. UrlConnections=4 # Force URL-downloads even if download queue is paused (yes, no). # # If option is active the URL-downloads (such as appending of nzb-files # via URL or fetching of RSS feeds and nzb-files from feeds) are performed # even if download is in paused state. UrlForce=yes # Monthly download volume quota (megabytes). # # During download the quota is constantly monitored and the downloading # is automatically stopped if the limit is reached. Once the next billing month # starts the "quota reached"-status is automatically lifted and the downloading # continues. # # Downloads with force-priority are processed regardless of quota status. # # Value "0" disables monthly quota check. MonthlyQuota=0 # Day of month when the monthly quota starts (1-31). QuotaStartDay=1 # Daily download volume quota (megabytes). # # See option for details. # # Value "0" disables daily quota check. DailyQuota=0 ############################################################################## ### LOGGING ### # How to use log file (none, append, reset, rotate). # # none - do not write into log file; # append - append to the existing log file or create it; # reset - delete existing log file on program start and create a new one; # rotate - create new log file for each day, delete old files, # see option . WriteLog=append # Log file rotation period (days). # # Defines how long to keep old log-files, when log rotation is active # (option is set to "rotate"). RotateLog=3 # How error messages must be printed (screen, log, both, none). ErrorTarget=both # How warning messages must be printed (screen, log, both, none). WarningTarget=both # How info messages must be printed (screen, log, both, none). InfoTarget=both # How detail messages must be printed (screen, log, both, none). DetailTarget=log # How debug messages must be printed (screen, log, both, none). # # Debug-messages can be printed only if the program was compiled in # debug-mode: "./configure --enable-debug". DebugTarget=log # Number of messages stored in screen buffer (messages). LogBuffer=1000 # Create log for each downloaded nzb-file (yes, no). # # The messages are saved for each download separately and can be viewed # at any time in download details dialog or history details dialog. NzbLog=yes # Print call stack trace into log on program crash (Linux and Windows) (yes, no). # # Call stack traces are very helpful for debugging. Call stack traces can be # printed only when the program was compiled in debug mode. CrashTrace=yes # Save memory dump into disk on program crash (Linux only) (yes, no). # # Memory dumps (core-files) are very helpful for debugging, especially if # they were produced by the program compiled in debug mode. # # NOTE: Memory dumps may contain sensitive data, like your login/password # to news-server etc. CrashDump=no # Local time correction (hours or minutes). # # The option allows to adjust timestamps when converting system time to # local time and vice versa. The conversion is used when printing messages # to the log-file and by option "TaskX.Time" in the scheduler settings. # # The option is usually not needed if the time zone is set up correctly. # However, sometimes, especially when using a binary compiled on another # platform (cross-compiling) the conversion between system and local time # may not work properly and requires adjustment. # # Values in the range -24..+24 are interpreted as hours, other values as minutes. # Example 1: set time correction to one hour: TimeCorrection=1; # Example 2: set time correction to one hour and a half: TimeCorrection=90. TimeCorrection=0 ############################################################################## ### DISPLAY (TERMINAL) ### # Set screen-outputmode (loggable, colored, curses). # # loggable - only messages will be printed to standard output; # colored - prints messages (with simple coloring for messages categories) # and download progress info; uses escape-sequences to move cursor; # curses - advanced interactive interface with the ability to edit # download queue and various output option. OutputMode=curses # Shows NZB-Filename in file list in curses-outputmode (yes, no). # # This option controls the initial state of curses-frontend, # it can be switched on/off in run-time with Z-key. CursesNzbName=yes # Show files in groups (NZB-files) in queue list in curses-outputmode (yes, no). # # This option controls the initial state of curses-frontend, # it can be switched on/off in run-time with G-key. CursesGroup=no # Show timestamps in message list in curses-outputmode (yes, no). # # This option controls the initial state of curses-frontend, # it can be switched on/off in run-time with T-key. CursesTime=no # Update interval for Frontend-output in console mode or remote client # mode (milliseconds). # # Min value 25. Bigger values reduce CPU usage (especially in curses-outputmode) # and network traffic in remote-client mode. UpdateInterval=200 ############################################################################## ### SCHEDULER ### # Time to execute the command (HH:MM). # # Multiple comma-separated values are accepted. # An asterisk placed in the hours location will run task every hour (e. g. "*:00"). # An asterisk without minutes will run task at program startup (e. g. "*"). # # Examples: "08:00", "00:00,06:00,12:00,18:00", "*:00", "*,*:00,*:30". # # NOTE: Also see option . #Task1.Time=08:00 # Week days to execute the command (1-7). # # Comma separated list of week days numbers. # 1 is Monday. # Character '-' may be used to define ranges. # # Examples: "1-7", "1-5", "5,6", "1-5, 7". #Task1.WeekDays=1-7 # Command to be executed (PauseDownload, UnpauseDownload, PausePostProcess, # UnpausePostProcess, PauseScan, UnpauseScan, DownloadRate, Script, Process, # ActivateServer, DeactivateServer, FetchFeed). # # Possible commands: # PauseDownload - pause download; # UnpauseDownload - resume download; # PausePostProcess - pause post-processing; # UnpausePostProcess - resume post-processing; # PauseScan - pause scan of incoming nzb-directory; # UnpauseScan - resume scan of incoming nzb-directory; # DownloadRate - set download rate limit; # Script - execute one or multiple scheduler scripts. The scripts # must be written specially for NZBGet; # Process - execute an external (any) program; # ActivateServer - activate news-server; # DeactivateServer - deactivate news-server; # FetchFeed - fetch RSS feed. # # On start the program checks all tasks and determines current state # for download-pause, scan-pause, download-rate and active servers. #Task1.Command=PauseDownload # Parameters for the command if needed. # # Some scheduler commands require additional parameters: # DownloadRate - download rate limit to be set (kilobytes/sec). # Example: 1000. # NOTE: use value "0" to disable download limit (unlimited speed). # Script - list of scheduler scripts to execute. The scripts in the # list must be separated with commas or semicolons. All # scripts must be stored in directory set by option # and paths relative to must be # entered here. For developer documentation visit # http://nzbget.net/extension-scripts; # Process - path to the program to execute and its parameters. # Example: /home/user/fetch.sh. # If filename or any parameter contains spaces it # must be surrounded with single quotation # marks. If filename/parameter contains single quotation marks, # each of them must be replaced (escaped) with two single quotation # marks and the resulting filename/parameter must be # surrounded with single quotation marks. # Example: '/home/user/download/my scripts/task process.sh' 'world''s fun'. # In this example one parameter (world's fun) is passed # to the script (task process.sh). # ActivateServer - comma separated list of news server ids or server names. # Example: 1,3. # Example: my news server 1, my news server 2. # NOTE: server names should not have commas. # DeactivateServer - see ActivateServer. # FetchFeed - comma separated list of RSS feed ids or feed names. # Example: 1,3. # Example: bookmarks feed, another feed. # NOTE: feed names should not have commas. # NOTE: use feed id "0" to fetch all feeds. #Task1.Param= #Task2.Time=20:00 #Task2.WeekDays=1-7 #Task2.Command=UnpauseDownload #Task2.Param= ############################################################################## ### CHECK AND REPAIR ### # Check CRC of downloaded and decoded articles (yes, no). # # Normally this option should be enabled for better detecting of download # errors and for quick par-verification (option ). CrcCheck=yes # Whether and how par-verification must be performed (auto, always, force, manual). # # Auto - par-check is performed when needed. One par2-file is always # downloaded. Additional par2-files are downloaded if needed # for repair. Repair is performed if the option # is enabled; # Always - check every download (even undamaged). One par2-file is # always downloaded. Additional par2-files are downloaded # if needed for repair. Repair is performed if the option # is enabled; # Force - force par-check for every download (even undamaged). All # par2-files are always downloaded. Repair is performed if # the option is enabled; # Manual - par-check is skipped. One par2-file is always # downloaded. If a damaged download is detected, all # par2-files are downloaded but neither par-check nor par-repair # take place. The download can be then repaired manually, # eventually on another faster computer. ParCheck=auto # Automatic par-repair after par-verification (yes, no). # # If option is set to "Auto" or "Force" this option defines # if the download must be repaired when needed. The option can be # disabled if a computer does not have enough CPU power, since repairing # may consume too many resources and time on a slow computer. ParRepair=yes # What files should be scanned during par-verification (limited, extended, # full, dupe). # # Limited - scan only files belonging to par-set; # Extended - scan files belonging to par-set first, scan other files until # all missing files are found; # Full - scan all files in destination directory. Can be very time # consuming but may sometimes repair where Limited and Extended fail; # Dupe - scan files belonging to par-set first, scan other files until # repair is possible. Even files from other duplicate-downloads # are scanned. Can be very time consuming but brings best results. ParScan=extended # Quick file verification during par-check (yes, no). # # If the option is active the files are quickly verified using # checksums calculated during download; quick verification is very fast # because it doesn't require the reading of files from disk, NZBGet # knows checksums of downloaded files and quickly compares them with # checksums stored in the par-file. # # If the option is disabled the files are verified as usual. That's # slow. Use this if the quick verification doesn't work properly. ParQuick=yes # Memory limit for par-repair buffer (megabytes). # # Set the amount of RAM that the par-checker may use during repair. Having # the buffer as big as the total size of all damaged blocks allows for # the optimal repair speed. The option sets the maximum buffer size, the # allocated buffer can be smaller. # # If you have a lot of RAM set the option to few hundreds (MB) for the # best repair performance. ParBuffer=100 # Number of threads to use during par-repair (0-99). # # On multi-core CPUs for the best speed set the option to the number of # logical cores (physical cores + hyper-threading units). If you want # to utilize the CPU to 100% you may need to add one or two additional threads # to compensate for wait intervals used for thread synchronization. # # On single-core CPUs use only one thread. # # Set to '0' to automatically use all available CPU cores (may not # work on old or exotic platforms). ParThreads=0 # Files to ignore during par-check. # # List of file extensions, file names or file masks to ignore by # par-rename and par-check. The entries must be separated with # commas. # # The entries must be separated with commas. The entries can be file # extensions, file names or file masks containing wildcard # characters * and ?. # # If par-rename or par-check detect missing or damaged files they # will ignore files matching this option and will not initiate # repair. This avoids time costing repair for unimportant files. # # Example: .sfv, .nzb, .nfo ParIgnoreExt=.sfv, .nzb, .nfo # Check for renamed and missing files using par-files (yes, no). # # Par-rename restores original file names using information stored # in par2-files. It also detects missing files (files listed in # par2-files but not present on disk). When enabled the par-rename is # performed as the first step of post-processing for every nzb-file. # # Par-rename is very fast and is highly recommended, especially if # unpack is disabled. ParRename=yes # Check for renamed rar-files (yes, no). # # Rar-rename restores original file names using information stored # in rar-files. When enabled the rar-rename is performed as one of the # first steps of post-processing for every nzb-file. # # Rar-rename is useful for downloads not having par2-files or for # downloads those files were renamed before creating par2-files. In # both cases par-rename (option ) can't rename files # and the rar-rename makes it possible to unpack downloads which # would fail otherwise. RarRename=yes # Directly rename files during downloading (yes, no). # # This is similar to par-renaming (option ) but the files # are renamed during downloading instead of post-processing stage. This # requires some tricky handling of files and works only for healthy # downloads. DirectRename=yes # What to do if download health drops below critical health (delete, park, # pause, none). # # Delete - delete nzb-file from queue, also delete already downloaded files; # Park - move nzb-file to history, keep already downloaded files. Commands # "Download remaining files" and "Retry failed articles" are available # for this nzb; # Pause - pause nzb-file; # None - do nothing (continue download). # # NOTE: For automatic duplicate handling option must be set to "Delete", "Park" # or "None". If it is set to "Pause" you will need to manually move another # duplicate from history to queue. See also option . # # NOTE: When option is set to "Dupe" the park-action is performed # only if article completion is below 10% (empirical threshold). This is to # improve efficiency of dupe par scan mode. HealthCheck=park # Maximum allowed time for par-repair (minutes). # # If you use NZBGet on a very slow computer like NAS-device, it may be good to # limit the time allowed for par-repair. NZBGet calculates the estimated time # required for par-repair. If the estimated value exceeds the limit defined # here, NZBGet cancels the repair. # # To avoid a false cancellation NZBGet compares the estimated time with # after the first 5 minutes of repairing, when the calculated # estimated time is more or less accurate. But in a case if is # set to a value smaller than 5 minutes, the comparison is made after the first # whole minute. # # Value "0" means unlimited. # # NOTE: The option limits only the time required for repairing. It doesn't # affect the first stage of parcheck - verification of files. However, the # verification speed is constant, it doesn't depend on files integrity and # therefore it is not necessary to limit the time needed for the first stage. ParTimeLimit=0 # Pause download queue during check/repair (yes, no). # # Enable the option to give CPU more time for par-check/repair. That helps # to speed up check/repair on slow CPUs with fast connection (e.g. NAS-devices). # # NOTE: If parchecker needs additional par-files it temporarily unpauses # the queue. # # NOTE: See also options and . ParPauseQueue=no ############################################################################## ### UNPACK ### # Unpack downloaded nzb-files (yes, no). # # Each download (nzb-file) has a post-processing parameter "Unpack". The option # is the default value assigned to this pp-parameter of the download # when it is added to queue. # # When nzb-file is added to queue it can have a category assigned to it. In this # case the option overrides the global option . # # If the download is damaged and could not be repaired using par-files # the unpacking is not performed. # # If the option is set to "Auto" the program tries to unpack # downloaded files first. If the unpacking fails the par-check/repair # is performed and the unpack is executed again. Unpack=yes # Directly unpack files during downloading (yes, no). # # When active the files are unpacked during downloading instead of post-processing # stage. This works only for healthy downloads. Damaged downloads are unpacked # as usual during post-processing stage after par-repair. # # NOTE: This option requires unpack to be enabled in general via option . # NOTE: For best results also activate option and option . DirectUnpack=yes # Pause download queue during unpack (yes, no). # # Enable the option to give CPU more time for unpacking. That helps # to speed up unpacking on slow CPUs. # # NOTE: See also options and . UnpackPauseQueue=no # Delete archive files after successful unpacking (yes, no). UnpackCleanupDisk=yes # Full path to unrar executable. # # Example: /usr/bin/unrar. # # The option can also contain extra switches to pass to unrar. To the # here defined command line NZBGet adds the following switches: # x -y -p- -o+ *.rar ./_unpack/ # # Switch "x" is added only if neither "x" nor "e" were defined in # the option (this allows you to use switch "e" instead of "x"). switch # "-o+" is added only if neither "-o+" nor "-o-" were defined # in the command line. All other parameters are always added. Parameter # "-p-" is replaced with "-ppassword" if a password is set for nzb-file. # # Examples: # 1) ignore file attributes (permissions): # /usr/bin/unrar x -ai; # 2) decrease priority of unrar-process: # nice -n 19 unrar. # # For other useful switches refer to unrar documentation. # # If unrar is in your PATH you may leave the path part and set only # the executable name ("unrar" on POSIX or "unrar.exe" on Windows). UnrarCmd=${AppDir}/unrar # Full path to 7-Zip executable. # # Example: /usr/bin/7z. # # Similar to option this option can also include extra switches. # # If 7-Zip binary is in your PATH you may leave the path part and set only # the executable name ("7z" or "7za" on POSIX or "7z.exe" on Windows). SevenZipCmd=${AppDir}/7za # Files to delete after successful download. # # List of file extensions, file names or file masks to delete after # successful download. If either unpack or par-check fail the cleanup is # not performed. If download doesn't contain archives nor par-files # the cleanup is performed if the health is 100%. If parameter "unpack" # is disabled for that nzb-file the cleanup isn't performed. # # The entries must be separated with commas. The entries can be file # extensions, file names or file masks containing wildcard # characters * and ?. # # Example: .par2, .sfv ExtCleanupDisk=.par2, .sfv # Files to ignore during unpack. # # List of file extensions to ignore when unpacking archives or renaming # obfuscated archive files. The entries must be separated with commas. # # Archive files with non standard extensions belong to one of two categories: they # are either obfuscated files or files with special purposes which should not be # unpacked. List the files of second type here to avoid attempts to unpack them. # # This option has effect on two post-processing stages. # # First, during rar-rename (option ) rar-files with non-standard # extensions are renamed back to rar-extension, which is required for successful # unpacking. Files with extensions listed here will not be renamed. # # Second, if during unpack no rar-files are found but instead rar-archives # with non-rar extensions are found the unpack fails. For files listed here # no unpack failure occurs and download is considered not having archive # files and be successful. # # Example: .cbr UnpackIgnoreExt=.cbr # Path to file containing unpack passwords. # # If the option is set the program will try all passwords from the file # when unpacking the archives. The file must be a text file containing # one password per line. # # If an nzb-file has a defined password (in the post-processing settings) # then the password-file is not used for that nzb-file. # # NOTE: Trying multiple passwords is a time consuming task. Whenever possible # passwords should be set per nzb-file in their post-processing settings. UnpackPassFile= ############################################################################## ### EXTENSION SCRIPTS ### # List of active extension scripts for new downloads. # # Extension scripts associated with nzb-files are executed before, during # or after download as defined by script developer. # # Each download (nzb-file) has its own list of extension scripts; the list # can be viewed and changed in web-interface in download details dialog or # via API. Option sets defaults for new downloads; changes # to option do not affect downloads which are already in queue. # # When nzb-file is added to queue it can have a category assigned to it. In this # case option (if not empty) have precedence and # defines the scripts for that nzb-file; consequently global option # has no effect for that nzb-file. # # Certain extensions work globally for the whole program instead of # per-nzb basis. Such extensions are activated once and cannot be overriden # per category or per nzb. # # The scripts in the list must be separated with commas or semicolons. All # scripts must be stored in directory set by option and # paths relative to must be entered here. # # Example: Cleanup.sh, Move.sh, EMail.py. # # NOTE: The script execution order is controlled by option , not # by their order in option . # # NOTE: For the list of interesting extension scripts see # http://nzbget.net/catalog-of-extension-scripts. # # NOTE: For developer documentation visit http://nzbget.net/extension-scripts. Extensions= # Execution order for extension scripts. # # If you assign multiple scripts to one nzb-file, they are executed in the # order defined by this option. # # The scripts in the list must be separated with commas or semicolons. All # scripts must be stored in directory set by option and # paths relative to must be entered here. # # Example: Cleanup.sh, Move.sh. ScriptOrder= # Pause download queue during executing of postprocess-script (yes, no). # # Enable the option to give CPU more time for postprocess-script. That helps # to speed up postprocess on slow CPUs with fast connection (e.g. NAS-devices). # # NOTE: See also options and . ScriptPauseQueue=no # Shell overrides for script interpreters. # # By default extension scripts are executed as normal programs. The system finds # an associated interpreter automatically. If for some reason that doesn't work # properly you can provide shell overrides here. # # This option contains a comma separated list of shell overrides per # file extension. A shell override consists of file extension (starting with # dot) followed by equal sign and the full path to script interpreter. # # Example: .py=/usr/bin/python2;.py3=/usr/bin/python3;.sh=/usr/bin/bash. ShellOverride= # Minimum interval between queue events (seconds). # # Extension scripts can opt-in for progress notifcations during # download. For downloads containing many small files the events can # be fired way too often increasing load on the system due to script # execution. # # This option allows to reduce the number of calls of scripts by # skipping "file-downloaded"-events if the previous call for the same # download (nzb-file) were performed a short time ago (as defined by # the option). # # Value "-1" disables "file-downloaded"-events. Scripts are still # notified on other events (such as "nzb-added" or "nzb-downloaded"). EventInterval=0 ================================================ FILE: oauth2-proxy/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ git ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV OAUTH2_PROXY_VERSION v5.1.1 RUN go get github.com/pusher/oauth2_proxy || true \ && cd /go/src/github.com/pusher/oauth2_proxy \ && git checkout "${OAUTH2_PROXY_VERSION}" \ && go build . \ && mv oauth2_proxy /usr/bin/ FROM alpine:latest COPY --from=builder /usr/bin/oauth2_proxy /usr/bin/oauth2_proxy COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "oauth2_proxy" ] ================================================ FILE: openbmc/Dockerfile ================================================ FROM debian:buster-slim RUN apt-get update && apt-get install -y \ bash \ build-essential \ ca-certificates \ chrpath \ curl \ diffstat \ gawk \ git \ libpixman-1-0 \ libsdl1.2-dev \ texinfo \ && rm -rf /var/lib/apt/lists/* # Download the latest qemu build from openBMC's fork RUN curl -sSL -o /usr/bin/qemu-system-arm https://openpower.xyz/job/openbmc-qemu-build-merge-x86/lastSuccessfulBuild/artifact/qemu/arm-softmmu/qemu-system-arm \ && chmod +x /usr/bin/qemu-system-arm # Download the latest romulus image RUN mkdir -p /usr/src/openbmc RUN curl -sSL -o /usr/src/openbmc/obmc-phosphor-image-romulus.static.mtd https://openpower.xyz/job/openbmc-build/distro=ubuntu,label=builder,target=romulus/lastSuccessfulBuild/artifact/deploy/images/romulus/obmc-phosphor-image-romulus.static.mtd #ENV OPENBMC_VERSION 2.7.0 #RUN git clone --depth 1 --branch "${OPENBMC_VERSION}" https://github.com/openbmc/openbmc /usr/src/openbmc #WORKDIR /usr/src/openbmc #ENV TEMPLATECONF=meta-ibm/meta-palmetto/conf #RUN bash ./openbmc-env \ # && bitbake obmc-phosphor-image ENTRYPOINT ["qemu-system-arm", "-m", "256", "-M", "romulus-bmc", "-nographic", "-drive", "file=/usr/src/openbmc/obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd", "-net", "nic", "-net", "user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443,hostname=qemu"] ================================================ FILE: openscad/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ openscad \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "openscad" ] ================================================ FILE: openvpn/Dockerfile ================================================ FROM alpine:latest RUN apk --no-cache add \ openvpn RUN mkdir /usr/share/openvpn RUN cp /etc/openvpn/* /usr/share/openvpn/ WORKDIR /etc/openvpn ENTRYPOINT ["openvpn"] ================================================ FILE: openvpn/README.md ================================================ # LMCTVPNFY Let Me Containerize That VPN For You ## How to use this? Drop your OpenVPN configuration file in this directory. Let's pretend that it's called `hacktheplanet.ovpn`. Then all you have to do is to run: ``` docker-compose run vpn hacktheplanet.ovpn ``` If you need a password (because your OpenVPN configuration specifies `auth-user-pass`) you will be prompted for it. If the VPN server pushes routes and so forth, they will be added to your machine, because the Compose file specifies `net: host` so the container runs within the hosts namespace. If you **don't** need to specify a password, you can use `docker-compose run -d vpn hacktheplanet.ovpn` to start the container in the background. If you OpenVPN configuration needs extra files (certificates etc) you can drop them in this directory too. ## How to fix DNS To let OpenVPN change your resolv.conf file you need to add 2 scripts to your configuration to trigger the Alpine provided scripts. ``` up /usr/share/openvpn/up.sh down /usr/share/openvpn/down.sh ``` ## Why? Because we're the containerati and we like when things are [neatly arranged in their boxes](https://twitter.com/zooeypeng/status/613053137050439681). ================================================ FILE: openvpn/docker-compose.yml ================================================ vpn: build: . volumes: - .:/etc/openvpn - /etc/resolv.conf:/etc/resolv.conf net: host devices: - /dev/net/tun:/dev/net/tun cap_add: - NET_ADMIN ================================================ FILE: osquery/Dockerfile ================================================ FROM ubuntu:bionic LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg2 \ libc++1 \ tar \ xz-utils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -sSL https://apt.kitware.com/keys/kitware-archive-latest.asc | apt-key add - \ && echo 'deb https://apt.kitware.com/ubuntu/ bionic main' > /etc/apt/sources.list.d/cmake.list ENV OSQUERY_VERSION 4.3.0 RUN buildDeps=' \ bison \ clang \ cmake \ flex \ git \ libc++-dev \ libc++abi-dev \ liblzma-dev \ libssl-dev \ llvm \ make \ python \ python3 \ ' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /usr/src/osquery/build /usr/share/osquery \ && git clone --branch "${OSQUERY_VERSION}" --depth 1 https://github.com/osquery/osquery.git /usr/src/osquery/src \ && cd /usr/src/osquery \ && ls -la src/ \ && cd build \ && curl -sSL https://github.com/osquery/osquery-toolchain/releases/download/1.0.0/osquery-toolchain-1.0.0.tar.xz | tar -xJ -C /usr/local \ && cmake -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain ../src \ && cmake --build . \ && mv osquery/osqueryd /usr/bin \ && mv package/linux/osqueryctl /usr/bin \ && mkdir -p /usr/share/osquery/certs \ && cp ../src/tools/deployment/certs.pem /usr/share/osquery/certs/ \ && apt-get purge -y --auto-remove $buildDeps \ && chmod a+x /usr/bin/osquery* \ && cp -r /usr/src/osquery/src/packs /usr/share/osquery/ COPY osquery.example.conf /etc/osquery/osquery.conf ENV HOME /home/user RUN mkdir -p /var/osquery /var/log/osquery \ && useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME /etc/osquery /var/osquery /usr/share/osquery /var/log/osquery WORKDIR $HOME USER user ENTRYPOINT [ "osqueryd", "--pidfile", "/home/user/osqueryd.pidfile" ] CMD [ "--config_path=/etc/osquery/osquery.conf", "--verbose", "--docker_socket=/var/run/docker.sock", "--host_identifier=hostname", "--disable_distributed=false", "--distributed_plugin=tls" ] ================================================ FILE: osquery/osquery.example.conf ================================================ { // Configure the daemon below: "options": { // Select the osquery config plugin. "config_plugin": "filesystem", // Select the osquery logging plugin. "logger_plugin": "filesystem", // The log directory stores info, warning, and errors. // If the daemon uses the 'filesystem' logging retriever then the log_dir // will also contain the query results. //"logger_path": "/var/log/osquery", // Set 'disable_logging' to true to prevent writing any info, warning, error // logs. If a logging plugin is selected it will still write query results. //"disable_logging": "false", // Query differential results are logged as change-events to assist log // aggregation operations like searching and transactions. // Set 'log_result_events' to log differentials as transactions. //"log_result_events": "true", // Splay the scheduled interval for queries. // This is very helpful to prevent system performance impact when scheduling // large numbers of queries that run a smaller or similar intervals. //"schedule_splay_percent": "10", // Write the pid of the osqueryd process to a pidfile/mutex. //"pidfile": "/var/osquery/osquery.pidfile", // Clear events from the osquery backing store after a number of seconds. "events_expiry": "3600", // A filesystem path for disk-based backing storage used for events and // query results differentials. See also 'use_in_memory_database'. "database_path": "/var/osquery/osquery.db", // Comma-delimited list of table names to be disabled. // This allows osquery to be launched without certain tables. //"disable_tables": "foo_bar,time", // Enable debug or verbose debug output when logging. "verbose": "false", // The number of threads for concurrent query schedule execution. "worker_threads": "2", // Enable schedule profiling, this will fill in averages and totals for // system/user CPU time and memory for every query in the schedule. // Add a query: "select * from osquery_schedule" to record the performances. "enable_monitor": "true" }, // Define a schedule of queries: "schedule": { // This is a simple example query that outputs basic system information. "system_info": { // The exact query to run. "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;", // The interval in seconds to run this query, not an exact interval. "interval": 3600 } }, // Decorators are normal queries that append data to every query. "decorators": { "load": [ "SELECT uuid AS host_uuid FROM system_info;", "SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;" ] }, // Add default osquery packs or install your own. // // There are several 'default' packs installed with 'make install' or via // packages and/or Homebrew. // // Linux: /usr/share/osquery/packs // OS X: /var/osquery/packs // Homebrew: /usr/local/share/osquery/packs // make install: {PREFIX}/share/osquery/packs // "packs": { // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf", // "incident-response": "/usr/share/osquery/packs/incident-response.conf", // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf", // "osx-attacks": "/usr/share/osquery/packs/osx-attacks.conf", // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf", // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf" } } ================================================ FILE: packer/Dockerfile ================================================ FROM golang:alpine as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk add --no-cache \ bash \ ca-certificates \ gcc \ git \ make \ zip ENV PACKER_VERSION v1.5.3 RUN go get github.com/hashicorp/packer WORKDIR /go/src/github.com/hashicorp/packer RUN git checkout "${PACKER_VERSION}" RUN XC_ARCH="amd64" XC_OS="linux" LD_FLAGS=" -extldflags -static" make releasebin \ && mv bin/packer /usr/bin/packer FROM alpine:latest RUN apk add --no-cache \ bash \ tar COPY --from=builder /usr/bin/packer /usr/bin/packer COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "packer" ] CMD [ "--help" ] ================================================ FILE: pandoc/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ pandoc \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT ["pandoc"] ================================================ FILE: parrot-live/Dockerfile ================================================ FROM node:alpine RUN apk add --no-cache git RUN git clone --branch master --depth 1 https://github.com/hugomd/parrot.live.git /src WORKDIR /src RUN npm install CMD ["node","index.js"] ================================================ FILE: pdp-10/its/Dockerfile ================================================ FROM debian:bullseye-slim RUN apt-get update && apt-get install -y \ ca-certificates \ simh \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN buildDeps=' \ expect \ gcc \ git \ libc6-dev \ make \ libncurses5-dev \ ' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && git clone --depth 1 "https://github.com/PDP-10/its.git" /usr/src/its \ && ( \ cd /usr/src/its \ && make EMULATOR=simh \ ) \ && apt-get purge -y --auto-remove $buildDeps WORKDIR /usr/src/its ENTRYPOINT ["./start"] ================================================ FILE: perkeep/Dockerfile ================================================ FROM golang:1.10-alpine AS builder LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ git ENV PERKEEP_VERSION 0.10 RUN mkdir -p /go/src/perkeep.org \ && git clone --depth 1 --branch "${PERKEEP_VERSION}" https://github.com/perkeep/perkeep.git /go/src/perkeep.org \ && cd /go/src/perkeep.org \ && go run make.go \ && cp -vr /go/bin/* /usr/local/bin/ \ && echo "Build complete." FROM alpine:latest RUN apk --no-cache add \ ca-certificates COPY --from=builder /usr/local/bin/pk* /usr/bin/ COPY --from=builder /usr/local/bin/perkeepd /usr/bin/perkeepd ENTRYPOINT [ "perkeepd" ] ================================================ FILE: pivman/Dockerfile ================================================ # Run pivman (yubikey-piv-manager) in a container # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/bus/usb \ # --device /dev/usb \ # --name pivman \ # jess/pivman # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:yubico/stable && \ apt-get update && \ apt-get install -y \ usbutils \ yubikey-piv-manager \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "pivman" ] ================================================ FILE: plex-home-theater/Dockerfile ================================================ # plex home theater # # docker run -d -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd:/dev/snd \ # --device /dev/dri:/dev/dri \ # jess/plex-home-theater # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:plexapp/plexht && \ add-apt-repository ppa:pulse-eight/libcec && \ apt-get update && \ apt-get install -y \ plexhometheater \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "/usr/bin/plexhometheater.sh" ] ================================================ FILE: plexpy/Dockerfile ================================================ # A Python based monitoring and tracking tool for Plex Media Server. # # docker run -d \ # --name=PlexPy \ # -v :/data \ # -p 8181:8181 \ # r.j3ss.co/plexpy FROM alpine:latest # Install required packages. RUN apk add --no-cache \ ca-certificates \ git \ python \ py-pip # Get the source ENV PLEXPY_VERSION v2.2.4 RUN git clone https://github.com/Tautulli/Tautulli.git /opt/plexpy \ && ( \ cd /opt/plexpy \ && git checkout "${PLEXPY_VERSION}" \ ) # Volume for Plexpy data. VOLUME /data # Set the working directory. WORKDIR /opt/plexpy # Expose ports. EXPOSE 8181 # Define default command. ENTRYPOINT ["python", "PlexPy.py"] CMD ["--nolaunch", "--datadir=/data"] ================================================ FILE: pms/Dockerfile ================================================ # Practical Music Search, an MPD client # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # --link mpd:mpd \ # jess/pms # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ pms \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "pms" ] ================================================ FILE: pomerium/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ git \ make ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV POMERIUM_VERSION v0.9.0 RUN go get github.com/pomerium/pomerium || true \ && cd /go/src/github.com/pomerium/pomerium \ && git checkout "${POMERIUM_VERSION}" \ && make release \ && mv dist/pomerium-linux-amd64 /usr/bin/pomerium FROM alpine:latest COPY --from=builder /usr/bin/pomerium /usr/bin/pomerium COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "pomerium" ] ================================================ FILE: pop/.gitignore ================================================ pop.c ================================================ FILE: pop/Dockerfile ================================================ FROM alpine:latest COPY pop /usr/local/bin/pop CMD ["/usr/local/bin/pop"] ================================================ FILE: postfix/Dockerfile ================================================ FROM alpine:latest RUN apk add --no-cache \ bash \ ca-certificates \ libsasl \ mailx \ postfix \ rsyslog \ runit \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/main COPY service /etc/service COPY runit_bootstrap /usr/sbin/runit_bootstrap COPY rsyslog.conf /etc/rsyslog.conf RUN ln -sf /dev/stdout /var/log/mail.log STOPSIGNAL SIGKILL ENTRYPOINT ["/usr/sbin/runit_bootstrap"] ================================================ FILE: postfix/rsyslog.conf ================================================ # rsyslog v5: load input modules # If you do not load inputs, nothing happens! # You may need to set the module load path if modules are not found. $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) #$ModLoad imklog.so # kernel logging (formerly provided by rklogd) # default permissions for all log files. $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # Include configuration files from directory $IncludeConfig /etc/rsyslog.d/* # Check config syntax on startup and abort if unclean (default off) #$AbortOnUncleanConfig on # Reduce repeating messages (default off) #$RepeatedMsgReduction on # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none -/var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/mail.log # Log cron stuff cron.* -/var/log/cron # Everybody gets emergency messages #*.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit -/var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # More configuration examples: # # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /var/spool/rsyslog # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinety retries if host is down #$ActionResumeInterval 30 # retry interval # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # Remote Logging with TCP + SSL/TLS #$DefaultNetstreamDriver gtls #$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem #$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem #$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem #$ActionSendStreamDriverAuthMode x509/name # enable peer authentication #$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo #$ActionSendStreamDriverMode 1 # run driver in TLS-only mode # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: #$ModLoad imtcp # provides TCP syslog reception #$TCPServerRun 10514 # start a TCP syslog server at port 10514 # TCP + SSL/TLS Syslog Server: #$ModLoad imtcp # provides TCP syslog reception #$DefaultNetstreamDriver gtls # use gnuTLS for data encryption #$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem #$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem #$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode #$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication #$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client) #$TCPServerRun 10514 # start a TCP syslog server at port 10514 # UDP Syslog Server: $ModLoad imudp.so # provides UDP syslog reception $UDPServerRun 514 # start a UDP syslog server at standard port 514 ================================================ FILE: postfix/runit_bootstrap ================================================ #!/bin/sh exec /sbin/runsvdir /etc/service ================================================ FILE: postfix/service/postfix/run ================================================ #!/bin/bash set -e # Avoid warning: smtputf8_enable is true, but EAI support is not compiled in echo "smtputf8_enable = no" >> /etc/postfix/main.cf cat >> /etc/postfix/main.cf << EOF # limit smtp to loopback interface & compute engine doesn't support ipv6 inet_interfaces = loopback-only inet_protocols = ipv4 EOF # Do we want to modify the config first with the script? # shellcheck disable=SC1091 [ -f /etc/service/postfix/run.config ] && source /etc/service/postfix/run.config if [[ -n "$MAILNAME" ]]; then echo "$MAILNAME" > /etc/mailname postconf -e myorigin="/etc/mailname" cat >> /etc/postfix/main.cf <<- EOF # Force ehlo behavior smtp_always_send_ehlo = yes smtp_helo_name = $MAILNAME EOF fi if [[ -n "$MY_NETWORKS" ]]; then postconf -e mynetworks="$MY_NETWORKS" fi if [[ -n "$MY_DESTINATION" ]]; then postconf -e mydestination="$MY_DESTINATION" fi if [[ -n "$ROOT_ALIAS" ]]; then if [[ -f /etc/aliases ]]; then sed -i '/^root:/d' /etc/aliases fi echo "root: $ROOT_ALIAS" >> /etc/aliases newaliases fi if [[ -n "$RELAY" ]]; then # setup the relay cat >> /etc/postfix/main.cf <<- EOF relayhost = $RELAY # These lines can be used, if the result is not as expected debug_peer_list = smtp-relay.gmail.com debug_peer_level = 2 EOF fi if [[ -n "$TLS" ]]; then # setup tls cat >> /etc/postfix/main.cf <<- EOF smtp_use_tls = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt EOF fi if [[ -n "$SASL_AUTH" ]]; then cat >> /etc/postfix/main.cf <<- EOF smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous EOF # generate the SASL password map echo "$RELAY $SASL_AUTH" > /etc/postfix/sasl_passwd # generate a .db file postmap /etc/postfix/sasl_passwd # cleanup rm /etc/postfix/sasl_passwd # set permissions chmod 600 /etc/postfix/sasl_passwd.db fi if [[ -f "/usr/libexec/postfix/master" ]]; then cmd="/usr/libexec/postfix/master" fi if [[ -f "/usr/lib/postfix/master" ]]; then cmd="/usr/lib/postfix/master" fi if [[ -z "$cmd" ]]; then echo "Could not find postfix master in /usr/lib or /usr/libexec" exit 1 fi "$cmd" -c /etc/postfix -d 2>&1 ================================================ FILE: postfix/service/postfix/supervise/.gitignore ================================================ ================================================ FILE: postfix/service/rsyslog/run ================================================ #!/bin/bash set -e exec rsyslogd -n ================================================ FILE: postfix/service/rsyslog/supervise/.gitignore ================================================ ================================================ FILE: powershell/Dockerfile ================================================ FROM debian:stretch-slim LABEL maintainer "Christian Koep " ENV POWERSHELL_VERSION 7.0.1 RUN apt-get update && apt-get install -y \ ca-certificates \ dpkg \ libcurl3 \ libicu57 \ libssl1.0.2 \ liblttng-ust0 \ libunwind8 \ wget \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN cd /usr/src \ && wget "https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell_${POWERSHELL_VERSION}-1.debian.9_amd64.deb" -O /tmp/powershell.deb \ && dpkg -i /tmp/powershell.deb \ && ln -snf "/opt/microsoft/powershell/7/pwsh" /usr/bin/pwsh \ && apt-get install -fy \ && rm -rf /var/lib/apt/lists/* /usr/src/* /tmp/powershell.deb \ && which pwsh ENTRYPOINT [ "/usr/bin/pwsh" ] ================================================ FILE: powershell-azure/Dockerfile ================================================ FROM r.j3ss.co/powershell:latest # Install/Update PowerShellGet RUN pwsh -c "Install-Module PowerShellGet -Force" # Install Azure PowerShell module # Install the Azure Resource Manager modules from the PowerShell Gallery RUN pwsh -c "Install-Module -Name Az -AllowClobber -Force" ENTRYPOINT [ "pwsh" ] ================================================ FILE: privoxy/Dockerfile ================================================ # run a privoxy in a container and link to a tor socks proxy container # # docker run -d \ # --restart always \ # # the link inside the container must be named "torproxy" # # see: https://github.com/jessfraz/dockerfiles/blob/master/privoxy/privoxy.conf#L1317 # --link torproxy:torproxy \ # -v /etc/localtime:/etc/localtime:ro \ # -p 8118:8118 \ # --name privoxy \ # jess/privoxy # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ privoxy # expose http port EXPOSE 8118 # copy in our privoxy config file COPY privoxy.conf /etc/privoxy/config # make sure files are owned by privoxy user RUN chown -R privoxy /etc/privoxy USER privoxy ENTRYPOINT [ "privoxy", "--no-daemon" ] CMD [ "/etc/privoxy/config" ] ================================================ FILE: privoxy/privoxy.conf ================================================ # Sample Configuration File for Privoxy # # Id: config,v # # Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/ # #################################################################### # # # Table of Contents # # # # I. INTRODUCTION # # II. FORMAT OF THE CONFIGURATION FILE # # # # 1. LOCAL SET-UP DOCUMENTATION # # 2. CONFIGURATION AND LOG FILE LOCATIONS # # 3. DEBUGGING # # 4. ACCESS CONTROL AND SECURITY # # 5. FORWARDING # # 6. WINDOWS GUI OPTIONS # # # #################################################################### # # # I. INTRODUCTION # =============== # # This file holds Privoxy's main configuration. Privoxy detects # configuration changes automatically, so you don't have to restart # it unless you want to load a different configuration file. # # The configuration will be reloaded with the first request after # the change was done, this request itself will still use the old # configuration, though. In other words: it takes two requests before # you see the result of your changes. Requests that are dropped due # to ACL don't trigger reloads. # # When starting Privoxy on Unix systems, give the location of this # file as last argument. On Windows systems, Privoxy will look for # this file with the name 'config.txt' in the current working directory # of the Privoxy process. # # # II. FORMAT OF THE CONFIGURATION FILE # ==================================== # # Configuration lines consist of an initial keyword followed by a # list of values, all separated by whitespace (any number of spaces # or tabs). For example, # # actionsfile default.action # # Indicates that the actionsfile is named 'default.action'. # # The '#' indicates a comment. Any part of a line following a '#' # is ignored, except if the '#' is preceded by a '\'. # # Thus, by placing a # at the start of an existing configuration # line, you can make it a comment and it will be treated as if it # weren't there. This is called "commenting out" an option and can # be useful. Removing the # again is called "uncommenting". # # Note that commenting out an option and leaving it at its default # are two completely different things! Most options behave very # differently when unset. See the "Effect if unset" explanation in # each option's description for details. # # Long lines can be continued on the next line by using a `\' as the # last character. # # # # 1. LOCAL SET-UP DOCUMENTATION # ============================== # # If you intend to operate Privoxy for more users than just yourself, # it might be a good idea to let them know how to reach you, what # you block and why you do that, your policies, etc. # # # # 1.1. user-manual # ================= # # Specifies: # # Location of the Privoxy User Manual. # # Type of value: # # A fully qualified URI # # Default value: # # Unset # # Effect if unset: # # http://www.privoxy.org/version/user-manual/ will be used, # where version is the Privoxy version. # # Notes: # # The User Manual URI is the single best source of information on # Privoxy, and is used for help links from some of the internal # CGI pages. The manual itself is normally packaged with the # binary distributions, so you probably want to set this to a # locally installed copy. # # Examples: # # The best all purpose solution is simply to put the full local # PATH to where the User Manual is located: # # user-manual /usr/share/doc/privoxy/user-manual # # The User Manual is then available to anyone with # access to Privoxy, by following the built-in URL: # http://config.privoxy.org/user-manual/ (or the shortcut: # http://p.p/user-manual/). # # If the documentation is not on the local system, it can be # accessed from a remote server, as: # # user-manual http://example.com/privoxy/user-manual/ # # WARNING!!! # # If set, this option should be the first option in the config # file, because it is used while the config file is being read. # user-manual /usr/share/doc/privoxy/user-manual # # # 1.2. trust-info-url # ==================== # # Specifies: # # A URL to be displayed in the error page that users will see if # access to an untrusted page is denied. # # Type of value: # # URL # # Default value: # # Unset # # Effect if unset: # # No links are displayed on the "untrusted" error page. # # Notes: # # The value of this option only matters if the experimental trust # mechanism has been activated. (See trustfile below.) # # If you use the trust mechanism, it is a good idea to write # up some on-line documentation about your trust policy and to # specify the URL(s) here. Use multiple times for multiple URLs. # # The URL(s) should be added to the trustfile as well, so users # don't end up locked out from the information on why they were # locked out in the first place! # #trust-info-url http://www.example.com/why_we_block.html #trust-info-url http://www.example.com/what_we_allow.html # # # 1.3. admin-address # =================== # # Specifies: # # An email address to reach the Privoxy administrator. # # Type of value: # # Email address # # Default value: # # Unset # # Effect if unset: # # No email address is displayed on error pages and the CGI user # interface. # # Notes: # # If both admin-address and proxy-info-url are unset, the whole # "Local Privoxy Support" box on all generated pages will not # be shown. # #admin-address privoxy-admin@example.com # # # 1.4. proxy-info-url # ==================== # # Specifies: # # A URL to documentation about the local Privoxy setup, # configuration or policies. # # Type of value: # # URL # # Default value: # # Unset # # Effect if unset: # # No link to local documentation is displayed on error pages and # the CGI user interface. # # Notes: # # If both admin-address and proxy-info-url are unset, the whole # "Local Privoxy Support" box on all generated pages will not # be shown. # # This URL shouldn't be blocked ;-) # #proxy-info-url http://www.example.com/proxy-service.html # # # 2. CONFIGURATION AND LOG FILE LOCATIONS # ======================================== # # Privoxy can (and normally does) use a number of other files for # additional configuration, help and logging. This section of the # configuration file tells Privoxy where to find those other files. # # The user running Privoxy, must have read permission for all # configuration files, and write permission to any files that would # be modified, such as log files and actions files. # # # # 2.1. confdir # ============= # # Specifies: # # The directory where the other configuration files are located. # # Type of value: # # Path name # # Default value: # # /etc/privoxy (Unix) or Privoxy installation dir (Windows) # # Effect if unset: # # Mandatory # # Notes: # # No trailing "/", please. # confdir /etc/privoxy # # # 2.2. templdir # ============== # # Specifies: # # An alternative directory where the templates are loaded from. # # Type of value: # # Path name # # Default value: # # unset # # Effect if unset: # # The templates are assumed to be located in confdir/template. # # Notes: # # Privoxy's original templates are usually overwritten with each # update. Use this option to relocate customized templates that # should be kept. As template variables might change between # updates, you shouldn't expect templates to work with Privoxy # releases other than the one they were part of, though. # #templdir . # # # 2.3. logdir # ============ # # Specifies: # # The directory where all logging takes place (i.e. where the # logfile is located). # # Type of value: # # Path name # # Default value: # # /var/log/privoxy (Unix) or Privoxy installation dir (Windows) # # Effect if unset: # # Mandatory # # Notes: # # No trailing "/", please. # logdir /var/log/privoxy # # # 2.4. actionsfile # ================= # # Specifies: # # The actions file(s) to use # # Type of value: # # Complete file name, relative to confdir # # Default values: # # match-all.action # Actions that are applied to all sites and maybe overruled later on. # # default.action # Main actions file # # user.action # User customizations # # Effect if unset: # # No actions are taken at all. More or less neutral proxying. # # Notes: # # Multiple actionsfile lines are permitted, and are in fact # recommended! # # The default values are default.action, which is the "main" # actions file maintained by the developers, and user.action, # where you can make your personal additions. # # Actions files contain all the per site and per URL configuration # for ad blocking, cookie management, privacy considerations, # etc. There is no point in using Privoxy without at least one # actions file. # # Note that since Privoxy 3.0.7, the complete filename, including # the ".action" extension has to be specified. The syntax change # was necessary to be consistent with the other file options and # to allow previously forbidden characters. # actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. actionsfile default.action # Main actions file actionsfile user.action # User customizations # # # 2.5. filterfile # ================ # # Specifies: # # The filter file(s) to use # # Type of value: # # File name, relative to confdir # # Default value: # # default.filter (Unix) or default.filter.txt (Windows) # # Effect if unset: # # No textual content filtering takes place, i.e. all +filter{name} # actions in the actions files are turned neutral. # # Notes: # # Multiple filterfile lines are permitted. # # The filter files contain content modification rules that use # regular expressions. These rules permit powerful changes on the # content of Web pages, and optionally the headers as well, e.g., # you could try to disable your favorite JavaScript annoyances, # re-write the actual displayed text, or just have some fun # playing buzzword bingo with web pages. # # The +filter{name} actions rely on the relevant filter (name) # to be defined in a filter file! # # A pre-defined filter file called default.filter that contains a # number of useful filters for common problems is included in the # distribution. See the section on the filter action for a list. # # It is recommended to place any locally adapted filters into a # separate file, such as user.filter. # filterfile default.filter filterfile user.filter # User customizations # # # 2.6. logfile # ============= # # Specifies: # # The log file to use # # Type of value: # # File name, relative to logdir # # Default value: # # Unset (commented out). When activated: logfile (Unix) or # privoxy.log (Windows). # # Effect if unset: # # No logfile is written. # # Notes: # # The logfile is where all logging and error messages are # written. The level of detail and number of messages are set with # the debug option (see below). The logfile can be useful for # tracking down a problem with Privoxy (e.g., it's not blocking # an ad you think it should block) and it can help you to monitor # what your browser is doing. # # Depending on the debug options below, the logfile may be a # privacy risk if third parties can get access to it. As most # users will never look at it, Privoxy 3.0.7 and later only log # fatal errors by default. # # For most troubleshooting purposes, you will have to change that, # please refer to the debugging section for details. # # Your logfile will grow indefinitely, and you will probably # want to periodically remove it. On Unix systems, you can do # this with a cron job (see "man cron"). For Red Hat based Linux # distributions, a logrotate script has been included. # # Any log files must be writable by whatever user Privoxy is # being run as (on Unix, default user id is "privoxy"). # logfile logfile # # # 2.7. trustfile # =============== # # Specifies: # # The name of the trust file to use # # Type of value: # # File name, relative to confdir # # Default value: # # Unset (commented out). When activated: trust (Unix) or trust.txt # (Windows) # # Effect if unset: # # The entire trust mechanism is disabled. # # Notes: # # The trust mechanism is an experimental feature for building # white-lists and should be used with care. It is NOT recommended # for the casual user. # # If you specify a trust file, Privoxy will only allow access to # sites that are specified in the trustfile. Sites can be listed # in one of two ways: # # Prepending a ~ character limits access to this site only (and # any sub-paths within this site), e.g. ~www.example.com allows # access to ~www.example.com/ features/news.html, etc. # # Or, you can designate sites as trusted referrers, by prepending # the name with a + character. The effect is that access to # untrusted sites will be granted -- but only if a link from # this trusted referrer was used to get there. The link target # will then be added to the "trustfile" so that future, direct # accesses will be granted. Sites added via this mechanism do # not become trusted referrers themselves (i.e. they are added # with a ~ designation). There is a limit of 512 such entries, # after which new entries will not be made. # # If you use the + operator in the trust file, it may grow # considerably over time. # # It is recommended that Privoxy be compiled with the # --disable-force, --disable-toggle and --disable-editor options, # if this feature is to be used. # # Possible applications include limiting Internet access for # children. # #trustfile trust # # # 3. DEBUGGING # ============= # # These options are mainly useful when tracing a problem. Note that # you might also want to invoke Privoxy with the --no-daemon command # line option when debugging. # # # # 3.1. debug # =========== # # Specifies: # # Key values that determine what information gets logged. # # Type of value: # # Integer values # # Default value: # # 0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged) # # Effect if unset: # # Default value is used (see above). # # Notes: # # The available debug levels are: debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. # debug 2 # show each connection status # debug 4 # show I/O status # debug 8 # show header parsing # debug 16 # log all data written to the network # debug 32 # debug force feature # debug 64 # debug regular expression filters # debug 128 # debug redirects # debug 256 # debug GIF de-animation # debug 512 # Common Log Format # debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. # debug 2048 # CGI user interface # debug 4096 # Startup banner and warnings. # debug 8192 # Non-fatal errors # debug 32768 # log all data read from the network # # # To select multiple debug levels, you can either add them or # use multiple debug lines. # # A debug level of 1 is informative because it will show you each # request as it happens. 1, 1024, 4096 and 8192 are recommended # so that you will notice when things go wrong. The other levels # are probably only of interest if you are hunting down a specific # problem. They can produce a hell of an output (especially 16). # # Privoxy used to ship with the debug levels recommended above # enabled by default, but due to privacy concerns 3.0.7 and later # are configured to only log fatal errors. # # If you are used to the more verbose settings, simply enable # the debug lines below again. # # If you want to use pure CLF (Common Log Format), you should set # "debug 512" ONLY and not enable anything else. # # Privoxy has a hard-coded limit for the length of log messages. If # it's reached, messages are logged truncated and marked with # "... [too long, truncated]". # # Please don't file any support requests without trying to # reproduce the problem with increased debug level first. Once # you read the log messages, you may even be able to solve the # problem on your own. # #debug 1 # Log the destination for each request Privoxy let through. #debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. #debug 4096 # Startup banner and warnings debug 8192 # Non-fatal errors #debug 32768 # Non-fatal errors # # # 3.2. single-threaded # ===================== # # Specifies: # # Whether to run only one server thread. # # Type of value: # # None # # Default value: # # Unset # # Effect if unset: # # Multi-threaded (or, where unavailable: forked) operation, # i.e. the ability to serve multiple requests simultaneously. # # Notes: # # This option is only there for debugging purposes. It will # drastically reduce performance. # #single-threaded # # # 3.3. hostname # ============== # # Specifies: # # The hostname shown on the CGI pages. # # Type of value: # # Text # # Default value: # # Unset # # Effect if unset: # # The hostname provided by the operating system is used. # # Notes: # # On some misconfigured systems resolving the hostname fails or # takes too much time and slows Privoxy down. Setting a fixed # hostname works around the problem. # # In other circumstances it might be desirable to show a hostname # other than the one returned by the operating system. For example # if the system has several different hostnames and you don't # want to use the first one. # # Note that Privoxy does not validate the specified hostname value. # #hostname hostname.example.org # # # 4. ACCESS CONTROL AND SECURITY # =============================== # # This section of the config file controls the security-relevant # aspects of Privoxy's configuration. # # # # 4.1. listen-address # ==================== # # Specifies: # # The address and TCP port on which Privoxy will listen for # client requests. # # Type of value: # # [IP-Address]:Port # # [Hostname]:Port # # Default value: # # 127.0.0.1:8118 # # Effect if unset: # # Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is suitable # and recommended for home users who run Privoxy on the same # machine as their browser. # # Notes: # # You will need to configure your browser(s) to this proxy address # and port. # # If you already have another service running on port 8118, or # if you want to serve requests from other machines (e.g. on your # local network) as well, you will need to override the default. # # You can use this statement multiple times to make Privoxy listen # on more ports or more IP addresses. Suitable if your operating # system does not support sharing IPv6 and IPv4 protocols on the # same socket. # # If a hostname is used instead of an IP address, Privoxy will # try to resolve it to an IP address and if there are multiple, # use the first one returned. # # If the address for the hostname isn't already known on the # system (for example because it's in /etc/hostname), this may # result in DNS traffic. # # If the specified address isn't available on the system, or if # the hostname can't be resolved, Privoxy will fail to start. # # IPv6 addresses containing colons have to be quoted by # brackets. They can only be used if Privoxy has been compiled # with IPv6 support. If you aren't sure if your version supports # it, have a look at http://config.privoxy.org/ show-status. # # Some operating systems will prefer IPv6 to IPv4 addresses even if # the system has no IPv6 connectivity which is usually not expected # by the user. Some even rely on DNS to resolve localhost which # mean the "localhost" address used may not actually be local. # # It is therefore recommended to explicitly configure the intended # IP address instead of relying on the operating system, unless # there's a strong reason not to. # # If you leave out the address, Privoxy will bind to all IPv4 # interfaces (addresses) on your machine and may become reachable # from the Internet and/ or the local network. Be aware that # some GNU/Linux distributions modify that behaviour without # updating the documentation. Check for non-standard patches if # your Privoxyversion behaves differently. # # If you configure Privoxyto be reachable from the network, # consider using access control lists (ACL's, see below), and/or # a firewall. # # If you open Privoxy to untrusted users, you will also # want to make sure that the following actions are disabled: # enable-edit-actions and enable-remote-toggle # # With the exception noted above, listening on multiple addresses # is currently not supported by Privoxy directly. It can be done # on most operating systems by letting a packet filter redirect # request for certain addresses to Privoxy, though. # # Example: # # Suppose you are running Privoxy on a machine which has the # address 192.168.0.1 on your local private network (192.168.0.0) # and has another outside connection with a different address. You # want it to serve requests from inside only: # # listen-address 192.168.0.1:8118 # # Suppose you are running Privoxy on an IPv6-capable machine and # you want it to listen on the IPv6 address of the loopback device: # # listen-address [::1]:8118 # listen-address 0.0.0.0:8118 # # # 4.2. toggle # ============ # # Specifies: # # Initial state of "toggle" status # # Type of value: # # 1 or 0 # # Default value: # # 1 # # Effect if unset: # # Act as if toggled on # # Notes: # # If set to 0, Privoxy will start in "toggled off" mode, # i.e. mostly behave like a normal, content-neutral proxy # with both ad blocking and content filtering disabled. See # enable-remote-toggle below. # # The windows version will only display the toggle icon in the # system tray if this option is present. # toggle 1 # # # 4.3. enable-remote-toggle # ========================== # # Specifies: # # Whether or not the web-based toggle feature may be used # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # The web-based toggle feature is disabled. # # Notes: # # When toggled off, Privoxy mostly acts like a normal, # content-neutral proxy, i.e. doesn't block ads or filter content. # # Access to the toggle feature can not be controlled separately by # "ACLs" or HTTP authentication, so that everybody who can access # Privoxy (see "ACLs" and listen-address above) can toggle it # for all users. So this option is not recommended for multi-user # environments with untrusted users. # # Note that malicious client side code (e.g Java) is also capable # of using this option. # # As a lot of Privoxy users don't read documentation, this feature # is disabled by default. # # Note that you must have compiled Privoxy with support for this # feature, otherwise this option has no effect. # enable-remote-toggle 0 # # # 4.4. enable-remote-http-toggle # =============================== # # Specifies: # # Whether or not Privoxy recognizes special HTTP headers to change # its behaviour. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Privoxy ignores special HTTP headers. # # Notes: # # When toggled on, the client can change Privoxy's behaviour by # setting special HTTP headers. Currently the only supported # special header is "X-Filter: No", to disable filtering for # the ongoing request, even if it is enabled in one of the # action files. # # This feature is disabled by default. If you are using Privoxy in # a environment with trusted clients, you may enable this feature # at your discretion. Note that malicious client side code (e.g # Java) is also capable of using this feature. # # This option will be removed in future releases as it has been # obsoleted by the more general header taggers. # enable-remote-http-toggle 0 # # # 4.5. enable-edit-actions # ========================= # # Specifies: # # Whether or not the web-based actions file editor may be used # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # The web-based actions file editor is disabled. # # Notes: # # Access to the editor can not be controlled separately by # "ACLs" or HTTP authentication, so that everybody who can access # Privoxy (see "ACLs" and listen-address above) can modify its # configuration for all users. # # This option is not recommended for environments with untrusted # users and as a lot of Privoxy users don't read documentation, # this feature is disabled by default. # # Note that malicious client side code (e.g Java) is also capable # of using the actions editor and you shouldn't enable this # options unless you understand the consequences and are sure # your browser is configured correctly. # # Note that you must have compiled Privoxy with support for this # feature, otherwise this option has no effect. # enable-edit-actions 0 # # # 4.6. enforce-blocks # ==================== # # Specifies: # # Whether the user is allowed to ignore blocks and can "go there # anyway". # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Blocks are not enforced. # # Notes: # # Privoxy is mainly used to block and filter requests as a service # to the user, for example to block ads and other junk that clogs # the pipes. Privoxy's configuration isn't perfect and sometimes # innocent pages are blocked. In this situation it makes sense to # allow the user to enforce the request and have Privoxy ignore # the block. # # In the default configuration Privoxy's "Blocked" page contains # a "go there anyway" link to adds a special string (the force # prefix) to the request URL. If that link is used, Privoxy # will detect the force prefix, remove it again and let the # request pass. # # Of course Privoxy can also be used to enforce a network # policy. In that case the user obviously should not be able to # bypass any blocks, and that's what the "enforce-blocks" option # is for. If it's enabled, Privoxy hides the "go there anyway" # link. If the user adds the force prefix by hand, it will not # be accepted and the circumvention attempt is logged. # # Examples: # # enforce-blocks 1 # enforce-blocks 0 # # # 4.7. ACLs: permit-access and deny-access # ========================================= # # Specifies: # # Who can access what. # # Type of value: # # src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]] # # Where src_addr and dst_addr are IPv4 addresses in dotted # decimal notation or valid DNS names, port is a port number, and # src_masklen and dst_masklen are subnet masks in CIDR notation, # i.e. integer values from 2 to 30 representing the length # (in bits) of the network address. The masks and the whole # destination part are optional. # # If your system implements RFC 3493, then src_addr and dst_addr # can be IPv6 addresses delimeted by brackets, port can be a # number or a service name, and src_masklen and dst_masklen can # be a number from 0 to 128. # # Default value: # # Unset # # If no port is specified, any port will match. If no src_masklen # or src_masklen is given, the complete IP address has to match # (i.e. 32 bits for IPv4 and 128 bits for IPv6). # # Effect if unset: # # Don't restrict access further than implied by listen-address # # Notes: # # Access controls are included at the request of ISPs and systems # administrators, and are not usually needed by individual # users. For a typical home user, it will normally suffice to # ensure that Privoxy only listens on the localhost (127.0.0.1) # or internal (home) network address by means of the listen-address # option. # # Please see the warnings in the FAQ that Privoxy is not intended # to be a substitute for a firewall or to encourage anyone to # defer addressing basic security weaknesses. # # Multiple ACL lines are OK. If any ACLs are specified, Privoxy # only talks to IP addresses that match at least one permit-access # line and don't match any subsequent deny-access line. In other # words, the last match wins, with the default being deny-access. # # If Privoxy is using a forwarder (see forward below) for a # particular destination URL, the dst_addr that is examined is # the address of the forwarder and NOT the address of the ultimate # target. This is necessary because it may be impossible for the # local Privoxy to determine the IP address of the ultimate target # (that's often what gateways are used for). # # You should prefer using IP addresses over DNS names, because # the address lookups take time. All DNS names must resolve! You # can not use domain patterns like "*.org" or partial domain # names. If a DNS name resolves to multiple IP addresses, only # the first one is used. # # Some systems allow IPv4 clients to connect to IPv6 server # sockets. Then the client's IPv4 address will be translated by the # system into IPv6 address space with special prefix ::ffff:0:0/96 # (so called IPv4 mapped IPv6 address). Privoxy can handle it # and maps such ACL addresses automatically. # # Denying access to particular sites by ACL may have undesired # side effects if the site in question is hosted on a machine # which also hosts other sites (most sites are). # # Examples: # # Explicitly define the default behavior if no ACL and # listen-address are set: "localhost" is OK. The absence of a # dst_addr implies that all destination addresses are OK: # # permit-access localhost # # # Allow any host on the same class C subnet as www.privoxy.org # access to nothing but www.example.com (or other domains hosted # on the same system): # # permit-access www.privoxy.org/24 www.example.com/32 # # # Allow access from any host on the 26-bit subnet 192.168.45.64 to # anywhere, with the exception that 192.168.45.73 may not access # the IP address behind www.dirty-stuff.example.com: # # permit-access 192.168.45.64/26 # deny-access 192.168.45.73 www.dirty-stuff.example.com # # Allow access from the IPv4 network 192.0.2.0/24 even if listening # on an IPv6 wild card address (not supported on all platforms): # # permit-access 192.0.2.0/24 # # # This is equivalent to the following line even if listening on # an IPv4 address (not supported on all platforms): # # permit-access [::ffff:192.0.2.0]/120 # # # 4.8. buffer-limit # ================== # # Specifies: # # Maximum size of the buffer for content filtering. # # Type of value: # # Size in Kbytes # # Default value: # # 4096 # # Effect if unset: # # Use a 4MB (4096 KB) limit. # # Notes: # # For content filtering, i.e. the +filter and +deanimate-gif # actions, it is necessary that Privoxy buffers the entire document # body. This can be potentially dangerous, since a server could # just keep sending data indefinitely and wait for your RAM to # exhaust -- with nasty consequences. Hence this option. # # When a document buffer size reaches the buffer-limit, it is # flushed to the client unfiltered and no further attempt to filter # the rest of the document is made. Remember that there may be # multiple threads running, which might require up to buffer-limit # Kbytes each, unless you have enabled "single-threaded" above. # buffer-limit 4096 # # # 5. FORWARDING # ============== # # This feature allows routing of HTTP requests through a chain of # multiple proxies. # # Forwarding can be used to chain Privoxy with a caching proxy to # speed up browsing. Using a parent proxy may also be necessary if # the machine that Privoxy runs on has no direct Internet access. # # Note that parent proxies can severely decrease your privacy # level. For example a parent proxy could add your IP address to the # request headers and if it's a caching proxy it may add the "Etag" # header to revalidation requests again, even though you configured # Privoxy to remove it. It may also ignore Privoxy's header time # randomization and use the original values which could be used by # the server as cookie replacement to track your steps between visits. # # Also specified here are SOCKS proxies. Privoxy supports the SOCKS # 4 and SOCKS 4A protocols. # # # # 5.1. forward # ============= # # Specifies: # # To which parent HTTP proxy specific requests should be routed. # # Type of value: # # target_pattern http_parent[:port] # # where target_pattern is a URL pattern that specifies to which # requests (i.e. URLs) this forward rule shall apply. Use / # to denote "all URLs". http_parent[:port] is the DNS name or # IP address of the parent HTTP proxy through which the requests # should be forwarded, optionally followed by its listening port # (default: 8000). Use a single dot (.) to denote "no forwarding". # # Default value: # # Unset # # Effect if unset: # # Don't use parent HTTP proxies. # # Notes: # # If http_parent is ".", then requests are not forwarded to # another HTTP proxy but are made directly to the web servers. # # http_parent can be a numerical IPv6 address (if RFC 3493 is # implemented). To prevent clashes with the port delimiter, # the whole IP address has to be put into brackets. On the other # hand a target_pattern containing an IPv6 address has to be put # into angle brackets (normal brackets are reserved for regular # expressions already). # # Multiple lines are OK, they are checked in sequence, and the # last match wins. # # Examples: # # Everything goes to an example parent proxy, except SSL on port # 443 (which it doesn't handle): # # forward / parent-proxy.example.org:8080 # forward :443 . # # # Everything goes to our example ISP's caching proxy, except for # requests to that ISP's sites: # # forward / caching-proxy.isp.example.net:8000 # forward .isp.example.net . # # # Parent proxy specified by an IPv6 address: # # forward / [2001:DB8::1]:8000 # # # Suppose your parent proxy doesn't support IPv6: # # forward / parent-proxy.example.org:8000 # forward ipv6-server.example.org . # forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> . # # # 5.2. forward-socks4, forward-socks4a and forward-socks5 # ======================================================== # # Specifies: # # Through which SOCKS proxy (and optionally to which parent HTTP # proxy) specific requests should be routed. # # Type of value: # # target_pattern socks_proxy[:port] http_parent[:port] # # where target_pattern is a URL pattern that specifies to which # requests (i.e. URLs) this forward rule shall apply. Use / to # denote "all URLs". http_parent and socks_proxy are IP addresses # in dotted decimal notation or valid DNS names (http_parent may # be "." to denote "no HTTP forwarding"), and the optional port # parameters are TCP ports, i.e. integer values from 1 to 65535 # # Default value: # # Unset # # Effect if unset: # # Don't use SOCKS proxies. # # Notes: # # Multiple lines are OK, they are checked in sequence, and the # last match wins. # # The difference between forward-socks4 and forward-socks4a # is that in the SOCKS 4A protocol, the DNS resolution of the # target hostname happens on the SOCKS server, while in SOCKS 4 # it happens locally. # # With forward-socks5 the DNS resolution will happen on the remote # server as well. # # socks_proxy and http_parent can be a numerical IPv6 address # (if RFC 3493 is implemented). To prevent clashes with the port # delimiter, the whole IP address has to be put into brackets. On # the other hand a target_pattern containing an IPv6 address has # to be put into angle brackets (normal brackets are reserved # for regular expressions already). # # If http_parent is ".", then requests are not forwarded to another # HTTP proxy but are made (HTTP-wise) directly to the web servers, # albeit through a SOCKS proxy. # # Examples: # # From the company example.com, direct connections are made to all # "internal" domains, but everything outbound goes through their # ISP's proxy by way of example.com's corporate SOCKS 4A gateway # to the Internet. # # forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080 # forward .example.com . # # # A rule that uses a SOCKS 4 gateway for all destinations but no # HTTP parent looks like this: # # forward-socks4 / socks-gw.example.com:1080 . # # # To chain Privoxy and Tor, both running on the same system, # you would use something like: # # forward-socks5 / 127.0.0.1:9050 . # # # The public Tor network can't be used to reach your local network, # if you need to access local servers you therefore might want # to make some exceptions: # # forward 192.168.*.*/ . # forward 10.*.*.*/ . # forward 127.*.*.*/ . # # # Unencrypted connections to systems in these address ranges will # be as (un) secure as the local network is, but the alternative # is that you can't reach the local network through Privoxy at # all. Of course this may actually be desired and there is no # reason to make these exceptions if you aren't sure you need them. # # If you also want to be able to reach servers in your local # network by using their names, you will need additional exceptions # that look like this: # # forward localhost/ . # # forward-socks5 / torproxy:9050 . # # 5.3. forwarded-connect-retries # =============================== # # Specifies: # # How often Privoxy retries if a forwarded connection request # fails. # # Type of value: # # Number of retries. # # Default value: # # 0 # # Effect if unset: # # Connections forwarded through other proxies are treated like # direct connections and no retry attempts are made. # # Notes: # # forwarded-connect-retries is mainly interesting for socks4a # connections, where Privoxy can't detect why the connections # failed. The connection might have failed because of a DNS timeout # in which case a retry makes sense, but it might also have failed # because the server doesn't exist or isn't reachable. In this # case the retry will just delay the appearance of Privoxy's # error message. # # Note that in the context of this option, "forwarded connections" # includes all connections that Privoxy forwards through other # proxies. This option is not limited to the HTTP CONNECT method. # # Only use this option, if you are getting lots of # forwarding-related error messages that go away when you try again # manually. Start with a small value and check Privoxy's logfile # from time to time, to see how many retries are usually needed. # # Due to a bug, this option currently also causes Privoxy to # retry in case of certain problems with direct connections. # # Examples: # # forwarded-connect-retries 1 # forwarded-connect-retries 0 # # # 6. MISCELLANEOUS # ================= # # 6.1. accept-intercepted-requests # ================================= # # Specifies: # # Whether intercepted requests should be treated as valid. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Only proxy requests are accepted, intercepted requests are # treated as invalid. # # Notes: # # If you don't trust your clients and want to force them to use # Privoxy, enable this option and configure your packet filter # to redirect outgoing HTTP connections into Privoxy. # # Make sure that Privoxy's own requests aren't redirected as well. # Additionally take care that Privoxy can't intentionally connect # to itself, otherwise you could run into redirection loops if # Privoxy's listening port is reachable by the outside or an # attacker has access to the pages you visit. # # Examples: # # accept-intercepted-requests 1 # accept-intercepted-requests 0 # # # 6.2. allow-cgi-request-crunching # ================================= # # Specifies: # # Whether requests to Privoxy's CGI pages can be blocked or # redirected. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Privoxy ignores block and redirect actions for its CGI pages. # # Notes: # # By default Privoxy ignores block or redirect actions for # its CGI pages. Intercepting these requests can be useful in # multi-user setups to implement fine-grained access control, # but it can also render the complete web interface useless and # make debugging problems painful if done without care. # # Don't enable this option unless you're sure that you really # need it. # # Examples: # # allow-cgi-request-crunching 1 # allow-cgi-request-crunching 0 # # # 6.3. split-large-forms # ======================= # # Specifies: # # Whether the CGI interface should stay compatible with broken # HTTP clients. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # The CGI form generate long GET URLs. # # Notes: # # Privoxy's CGI forms can lead to rather long URLs. This isn't # a problem as far as the HTTP standard is concerned, but it can # confuse clients with arbitrary URL length limitations. # # Enabling split-large-forms causes Privoxy to divide big forms # into smaller ones to keep the URL length down. It makes editing # a lot less convenient and you can no longer submit all changes # at once, but at least it works around this browser bug. # # If you don't notice any editing problems, there is no reason # to enable this option, but if one of the submit buttons appears # to be broken, you should give it a try. # # Examples: # # split-large-forms 1 # split-large-forms 0 # # # 6.4. keep-alive-timeout # ======================== # # Specifies: # # Number of seconds after which an open connection will no longer # be reused. # # Type of value: # # Time in seconds. # # Default value: # # None # # Effect if unset: # # Connections are not kept alive. # # Notes: # # This option allows clients to keep the connection to Privoxy # alive. If the server supports it, Privoxy will keep the # connection to the server alive as well. Under certain # circumstances this may result in speed-ups. # # By default, Privoxy will close the connection to the server if # the client connection gets closed, or if the specified timeout # has been reached without a new request coming in. This behaviour # can be changed with the connection-sharing option. # # This option has no effect if Privoxy has been compiled without # keep-alive support. # # Note that a timeout of five seconds as used in the default # configuration file significantly decreases the number of # connections that will be reused. The value is used because some # browsers limit the number of connections they open to a single # host and apply the same limit to proxies. This can result in a # single website "grabbing" all the connections the browser allows, # which means connections to other websites can't be opened until # the connections currently in use time out. # # Several users have reported this as a Privoxy bug, so the default # value has been reduced. Consider increasing it to 300 seconds # or even more if you think your browser can handle it. If your # browser appears to be hanging it can't. # # Examples: # # keep-alive-timeout 300 # keep-alive-timeout 5 # # # 6.5. default-server-timeout # ============================ # # Specifies: # # Assumed server-side keep-alive timeout if not specified by # the server. # # Type of value: # # Time in seconds. # # Default value: # # None # # Effect if unset: # # Connections for which the server didn't specify the keep-alive # timeout are not reused. # # Notes: # # Enabling this option significantly increases the number of # connections that are reused, provided the keep-alive-timeout # option is also enabled. # # While it also increases the number of connections problems when # Privoxy tries to reuse a connection that already has been closed # on the server side, or is closed while Privoxy is trying to # reuse it, this should only be a problem if it happens for the # first request sent by the client. If it happens for requests # on reused client connections, Privoxy will simply close the # connection and the client is supposed to retry the request # without bothering the user. # # Enabling this option is therefore only recommended if the # connection-sharing option is disabled. # # It is an error to specify a value larger than the # keep-alive-timeout value. # # This option has no effect if Privoxy has been compiled without # keep-alive support. # # Examples: # # default-server-timeout 60 # #default-server-timeout 60 # # # 6.6. connection-sharing # ======================== # # Specifies: # # Whether or not outgoing connections that have been kept alive # should be shared between different incoming connections. # # Type of value: # # 0 or 1 # # Default value: # # None # # Effect if unset: # # Connections are not shared. # # Notes: # # This option has no effect if Privoxy has been compiled without # keep-alive support, or if it's disabled. # # Notes: # # Note that reusing connections doesn't necessary cause # speedups. There are also a few privacy implications you should # be aware of. # # If this option is effective, outgoing connections are shared # between clients (if there are more than one) and closing the # browser that initiated the outgoing connection does no longer # affect the connection between Privoxy and the server unless # the client's request hasn't been completed yet. # # If the outgoing connection is idle, it will not be closed until # either Privoxy's or the server's timeout is reached. While # it's open, the server knows that the system running Privoxy is # still there. # # If there are more than one client (maybe even belonging to # multiple users), they will be able to reuse each others # connections. This is potentially dangerous in case of # authentication schemes like NTLM where only the connection # is authenticated, instead of requiring authentication for # each request. # # If there is only a single client, and if said client can keep # connections alive on its own, enabling this option has next to # no effect. If the client doesn't support connection keep-alive, # enabling this option may make sense as it allows Privoxy to keep # outgoing connections alive even if the client itself doesn't # support it. # # You should also be aware that enabling this option increases # the likelihood of getting the "No server or forwarder data" # error message, especially if you are using a slow connection # to the Internet. # # This option should only be used by experienced users who # understand the risks and can weight them against the benefits. # # Examples: # # connection-sharing 1 # #connection-sharing 1 # # # 6.7. socket-timeout # ==================== # # Specifies: # # Number of seconds after which a socket times out if no data # is received. # # Type of value: # # Time in seconds. # # Default value: # # None # # Effect if unset: # # A default value of 300 seconds is used. # # Notes: # # For SOCKS requests the timeout currently doesn't start until # the SOCKS server accepted the request. This will be fixed in # the next release. # # Examples: # # socket-timeout 300 # socket-timeout 300 # # # 6.8. max-client-connections # ============================ # # Specifies: # # Maximum number of client connections that will be served. # # Type of value: # # Positive number. # # Default value: # # None # # Effect if unset: # # Connections are served until a resource limit is reached. # # Notes: # # Privoxy creates one thread (or process) for every incoming # client connection that isn't rejected based on the access # control settings. # # If the system is powerful enough, Privoxy can theoretically deal # with several hundred (or thousand) connections at the same time, # but some operating systems enforce resource limits by shutting # down offending processes and their default limits may be below # the ones Privoxy would require under heavy load. # # Configuring Privoxy to enforce a connection limit below the # thread or process limit used by the operating system makes # sure this doesn't happen. Simply increasing the operating # system's limit would work too, but if Privoxy isn't the only # application running on the system, you may actually want to # limit the resources used by Privoxy. # # If Privoxy is only used by a single trusted user, limiting the # number of client connections is probably unnecessary. If there # are multiple possibly untrusted users you probably still want # to additionally use a packet filter to limit the maximal number # of incoming connections per client. Otherwise a malicious user # could intentionally create a high number of connections to # prevent other users from using Privoxy. # # Obviously using this option only makes sense if you choose a # limit below the one enforced by the operating system. # # Examples: # # max-client-connections 256 # #max-client-connections 256 # # 6.9. handle-as-empty-doc-returns-ok # ==================================== # # Specifies: # # The status code Privoxy returns for pages blocked with # +handle-as-empty-document. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Privoxy returns a status 403(forbidden) for all blocked pages. # # Effect if set: # # Privoxy returns a status 200(OK) for pages blocked with # +handle-as-empty-document and a status 403(Forbidden) for all # other blocked pages. # # Notes: # # This is a work-around for Firefox bug 492459: " Websites are no # longer rendered if SSL requests for JavaScripts are blocked by a # proxy. " (https:/ /bugzilla.mozilla.org/show_bug.cgi?id=492459) # As the bug has been fixed for quite some time this option # should no longer be needed and will be removed in a future # release. Please speak up if you have a reason why the option # should be kept around. # #handle-as-empty-doc-returns-ok 1 # # # 1.6.10. enable-compression # # Specifies: # # Whether or not buffered content is compressed before delivery. # # Type of value: # # 0 or 1 # # Default value: # # 0 # # Effect if unset: # # Privoxy does not compress buffered content. # # Effect if set: # # Privoxy compresses buffered content before delivering it to # the client, provided the client supports it. # # Notes: # # This directive is only supported if Privoxy has been compiled # with FEATURE_COMPRESSION, which should not to be confused # with FEATURE_ZLIB. # # Compressing buffered content is mainly useful if Privoxy and the # client are running on different systems. If they are running on # the same system, enabling compression is likely to slow things # down. If you didn't measure otherwise, you should assume that # it does and keep this option disabled. # # Privoxy will not compress buffered content below a certain # length. # #enable-compression 1 # # # 1.6.11. compression-level # # Specifies: # # The compression level that is passed to the zlib library when # compressing buffered content. # # Type of value: # # Positive number ranging from 0 to 9. # # Default value: # # 1 # # Notes: # # Compressing the data more takes usually longer than compressing # it less or not compressing it at all. Which level is best # depends on the connection between Privoxy and the client. If # you can't be bothered to benchmark it for yourself, you should # stick with the default and keep compression disabled. # # If compression is disabled, the compression level is irrelevant. # # Examples: # # # Best speed (compared to the other levels) # compression-level 1 # # # Best compression # compression-level 9 # # # No compression. Only useful for testing as the added header # # slightly increases the amount of data that has to be sent. # # If your benchmark shows that using this compression level # # is superior to using no compression at all, the benchmark # # is likely to be flawed. # compression-level 0 # # #compression-level 1 # # # 7. WINDOWS GUI OPTIONS # ======================= # # Privoxy has a number of options specific to the Windows GUI # interface: # # # If "activity-animation" is set to 1, the Privoxy icon will animate # when "Privoxy" is active. To turn off, set to 0. # #activity-animation 1 # # If "log-messages" is set to 1, Privoxy will log messages to the # console window: # #log-messages 1 # # If "log-buffer-size" is set to 1, the size of the log buffer, # i.e. the amount of memory used for the log messages displayed in # the console window, will be limited to "log-max-lines" (see below). # # Warning: Setting this to 0 will result in the buffer to grow # infinitely and eat up all your memory! # #log-buffer-size 1 # # log-max-lines is the maximum number of lines held in the log # buffer. See above. # #log-max-lines 200 # # If "log-highlight-messages" is set to 1, Privoxy will highlight # portions of the log messages with a bold-faced font: # #log-highlight-messages 1 # # The font used in the console window: # #log-font-name Comic Sans MS # # Font size used in the console window: # #log-font-size 8 # # "show-on-task-bar" controls whether or not Privoxy will appear as # a button on the Task bar when minimized: # #show-on-task-bar 0 # # If "close-button-minimizes" is set to 1, the Windows close button # will minimize Privoxy instead of closing the program (close with # the exit option on the File menu). # #close-button-minimizes 1 # # The "hide-console" option is specific to the MS-Win console version # of Privoxy. If this option is used, Privoxy will disconnect from # and hide the command console. # #hide-console # # ================================================ FILE: protocol/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "James Abley " RUN buildDeps=' \ ca-certificates \ openssl \ ' \ && apk --no-cache add --update \ python3 \ $buildDeps \ && wget https://github.com/luismartingarcia/protocol/archive/master.zip \ && unzip master.zip \ && cd protocol-master && python3 setup.py install \ && apk del --purge $buildDeps ENTRYPOINT ["protocol"] ================================================ FILE: pulseaudio/Dockerfile ================================================ # Pulseaudio # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # --device /dev/snd \ # --name pulseaudio \ # -p 4713:4713 \ # -v /var/run/dbus:/var/run/dbus \ # -v /etc/machine-id:/etc/machine-id \ # jess/pulseaudio # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ alsa-utils \ libasound2 \ libasound2-plugins \ pulseaudio \ pulseaudio-utils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/pulseaudio RUN useradd --create-home --home-dir $HOME pulseaudio \ && usermod -aG audio,pulse,pulse-access pulseaudio \ && chown -R pulseaudio:pulseaudio $HOME WORKDIR $HOME USER pulseaudio COPY default.pa /etc/pulse/default.pa COPY client.conf /etc/pulse/client.conf COPY daemon.conf /etc/pulse/daemon.conf ENTRYPOINT [ "pulseaudio" ] CMD [ "--log-level=4", "--log-target=stderr", "-v" ] ================================================ FILE: pulseaudio/client.conf ================================================ # This file is part of PulseAudio. # # PulseAudio is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # PulseAudio is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with PulseAudio; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA. ## Configuration file for PulseAudio clients. See pulse-client.conf(5) for ## more information. Default values are commented out. Use either ; or # for ## commenting. ; default-sink = ; default-source = ; default-server = ; default-dbus-server = autospawn = no daemon-binary = /bin/true ; extra-arguments = --log-target=syslog ; cookie-file = ; enable-shm = yes ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB ; auto-connect-localhost = no ; auto-connect-display = no ================================================ FILE: pulseaudio/daemon.conf ================================================ # This file is part of PulseAudio. # # PulseAudio is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # PulseAudio is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with PulseAudio; if not, see . ## Configuration file for the PulseAudio daemon. See pulse-daemon.conf(5) for ## more information. Default values are commented out. Use either ; or # for ## commenting. ; daemonize = no ; fail = yes ; allow-module-loading = yes ; allow-exit = yes ; use-pid-file = yes ; system-instance = no ; local-server-type = user ; enable-shm = yes ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB ; lock-memory = no ; cpu-limit = no ; high-priority = yes ; nice-level = -11 ; realtime-scheduling = yes ; realtime-priority = 5 exit-idle-time = 180 ; scache-idle-time = 20 ; dl-search-path = (depends on architecture) ; load-default-script-file = yes ; default-script-file = /etc/pulse/default.pa ; log-target = auto ; log-level = notice ; log-meta = no ; log-time = no ; log-backtrace = 0 ; resample-method = speex-float-1 ; enable-remixing = yes ; enable-lfe-remixing = no flat-volumes = yes ; rlimit-fsize = -1 ; rlimit-data = -1 ; rlimit-stack = -1 ; rlimit-core = -1 ; rlimit-as = -1 ; rlimit-rss = -1 ; rlimit-nproc = -1 ; rlimit-nofile = 256 ; rlimit-memlock = -1 ; rlimit-locks = -1 ; rlimit-sigpending = -1 ; rlimit-msgqueue = -1 ; rlimit-nice = 31 ; rlimit-rtprio = 9 ; rlimit-rttime = 200000 ; default-sample-format = s16le ; default-sample-rate = 44100 ; alternate-sample-rate = 48000 ; default-sample-channels = 2 ; default-channel-map = front-left,front-right ; default-fragments = 4 ; default-fragment-size-msec = 25 ; enable-deferred-volume = yes ; deferred-volume-safety-margin-usec = 8000 ; deferred-volume-extra-delay-usec = 0 ================================================ FILE: pulseaudio/default.pa ================================================ # Replace the *entire* content of this file with these few lines and # read the comments .fail # Set tsched=0 here if you experience glitchy playback. This will # revert back to interrupt-based scheduling and should fix it. # # Replace the device= part if you want pulse to use a specific device # such as "dmix" and "dsnoop" so it doesn't lock an hw: device. # INPUT/RECORD load-module module-alsa-source device="default" tsched=1 # OUTPUT/PLAYBACK load-module module-alsa-sink device="default" tsched=1 # Accept clients -- very important load-module module-native-protocol-unix load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;192.168.0.0/24 auth-anonymous=1 .nofail .ifexists module-x11-publish.so # Publish to X11 so the clients know how to connect to Pulse. Will # clear itself on unload. load-module module-x11-publish .endif ================================================ FILE: radarr/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " ENV LANG "en_US.UTF-8" ENV LANGUAGE "en_US.UTF-8" ENV TERM "xterm" RUN apk add --no-cache \ bash \ ca-certificates \ libmediainfo \ mono \ tar \ --repository https://dl-4.alpinelinux.org/alpine/edge/testing # https://github.com/Radarr/Radarr/releases ENV RADARR_VERSION 0.2.0.1480 RUN mkdir -p /opt/radarr \ && wget "https://github.com/Radarr/Radarr/releases/download/v${RADARR_VERSION}/Radarr.develop.${RADARR_VERSION}.linux.tar.gz" -O /tmp/radarr.tar.gz \ && tar -xzvf /tmp/radarr.tar.gz -C /opt/radarr --strip-components 1 \ && rm -rf /tmp/radarr.tar.gz COPY entrypoint.sh /usr/local/bin/entrypoint.sh # Create user and change ownership RUN addgroup -g 666 -S radarr \ && adduser -u 666 -SHG radarr radarr \ && mkdir -p /config \ && chown -R radarr:radarr /opt/radarr /config WORKDIR /opt/radarr USER radarr ENTRYPOINT ["entrypoint.sh"] ================================================ FILE: radarr/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail handle_signal() { PID=$! echo "Received signal. PID is ${PID}" kill -s SIGHUP $PID } trap "handle_signal" SIGINT SIGTERM SIGHUP echo "Starting radarr..." exec mono --debug /opt/radarr/Radarr.exe --no-browser -data=/config & wait echo "Stopping radarr..." ================================================ FILE: rainbowstream/Dockerfile ================================================ # Run Rainbowstream in a container # # docker run -it --rm \ # -v /etc/localtime:/etc/localtime:ro \ # -v $HOME/.rainbow_oauth:/root/.rainbow_oauth \ # mount config files # -v $HOME/.rainbow_config.json:/root/.rainbow_config.json \ # --name rainbowstream \ # jess/rainbowstream # FROM python:2-alpine LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ build-base \ ca-certificates \ freetype \ freetype-dev \ openjpeg-dev \ zlib-dev RUN USER=root pip install \ pillow==2.8.0 \ rainbowstream ENTRYPOINT [ "rainbowstream" ] ================================================ FILE: rdesktop/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ libgssapi-krb5-2 \ rdesktop \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "rdesktop" ] ================================================ FILE: registry-auth/Dockerfile ================================================ FROM python:2-alpine AS buildbase LABEL maintainer "Jess Frazelle " RUN apk add --no-cache \ bash \ go \ git \ gcc \ g++ \ libc-dev \ libgcc \ make ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV DOCKER_AUTH_VERSION 1.5.0 RUN git clone --depth 1 --branch ${DOCKER_AUTH_VERSION} https://github.com/cesanta/docker_auth /go/src/github.com/cesanta/docker_auth WORKDIR /go/src/github.com/cesanta/docker_auth/auth_server RUN pip install GitPython RUN make deps generate RUN go build -o /usr/bin/auth_server --ldflags=--s FROM alpine:latest RUN apk --no-cache add \ ca-certificates COPY --from=buildbase /usr/bin/auth_server /usr/bin/auth_server ENTRYPOINT [ "auth_server" ] CMD [ "/config/auth_config.yml" ] ================================================ FILE: remmina/Dockerfile ================================================ # Run remmina in a container # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # -v $HOME/.remmina:/root/.remmina \ # --name remmina \ # jess/remmina # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ apt-add-repository ppa:remmina-ppa-team/remmina-next && \ apt-get update && apt-get install -y \ hicolor-icon-theme \ remmina \ remmina-plugin-rdp \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "remmina" ] ================================================ FILE: requestbin/Dockerfile ================================================ FROM python:2-alpine RUN apk add --no-cache --virtual .build-deps \ build-base \ git \ libffi-dev \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/main/ \ && git clone --depth 1 https://github.com/Runscope/requestbin /src \ && sed -i 's/gevent/gevent==1.4.0/' /src/requirements.txt \ && echo "Flask==1.1.1" >> /src/requirements.txt \ && echo "Werkzeug==0.15.6" >> /src/requirements.txt \ && pip install -r /src/requirements.txt \ && rm -rf ~/.pip/cache \ && apk del .build-deps WORKDIR /src CMD ["gunicorn", "-b", "0.0.0.0:8080", "requestbin:app", "-k", "gevent"] ================================================ FILE: ricochet/Dockerfile ================================================ # Run ricochet in a container # see: https://ricochet.im/ # # docker run -d \ # --restart always \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --name ricochet \ # jess/ricochet # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive RUN mkdir -p /etc/xdg/QtProject && \ apt-get update && apt-get install -y \ dirmngr \ gnupg \ libasound2 \ libfontconfig1 \ libgl1-mesa-dri \ libgl1-mesa-glx \ libx11-xcb1 \ libxext6 \ libxrender1 \ qtbase5-dev \ && rm -rf /var/lib/apt/lists/* ENV RICOCHET_VERSION 1.1.4 ENV RICOCHET_FINGERPRINT 0xFF97C53F183C045D RUN buildDeps=' \ bzip2 \ ca-certificates \ curl \ ' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -sSL "https://ricochet.im/releases/${RICOCHET_VERSION}/ricochet-${RICOCHET_VERSION}-linux-x86_64.tar.bz2" -o /tmp/ricochet.tar.bz2 \ && curl -sSL "https://ricochet.im/releases/${RICOCHET_VERSION}/ricochet-${RICOCHET_VERSION}-linux-x86_64.tar.bz2.asc" -o /tmp/ricochet.tar.bz2.asc \ && export GNUPGHOME="$(mktemp -d)" \ && chmod 600 "${GNUPGHOME}" \ && curl -sSL https://ricochet.im/john-brooks.asc | gpg --no-tty --import \ && gpg --fingerprint --keyid-format LONG ${RICOCHET_FINGERPRINT} | grep "9032 CAE4 CBFA 933A 5A21 45D5 FF97 C53F 183C 045D" \ && gpg --batch --verify /tmp/ricochet.tar.bz2.asc /tmp/ricochet.tar.bz2 \ && tar -vxj --strip-components 1 -C /usr/local/bin -f /tmp/ricochet.tar.bz2 \ && rm -rf /tmp/ricochet* \ && rm -rf "${GNUPGHOME}" \ && apt-get purge -y --auto-remove $buildDeps ENTRYPOINT [ "ricochet" ] ================================================ FILE: routersploit/Dockerfile ================================================ FROM debian:buster-slim LABEL maintainer "Christian Koep " ENV ROUTERSPLOIT_VERSION v3.4.0 RUN apt-get update && apt-get install -y \ git \ python-requests \ python-paramiko \ python-pysnmp-common \ python-bs4 \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && git clone --depth 1 --branch "${ROUTERSPLOIT_VERSION}" https://github.com/reverse-shell/routersploit /usr/bin/routersploit \ && apt-get purge -y --auto-remove \ git WORKDIR "/usr/bin/routersploit/" ENTRYPOINT [ "./rsf.py" ] ================================================ FILE: rstudio/Dockerfile ================================================ # Run RStudio in a container # # docker run -it \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket # -e DISPLAY=unix$DISPLAY \ # -v $HOME/rscripts:/root/rscripts \ # --device /dev/dri \ # --name rstudio \ # jess/rstudio # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install Rstudio deps RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ fcitx-frontend-qt5 \ fcitx-modules \ fcitx-module-dbus \ libasound2 \ libclang-dev \ libedit2 \ libgl1-mesa-dri \ libgl1-mesa-glx \ libgstreamer1.0-0 \ libgstreamer-plugins-base1.0-0 \ libjpeg-dev \ libjpeg62-turbo \ libjpeg62-turbo-dev \ libpresage1v5 \ libpresage-data \ libqt5core5a \ libqt5dbus5 \ libqt5gui5 \ libqt5network5 \ libqt5printsupport5 \ libqt5webkit5 \ libqt5widgets5 \ libnss3 \ libtiff5 \ libxcomposite1 \ libxcursor1 \ libxslt1.1 \ libxtst6 \ littler \ locales \ r-base \ r-base-dev \ r-recommended \ --no-install-recommends \ && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \ && locale-gen en_US.utf8 \ && /usr/sbin/update-locale LANG=en_US.UTF-8 \ && rm -rf /var/lib/apt/lists/* # https://www.rstudio.com/products/rstudio/download/#download ENV RSTUDIO_VERSION 1.3.959 # Download the source RUN curl -sSL "https://download1.rstudio.org/desktop/bionic/amd64/rstudio-${RSTUDIO_VERSION}-amd64.deb" -o /tmp/rstudio-amd64.deb \ && dpkg -i /tmp/rstudio-amd64.deb \ && rm -rf /tmp/*.deb \ && ln -f -s /usr/lib/rstudio/bin/rstudio /usr/bin/rstudio ENV LC_ALL en_US.UTF-8 ENV LANG en_US.UTF-8 # Set default CRAN repo RUN mkdir -p /etc/R \ && echo 'options(repos = c(CRAN = "https://cran.rstudio.com/"), download.file.method = "libcurl")' >> /etc/R/Rprofile.site \ && echo 'source("/etc/R/Rprofile.site")' >> /etc/littler.r \ && ln -s /usr/share/doc/littler/examples/install.r /usr/local/bin/install.r \ && ln -s /usr/share/doc/littler/examples/install2.r /usr/local/bin/install2.r \ && ln -s /usr/share/doc/littler/examples/installGithub.r /usr/local/bin/installGithub.r \ && ln -s /usr/share/doc/littler/examples/testInstalled.r /usr/local/bin/testInstalled.r \ && rm -rf /tmp/downloaded_packages/ /tmp/*.rds \ && echo '"\e[5~": history-search-backward' >> /etc/inputrc \ && echo '"\e[6~": history-search-backward' >> /etc/inputrc ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME WORKDIR $HOME USER user # Autorun Rstudio ENTRYPOINT [ "rstudio" ] ================================================ FILE: rt-tests/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ rt-tests \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* CMD [ "hackbench" ] ================================================ FILE: run.sh ================================================ #!/bin/bash # # This script allows you to launch several images # from this repository once they're built. # # Make sure you add the `docker run` command # in the header of the Dockerfile so the script # can find it and execute it. # # Use pulseaudio/Dockerfile and skype/Dockerfile as examples. set -e set -o pipefail if [[ $# -eq 0 ]]; then echo "Usage: $0 [--test] image1 image2 ..." exit 1 fi if [[ "$1" = "--test" ]]; then TEST=1 shift fi for name in "$@"; do if [[ ! -d "$name" ]]; then echo "Unable to find container configuration with name: $name" exit 1 fi script=$(sed -n '/docker run/,/^#$/p' "$name/Dockerfile" | head -n -1 | sed "s/#//" | sed "s#\\\\##" | tr '\n' ' ' | sed "s/\$@//" | sed 's/""//') echo "Running: $script" if [ $TEST ]; then echo "$script" else eval "$script" fi shift done ================================================ FILE: runc-rootless/Dockerfile ================================================ FROM golang:alpine AS runc ENV RUNC_VERSION 9f9c96235cc97674e935002fc3d78361b696a69e RUN apk add --no-cache \ bash \ curl \ g++ \ git \ libseccomp-dev \ linux-headers \ make RUN git clone https://github.com/jessfraz/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ && cd "$GOPATH/src/github.com/opencontainers/runc" \ && git checkout -q "demo-rootless" \ && make static BUILDTAGS="seccomp" EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\"" \ && mv runc /usr/bin/runc FROM alpine:latest MAINTAINER Jessica Frazelle RUN apk add --no-cache \ bash \ shadow \ shadow-uidmap \ strace COPY --from=runc /usr/bin/runc /usr/bin/runc COPY start.sh /usr/bin/start.sh ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user COPY busybox.tar /home/user/busybox.tar RUN chown -R user:user $HOME /run /tmp USER user WORKDIR $HOME CMD ["start.sh"] ================================================ FILE: runc-rootless/start.sh ================================================ #!/bin/bash set -e set -o pipefail mkdir -p "${HOME}/rootfs" mkdir -p "${HOME}/containerroot" # untar the rootfs tar -C "${HOME}/rootfs" -xf "${HOME}/busybox.tar" # create the spec runc spec --rootless # run the container runc --root "${HOME}/containerroot" run mycontainer ================================================ FILE: s3cmd/Dockerfile ================================================ # s3cmd in a container # # docker run --rm -it \ # -e AWS_ACCESS_KEY \ # -e AWS_SECRET_KEY \ # -v $(pwd):/root/s3cmd-workspace # --name s3cmd \ # jess/s3cmd # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ s3cmd \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Setup s3cmd config RUN { \ echo '[default]'; \ echo 'access_key=$AWS_ACCESS_KEY'; \ echo 'secret_key=$AWS_SECRET_KEY'; \ } > ~/.s3cfg ENV HOME /root WORKDIR $HOME/s3cmd-workspace ENTRYPOINT [ "s3cmd" ] ================================================ FILE: scudcloud/Dockerfile ================================================ # To use: # Needs X11 socket and dbus mounted # # docker run --rm -it \ # -v /etc/machine-id:/etc/machine-id:ro \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd:/dev/snd \ # -v /var/run/dbus:/var/run/dbus \ # -v $HOME/.scudcloud:/home/user/.config/scudcloud \ # --name scudcloud \ # jess/scudcloud FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ dbus-x11 \ hunspell-en-us \ libnotify-bin \ python3-dbus \ software-properties-common \ --no-install-recommends && \ apt-add-repository -y ppa:rael-gc/scudcloud && \ apt-get update && \ apt-get install -y \ scudcloud \ && rm -rf /var/lib/apt/lists/* ENV LANG en_US.UTF-8 ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME USER user ENTRYPOINT ["/usr/bin/scudcloud"] ================================================ FILE: shellcheck/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ file \ shellcheck \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* CMD ["shellcheck"] ================================================ FILE: shellcheck.sh ================================================ #!/bin/bash set -e set -o pipefail ERRORS=() # find all executables and run `shellcheck` for f in $(find . -type f -not -iwholename '*.git*' -not -name "Dockerfile" | sort -u); do if file "$f" | grep --quiet shell; then { shellcheck "$f" && echo "[OK]: sucessfully linted $f" } || { # add to errors ERRORS+=("$f") } fi done if [ ${#ERRORS[@]} -eq 0 ]; then echo "No errors, hooray" else echo "These files failed shellcheck: ${ERRORS[*]}" exit 1 fi ================================================ FILE: shorewall/Dockerfile ================================================ # shorewall in a container # # docker run --rm -it \ # --net host \ # --cap-add NET_ADMIN \ # --privileged \ # jess/shorewall # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ shorewall \ && touch /var/log/messages COPY ./etc /etc/shorewall ENTRYPOINT [ "/usr/sbin/shorewall" ] ================================================ FILE: shorewall/etc/interfaces ================================================ # # Shorewall version 4 - Interfaces File # # For information about entries in this file, type "man shorewall-interfaces" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS - lo ignore dock docker0 bridge net all dhcp,physical=+ ================================================ FILE: shorewall/etc/masq ================================================ # # Shorewall version 4 - Masq file # # For information about entries in this file, type "man shorewall-masq" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-masq.html # ################################################################################################################ #INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL # GROUP DEST #net 172.17.0.0/16 ================================================ FILE: shorewall/etc/policy ================================================ # # Shorewall version 4 - Policy File # # For information about entries in this file, type "man shorewall-policy" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK dock net ACCEPT dock fw ACCEPT net dock DROP net all DROP fw net ACCEPT fw dock ACCEPT ================================================ FILE: shorewall/etc/rules ================================================ # # Shorewall version 4 - Rules File # # For information on the settings in this file, type "man shorewall-rules" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-rules.html # ###################################################################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S)DEST LIMIT GROUP ?SECTION ALL ?SECTION ESTABLISHED ?SECTION RELATED ?SECTION INVALID ?SECTION UNTRACKED ?SECTION NEW Invalid(DROP) net $FW tcp Invalid(DROP) net dock tcp Invalid(DROP) net dock udp #SSH(ACCEPT) net $FW # on a server you would obviously want to accept here #Ping(ACCEPT) net $FW ================================================ FILE: shorewall/etc/shorewall.conf ================================================ ############################################################################### # # Shorewall Version 4.4 -- /etc/shorewall/shorewall.conf # # For information about the settings in this file, type "man shorewall.conf" # # Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html ############################################################################### # S T A R T U P E N A B L E D ############################################################################### STARTUP_ENABLED=Yes ############################################################################### # V E R B O S I T Y ############################################################################### VERBOSITY=1 ############################################################################### # L O G G I N G ############################################################################### BLACKLIST_LOG_LEVEL= INVALID_LOG_LEVEL= LOG_BACKEND= LOG_MARTIANS=Yes LOG_VERBOSITY=2 LOGALLNEW= LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGLIMIT= MACLIST_LOG_LEVEL=info RELATED_LOG_LEVEL= RPFILTER_LOG_LEVEL=info SFILTER_LOG_LEVEL=info SMURF_LOG_LEVEL=info STARTUP_LOG=/var/log/shorewall-init.log TCP_FLAGS_LOG_LEVEL=info UNTRACKED_LOG_LEVEL= ############################################################################### # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ############################################################################### ARPTABLES= CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= IP= IPSET= LOCKFILE= MODULESDIR= NFACCT= PERL=/usr/bin/perl PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh SUBSYSLOCK= TC= ############################################################################### # D E F A U L T A C T I O N S / M A C R O S ############################################################################### ACCEPT_DEFAULT="none" DROP_DEFAULT="Drop" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" REJECT_DEFAULT="Reject" ############################################################################### # R S H / R C P C O M M A N D S ############################################################################### RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' RSH_COMMAND='ssh ${root}@${system} ${command}' ############################################################################### # F I R E W A L L O P T I O N S ############################################################################### ACCOUNTING=Yes ACCOUNTING_TABLE=filter ADD_IP_ALIASES=No ADD_SNAT_ALIASES=No ADMINISABSENTMINDED=Yes BASIC_FILTERS=No IGNOREUNKNOWNVARIABLES=No AUTOCOMMENT=Yes AUTOHELPERS=Yes AUTOMAKE=No BLACKLIST="NEW,INVALID,UNTRACKED" CHAIN_SCRIPTS=No CLAMPMSS=No CLEAR_TC=Yes COMPLETE=Yes DEFER_DNS_RESOLUTION=Yes DISABLE_IPV6=No DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No DONT_LOAD= DYNAMIC_BLACKLIST=Yes EXPAND_POLICIES=Yes EXPORTMODULES=Yes FASTACCEPT=Yes FORWARD_CLEAR_MARK= HELPERS= IMPLICIT_CONTINUE=No INLINE_MATCHES=Yes IPSET_WARNINGS=Yes IP_FORWARDING=On KEEP_RT_TABLES=No LOAD_HELPERS_ONLY=Yes LEGACY_FASTSTART=No MACLIST_TABLE=filter MACLIST_TTL= MANGLE_ENABLED=Yes MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MODULE_SUFFIX=ko MULTICAST=No MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No OPTIMIZE=All OPTIMIZE_ACCOUNTING=No REJECT_ACTION= REQUIRE_INTERFACE=Yes RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes RETAIN_ALIASES=No ROUTE_FILTER=No SAVE_ARPTABLES=No SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=Yes TRACK_RULES=No USE_DEFAULT_RT=Yes USE_PHYSICAL_NAMES=No USE_RT_NAMES=No WARNOLDCAPVERSION=Yes ZONE2ZONE=- ############################################################################### # P A C K E T D I S P O S I T I O N ############################################################################### BLACKLIST_DISPOSITION=DROP INVALID_DISPOSITION=CONTINUE MACLIST_DISPOSITION=REJECT RELATED_DISPOSITION=ACCEPT RPFILTER_DISPOSITION=DROP SMURF_DISPOSITION=DROP SFILTER_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP UNTRACKED_DISPOSITION=CONTINUE ################################################################################ # P A C K E T M A R K L A Y O U T ################################################################################ TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 ################################################################################ # L E G A C Y O P T I O N # D O N O T D E L E T E O R A L T E R ################################################################################ IPSECFILE=zones #LAST LINE -- DO NOT REMOVE ================================================ FILE: shorewall/etc/zones ================================================ # # Shorewall version 4 - Zones File # # For information about this file, type "man shorewall-zones" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-zones.html # ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall dock ipv4 net ip ================================================ FILE: sickbeard/Dockerfile ================================================ # Sickbeard in a container # # docker run -d \ # --restart always \ # -p 8081:8081 \ # -v /etc/localtime:/etc/localtime:ro \ # -v /volumes/sickbeard:/data \ # --link transmission:transmission \ # --name sickbeard \ # jess/sickbeard # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ ca-certificates \ git \ python \ py-pip \ py-setuptools RUN pip install cheetah ENV SICKBEARD_VERSION torrent_1080_subtitles EXPOSE 8081 RUN git clone https://github.com/junalmeida/Sick-Beard.git /usr/src/sickbeard WORKDIR /usr/src/sickbeard ENTRYPOINT [ "python", "SickBeard.py" ] CMD [ "--datadir", "/data" ] ================================================ FILE: skype/Dockerfile ================================================ # Run skype in a container, requires pulseaudio # (but I have a container for that) # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v $HOME/.Skype:/home/skype/.Skype \ # -e DISPLAY=unix$DISPLAY \ # --link pulseaudio:pulseaudio \ # -e PULSE_SERVER=pulseaudio \ # --device /dev/video0 \ # --name skype \ # jess/skype # FROM debian:bullseye-slim # Tell debconf to run in non-interactive mode ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ procps \ --no-install-recommends # Add the skype debian repo RUN curl -sSL https://repo.skype.com/data/SKYPE-GPG-KEY | apt-key add - RUN echo "deb [arch=amd64] https://repo.skype.com/deb stable main" > /etc/apt/sources.list.d/skype.list RUN apt-get update && apt-get -y install \ skypeforlinux \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* COPY run-skype-and-wait-for-exit /usr/local/bin # Make a user ENV HOME /home/skype RUN useradd --create-home --home-dir $HOME skype \ && chown -R skype:skype $HOME \ && usermod -a -G audio,video skype WORKDIR $HOME USER skype # Start Skype ENTRYPOINT ["run-skype-and-wait-for-exit"] ================================================ FILE: skype/run-skype-and-wait-for-exit ================================================ #!/bin/bash skypeforlinux sleep 3 while ps -C skypeforlinux >/dev/null;do sleep 3;done ================================================ FILE: slack/Dockerfile ================================================ # Run slack desktop app in a container # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd \ # --device /dev/dri \ # --device /dev/video0 \ # --group-add audio \ # --group-add video \ # -v "${HOME}/.slack:/root/.config/Slack" \ # --ipc="host" \ # --name slack \ # jess/slack "$@" FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " ENV LC_ALL en_US.UTF-8 ENV LANG en_US.UTF-8 RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ locales \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \ && locale-gen en_US.utf8 \ && /usr/sbin/update-locale LANG=en_US.UTF-8 # Add the slack debian repo RUN curl -sSL https://packagecloud.io/slacktechnologies/slack/gpgkey | apt-key add - RUN echo "deb https://packagecloud.io/slacktechnologies/slack/debian/ jessie main" > /etc/apt/sources.list.d/slacktechnologies_slack.list RUN apt-get update && apt-get -y install \ libasound2 \ libgtk-3-0 \ libx11-xcb1 \ libxkbfile1 \ slack-desktop \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT ["/usr/lib/slack/slack"] ================================================ FILE: slapd/Dockerfile ================================================ # Run slapd in a docker container # # - `LDAP_DOMAIN` sets the LDAP root domain. (e.g. if you provide `foo.bar.com` # here, the root of your directory will be `dc=foo,dc=bar,dc=com`) # - `LDAP_ORGANIZATION` sets the human-readable name for your organization (e.g. # `Acme Widgets Inc.`) # - `LDAP_ROOTPASS` sets the LDAP admin user password (i.e. the password for # `cn=admin,dc=example,dc=com` if your domain was `example.com`) # # How to start the container: # # docker run -v /data/ldap:/var/lib/ldap \ # -e LDAP_DOMAIN=authy.auth.co \ # -e LDAP_ORGANISATION="E Corp" \ # -e LDAP_ROOTPASS=fsociety \ # -d jess/slapd # # You can load an LDIF file (to set up your directory) like so: # # docker exec -it your_container ldapadd \ # -h localhost -p -c -x \ # -D cn=admin,dc=mycorp,dc=com -W -f data.ldif # # Be aware that by default the LDAP port is accessible from anywhere if the \ # host firewall is unconfigured. # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && LC_ALL=C DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ ldap-utils \ slapd \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Just some default values for fun! ENV LDAP_ROOTPASS=fsociety LDAP_ORGANIZATION="E CORP" LDAP_DOMAIN=mr.robot.com COPY start.sh /start.sh ENTRYPOINT [ "/start.sh" ] ================================================ FILE: slapd/start.sh ================================================ #!/bin/bash set -e set -o pipefail : LDAP_ROOTPASS="${LDAP_ROOTPASS}" : LDAP_DOMAIN="${LDAP_DOMAIN}" : LDAP_ORGANIZATION="${LDAP_ORGANIZATION}" if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then echo "configuring slapd for first run" cat <" ENV LANG "en_US.UTF-8" ENV LANGUAGE "en_US.UTF-8" ENV TERM "xterm" RUN apk add --no-cache \ bash \ ca-certificates \ libmediainfo \ mono \ tar \ --repository https://dl-4.alpinelinux.org/alpine/edge/testing ENV SONARR_VERSION "develop" RUN mkdir -p /opt/sonarr \ && wget "http://update.sonarr.tv/v2/${SONARR_VERSION}/mono/NzbDrone.${SONARR_VERSION}.tar.gz" -O /tmp/sonarr.tar.gz \ && tar -xzvf /tmp/sonarr.tar.gz -C /opt/sonarr --strip-components 1 \ && rm -rf /tmp/sonarr.tar.gz COPY entrypoint.sh /usr/local/bin/entrypoint.sh # Create user and change ownership RUN addgroup -g 666 -S sonarr \ && adduser -u 666 -SHG sonarr sonarr \ && mkdir -p /config \ && chown -R sonarr:sonarr /opt/sonarr /config WORKDIR /opt/sonarr USER sonarr ENTRYPOINT ["entrypoint.sh"] ================================================ FILE: sonarr/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail handle_signal() { PID=$! echo "Received signal. PID is ${PID}" kill -s SIGHUP $PID } trap "handle_signal" SIGINT SIGTERM SIGHUP echo "Starting sonarr..." exec mono --debug /opt/sonarr/NzbDrone.exe --no-browser -data=/config & wait echo "Stopping sonarr..." ================================================ FILE: spotify/Dockerfile ================================================ # Run spotify in a container # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd:/dev/snd \ # -v $HOME/.spotify/config:/home/spotify/.config/spotify \ # -v $HOME/.spotify/cache:/home/spotify/spotify \ # --name spotify \ # jess/spotify # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ dirmngr \ gnupg \ --no-install-recommends \ && curl -sS https://download.spotify.com/debian/pubkey_0D811D58.gpg | apt-key add - \ && echo "deb http://repository.spotify.com stable non-free" >> /etc/apt/sources.list.d/spotify.list \ && apt-get update && apt-get install -y \ alsa-utils \ libgl1-mesa-dri \ libgl1-mesa-glx \ libpulse0 \ libsm6 \ spotify-client \ xdg-utils \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/spotify RUN useradd --create-home --home-dir $HOME spotify \ && gpasswd -a spotify audio \ && chown -R spotify:spotify $HOME WORKDIR $HOME USER spotify # make search bar text better RUN echo "QLineEdit { color: #000 }" > /home/spotify/spotify-override.css ENTRYPOINT [ "spotify" ] CMD [ "-stylesheet=/home/spotify/spotify-override.css" ] ================================================ FILE: spotify-wine/Dockerfile ================================================ # Run spotify windows app in a container with wine # # docker run --rm -it \ # -v /etc/localtime:/etc/localtime:ro \ # --cpuset-cpus 0 \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/snd:/dev/snd \ # --name spotify-wine \ # jess/spotify-wine bash # FROM r.j3ss.co/wine LABEL maintainer "Jessie Frazelle " ADD https://download.scdn.co/SpotifySetup.exe /usr/src/SpotifySetup.exe RUN echo "wine /usr/src/SpotifySetup.exe" > /root/.bash_history CMD [ "bash" ] ================================================ FILE: strace/Dockerfile ================================================ FROM alpine:latest RUN apk add --no-cache \ bash \ strace ENTRYPOINT ["strace"] ================================================ FILE: stress/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ stress \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "stress" ] ================================================ FILE: sublime-text-3/Dockerfile ================================================ # DESCRIPTION: Create sublime-text 3 container with its dependencies (https://www.sublimetext.com/3) # AUTHORS: Christian Koep , Chuck Knox # USAGE: # # Build sublime-text 3 image # docker build -t sublime-text:3 . # # # Run the container and mount the local settings and your code # # Your code must be under $HOME/Documents, you only need to change it here. # docker run -d -it \ # -w $HOME/Documents \ # -v $HOME/.config/sublime-text-3:$HOME/.config/sublime-text-3 \ # -v $HOME/Documents:$HOME/Documents \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v $HOME/.local/share/recently-used.xbel:$HOME/.local/share/recently-used.xbel \ # -e DISPLAY=$DISPLAY \ # -e NEWUSER=$USER \ # -e LANG=en_US.UTF-8 \ # sublime-text:3 # # POSSIBLE ISSUES: # # 'Gtk: cannot open display: :0' # Try to set 'DISPLAY=your_host_ip:0' or run 'xhost +' on your host. # (see: https://stackoverflow.com/questions/28392949/running-chromium-inside-docker-gtk-cannot-open-display-0) # FROM debian:bullseye-slim LABEL maintainer "Christian Koep " RUN apt-get update && apt-get -y install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ locales \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Generate system-wide UTF-8 locale # Sublime might nag about Ascii issue w/ Package Control otherwise RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ locale-gen && \ echo "LANG=en_US.UTF-8" > /etc/locale.conf # Add the sublime debian repo RUN curl -sSL https://download.sublimetext.com/sublimehq-pub.gpg | apt-key add - RUN echo "deb https://download.sublimetext.com/ apt/stable/" > /etc/apt/sources.list.d/sublime-text.list # Installing the libcanberra-gtk-module gets rid of a lot of annoying error messages. RUN apt-get update && apt-get -y install \ libcanberra-gtk-module \ sublime-text \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # In order to prevent writing as root:root in Sublime, we have to run the Sublime Text container # as the user that creates the container. Normally we do this by passing $UID. # But just passing $UID along isn't enough - Sublime has to be started by a user that exists. # By default in the container, the only user that actually exists is root. # Therefore we have to create a new user, and start Sublime as that user. # This is not possible at build time, so the /run.sh script accepts an environment # variable called $NEWUSER that creates a user and group named $USER. # Additional note: Sublime puts a lot of stuff in ~/.config, which is mounted at runtime. Without this directory being mounted, settings/packages/etc won't persist. COPY run.sh /run.sh RUN chmod +x /run.sh CMD ["/run.sh"] ================================================ FILE: sublime-text-3/run.sh ================================================ #!/bin/bash set -e set -o pipefail COMMAND=/opt/sublime_text/sublime_text if [ -z ${NEWUSER+x} ]; then echo "WARN: No user was defined, defaulting to root." echo "WARN: Sublime will save files as root:root." echo " To prevent this, start the container with -e NEWUSER=\$USER" exec "$COMMAND" -w else # The root user already exists, so we only need to do something if # a user has been specified. useradd -s /bin/bash "$NEWUSER" # If you'd like to have Sublime Text add your development folder # to the current project (i.e. in the sidebar at start), append # "-a /home/$NEWUSER/Documents" (without quotes) into the su -c command below. # Example: su $NEWUSER -c "$COMMAND -w -a /home/$NEWUSER/Documents" su "$NEWUSER" -c "$COMMAND -w" fi ================================================ FILE: t/Dockerfile ================================================ FROM ruby:alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ && gem install io-console t --no-document \ && apk del .build-deps ENTRYPOINT ["t"] ================================================ FILE: tarsnap/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ gnupg \ && rm -rf /var/lib/apt/lists/* ENV TARSNAP_VERSION 1.0.39 RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ curl \ e2fsprogs-libs \ e2fsprogs-dev \ make \ openssl-dev \ perl-digest-sha1 \ perl-utils \ tar \ zlib-dev \ && curl -sSL "https://www.tarsnap.com/download/tarsnap-autoconf-${TARSNAP_VERSION}.tgz" -o /tmp/tarsnap.tgz \ && curl -sSL "https://www.tarsnap.com/download/tarsnap-sigs-${TARSNAP_VERSION}.asc" -o /tmp/tarsnap.tgz.asc \ && curl -sSL "https://www.tarsnap.com/tarsnap-signing-key-2015.asc" | gpg --no-tty --import \ && sha=$(gpg --decrypt /tmp/tarsnap.tgz.asc | awk '{ print $4 }') \ && if [ "$sha" != "$(shasum -a 256 /tmp/tarsnap.tgz | awk '{ print $1 }')" ]; then exit 1; fi \ && mkdir -p /usr/src/tarsnap \ && tar -xzf /tmp/tarsnap.tgz -C /usr/src/tarsnap --strip-components 1 \ && rm /tmp/tarsnap.tgz* \ && ( \ cd /usr/src/tarsnap \ && ./configure --prefix=/usr \ && make \ && make install \ ) \ && rm -rf /usr/src/tarsnap \ && apk del .build-deps ENTRYPOINT [ "tarsnap" ] CMD [ "--help" ] ================================================ FILE: telize/Dockerfile ================================================ FROM shurshun/openresty:latest STOPSIGNAL SIGTERM EXPOSE 80 443 ENV TELIZE_VERSION 66063c6c6e5bbbafcf493c5bc7c825f0a6e1b03d ENV LICENSE_KEY lgNvGyhnUKpa5PJi RUN apk add --no-cache \ ca-certificates \ curl \ git RUN addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx RUN set -x \ && mkdir -p /usr/share/GeoIP \ && curl -sSL "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${LICENSE_KEY}&suffix=tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ && curl -sSL "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${LICENSE_KEY}&suffix=tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ && curl -sSL "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${LICENSE_KEY}&suffix=tar.gz" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \ && git clone https://github.com/fcambus/telize.git /usr/src/telize \ && ( \ cd /usr/src/telize \ && git checkout "$TELIZE_VERSION" \ && cp *.conf /etc/nginx/ \ ) \ && rm -rf /usr/src/telize COPY nginx.conf /etc/nginx/nginx.conf COPY mime.types /etc/nginx/mime.types COPY telize.conf /etc/nginx/conf.d/telize.conf CMD ["nginx", "-g", "daemon off;"] ================================================ FILE: telize/country-code3.conf ================================================ map $geoip2_country_code $geoip2_country_code3 { "AD" "AND"; "AE" "ARE"; "AF" "AFG"; "AG" "ATG"; "AI" "AIA"; "AL" "ALB"; "AM" "ARM"; "AO" "AGO"; "AQ" "ATA"; "AR" "ARG"; "AS" "ASM"; "AT" "AUT"; "AU" "AUS"; "AW" "ABW"; "AX" "ALA"; "AZ" "AZE"; "BA" "BIH"; "BB" "BRB"; "BD" "BGD"; "BE" "BEL"; "BF" "BFA"; "BG" "BGR"; "BH" "BHR"; "BI" "BDI"; "BJ" "BEN"; "BL" "BLM"; "BM" "BMU"; "BN" "BRN"; "BO" "BOL"; "BQ" "BES"; "BR" "BRA"; "BS" "BHS"; "BT" "BTN"; "BV" "BVT"; "BW" "BWA"; "BY" "BLR"; "BZ" "BLZ"; "CA" "CAN"; "CC" "CCK"; "CD" "COD"; "CF" "CAF"; "CG" "COG"; "CH" "CHE"; "CI" "CIV"; "CK" "COK"; "CL" "CHL"; "CM" "CMR"; "CN" "CHN"; "CO" "COL"; "CR" "CRI"; "CU" "CUB"; "CV" "CPV"; "CW" "CUW"; "CX" "CXR"; "CY" "CYP"; "CZ" "CZE"; "DE" "DEU"; "DJ" "DJI"; "DK" "DNK"; "DM" "DMA"; "DO" "DOM"; "DZ" "DZA"; "EC" "ECU"; "EE" "EST"; "EG" "EGY"; "EH" "ESH"; "ER" "ERI"; "ES" "ESP"; "ET" "ETH"; "FI" "FIN"; "FJ" "FJI"; "FK" "FLK"; "FM" "FSM"; "FO" "FRO"; "FR" "FRA"; "GA" "GAB"; "GB" "GBR"; "GD" "GRD"; "GE" "GEO"; "GF" "GUF"; "GG" "GGY"; "GH" "GHA"; "GI" "GIB"; "GL" "GRL"; "GM" "GMB"; "GN" "GIN"; "GP" "GLP"; "GQ" "GNQ"; "GR" "GRC"; "GS" "SGS"; "GT" "GTM"; "GU" "GUM"; "GW" "GNB"; "GY" "GUY"; "HK" "HKG"; "HM" "HMD"; "HN" "HND"; "HR" "HRV"; "HT" "HTI"; "HU" "HUN"; "ID" "IDN"; "IE" "IRL"; "IL" "ISR"; "IM" "IMN"; "IN" "IND"; "IO" "IOT"; "IQ" "IRQ"; "IR" "IRN"; "IS" "ISL"; "IT" "ITA"; "JE" "JEY"; "JM" "JAM"; "JO" "JOR"; "JP" "JPN"; "KE" "KEN"; "KG" "KGZ"; "KH" "KHM"; "KI" "KIR"; "KM" "COM"; "KN" "KNA"; "KP" "PRK"; "KR" "KOR"; "KW" "KWT"; "KY" "CYM"; "KZ" "KAZ"; "LA" "LAO"; "LB" "LBN"; "LC" "LCA"; "LI" "LIE"; "LK" "LKA"; "LR" "LBR"; "LS" "LSO"; "LT" "LTU"; "LU" "LUX"; "LV" "LVA"; "LY" "LBY"; "MA" "MAR"; "MC" "MCO"; "MD" "MDA"; "ME" "MNE"; "MF" "MAF"; "MG" "MDG"; "MH" "MHL"; "MK" "MKD"; "ML" "MLI"; "MM" "MMR"; "MN" "MNG"; "MO" "MAC"; "MP" "MNP"; "MQ" "MTQ"; "MR" "MRT"; "MS" "MSR"; "MT" "MLT"; "MU" "MUS"; "MV" "MDV"; "MW" "MWI"; "MX" "MEX"; "MY" "MYS"; "MZ" "MOZ"; "NA" "NAM"; "NC" "NCL"; "NE" "NER"; "NF" "NFK"; "NG" "NGA"; "NI" "NIC"; "NL" "NLD"; "NO" "NOR"; "NP" "NPL"; "NR" "NRU"; "NU" "NIU"; "NZ" "NZL"; "OM" "OMN"; "PA" "PAN"; "PE" "PER"; "PF" "PYF"; "PG" "PNG"; "PH" "PHL"; "PK" "PAK"; "PL" "POL"; "PM" "SPM"; "PN" "PCN"; "PR" "PRI"; "PS" "PSE"; "PT" "PRT"; "PW" "PLW"; "PY" "PRY"; "QA" "QAT"; "RE" "REU"; "RO" "ROU"; "RS" "SRB"; "RU" "RUS"; "RW" "RWA"; "SA" "SAU"; "SB" "SLB"; "SC" "SYC"; "SD" "SDN"; "SE" "SWE"; "SG" "SGP"; "SH" "SHN"; "SI" "SVN"; "SJ" "SJM"; "SK" "SVK"; "SL" "SLE"; "SM" "SMR"; "SN" "SEN"; "SO" "SOM"; "SR" "SUR"; "SS" "SSD"; "ST" "STP"; "SV" "SLV"; "SX" "SXM"; "SY" "SYR"; "SZ" "SWZ"; "TC" "TCA"; "TD" "TCD"; "TF" "ATF"; "TG" "TGO"; "TH" "THA"; "TJ" "TJK"; "TK" "TKL"; "TL" "TLS"; "TM" "TKM"; "TN" "TUN"; "TO" "TON"; "TR" "TUR"; "TT" "TTO"; "TV" "TUV"; "TW" "TWN"; "TZ" "TZA"; "UA" "UKR"; "UG" "UGA"; "UM" "UMI"; "US" "USA"; "UY" "URY"; "UZ" "UZB"; "VA" "VAT"; "VC" "VCT"; "VE" "VEN"; "VG" "VGB"; "VI" "VIR"; "VN" "VNM"; "VU" "VUT"; "WF" "WLF"; "WS" "WSM"; "YE" "YEM"; "YT" "MYT"; "ZA" "ZAF"; "ZM" "ZMB"; "ZW" "ZWE"; } ================================================ FILE: telize/mime.types ================================================ types { # Audio audio/midi mid midi kar; audio/mp4 aac f4a f4b m4a; audio/mpeg mp3; audio/ogg oga ogg; audio/x-realaudio ra; audio/x-wav wav; # Images image/bmp bmp; image/gif gif; image/jpeg jpeg jpg; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/webp webp; image/x-icon ico cur; image/x-jng jng; # JavaScript application/javascript js; application/json json; # Manifest files application/x-web-app-manifest+json webapp; text/cache-manifest manifest appcache; # Microsoft Office application/msword doc; application/vnd.ms-excel xls; application/vnd.ms-powerpoint ppt; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; # Video video/3gpp 3gpp 3gp; video/mp4 mp4 m4v f4v f4p; video/mpeg mpeg mpg; video/ogg ogv; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; # Web feeds application/xml atom rdf rss xml; # Web fonts application/font-woff woff; application/font-woff2 woff2; application/vnd.ms-fontobject eot; application/x-font-ttf ttc ttf; font/opentype otf; image/svg+xml svg svgz; # Other application/java-archive jar war ear; application/mac-binhex40 hqx; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.wap.wmlc wmlc; application/xhtml+xml xhtml; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/x-7z-compressed 7z; application/x-chrome-extension crx; application/x-opera-extension oex; application/x-xpinstall xpi; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-bittorrent torrent; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; application/octet-stream safariextz; text/css css; text/html html htm shtml; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/vtt vtt; text/x-component htc; text/x-vcard vcf; } ================================================ FILE: telize/nginx.conf ================================================ include /etc/nginx/modules-enabled/*; user nginx; worker_processes 2; worker_rlimit_nofile 8192; pid /run/nginx.pid; events { worker_connections 8000; # multi_accept on; } http { server_tokens off; include /etc/nginx/mime.types; default_type application/octet-stream; # Update charset_types due to updated mime.types charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json; # Format to use in log files log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; ## # Logging Settings ## access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; # How long to allow each connection to stay idle; longer values are better # for each individual client, particularly for SSL, but means that worker # connections are tied up longer. (Default: 65) keepalive_timeout 20; # Speed up file transfers by using sendfile() to copy directly # between descriptors rather than using read()/write(). sendfile on; # Tell Nginx not to send out partial frames; this increases throughput # since TCP frames are filled up before being sent out. (adds TCP_CORK) tcp_nopush on; # Compression # Enable Gzip compressed. gzip on; # Compression level (1-9). # 5 is a perfect compromise between size and cpu usage, offering about # 75% reduction for most ascii files (almost identical to level 9). gzip_comp_level 5; # Don't compress anything that's already small and unlikely to shrink much # if at all (the default is 20 bytes, which is bad as that usually leads to # larger files after gzipping). gzip_min_length 256; # Compress data even for clients that are connecting to us via proxies, # identified by the "Via" header (required for CloudFront). gzip_proxied any; # Tell proxies to cache both the gzipped and regular version of a resource # whenever the client's Accept-Encoding capabilities header varies; # Avoids the issue where a non-gzip capable client (which is extremely rare # today) would display gibberish if their proxy gave them the gzipped version. gzip_vary on; # Compress all output labeled with one of the following MIME-types. gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component; # text/html is always compressed by HttpGzipModule ## # GeoIP ## map_hash_bucket_size 64; map_hash_max_size 8192; include /etc/nginx/country-code3.conf; include /etc/nginx/timezone-offset.conf; geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { $geoip2_continent_code continent code; $geoip2_country country names en; $geoip2_country_code country iso_code; $geoip2_region subdivisions 0 names en; $geoip2_region_code subdivisions 0 iso_code; $geoip2_city city names en; $geoip2_postal_code postal code; $geoip2_latitude location latitude; $geoip2_longitude location longitude; $geoip2_timezone location time_zone; } geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { $geoip2_asn autonomous_system_number; $geoip2_organization autonomous_system_organization; } # Virtual hosts include /etc/nginx/conf.d/telize.conf; } ================================================ FILE: telize/telize.conf ================================================ ############################################################################### # # # Telize 2.0.0 # # Copyright (c) 2013-2018, Frederic Cambus # # https://www.telize.com # # # # Created: 2013-08-15 # # Last Updated: 2018-03-15 # # # # Telize is released under the BSD 2-Clause license. # # See LICENSE file for details. # # # ############################################################################### server { # Configuration variables set $cors "true"; set $cors_origin "*"; server_name 127.0.0.1; # Uncomment when using Telize behind a load balancer # set_real_ip_from 10.0.0.0/8; # Put your load balancer IP range here # real_ip_header X-Forwarded-For; charset_types application/json; keepalive_timeout 0; gzip off; location ~ /ip$ { charset off; default_type text/plain; add_header Cache-Control no-cache; content_by_lua_block { ngx.say(ngx.var.remote_addr) } } location ~ /jsonip$ { charset utf-8; default_type application/json; if ($cors = "true") { add_header Access-Control-Allow-Origin $cors_origin; } content_by_lua_block { local cjson = require "cjson" ngx.header["Cache-Control"] = "no-cache"; local json = cjson.encode({ ip = ngx.var.remote_addr }) local callback = ngx.var.arg_callback if callback then ngx.say(callback, "(", json, ");") else ngx.say(json) end } } location ~ /geoip/?(?.*) { if ($ip = "") { set $ip $remote_addr; } # Uncomment when using Telize behind a load balancer, and # comment the directive setting X-Real-IP # proxy_set_header X-Forwarded-For $ip; proxy_set_header X-Real-IP $ip; proxy_set_header Host $host; proxy_pass $scheme://127.0.0.1/jsonify?callback=$arg_callback; } location /jsonify { charset utf-8; default_type application/json; if ($cors = "true") { add_header Access-Control-Allow-Origin $cors_origin; } set_real_ip_from 127.0.0.1; access_log off; content_by_lua_block { local cjson = require "cjson" ngx.header["Cache-Control"] = "no-cache"; -- Check for invalid IP addresses if ngx.var.remote_addr == "127.0.0.1" then ngx.status = ngx.HTTP_BAD_REQUEST ngx.say(cjson.encode({ code = 401, message = "Input string is not a valid IP address" })) ngx.exit(ngx.HTTP_OK) end local payload = { ip = ngx.var.remote_addr, continent_code = ngx.var.geoip2_continent_code, country = ngx.var.geoip2_country, country_code = ngx.var.geoip2_country_code, country_code3 = ngx.var.geoip2_country_code3, region = ngx.var.geoip2_region, region_code = ngx.var.geoip2_region_code, city = ngx.var.geoip2_city, postal_code = ngx.var.geoip2_postal_code, latitude = ngx.var.geoip2_latitude, longitude = ngx.var.geoip2_longitude, timezone = ngx.var.geoip2_timezone, offset = ngx.var.geoip2_offset, asn = ngx.var.geoip2_asn, organization = ngx.var.geoip2_organization, } -- Validate payload for item, value in pairs(payload) do if payload[item] == "" then payload[item] = nil end end -- Convert latitude and longitude to numeric values if payload.latitude ~= nil and payload.longitude ~= nil then payload.latitude = tonumber(payload.latitude) payload.longitude = tonumber(payload.longitude) end -- Convert timezone offset to numeric value if payload.offset ~= nil then payload.offset = tonumber(payload.offset) end -- Convert ASN to numeric value if payload.asn ~= nil then payload.asn = tonumber(payload.asn) end local json = cjson.encode(payload) local callback = ngx.var.arg_callback if callback ~= "" then ngx.say(callback, "(", json, ");") else ngx.say(json) end } } } ================================================ FILE: telize/timezone-offset.conf ================================================ map $geoip2_timezone $geoip2_offset { "Africa/Abidjan" 0; "Africa/Accra" 0; "Africa/Addis_Ababa" 10800; "Africa/Algiers" 3600; "Africa/Asmara" 10800; "Africa/Asmera" 10800; "Africa/Bamako" 0; "Africa/Bangui" 3600; "Africa/Banjul" 0; "Africa/Bissau" 0; "Africa/Blantyre" 7200; "Africa/Brazzaville" 3600; "Africa/Bujumbura" 7200; "Africa/Cairo" 7200; "Africa/Casablanca" 0; "Africa/Ceuta" 3600; "Africa/Conakry" 0; "Africa/Dakar" 0; "Africa/Dar_es_Salaam" 10800; "Africa/Djibouti" 10800; "Africa/Douala" 3600; "Africa/El_Aaiun" 0; "Africa/Freetown" 0; "Africa/Gaborone" 7200; "Africa/Harare" 7200; "Africa/Johannesburg" 7200; "Africa/Juba" 10800; "Africa/Kampala" 10800; "Africa/Khartoum" 7200; "Africa/Kigali" 7200; "Africa/Kinshasa" 3600; "Africa/Lagos" 3600; "Africa/Libreville" 3600; "Africa/Lome" 0; "Africa/Luanda" 3600; "Africa/Lubumbashi" 7200; "Africa/Lusaka" 7200; "Africa/Malabo" 3600; "Africa/Maputo" 7200; "Africa/Maseru" 7200; "Africa/Mbabane" 7200; "Africa/Mogadishu" 10800; "Africa/Monrovia" 0; "Africa/Nairobi" 10800; "Africa/Ndjamena" 3600; "Africa/Niamey" 3600; "Africa/Nouakchott" 0; "Africa/Ouagadougou" 0; "Africa/Porto-Novo" 3600; "Africa/Sao_Tome" 3600; "Africa/Timbuktu" 0; "Africa/Tripoli" 7200; "Africa/Tunis" 3600; "Africa/Windhoek" 7200; "America/Adak" -36000; "America/Anchorage" -32400; "America/Anguilla" -14400; "America/Antigua" -14400; "America/Araguaina" -10800; "America/Argentina/Buenos_Aires" -10800; "America/Argentina/Catamarca" -10800; "America/Argentina/ComodRivadavia" -10800; "America/Argentina/Cordoba" -10800; "America/Argentina/Jujuy" -10800; "America/Argentina/La_Rioja" -10800; "America/Argentina/Mendoza" -10800; "America/Argentina/Rio_Gallegos" -10800; "America/Argentina/Salta" -10800; "America/Argentina/San_Juan" -10800; "America/Argentina/San_Luis" -10800; "America/Argentina/Tucuman" -10800; "America/Argentina/Ushuaia" -10800; "America/Aruba" -14400; "America/Asuncion" -10800; "America/Atikokan" -18000; "America/Atka" -36000; "America/Bahia" -10800; "America/Bahia_Banderas" -21600; "America/Barbados" -14400; "America/Belem" -10800; "America/Belize" -21600; "America/Blanc-Sablon" -14400; "America/Boa_Vista" -14400; "America/Bogota" -18000; "America/Boise" -25200; "America/Buenos_Aires" -10800; "America/Cambridge_Bay" -25200; "America/Campo_Grande" -14400; "America/Cancun" -18000; "America/Caracas" -14400; "America/Catamarca" -10800; "America/Cayenne" -10800; "America/Cayman" -18000; "America/Chicago" -21600; "America/Chihuahua" -25200; "America/Coral_Harbour" -18000; "America/Cordoba" -10800; "America/Costa_Rica" -21600; "America/Creston" -25200; "America/Cuiaba" -14400; "America/Curacao" -14400; "America/Danmarkshavn" 0; "America/Dawson" -28800; "America/Dawson_Creek" -25200; "America/Denver" -25200; "America/Detroit" -18000; "America/Dominica" -14400; "America/Edmonton" -25200; "America/Eirunepe" -18000; "America/El_Salvador" -21600; "America/Ensenada" -28800; "America/Fort_Nelson" -25200; "America/Fort_Wayne" -18000; "America/Fortaleza" -10800; "America/Glace_Bay" -14400; "America/Godthab" -10800; "America/Goose_Bay" -14400; "America/Grand_Turk" -14400; "America/Grenada" -14400; "America/Guadeloupe" -14400; "America/Guatemala" -21600; "America/Guayaquil" -18000; "America/Guyana" -14400; "America/Halifax" -14400; "America/Havana" -18000; "America/Hermosillo" -25200; "America/Indiana/Indianapolis" -18000; "America/Indiana/Knox" -21600; "America/Indiana/Marengo" -18000; "America/Indiana/Petersburg" -18000; "America/Indiana/Tell_City" -21600; "America/Indiana/Vevay" -18000; "America/Indiana/Vincennes" -18000; "America/Indiana/Winamac" -18000; "America/Indianapolis" -18000; "America/Inuvik" -25200; "America/Iqaluit" -18000; "America/Jamaica" -18000; "America/Jujuy" -10800; "America/Juneau" -32400; "America/Kentucky/Louisville" -18000; "America/Kentucky/Monticello" -18000; "America/Knox_IN" -21600; "America/Kralendijk" -14400; "America/La_Paz" -14400; "America/Lima" -18000; "America/Los_Angeles" -28800; "America/Louisville" -18000; "America/Lower_Princes" -14400; "America/Maceio" -10800; "America/Managua" -21600; "America/Manaus" -14400; "America/Marigot" -14400; "America/Martinique" -14400; "America/Matamoros" -21600; "America/Mazatlan" -25200; "America/Mendoza" -10800; "America/Menominee" -21600; "America/Merida" -21600; "America/Metlakatla" -32400; "America/Mexico_City" -21600; "America/Miquelon" -10800; "America/Moncton" -14400; "America/Monterrey" -21600; "America/Montevideo" -10800; "America/Montreal" -18000; "America/Montserrat" -14400; "America/Nassau" -18000; "America/New_York" -18000; "America/Nipigon" -18000; "America/Nome" -32400; "America/Noronha" -7200; "America/North_Dakota/Beulah" -21600; "America/North_Dakota/Center" -21600; "America/North_Dakota/New_Salem" -21600; "America/Ojinaga" -25200; "America/Panama" -18000; "America/Pangnirtung" -18000; "America/Paramaribo" -10800; "America/Phoenix" -25200; "America/Port-au-Prince" -18000; "America/Port_of_Spain" -14400; "America/Porto_Acre" -18000; "America/Porto_Velho" -14400; "America/Puerto_Rico" -14400; "America/Punta_Arenas" -10800; "America/Rainy_River" -21600; "America/Rankin_Inlet" -21600; "America/Recife" -10800; "America/Regina" -21600; "America/Resolute" -21600; "America/Rio_Branco" -18000; "America/Rosario" -10800; "America/Santa_Isabel" -28800; "America/Santarem" -10800; "America/Santiago" -10800; "America/Santo_Domingo" -14400; "America/Sao_Paulo" -10800; "America/Scoresbysund" -3600; "America/Shiprock" -25200; "America/Sitka" -32400; "America/St_Barthelemy" -14400; "America/St_Johns" -12600; "America/St_Kitts" -14400; "America/St_Lucia" -14400; "America/St_Thomas" -14400; "America/St_Vincent" -14400; "America/Swift_Current" -21600; "America/Tegucigalpa" -21600; "America/Thule" -14400; "America/Thunder_Bay" -18000; "America/Tijuana" -28800; "America/Toronto" -18000; "America/Tortola" -14400; "America/Vancouver" -28800; "America/Virgin" -14400; "America/Whitehorse" -28800; "America/Winnipeg" -21600; "America/Yakutat" -32400; "America/Yellowknife" -25200; "Antarctica/Casey" 39600; "Antarctica/Davis" 25200; "Antarctica/DumontDUrville" 36000; "Antarctica/Macquarie" 39600; "Antarctica/Mawson" 18000; "Antarctica/McMurdo" 46800; "Antarctica/Palmer" -10800; "Antarctica/Rothera" -10800; "Antarctica/South_Pole" 46800; "Antarctica/Syowa" 10800; "Antarctica/Troll" 0; "Antarctica/Vostok" 21600; "Arctic/Longyearbyen" 3600; "Asia/Aden" 10800; "Asia/Almaty" 21600; "Asia/Amman" 7200; "Asia/Anadyr" 43200; "Asia/Aqtau" 18000; "Asia/Aqtobe" 18000; "Asia/Ashgabat" 18000; "Asia/Ashkhabad" 18000; "Asia/Atyrau" 18000; "Asia/Baghdad" 10800; "Asia/Bahrain" 10800; "Asia/Baku" 14400; "Asia/Bangkok" 25200; "Asia/Barnaul" 25200; "Asia/Beirut" 7200; "Asia/Bishkek" 21600; "Asia/Brunei" 28800; "Asia/Calcutta" 19800; "Asia/Chita" 32400; "Asia/Choibalsan" 28800; "Asia/Chongqing" 28800; "Asia/Chungking" 28800; "Asia/Colombo" 19800; "Asia/Dacca" 21600; "Asia/Damascus" 7200; "Asia/Dhaka" 21600; "Asia/Dili" 32400; "Asia/Dubai" 14400; "Asia/Dushanbe" 18000; "Asia/Famagusta" 7200; "Asia/Gaza" 7200; "Asia/Harbin" 28800; "Asia/Hebron" 7200; "Asia/Ho_Chi_Minh" 25200; "Asia/Hong_Kong" 28800; "Asia/Hovd" 25200; "Asia/Irkutsk" 28800; "Asia/Istanbul" 10800; "Asia/Jakarta" 25200; "Asia/Jayapura" 32400; "Asia/Jerusalem" 7200; "Asia/Kabul" 16200; "Asia/Kamchatka" 43200; "Asia/Karachi" 18000; "Asia/Kashgar" 21600; "Asia/Kathmandu" 20700; "Asia/Katmandu" 20700; "Asia/Khandyga" 32400; "Asia/Kolkata" 19800; "Asia/Krasnoyarsk" 25200; "Asia/Kuala_Lumpur" 28800; "Asia/Kuching" 28800; "Asia/Kuwait" 10800; "Asia/Macao" 28800; "Asia/Macau" 28800; "Asia/Magadan" 39600; "Asia/Makassar" 28800; "Asia/Manila" 28800; "Asia/Muscat" 14400; "Asia/Nicosia" 7200; "Asia/Novokuznetsk" 25200; "Asia/Novosibirsk" 25200; "Asia/Omsk" 21600; "Asia/Oral" 18000; "Asia/Phnom_Penh" 25200; "Asia/Pontianak" 25200; "Asia/Pyongyang" 30600; "Asia/Qatar" 10800; "Asia/Qyzylorda" 21600; "Asia/Rangoon" 23400; "Asia/Riyadh" 10800; "Asia/Saigon" 25200; "Asia/Sakhalin" 39600; "Asia/Samarkand" 18000; "Asia/Seoul" 32400; "Asia/Shanghai" 28800; "Asia/Singapore" 28800; "Asia/Srednekolymsk" 39600; "Asia/Taipei" 28800; "Asia/Tashkent" 18000; "Asia/Tbilisi" 14400; "Asia/Tehran" 12600; "Asia/Tel_Aviv" 7200; "Asia/Thimbu" 21600; "Asia/Thimphu" 21600; "Asia/Tokyo" 32400; "Asia/Tomsk" 25200; "Asia/Ujung_Pandang" 28800; "Asia/Ulaanbaatar" 28800; "Asia/Ulan_Bator" 28800; "Asia/Urumqi" 21600; "Asia/Ust-Nera" 36000; "Asia/Vientiane" 25200; "Asia/Vladivostok" 36000; "Asia/Yakutsk" 32400; "Asia/Yangon" 23400; "Asia/Yekaterinburg" 18000; "Asia/Yerevan" 14400; "Atlantic/Azores" -3600; "Atlantic/Bermuda" -14400; "Atlantic/Canary" 0; "Atlantic/Cape_Verde" -3600; "Atlantic/Faeroe" 0; "Atlantic/Faroe" 0; "Atlantic/Jan_Mayen" 3600; "Atlantic/Madeira" 0; "Atlantic/Reykjavik" 0; "Atlantic/South_Georgia" -7200; "Atlantic/St_Helena" 0; "Atlantic/Stanley" -10800; "Australia/ACT" 39600; "Australia/Adelaide" 37800; "Australia/Brisbane" 36000; "Australia/Broken_Hill" 37800; "Australia/Canberra" 39600; "Australia/Currie" 39600; "Australia/Darwin" 34200; "Australia/Eucla" 31500; "Australia/Hobart" 39600; "Australia/LHI" 39600; "Australia/Lindeman" 36000; "Australia/Lord_Howe" 39600; "Australia/Melbourne" 39600; "Australia/NSW" 39600; "Australia/North" 34200; "Australia/Perth" 28800; "Australia/Queensland" 36000; "Australia/South" 37800; "Australia/Sydney" 39600; "Australia/Tasmania" 39600; "Australia/Victoria" 39600; "Australia/West" 28800; "Australia/Yancowinna" 37800; "Europe/Amsterdam" 3600; "Europe/Andorra" 3600; "Europe/Astrakhan" 14400; "Europe/Athens" 7200; "Europe/Belfast" 0; "Europe/Belgrade" 3600; "Europe/Berlin" 3600; "Europe/Bratislava" 3600; "Europe/Brussels" 3600; "Europe/Bucharest" 7200; "Europe/Budapest" 3600; "Europe/Busingen" 3600; "Europe/Chisinau" 7200; "Europe/Copenhagen" 3600; "Europe/Dublin" 0; "Europe/Gibraltar" 3600; "Europe/Guernsey" 0; "Europe/Helsinki" 7200; "Europe/Isle_of_Man" 0; "Europe/Istanbul" 10800; "Europe/Jersey" 0; "Europe/Kaliningrad" 7200; "Europe/Kiev" 7200; "Europe/Kirov" 10800; "Europe/Lisbon" 0; "Europe/Ljubljana" 3600; "Europe/London" 0; "Europe/Luxembourg" 3600; "Europe/Madrid" 3600; "Europe/Malta" 3600; "Europe/Mariehamn" 7200; "Europe/Minsk" 10800; "Europe/Monaco" 3600; "Europe/Moscow" 10800; "Europe/Nicosia" 7200; "Europe/Oslo" 3600; "Europe/Paris" 3600; "Europe/Podgorica" 3600; "Europe/Prague" 3600; "Europe/Riga" 7200; "Europe/Rome" 3600; "Europe/Samara" 14400; "Europe/San_Marino" 3600; "Europe/Sarajevo" 3600; "Europe/Saratov" 14400; "Europe/Simferopol" 10800; "Europe/Skopje" 3600; "Europe/Sofia" 7200; "Europe/Stockholm" 3600; "Europe/Tallinn" 7200; "Europe/Tirane" 3600; "Europe/Tiraspol" 7200; "Europe/Ulyanovsk" 14400; "Europe/Uzhgorod" 7200; "Europe/Vaduz" 3600; "Europe/Vatican" 3600; "Europe/Vienna" 3600; "Europe/Vilnius" 7200; "Europe/Volgograd" 10800; "Europe/Warsaw" 3600; "Europe/Zagreb" 3600; "Europe/Zaporozhye" 7200; "Europe/Zurich" 3600; "Indian/Antananarivo" 10800; "Indian/Chagos" 21600; "Indian/Christmas" 25200; "Indian/Cocos" 23400; "Indian/Comoro" 10800; "Indian/Kerguelen" 18000; "Indian/Mahe" 14400; "Indian/Maldives" 18000; "Indian/Mauritius" 14400; "Indian/Mayotte" 10800; "Indian/Reunion" 14400; "Pacific/Apia" 50400; "Pacific/Auckland" 46800; "Pacific/Bougainville" 39600; "Pacific/Chatham" 49500; "Pacific/Chuuk" 36000; "Pacific/Easter" -18000; "Pacific/Efate" 39600; "Pacific/Enderbury" 46800; "Pacific/Fakaofo" 46800; "Pacific/Fiji" 43200; "Pacific/Funafuti" 43200; "Pacific/Galapagos" -21600; "Pacific/Gambier" -32400; "Pacific/Guadalcanal" 39600; "Pacific/Guam" 36000; "Pacific/Honolulu" -36000; "Pacific/Johnston" -36000; "Pacific/Kiritimati" 50400; "Pacific/Kosrae" 39600; "Pacific/Kwajalein" 43200; "Pacific/Majuro" 43200; "Pacific/Marquesas" -34200; "Pacific/Midway" -39600; "Pacific/Nauru" 43200; "Pacific/Niue" -39600; "Pacific/Norfolk" 39600; "Pacific/Noumea" 39600; "Pacific/Pago_Pago" -39600; "Pacific/Palau" 32400; "Pacific/Pitcairn" -28800; "Pacific/Pohnpei" 39600; "Pacific/Ponape" 39600; "Pacific/Port_Moresby" 36000; "Pacific/Rarotonga" -36000; "Pacific/Saipan" 36000; "Pacific/Samoa" -39600; "Pacific/Tahiti" -36000; "Pacific/Tarawa" 43200; "Pacific/Tongatapu" 46800; "Pacific/Truk" 36000; "Pacific/Wake" 43200; "Pacific/Wallis" 43200; "Pacific/Yap" 36000; } ================================================ FILE: telize/tz-offset.lua ================================================ #!/usr/bin/env lua --[[ ############################################################################### # # # Telize 2.0.0 # # Copyright (c) 2013-2018, Frederic Cambus # # https://www.telize.com # # # # Created: 2013-08-15 # # Last Updated: 2018-03-15 # # # # Telize is released under the BSD 2-Clause license. # # See LICENSE file for details. # # # ############################################################################### ]]-- local luatz = require "luatz" local timezones = { "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Asmera", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Timbuktu", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/ComodRivadavia", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Atka", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Buenos_Aires", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Catamarca", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Coral_Harbour", "America/Cordoba", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Ensenada", "America/Fort_Nelson", "America/Fort_Wayne", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Indianapolis", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Jujuy", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Knox_IN", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Louisville", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Mendoza", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Acre", "America/Porto_Velho", "America/Puerto_Rico", "America/Punta_Arenas", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Rosario", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Shiprock", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Virgin", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/South_Pole", "Antarctica/Syowa", "Antarctica/Troll", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Ashkhabad", "Asia/Atyrau", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Barnaul", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Calcutta", "Asia/Chita", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Chungking", "Asia/Colombo", "Asia/Dacca", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Famagusta", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Istanbul", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Katmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macao", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Saigon", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Srednekolymsk", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Tel_Aviv", "Asia/Thimbu", "Asia/Thimphu", "Asia/Tokyo", "Asia/Tomsk", "Asia/Ujung_Pandang", "Asia/Ulaanbaatar", "Asia/Ulan_Bator", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yangon", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faeroe", "Atlantic/Faroe", "Atlantic/Jan_Mayen", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/ACT", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Canberra", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/LHI", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/NSW", "Australia/North", "Australia/Perth", "Australia/Queensland", "Australia/South", "Australia/Sydney", "Australia/Tasmania", "Australia/Victoria", "Australia/West", "Australia/Yancowinna", "Europe/Amsterdam", "Europe/Andorra", "Europe/Astrakhan", "Europe/Athens", "Europe/Belfast", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Kirov", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Nicosia", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Saratov", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Tiraspol", "Europe/Ulyanovsk", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Bougainville", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Ponape", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Samoa", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Truk", "Pacific/Wake", "Pacific/Wallis", "Pacific/Yap" } local utcnow = luatz.time () print("map $geoip2_timezone $geoip2_offset {") for loop, timezone in ipairs(timezones) do print('\t"' .. timezone .. '" ' .. luatz.get_tz(timezone):find_current(utcnow).gmtoff .. ';') end print("}") ================================================ FILE: telnet/Dockerfile ================================================ # command to run Telnet # docker run -it --rm \ # --log-driver none \ # jess/telnet towel.blinkenlights.nl # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache --virtual \ busybox-extras ENTRYPOINT [ "telnet" ] ================================================ FILE: termboy/Dockerfile ================================================ # DESCRIPTION: Termboy in a container # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build termboy # in a container with all dependencies installed. # Tested on Debian Jessie. # USAGE: # # Download termboy Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/termboy/Dockerfile # # # Build termboy image # docker build -t termboy . # # docker run -it \ # --device /dev/snd \ # termboy # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive # Install dependencies RUN apt-get update && apt-get install -y \ ca-certificates \ console-setup \ console-setup-linux \ g++ \ git \ kbd \ libasound2-dev \ libncurses5-dev \ libncursesw5-dev \ make \ sudo \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN git clone --depth 1 https://github.com/dobyrch/termboy /src \ && cd /src \ && make \ && make install || true # add games COPY games /games # Autorun termboy ENTRYPOINT ["/usr/bin/termboy"] ================================================ FILE: terraform/Dockerfile ================================================ FROM golang:alpine as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk add --no-cache \ bash \ ca-certificates \ gcc \ git \ make \ musl-dev \ zip ENV TERRAFORM_VERSION v0.14.7 RUN git clone --depth 1 --branch ${TERRAFORM_VERSION} https://github.com/hashicorp/terraform.git /go/src/github.com/hashicorp/terraform WORKDIR /go/src/github.com/hashicorp/terraform RUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' \ -o bin/terraform && \ mv bin/terraform /usr/bin/terraform FROM alpine:latest RUN apk add --no-cache \ bash \ tar COPY --from=builder /usr/bin/terraform /usr/bin/terraform COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "terraform" ] CMD [ "--help" ] ================================================ FILE: test.sh ================================================ #!/bin/bash set -e set -o pipefail # this is kind of an expensive check, so let's not do this twice if we # are running more than one validate bundlescript VALIDATE_REPO='https://github.com/jessfraz/dockerfiles.git' VALIDATE_BRANCH='master' VALIDATE_HEAD="$(git rev-parse --verify HEAD)" git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH" VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)" VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD" validate_diff() { if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then git diff "$VALIDATE_COMMIT_DIFF" "$@" else git diff HEAD~ "$@" fi } # get the dockerfiles changed IFS=$'\n' # shellcheck disable=SC2207 files=( $(validate_diff --name-only -- '*Dockerfile') ) unset IFS # build the changed dockerfiles # shellcheck disable=SC2068 for f in ${files[@]}; do if ! [[ -e "$f" ]]; then continue fi build_dir=$(dirname "$f") base="${build_dir%%\/*}" suite="${build_dir##$base}" suite="${suite##\/}" if [[ -z "$suite" ]]; then suite=latest fi ( set -x docker build -t "${base}:${suite}" "${build_dir}" ) echo " --- " echo "Successfully built ${base}:${suite} with context ${build_dir}" echo " --- " done ================================================ FILE: tetris/Dockerfile ================================================ # DESCRIPTION: Run text-based emacs tetris in a container # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build tetris in a container with all # dependencies installed. # Tested on Debian Jessie # USAGE: # # Download tetris Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/tetris/Dockerfile # # # Build tetris image # docker build -t tetris . # # docker run -it tetris # # Base docker image FROM alpine:latest LABEL maintainer "Jessie Frazelle " # Install emacs: # Note: Emacs is only in community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64 RUN apk --no-cache add \ --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \ emacs # Autorun tetris CMD ["/usr/bin/emacs", "-f", "tetris"] ================================================ FILE: texlive/Dockerfile ================================================ # TeX Live and biber # # Example usage: # docker run -it -w '/mnt' -v `pwd`:/mnt texlive /bin/bash -c './compile.sh' # # Example use case: # https://github.com/andygrunwald/FOM-LaTeX-Template FROM debian:bullseye-slim LABEL maintainer "Christian Koep " RUN apt-get update && apt-get install -y \ texlive-full \ biber \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ================================================ FILE: tor-browser/alpha/Dockerfile ================================================ # Run tor browser in a container # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /dev/snd:/dev/snd \ # -v /dev/shm:/dev/shm \ # -v /etc/machine-id:/etc/machine-id:ro \ # -e DISPLAY=unix$DISPLAY \ # jess/tor-browser:alpha # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ dirmngr \ gnupg \ libasound2 \ libdbus-glib-1-2 \ libgtk-3-0 \ libxrender1 \ libx11-xcb-dev \ libx11-xcb1 \ libxt6 \ xz-utils \ file \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME ENV LANG C.UTF-8 # https://www.torproject.org/download/alpha/ ENV TOR_VERSION 9.5a12 ENV TOR_FINGERPRINT 0x4E2C6E8793298290 # download tor and check signature RUN cd /tmp \ && curl -sSOL "https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz" \ && curl -sSOL "https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && for server in $(shuf -e \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ keyserver.ubuntu.com \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu) ; do \ gpg --no-tty --keyserver "${server}" --recv-keys ${TOR_FINGERPRINT} && break || : ; \ done \ && gpg --fingerprint --keyid-format LONG ${TOR_FINGERPRINT} | grep "Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290" \ && gpg --verify tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \ && tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \ && rm -rf tor-browser* "$GNUPGHOME" \ && chown -R user:user /usr/local/bin # good fonts COPY local.conf /etc/fonts/local.conf WORKDIR $HOME USER user ENTRYPOINT ["/bin/bash"] CMD [ "/usr/local/bin/Browser/start-tor-browser", "--log", "/dev/stdout" ] ================================================ FILE: tor-browser/alpha/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: tor-browser/stable/Dockerfile ================================================ # Run tor browser in a container # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /dev/snd:/dev/snd \ # -v /dev/shm:/dev/shm \ # -v /etc/machine-id:/etc/machine-id:ro \ # -e DISPLAY=unix$DISPLAY \ # jess/tor-browser # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ dirmngr \ gnupg \ libasound2 \ libdbus-glib-1-2 \ libgtk-3-0 \ libxrender1 \ libx11-xcb-dev \ libx11-xcb1 \ libxt6 \ xz-utils \ file \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME ENV LANG C.UTF-8 # https://www.torproject.org/projects/torbrowser.html.en ENV TOR_VERSION 9.0.10 ENV TOR_FINGERPRINT 0x4E2C6E8793298290 # download tor and check signature RUN cd /tmp \ && curl -sSOL "https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz" \ && curl -sSOL "https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && for server in $(shuf -e \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ keyserver.ubuntu.com \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu) ; do \ gpg --no-tty --keyserver "${server}" --recv-keys ${TOR_FINGERPRINT} && break || : ; \ done \ && gpg --fingerprint --keyid-format LONG ${TOR_FINGERPRINT} | grep "Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290" \ && gpg --verify tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \ && tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \ && rm -rf tor-browser* "$GNUPGHOME" \ && chown -R user:user /usr/local/bin # good fonts COPY local.conf /etc/fonts/local.conf WORKDIR $HOME USER user ENTRYPOINT ["/bin/bash"] CMD [ "/usr/local/bin/Browser/start-tor-browser", "--log", "/dev/stdout" ] ================================================ FILE: tor-browser/stable/local.conf ================================================ rgb true hintslight true lcddefault false ================================================ FILE: tor-proxy/Dockerfile ================================================ # run a tor socks proxy in a container # # docker run -d \ # --restart always \ # -v /etc/localtime:/etc/localtime:ro \ # -p 9050:9050 \ # --name torproxy \ # jess/tor-proxy # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ tor # expose socks port EXPOSE 9050 # copy in our torrc file COPY torrc.default /etc/tor/torrc.default # make sure files are owned by tor user RUN chown -R tor /etc/tor USER tor ENTRYPOINT [ "tor" ] CMD [ "-f", "/etc/tor/torrc.default" ] ================================================ FILE: tor-proxy/torrc.default ================================================ ## Configuration file for a typical Tor user ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc ## Tor opens a socks proxy on port 9050 by default -- even if you don't ## configure one below. Set "SocksPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. #SocksPort 192.168.0.1:9100 # Bind to this address:port too. SocksPort 0.0.0.0:9050 ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SocksPolicy is set, we accept ## all (and only) requests that reach a SocksPort. Untrusted users who ## can access your SocksPort may be able to learn about the connections ## you make. #SocksPolicy accept 192.168.0.0/16 #SocksPolicy reject * ## Logs go to stdout at level "notice" unless redirected by something ## else, like one of the below lines. You can have as many Log lines as ## you want. ## ## We advise using "notice" in most cases, since anything more verbose ## may provide sensitive information to an attacker who obtains the logs. ## ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: Log debug stderr ## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. This is ignored on Windows; ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. DataDirectory /var/lib/tor ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. #ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C #CookieAuthentication 1 ############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. #HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 ################ This section is just for relays ##################### # ## See https://www.torproject.org/docs/tor-doc-relay for details. ## Required: what port to advertise for incoming Tor connections. #ORPort 9001 ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. #Address noname.example.com ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. # OutboundBindAddress 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. #Nickname hacktheplanet ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "4 GB" may allow up to 8 GB total before ## hibernating. ## ## Set a maximum of 4 gigabytes each way per period. #AccountingMax 4 GBytes ## Each period starts daily at midnight (AccountingMax is per day) #AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 ## Administrative contact information for this relay or bridge. This line ## can be used to contact you if your relay or bridge is misconfigured or ## something else goes wrong. Note that we archive and publish all ## descriptors containing these lines and that Google indexes them, so ## spammers might also collect them. You may want to obscure the fact that ## it's an email address and/or generate a new address for this purpose. #ContactInfo Random Person ## You might also include your PGP or GPG fingerprint if you have one: #ContactInfo ${CONTACT_GPG_FINGERPRINT} ${CONTACT_NAME} ${CONTACT_EMAIL} ## Uncomment this to mirror directory information for others. Please do ## if you have enough bandwidth. #DirPort 9030 # what port to advertise for directory connections ## If you want to listen on a port other than the one advertised in ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as ## follows. below too. You'll need to do ipchains or other port ## forwarding yourself to make this work. #DirPort 80 NoListen #DirPort 127.0.0.1:9091 NoAdvertise ## Uncomment to return an arbitrary blob of html on your DirPort. Now you ## can explain what Tor is if anybody wonders why your IP address is ## contacting them. See contrib/tor-exit-notice.html in Tor's source ## distribution for a sample. #DirPortFrontPage /etc/tor/tor-exit-notice.html ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. If you want to _replace_ ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the ## default exit policy. Leave commented to just use the default, which is ## described in the man page or at ## https://www.torproject.org/documentation.html ## ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, ## you should update your exit policy to reflect this -- otherwise Tor ## users will be told that those destinations are down. ## ## For security, by default Tor rejects connections to private (local) ## networks, including to your public IP address. See the man page entry ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". ## #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more #ExitPolicy accept *:119 # accept nntp as well as default exit policy #ExitPolicy reject *:* # no exits allowed ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can ## be a real relay, please do; but if not, be a bridge! #BridgeRelay 1 ## By default, Tor will advertise your bridge to users through various ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: #PublishServerDescriptor 0 ================================================ FILE: tor-relay/Dockerfile ================================================ # run a tor relay in a container # # Bridge relay: # docker run -d \ # --restart always \ # -v /etc/localtime:/etc/localtime:ro \ # -p 9001:9001 \ # --name tor-relay \ # jess/tor-relay -f /etc/tor/torrc.bridge # # Exit relay: # docker run -d \ # --restart always \ # -v /etc/localtime:/etc/localtime:ro \ # -p 9001:9001 \ # --name tor-relay \ # jess/tor-relay -f /etc/tor/torrc.exit # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ bash \ tor # default port to used for incoming Tor connections # can be changed by changing 'ORPort' in torrc EXPOSE 9001 # copy in our torrc files COPY torrc.bridge /etc/tor/torrc.bridge COPY torrc.middle /etc/tor/torrc.middle COPY torrc.exit /etc/tor/torrc.exit # copy the run script COPY run.sh /run.sh RUN chmod ugo+rx /run.sh # default environment variables ENV RELAY_NICKNAME hacktheplanet ENV RELAY_TYPE middle ENV RELAY_BANDWIDTH_RATE 100 KBytes ENV RELAY_BANDWIDTH_BURST 200 KBytes ENV RELAY_PORT 9001 # make sure files are owned by tor user RUN chown -R tor /etc/tor USER tor RUN mkdir /var/lib/tor/.tor VOLUME /var/lib/tor/.tor RUN chown -R tor /var/lib/tor/.tor ENTRYPOINT [ "/run.sh" ] ================================================ FILE: tor-relay/README.md ================================================ ### Environment variables | Name | Description | Default value | | ---------------------------- |:----------------------------------------------------------------------------:| -------------:| | **RELAY_TYPE** | The type of relay (bridge, middle or exit) | middle | | **RELAY_NICKNAME** | The nickname of your relay | hacktheplanet | | **CONTACT_GPG_FINGERPRINT** | Your GPG ID or fingerprint | none | | **CONTACT_NAME** | Your name | none | | **CONTACT_EMAIL** | Your contact email | none | | **RELAY_BANDWIDTH_RATE** | Limit how much traffic will be allowed through your relay (must be > 20KB/s) | 100 KBytes | | **RELAY_BANDWIDTH_BURST** | Allow temporary bursts up to a certain amount | 200 KBytes | | **RELAY_PORT** | Default port used for incoming Tor connections (ORPort) | 9001 | ================================================ FILE: tor-relay/run.sh ================================================ #!/bin/bash set -e set -o pipefail for relaytype in bridge middle exit; do file="/etc/tor/torrc.${relaytype}" sed -i "s/RELAY_NICKNAME/${RELAY_NICKNAME}/g" "$file" sed -i "s/CONTACT_GPG_FINGERPRINT/${CONTACT_GPG_FINGERPRINT}/g" "$file" sed -i "s/CONTACT_NAME/${CONTACT_NAME}/g" "$file" sed -i "s/CONTACT_EMAIL/${CONTACT_EMAIL}/g" "$file" sed -i "s/RELAY_BANDWIDTH_RATE/${RELAY_BANDWIDTH_RATE}/g" "$file" sed -i "s/RELAY_BANDWIDTH_BURST/${RELAY_BANDWIDTH_BURST}/g" "$file" sed -i "s/RELAY_PORT/${RELAY_PORT}/g" "$file" done exec tor -f "/etc/tor/torrc.${RELAY_TYPE}" ================================================ FILE: tor-relay/torrc.bridge ================================================ ## Configuration file for a typical Tor user ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc ## Tor opens a socks proxy on port 9050 by default -- even if you don't ## configure one below. Set "SocksPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. #SocksPort 192.168.0.1:9100 # Bind to this address:port too. ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SocksPolicy is set, we accept ## all (and only) requests that reach a SocksPort. Untrusted users who ## can access your SocksPort may be able to learn about the connections ## you make. #SocksPolicy accept 192.168.0.0/16 #SocksPolicy reject * ## Logs go to stdout at level "notice" unless redirected by something ## else, like one of the below lines. You can have as many Log lines as ## you want. ## ## We advise using "notice" in most cases, since anything more verbose ## may provide sensitive information to an attacker who obtains the logs. ## ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: #Log debug stderr ## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. This is ignored on Windows; ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory /var/lib/tor ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. #ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C #CookieAuthentication 1 ############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. #HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 ################ This section is just for relays ##################### # ## See https://www.torproject.org/docs/tor-doc-relay for details. ## Required: what port to advertise for incoming Tor connections. ORPort RELAY_PORT ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. #Address noname.example.com ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. # OutboundBindAddress 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. Nickname RELAY_NICKNAME ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) RelayBandwidthRate RELAY_BANDWIDTH_RATE RelayBandwidthBurst RELAY_BANDWIDTH_BURST ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "4 GB" may allow up to 8 GB total before ## hibernating. ## ## Set a maximum of 4 gigabytes each way per period. #AccountingMax 4 GBytes ## Each period starts daily at midnight (AccountingMax is per day) #AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 ## Administrative contact information for this relay or bridge. This line ## can be used to contact you if your relay or bridge is misconfigured or ## something else goes wrong. Note that we archive and publish all ## descriptors containing these lines and that Google indexes them, so ## spammers might also collect them. You may want to obscure the fact that ## it's an email address and/or generate a new address for this purpose. #ContactInfo Random Person ## You might also include your PGP or GPG fingerprint if you have one: ContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL ## Uncomment this to mirror directory information for others. Please do ## if you have enough bandwidth. #DirPort 9030 # what port to advertise for directory connections ## If you want to listen on a port other than the one advertised in ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as ## follows. below too. You'll need to do ipchains or other port ## forwarding yourself to make this work. #DirPort 80 NoListen #DirPort 127.0.0.1:9091 NoAdvertise ## Uncomment to return an arbitrary blob of html on your DirPort. Now you ## can explain what Tor is if anybody wonders why your IP address is ## contacting them. See contrib/tor-exit-notice.html in Tor's source ## distribution for a sample. #DirPortFrontPage /etc/tor/tor-exit-notice.html ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. If you want to _replace_ ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the ## default exit policy. Leave commented to just use the default, which is ## described in the man page or at ## https://www.torproject.org/documentation.html ## ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, ## you should update your exit policy to reflect this -- otherwise Tor ## users will be told that those destinations are down. ## ## For security, by default Tor rejects connections to private (local) ## networks, including to your public IP address. See the man page entry ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". ## #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more #ExitPolicy accept *:119 # accept nntp as well as default exit policy ExitPolicy reject *:* # no exits allowed ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can ## be a real relay, please do; but if not, be a bridge! BridgeRelay 1 ## By default, Tor will advertise your bridge to users through various ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: #PublishServerDescriptor 0 ================================================ FILE: tor-relay/torrc.exit ================================================ ## Configuration file for a typical Tor user ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc ## Tor opens a socks proxy on port 9050 by default -- even if you don't ## configure one below. Set "SocksPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. #SocksPort 192.168.0.1:9100 # Bind to this address:port too. ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SocksPolicy is set, we accept ## all (and only) requests that reach a SocksPort. Untrusted users who ## can access your SocksPort may be able to learn about the connections ## you make. #SocksPolicy accept 192.168.0.0/16 #SocksPolicy reject * ## Logs go to stdout at level "notice" unless redirected by something ## else, like one of the below lines. You can have as many Log lines as ## you want. ## ## We advise using "notice" in most cases, since anything more verbose ## may provide sensitive information to an attacker who obtains the logs. ## ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: #Log debug stderr ## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. This is ignored on Windows; ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory /var/lib/tor ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. #ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C #CookieAuthentication 1 ############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. #HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 ################ This section is just for relays ##################### # ## See https://www.torproject.org/docs/tor-doc-relay for details. ## Required: what port to advertise for incoming Tor connections. ORPort RELAY_PORT ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. #Address noname.example.com ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. # OutboundBindAddress 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. Nickname RELAY_NICKNAME ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) RelayBandwidthRate RELAY_BANDWIDTH_RATE RelayBandwidthBurst RELAY_BANDWIDTH_BURST ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "4 GB" may allow up to 8 GB total before ## hibernating. ## ## Set a maximum of 4 gigabytes each way per period. #AccountingMax 4 GBytes ## Each period starts daily at midnight (AccountingMax is per day) #AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 ## Administrative contact information for this relay or bridge. This line ## can be used to contact you if your relay or bridge is misconfigured or ## something else goes wrong. Note that we archive and publish all ## descriptors containing these lines and that Google indexes them, so ## spammers might also collect them. You may want to obscure the fact that ## it's an email address and/or generate a new address for this purpose. #ContactInfo Random Person ## You might also include your PGP or GPG fingerprint if you have one: ContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL ## Uncomment this to mirror directory information for others. Please do ## if you have enough bandwidth. #DirPort 9030 # what port to advertise for directory connections ## If you want to listen on a port other than the one advertised in ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as ## follows. below too. You'll need to do ipchains or other port ## forwarding yourself to make this work. #DirPort 80 NoListen #DirPort 127.0.0.1:9091 NoAdvertise ## Uncomment to return an arbitrary blob of html on your DirPort. Now you ## can explain what Tor is if anybody wonders why your IP address is ## contacting them. See contrib/tor-exit-notice.html in Tor's source ## distribution for a sample. #DirPortFrontPage /etc/tor/tor-exit-notice.html ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. If you want to _replace_ ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the ## default exit policy. Leave commented to just use the default, which is ## described in the man page or at ## https://www.torproject.org/documentation.html ## ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, ## you should update your exit policy to reflect this -- otherwise Tor ## users will be told that those destinations are down. ## ## For security, by default Tor rejects connections to private (local) ## networks, including to your public IP address. See the man page entry ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". ## #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more #ExitPolicy accept *:119 # accept nntp as well as default exit policy #ExitPolicy reject *:* # no exits allowed # # Reduced exit policy from https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587) ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here) ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8332-8333 # Bitcoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol) ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:* ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can ## be a real relay, please do; but if not, be a bridge! #BridgeRelay 1 ## By default, Tor will advertise your bridge to users through various ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: #PublishServerDescriptor 0 ================================================ FILE: tor-relay/torrc.middle ================================================ ## Configuration file for a typical Tor user ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc ## Tor opens a socks proxy on port 9050 by default -- even if you don't ## configure one below. Set "SocksPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. #SocksPort 192.168.0.1:9100 # Bind to this address:port too. ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SocksPolicy is set, we accept ## all (and only) requests that reach a SocksPort. Untrusted users who ## can access your SocksPort may be able to learn about the connections ## you make. #SocksPolicy accept 192.168.0.0/16 #SocksPolicy reject * ## Logs go to stdout at level "notice" unless redirected by something ## else, like one of the below lines. You can have as many Log lines as ## you want. ## ## We advise using "notice" in most cases, since anything more verbose ## may provide sensitive information to an attacker who obtains the logs. ## ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: #Log debug stderr ## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. This is ignored on Windows; ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory /var/lib/tor ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. #ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C #CookieAuthentication 1 ############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. #HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 ################ This section is just for relays ##################### # ## See https://www.torproject.org/docs/tor-doc-relay for details. ## Required: what port to advertise for incoming Tor connections. ORPort RELAY_PORT ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. #Address noname.example.com ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. # OutboundBindAddress 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. Nickname RELAY_NICKNAME ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) RelayBandwidthRate RELAY_BANDWIDTH_RATE RelayBandwidthBurst RELAY_BANDWIDTH_BURST ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "4 GB" may allow up to 8 GB total before ## hibernating. ## ## Set a maximum of 4 gigabytes each way per period. #AccountingMax 4 GBytes ## Each period starts daily at midnight (AccountingMax is per day) #AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 ## Administrative contact information for this relay or bridge. This line ## can be used to contact you if your relay or bridge is misconfigured or ## something else goes wrong. Note that we archive and publish all ## descriptors containing these lines and that Google indexes them, so ## spammers might also collect them. You may want to obscure the fact that ## it's an email address and/or generate a new address for this purpose. #ContactInfo Random Person ## You might also include your PGP or GPG fingerprint if you have one: ContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL ## Uncomment this to mirror directory information for others. Please do ## if you have enough bandwidth. #DirPort 9030 # what port to advertise for directory connections ## If you want to listen on a port other than the one advertised in ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as ## follows. below too. You'll need to do ipchains or other port ## forwarding yourself to make this work. #DirPort 80 NoListen #DirPort 127.0.0.1:9091 NoAdvertise ## Uncomment to return an arbitrary blob of html on your DirPort. Now you ## can explain what Tor is if anybody wonders why your IP address is ## contacting them. See contrib/tor-exit-notice.html in Tor's source ## distribution for a sample. #DirPortFrontPage /etc/tor/tor-exit-notice.html ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. If you want to _replace_ ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the ## default exit policy. Leave commented to just use the default, which is ## described in the man page or at ## https://www.torproject.org/documentation.html ## ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, ## you should update your exit policy to reflect this -- otherwise Tor ## users will be told that those destinations are down. ## ## For security, by default Tor rejects connections to private (local) ## networks, including to your public IP address. See the man page entry ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". ## #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more #ExitPolicy accept *:119 # accept nntp as well as default exit policy ExitPolicy reject *:* # no exits allowed ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can ## be a real relay, please do; but if not, be a bridge! #BridgeRelay 1 ## By default, Tor will advertise your bridge to users through various ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: #PublishServerDescriptor 0 ================================================ FILE: tor-router/Dockerfile ================================================ # run tor in a container # # docker run -d \ # --restart always \ # -v /etc/localtime:/etc/localtime:ro \ # -p 9040:22340 \ # -p 5353:22353 \ # --name tor-router \ # jess/tor-router # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ tor \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* EXPOSE 22340 EXPOSE 22350 EXPOSE 22353 # copy in our torrc file COPY torrc.default /etc/tor/torrc.default # make sure files are owned by tor user RUN chown -R debian-tor:debian-tor /etc/tor/torrc.default USER debian-tor ENTRYPOINT [ "tor" ] CMD [ "-f", "/etc/tor/torrc.default" ] ================================================ FILE: tor-router/torrc.default ================================================ ## Configuration file for a typical Tor user ## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: ## https://www.torproject.org/docs/faq#torrc ## Tor opens a socks proxy on port 9050 by default -- even if you don't ## configure one below. Set "SocksPort 0" if you plan to run Tor only ## as a relay, and not make any local application connections yourself. #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. #SocksPort 192.168.0.1:9100 # Bind to this address:port too. SocksPort 0.0.0.0:22350 VirtualAddrNetworkIPv4 10.192.0.0/10 AutomapHostsOnResolve 1 DNSPort 22353 DNSListenAddress 0.0.0.0 TransPort 22340 TransListenAddress 0.0.0.0 ## Entry policies to allow/deny SOCKS requests based on IP address. ## First entry that matches wins. If no SocksPolicy is set, we accept ## all (and only) requests that reach a SocksPort. Untrusted users who ## can access your SocksPort may be able to learn about the connections ## you make. #SocksPolicy accept 192.168.0.0/16 #SocksPolicy reject * ## Logs go to stdout at level "notice" unless redirected by something ## else, like one of the below lines. You can have as many Log lines as ## you want. ## ## We advise using "notice" in most cases, since anything more verbose ## may provide sensitive information to an attacker who obtains the logs. ## ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: #Log debug stderr ## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. This is ignored on Windows; ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. DataDirectory /var/lib/tor ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. #ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C #CookieAuthentication 1 ############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. #HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 ################ This section is just for relays ##################### # ## See https://www.torproject.org/docs/tor-doc-relay for details. ## Required: what port to advertise for incoming Tor connections. #ORPort 9001 ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. #Address noname.example.com ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. # OutboundBindAddress 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. #Nickname hacktheplanet ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "4 GB" may allow up to 8 GB total before ## hibernating. ## ## Set a maximum of 4 gigabytes each way per period. #AccountingMax 4 GBytes ## Each period starts daily at midnight (AccountingMax is per day) #AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 ## Administrative contact information for this relay or bridge. This line ## can be used to contact you if your relay or bridge is misconfigured or ## something else goes wrong. Note that we archive and publish all ## descriptors containing these lines and that Google indexes them, so ## spammers might also collect them. You may want to obscure the fact that ## it's an email address and/or generate a new address for this purpose. #ContactInfo Random Person ## You might also include your PGP or GPG fingerprint if you have one: #ContactInfo ${CONTACT_GPG_FINGERPRINT} ${CONTACT_NAME} ${CONTACT_EMAIL} ## Uncomment this to mirror directory information for others. Please do ## if you have enough bandwidth. #DirPort 9030 # what port to advertise for directory connections ## If you want to listen on a port other than the one advertised in ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as ## follows. below too. You'll need to do ipchains or other port ## forwarding yourself to make this work. #DirPort 80 NoListen #DirPort 127.0.0.1:9091 NoAdvertise ## Uncomment to return an arbitrary blob of html on your DirPort. Now you ## can explain what Tor is if anybody wonders why your IP address is ## contacting them. See contrib/tor-exit-notice.html in Tor's source ## distribution for a sample. #DirPortFrontPage /etc/tor/tor-exit-notice.html ## Uncomment this if you run more than one Tor relay, and add the identity ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See ## https://www.torproject.org/docs/faq#MultipleRelays ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. #MyFamily $keyid,$keyid,... ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. If you want to _replace_ ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the ## default exit policy. Leave commented to just use the default, which is ## described in the man page or at ## https://www.torproject.org/documentation.html ## ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, ## you should update your exit policy to reflect this -- otherwise Tor ## users will be told that those destinations are down. ## ## For security, by default Tor rejects connections to private (local) ## networks, including to your public IP address. See the man page entry ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". ## #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more #ExitPolicy accept *:119 # accept nntp as well as default exit policy #ExitPolicy reject *:* # no exits allowed ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can ## be a real relay, please do; but if not, be a bridge! #BridgeRelay 1 ## By default, Tor will advertise your bridge to users through various ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: #PublishServerDescriptor 0 ================================================ FILE: traceroute/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ traceroute \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT [ "traceroute" ] ================================================ FILE: transfer-sh/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jess Frazelle " RUN apk --no-cache add \ ca-certificates \ git ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV TRANSFER_SH_VERSION master RUN git clone --depth 1 --branch ${TRANSFER_SH_VERSION} https://github.com/dutchcoders/transfer.sh /go/src/github.com/dutchcoders/transfer.sh WORKDIR /go/src/github.com/dutchcoders/transfer.sh RUN GO111MODULE=on go build -o /usr/bin/transfer.sh # Create a clean image without build dependencies FROM alpine:latest COPY --from=builder /usr/bin/transfer.sh /usr/bin/transfer.sh COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "transfer.sh" ] CMD [ "--help" ] ================================================ FILE: transmission/Dockerfile ================================================ # DESCRIPTION: Create transmission container with its dependencies # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build a transmission container with all # dependencies installed. # Tested on Debian Jessie # USAGE: # # Download transmission Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/transmission/Dockerfile # # # Build transmission image # docker build -t jess/transmission . # # docker run -d --name transmission \ # -v /home/jessie/Torrents:/transmission/download \ # -p 9091:9091 -p 51413:51413 -p 51413:51413/udp \ # jess/transmission # # Base docker image FROM alpine:latest LABEL maintainer "Jessie Frazelle " # machine parsable metadata, for https://github.com/pycampers/dockapt LABEL "registry_image"="r.j3ss.co/transmission" LABEL "docker_run_flags"="-d --name transmission \ -v ~/Downloads:/transmission/download \ -p 9091:9091 -p 51413:51413 -p 51413:51413/udp" RUN apk --no-cache add \ transmission-daemon \ && mkdir -p /transmission/download \ /transmission/watch \ /transmission/incomplete \ /transmission/config \ && chmod 1777 /transmission ENV TRANSMISSION_HOME /transmission/config EXPOSE 9091 ENTRYPOINT ["/usr/bin/transmission-daemon"] CMD [ "--allowed", "127.*,10.*,192.168.*,172.16.*,172.17.*,172.18.*,172.19.*,172.20.*,172.21.*,172.22.*,172.23.*,172.24.*,172.25.*,172.26.*,172.27.*,172.28.*,172.29.*,172.30.*,172.31.*,169.254.*", "--watch-dir", "/transmission/watch", "--encryption-preferred", "--foreground", "--config-dir", "/transmission/config", "--incomplete-dir", "/transmission/incomplete", "--dht", "--no-auth", "--download-dir", "/transmission/download" ] ================================================ FILE: transmission-ui/Dockerfile ================================================ # DESCRIPTION: Create transmission container with its dependencies # AUTHOR: Jessie Frazelle # COMMENTS: # This file describes how to build a transmission container with all # dependencies installed. It uses native X11 unix socket. # Tested on Debian Jessie # USAGE: # # Download transmission-ui Dockerfile # wget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/transmission-ui/Dockerfile # # # Build transmission image # docker build -t jess/transmission-ui . # # docker run -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v /home/jessie/Torrents:/Torrents \ # -e DISPLAY=unix$DISPLAY jess/transmission-ui # # Base docker image FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Install transmission and its dependencies RUN apt-get update && apt-get install -y \ transmission-cli \ transmission-common \ transmission-daemon \ transmission-gtk \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Autorun transmission CMD ["/usr/bin/transmission-gtk"] ================================================ FILE: travis/Dockerfile ================================================ FROM ruby:alpine LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ git RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ && gem install travis --no-document \ && apk del .build-deps ENTRYPOINT ["travis"] ================================================ FILE: troff/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ heirloom-doctools ENTRYPOINT ["troff"] ================================================ FILE: unifi/Dockerfile ================================================ # Run the Ubiquiti UniFi Controller in a container # # Setup a local directory to store your unifi controller config: # mkdir -p ~/.config/unifi/ # chmod -R 0700 ~/.config/unifi/ # # If you have already been using a locally installed unifi controller, # copy the contents of your existing unifi config: # cp -R /var/lib/unifi/* ~/.config/unifi/ # Linux # cp -R ~/Library/Application\ Support/UniFi/* ~/.config/unifi/ # MacOS # # Build the docker image (from directory with this Dockerfile & entrypoint.sh): # docker build -t unifi . # # Start a unifi controller container: # docker run \ # interactive mode isn't necessary # -v ~/.config/unifi:/config \ # for persistent config # -p 8080:8080 -p 8443:8443 -p 8843:8843 -p 8880:8880 -p 3478:3478/udp \ # --name unifi \ # unifi # # Access the controller in your browser at: https://127.0.0.1:8443 # # If existing devices are showing up as "disconnected" once logged in, # SSH into each device and run: # set-inform http://ip_of_docker_host:8080/inform # FROM ubuntu:16.04 # environment settings ENV DEBIAN_FRONTEND="noninteractive" # install deps RUN apt-get update && apt-get install -y \ ca-certificates \ dirmngr \ gnupg \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # install gosu ENV GOSU_VERSION 1.12 RUN set -ex; \ \ fetchDeps=' \ wget \ '; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ rm -rf /var/lib/apt/lists/*; \ \ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ \ # verify the signature export GNUPGHOME="$(mktemp -d)"; \ for server in $(shuf -e ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ keyserver.ubuntu.com \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu) ; do \ gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ done && \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ \ chmod +x /usr/local/bin/gosu; \ # verify that the binary works gosu nobody true; \ \ apt-get purge -y --auto-remove $fetchDeps # add mongo repo RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 \ && echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" >> /etc/apt/sources.list.d/mongo.list # install packages RUN apt-get update && apt-get install -y \ binutils \ jsvc \ mongodb-org-server \ openjdk-8-jre-headless \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # unifi version # From: https://www.ubnt.com/download/unifi/ ENV UNIFI_VERSION "5.12.72" # install unifi RUN apt-get update && apt-get install -y \ curl \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -o /tmp/unifi.deb -L "https://dl.ubnt.com/unifi/${UNIFI_VERSION}/unifi_sysvinit_all.deb" \ && dpkg -i /tmp/unifi.deb \ && rm -rf /tmp/unifi.deb \ && echo "Build complete." WORKDIR /config # 3478 - STUN # 8080 - device inform (http) # 8443 - web management (https) # 8843 - guest portal (https) # 8880 - guest portal (http) # 6789 - throughput / mobile speedtest (tcp) # 10001 - device discovery (udp) # ref https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used EXPOSE 3478/udp 8080 8081 8443 8843 8880 6789 10001/udp COPY entrypoint.sh /usr/local/bin/entrypoint.sh ENTRYPOINT [ "entrypoint.sh" ] CMD ["java", "-Xmx1024M", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"] ================================================ FILE: unifi/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail # Create the folder heirarchy. mkdir -p /config/{data,logs,run} # Create symlinks for the config if [[ -L /usr/lib/unifi/data && ! /usr/lib/unifi/data -ef /config/data ]]; then unlink /usr/lib/unifi/data fi if [[ -L /usr/lib/unifi/logs && ! /usr/lib/unifi/logs -ef /config/logs ]]; then unlink /usr/lib/unifi/logs fi if [[ -L /usr/lib/unifi/run && ! /usr/lib/unifi/run -ef /config/run ]]; then unlink /usr/lib/unifi/run fi if [[ ! -L /usr/lib/unifi/data ]]; then ln -s /config/data /usr/lib/unifi/data fi if [[ ! -L /usr/lib/unifi/logs ]]; then ln -s /config/logs /usr/lib/unifi/logs fi if [[ ! -L /usr/lib/unifi/run ]]; then ln -s /config/run /usr/lib/unifi/run fi # Generate a key if it doesn't exist. if [[ ! -f /config/data/keystore ]]; then keytool -genkey -keyalg RSA -alias unifi -keystore /config/data/keystore \ -storepass aircontrolenterprise -keypass aircontrolenterprise -validity 1825 \ -keysize 4096 -dname "cn=unifi" fi chown -R unifi:unifi /config /usr/lib/unifi # shellcheck disable=SC2068 exec gosu unifi $@ ================================================ FILE: unixbench/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ bash \ coreutils \ dateutils \ gcc \ make \ musl-dev \ perl ENV UNIXBENCH_VERSION v5.1.3 RUN set -x \ && apk add --no-cache --virtual .build-deps \ ca-certificates \ curl \ && mkdir -p /usr/src/unixbench \ && curl -sSL "https://github.com/kdlucas/byte-unixbench/archive/${UNIXBENCH_VERSION}.tar.gz" | tar -xzC /usr/src/unixbench --strip-components 2 \ && chmod +x /usr/src/unixbench/Run \ && apk del .build-deps WORKDIR /usr/src/unixbench ENTRYPOINT [ "/usr/src/unixbench/Run" ] ================================================ FILE: vagrant/Dockerfile ================================================ FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ bridge-utils \ ca-certificates \ curl \ gcc \ libxslt-dev \ libxml2-dev \ libvirt0 \ libvirt-dev \ make \ pkg-config \ qemu-kvm \ ruby-dev \ ssh \ zlib1g-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV VAGRANT_VERSION 2.2.9 # download the source RUN curl -sSL "https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb" -o /tmp/vagrant-amd64.deb \ && dpkg -i /tmp/vagrant-amd64.deb \ && rm -rf /tmp/*.deb # install the libvirt plugin RUN vagrant plugin install vagrant-libvirt ENTRYPOINT [ "vagrant" ] ================================================ FILE: vault/Dockerfile ================================================ FROM golang:latest as builder LABEL maintainer="Jessica Frazelle " ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - RUN apt-get update && apt-get install -y \ gcc \ git \ g++ \ make \ nodejs \ pkgconf \ python \ yarn \ zip \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV VAULT_VERSION v1.4.2 RUN go get github.com/hashicorp/vault || true WORKDIR /go/src/github.com/hashicorp/vault RUN git checkout "${VAULT_VERSION}" RUN XC_ARCH="amd64" XC_OS="linux" XC_OSARCH="linux/amd64" LD_FLAGS=" -extldflags -static " make bootstrap static-dist bin \ && mv bin/vault /usr/bin/vault FROM alpine:latest COPY --from=builder /usr/bin/vault /usr/bin/vault COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "vault" ] CMD [ "--help" ] ================================================ FILE: viewdocs/Dockerfile ================================================ FROM golang:alpine as builder MAINTAINER Jessica Frazelle ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go RUN apk add --no-cache \ ca-certificates \ git RUN go get github.com/progrium/viewdocs WORKDIR /go/src/github.com/progrium/viewdocs RUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /usr/bin/viewdocs *.go FROM scratch COPY --from=builder /usr/bin/viewdocs /usr/bin/viewdocs COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "viewdocs" ] CMD [ "--help" ] ================================================ FILE: virt-viewer/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ libgl1-mesa-dri \ libgl1-mesa-glx \ virt-viewer \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENTRYPOINT ["virt-viewer", "-c", "qemu:///system"] ================================================ FILE: virtualbox/Dockerfile ================================================ # Run virtualbox in a container # # docker run -d \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --privileged \ # --name virtualbox \ # jess/virtualbox # # On first run it will throw an error that you need to # recompile the kernel module with: /etc/init.d/vboxdrv setup # # Here is how you get it to work: # copy the files you need for the module from the container that # is currently running to your host # # first the lib: # docker cp virtualbox:/usr/lib/virtualbox /usr/lib # # then the share # docker cp virtualbox:/usr/share/virtualbox /usr/share # # then run the script: # /usr/lib/virtualbox/vboxdrv.sh setup # # it will recompile the module, you can then see it in lsmod # # then you can remove all the shit you copied # rm -rf /usr/share/virtualbox /usr/lib/virtualbox # FROM debian:buster-slim LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ libcurl4 \ libvpx5 \ procps \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* RUN buildDeps=' \ ca-certificates \ curl \ gnupg \ ' \ && set -x \ && mkdir -p /etc/xdg/QtProject \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ && curl -sSL https://www.virtualbox.org/download/oracle_vbox_2016.asc | apt-key add - \ && echo "deb http://download.virtualbox.org/virtualbox/debian buster contrib" >> /etc/apt/sources.list.d/virtualbox.list \ && apt-get update && apt-get install -y \ virtualbox-5.2 \ --no-install-recommends \ && apt-get purge -y --auto-remove $buildDeps ENTRYPOINT [ "/usr/bin/virtualbox" ] ================================================ FILE: vlc/Dockerfile ================================================ # VLC media player # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # --device /dev/snd \ # --device /dev/dri \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --name vlc \ # jess/vlc # FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ libgl1-mesa-dri \ libgl1-mesa-glx \ vlc \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/vlc RUN useradd --create-home --home-dir $HOME vlc \ && chown -R vlc:vlc $HOME \ && usermod -a -G audio,video vlc WORKDIR $HOME USER vlc ENTRYPOINT [ "vlc" ] ================================================ FILE: vscode/Dockerfile ================================================ # Visual Studio Code in a container # NOTE: Needs the redering device (yeah... idk) # # docker run -d \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -v $HOME:/home/user \ # -e DISPLAY=unix$DISPLAY \ # --device /dev/dri \ # --name vscode \ # jess/vscode FROM debian:bullseye-slim LABEL maintainer "Jessie Frazelle " # Tell debconf to run in non-interactive mode ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ gnupg \ --no-install-recommends # Add the vscode debian repo RUN curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | apt-key add - RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list RUN apt-get update && apt-get -y install \ code \ git \ libasound2 \ libatk1.0-0 \ libcairo2 \ libcups2 \ libexpat1 \ libfontconfig1 \ libfreetype6 \ libgtk2.0-0 \ libpango-1.0-0 \ libx11-xcb1 \ libxcomposite1 \ libxcursor1 \ libxdamage1 \ libxext6 \ libxfixes3 \ libxi6 \ libxrandr2 \ libxrender1 \ libxss1 \ libxtst6 \ openssh-client \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/user RUN useradd --create-home --home-dir $HOME user \ && chown -R user:user $HOME COPY start.sh /usr/local/bin/start.sh WORKDIR $HOME CMD [ "start.sh" ] ================================================ FILE: vscode/start.sh ================================================ #!/bin/bash set -e set -o pipefail su user -p -c /usr/share/code/code ================================================ FILE: wargames/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ncurses RUN set -x \ && apk add --no-cache --virtual .build-deps \ ca-certificates \ gcc \ git \ libc-dev \ make \ && git clone --depth 1 https://github.com/abs0/wargames.git /tmp/wargames \ && ( \ cd /tmp/wargames \ && make \ && make install \ ) \ && rm -rf /tmp/wargames \ && apk del .build-deps CMD [ "wargames" ] ================================================ FILE: watchtower/Dockerfile ================================================ FROM golang:alpine as builder LABEL maintainer "Jess Frazelle " RUN apk --no-cache add \ ca-certificates \ gcc \ git \ libc-dev ENV PATH /go/bin:/usr/local/go/bin:$PATH ENV GOPATH /go ENV WATCHTOWER_VERSION v1.0.2 RUN git clone --depth 1 --branch ${WATCHTOWER_VERSION} https://github.com/containrrr/watchtower /go/src/github.com/containrrr/watchtower WORKDIR /go/src/github.com/containrrr/watchtower RUN GO111MODULE=on go build -o /usr/bin/watchtower FROM alpine:latest COPY --from=builder /usr/bin/watchtower /usr/bin/watchtower COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs ENTRYPOINT [ "watchtower" ] CMD [ "--help" ] ================================================ FILE: wee-slack/Dockerfile ================================================ # Usage: # Building # docker build -t wee-slack . # Running (no saved state) # docker run -it \ # -v /etc/localtime:/etc/localtime:ro \ # for your time # wee-slack # Running (saved state) # docker run -it \ # -v /etc/localtime:/etc/localtime:ro \ # for your time # -v "${HOME}/.weechat:/home/user/.weechat" \ # wee-slack # FROM alpine:latest RUN apk add --no-cache \ ca-certificates \ python \ py2-pip \ weechat \ weechat-perl \ weechat-python RUN pip install websocket-client ENV HOME /home/user ADD https://raw.githubusercontent.com/rawdigits/wee-slack/master/wee_slack.py /home/user/.weechat/python/autoload/wee_slack.py RUN adduser -S user -h $HOME \ && chown -R user $HOME WORKDIR $HOME USER user CMD [ "weechat" ] ================================================ FILE: weechat/Dockerfile ================================================ # Run weechat in a container # # docker run -it \ # -v $HOME/.weechat/home/user/.weechat \ # --name weechat \ # jess/weechat # FROM alpine:latest RUN apk add --no-cache \ weechat \ weechat-perl \ weechat-python \ python ARG RUNTIME_UID ENV RUNTIME_UID ${UID:-1000} ENV HOME /home/user RUN adduser -D user -u ${RUNTIME_UID} \ && chown -R user $HOME WORKDIR $HOME USER user ENTRYPOINT [ "weechat" ] ================================================ FILE: weechat-matrix/Dockerfile ================================================ # Usage: # Building # docker build -t weechat-matrix . # Running (no saved state) # docker run -it \ # -v /etc/localtime:/etc/localtime:ro \ # for your time # weechat-matrix # Running (saved state) # docker run -it \ # -v /etc/localtime:/etc/localtime:ro \ # for your time # -v "${HOME}/.weechat:/home/user/.weechat" \ # weechat-matrix # FROM alpine:latest RUN apk add --no-cache \ build-base \ ca-certificates \ git \ libffi-dev \ libressl-dev \ olm-dev \ python3 \ python3-dev \ py3-pip \ weechat \ weechat-perl \ weechat-python \ --repository https://dl-4.alpinelinux.org/alpine/edge/community ENV HOME /home/user RUN adduser -S user -h $HOME \ && chown -R user $HOME \ && cd $HOME \ && git clone https://github.com/poljar/weechat-matrix.git \ && cd weechat-matrix \ && pip3 install -r requirements.txt \ && pip3 install websocket-client \ && make install \ && chown -R user $HOME WORKDIR $HOME USER user CMD [ "weechat" ] ================================================ FILE: wine/Dockerfile ================================================ # Wine docker image base FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " # install wine RUN echo "deb http://deb.debian.org/debian sid main contrib" > /etc/apt/sources.list \ && apt-get update && apt-get install -y \ apt-transport-https \ cabextract \ ca-certificates \ curl \ gnupg2 \ fonts-wine \ winetricks \ --no-install-recommends && \ curl -sSL "https://dl.winehq.org/wine-builds/winehq.key" | apt-key add - \ && echo "deb https://dl.winehq.org/wine-builds/debian/ bullseye main" >> /etc/apt/sources.list \ && dpkg --add-architecture i386 && \ apt-get update && \ apt-get install -y \ libwine \ winehq-staging \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ENV HOME /root WORKDIR $HOME ================================================ FILE: wireguard/install/Dockerfile ================================================ # Usage: # # This uses a custom installs a kernel module hence the mounts # docker run --rm -it \ # --name wireguard \ # -v /lib/modules:/lib/modules \ # -v /usr/src:/usr/src:ro \ # r.j3ss.co/wireguard:install # FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt update && apt -y install \ build-essential \ ca-certificates \ git \ kmod \ libelf-dev \ libmnl-dev \ pkg-config \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # https://git.zx2c4.com/wireguard-linux-compat/ ENV WIREGUARD_VERSION v1.0.20200520 # https://git.zx2c4.com/wireguard-tools ENV WIREGUARD_TOOLS_VERSION v1.0.20200513 RUN set -x \ && git clone --depth 1 --branch "${WIREGUARD_VERSION}" https://git.zx2c4.com/wireguard-linux-compat.git /wireguard \ && git clone --depth 1 --branch "${WIREGUARD_TOOLS_VERSION}" https://git.zx2c4.com/wireguard-tools.git /wireguard-tools \ && ( \ cd /wireguard-tools/src \ && make -j$(nproc) \ && make install \ && make clean \ ) COPY entrypoint.sh /usr/local/bin/entrypoint.sh ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] CMD [ "wg", "--help" ] ================================================ FILE: wireguard/install/entrypoint.sh ================================================ #!/bin/sh set -e ( cd /wireguard/src echo "Building the wireguard kernel module..." make module echo "Installing the wireguard kernel module..." make module-install echo "Cleaning up..." make clean ) echo "Successfully built and installed the wireguard kernel module!" # shellcheck disable=SC2068 exec $@ ================================================ FILE: wireguard/tools/Dockerfile ================================================ FROM debian:sid-slim LABEL maintainer "Jessie Frazelle " RUN apt update && apt -y install \ ca-certificates \ libmnl-dev \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* COPY --from=r.j3ss.co/wireguard:install /usr/bin/wg /usr/bin/wg COPY --from=r.j3ss.co/wireguard:install /usr/share/man/man8/wg.8 /usr/share/man/man8/wg.8 ENTRYPOINT ["wg"] CMD ["--help"] ================================================ FILE: wireshark/Dockerfile ================================================ # Run wireshark in a container # # docker run -d \ # -v /etc/localtime:/etc/localtime:ro \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix$DISPLAY \ # --name wireshark \ # jess/wireshark # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:wireshark-dev/stable && \ apt-get update && \ apt-get install -y \ wireshark \ && rm -rf /var/lib/apt/lists/* ENV HOME /home/wireshark RUN useradd --create-home --home-dir $HOME wireshark \ && chown -R wireshark:wireshark $HOME RUN chown root:wireshark /usr/bin/dumpcap \ && setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap USER wireshark WORKDIR wireshark ENTRYPOINT [ "wireshark" ] ================================================ FILE: wrk/Dockerfile ================================================ FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk --no-cache add \ ca-certificates \ wrk CMD [ "wrk" ] ================================================ FILE: ykman/Dockerfile ================================================ # Run ykpersonalize in a container # # docker run --rm -it \ # --device /dev/bus/usb \ # --device /dev/usb # --name ykpersonalize \ # jess/ykpersonalize # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ pcscd \ procps \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:yubico/stable && \ apt-get update && apt-get install -y \ yubikey-manager \ && rm -rf /var/lib/apt/lists/* ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 WORKDIR /root/ COPY entrypoint.sh /usr/local/bin/ ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] CMD [ "ykman", "--help" ] ================================================ FILE: ykman/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail init(){ local pcscd_running pcscd_running=$(pgrep pcscd) if [ -z "$pcscd_running" ]; then echo "starting pcscd in backgroud" pcscd --debug --apdu pcscd --hotplug else echo "pcscd is running in already: ${pcscd_running}" fi } init "$@" ================================================ FILE: ykpersonalize/Dockerfile ================================================ # Run ykpersonalize in a container # # docker run --rm -it \ # --device /dev/bus/usb \ # --device /dev/usb # --name ykpersonalize \ # jess/ykpersonalize # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:yubico/stable && \ apt-get update && apt-get install -y \ ca-certificates \ curl \ libjson0 \ libusb-1.0-0 \ libyubikey0 \ pcscd \ procps \ usbutils \ yubikey-personalization \ yubico-piv-tool \ && rm -rf /var/lib/apt/lists/* WORKDIR /root/ COPY entrypoint.sh /usr/local/bin/ ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] CMD [ "ykpersonalize", "--help" ] ================================================ FILE: ykpersonalize/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail init(){ local pcscd_running pcscd_running=$(pgrep pcscd) if [ -z "$pcscd_running" ]; then echo "starting pcscd in backgroud" pcscd --debug --apdu pcscd --hotplug else echo "pcscd is running in already: ${pcscd_running}" fi } init "$@" ================================================ FILE: yubico-piv-tool/Dockerfile ================================================ # Run yubico-piv-tool in a container # # docker run --rm -it \ # --device /dev/bus/usb \ # --device /dev/usb # --name yubico-piv-tool \ # jess/yubico-piv-tool # FROM ubuntu:16.04 LABEL maintainer "Jessie Frazelle " RUN apt-get update && apt-get install -y \ software-properties-common \ --no-install-recommends && \ add-apt-repository ppa:yubico/stable && \ apt-get update && apt-get install -y \ pcscd \ procps \ usbutils \ yubico-piv-tool \ && rm -rf /var/lib/apt/lists/* WORKDIR /root/ COPY entrypoint.sh /usr/local/bin/ ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] CMD [ "yubico-piv-tool", "--help" ] ================================================ FILE: yubico-piv-tool/entrypoint.sh ================================================ #!/bin/bash set -e set -o pipefail init(){ local pcscd_running pcscd_running=$(pgrep pcscd) if [ -z "$pcscd_running" ]; then echo "starting pcscd in backgroud" pcscd --debug --apdu pcscd --hotplug else echo "pcscd is running in already: ${pcscd_running}" fi } init "$@" ================================================ FILE: znc/Dockerfile ================================================ # Run znc in a container # # docker run --restart always -d \ # --name znc \ # -p 6697:6697 \ # -v /volumes/znc:/home/user/.znc \ # jess/znc # FROM alpine:latest LABEL maintainer "Jessie Frazelle " RUN apk add --no-cache \ ca-certificates \ glib \ perl \ perl-datetime \ perl-libwww ENV HOME /home/user RUN adduser -u 1001 -D user \ && chown -R user:user $HOME ENV LANG C.UTF-8 ENV ZNC_VERSION 1.8.1-rc1 RUN set -x \ && apk add --no-cache --virtual .build-deps \ build-base \ curl \ libressl-dev \ perl-dev \ tar \ && curl -sSL "http://znc.in/releases/znc-${ZNC_VERSION}.tar.gz" -o /tmp/znc.tar.gz \ && mkdir -p /usr/src/znc \ && tar -xzf /tmp/znc.tar.gz -C /usr/src/znc --strip-components 1 \ && rm /tmp/znc.tar.gz* \ && ( \ cd /usr/src/znc \ && ./configure \ && make -j8 \ && make install \ ) \ && rm -rf /usr/src/znc \ && runDeps="$( \ scanelf --needed --nobanner --recursive /usr \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ && apk add --no-cache --virtual .irssi-rundeps $runDeps \ && apk del .build-deps WORKDIR $HOME USER user ENTRYPOINT [ "znc" ] CMD [ "-f" ] ================================================ FILE: zookeeper/3.4/Dockerfile ================================================ FROM openjdk:8-alpine ENV ZOOKEEPER_VERSION 3.4.14 ENV PATH $PATH:/opt/zookeeper/bin/ # the start files for zookeeper use bash RUN apk --no-cache add \ bash RUN buildDeps=' \ curl \ ' \ && echo "==> Installing dependencies..." \ && apk --no-cache add --virtual build-deps $buildDeps \ && echo "==> Downloading Zookeeper..." \ && mkdir -p /opt \ && curl -sSL "http://apache.osuosl.org/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/zookeeper-${ZOOKEEPER_VERSION}.tar.gz" | tar -xzf - -C /opt \ && mv /opt/zookeeper-${ZOOKEEPER_VERSION} /opt/zookeeper \ && cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg \ && apk del build-deps ENTRYPOINT ["zkServer.sh", "start-foreground"] ================================================ FILE: zookeeper/3.6/Dockerfile ================================================ FROM openjdk:8-alpine ENV ZOOKEEPER_VERSION 3.6.1 ENV PATH $PATH:/opt/zookeeper/bin/ # the start files for zookeeper use bash RUN apk --no-cache add \ bash RUN buildDeps=' \ curl \ tar \ ' \ && echo "==> Installing dependencies..." \ && apk --no-cache add --virtual build-deps $buildDeps \ && echo "==> Downloading Zookeeper..." \ && mkdir -p /opt \ && curl -sSL "http://apache.osuosl.org/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz" | tar -xzf - -C /opt \ && mv /opt/apache-zookeeper-${ZOOKEEPER_VERSION}-bin /opt/zookeeper \ && cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg \ && apk del build-deps ENTRYPOINT ["zkServer.sh", "start-foreground"] ================================================ FILE: zoom-us/Dockerfile ================================================ # docker run -d --rm \ # -v /tmp/.X11-unix:/tmp/.X11-unix \ # -e DISPLAY=unix\$DISPLAY \ # --device /dev/video0 \ # --device /dev/snd:/dev/snd \ # --device /dev/dri \ # -v /dev/shm:/dev/shm \ # jess/zoom-us FROM debian:sid-slim ENV DEBIAN_FRONTEND noninteractive # Dependencies for the client .deb RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ desktop-file-utils \ ibus \ ibus-gtk \ lib32z1 \ libx11-6 \ libasound2-dev \ libegl1-mesa \ libxcb-shm0 \ libglib2.0-0 \ libgl1-mesa-glx \ libxrender1 \ libxcomposite1 \ libxslt1.1 \ libgstreamer1.0-dev \ libgstreamer-plugins-base1.0-dev \ libxi6 \ libsm6 \ libfontconfig1 \ libpulse0 \ libsqlite3-0 \ libxcb-shape0 \ libxcb-xfixes0 \ libxcb-randr0 \ libxcb-image0 \ libxcb-keysyms1 \ libxcb-xtest0 \ libxtst6 \ libnss3 \ libxss1 \ sudo \ --no-install-recommends \ && rm -rf /var/lib/apt/lists/* ARG ZOOM_URL=https://zoom.us/client/latest/zoom_amd64.deb #install zoom RUN curl -sSL $ZOOM_URL -o /tmp/zoom_setup.deb \ && dpkg -i /tmp/zoom_setup.deb \ && apt-get -f install \ && rm /tmp/zoom_setup.deb \ && rm -rf /var/lib/apt/lists/* WORKDIR /usr/bin CMD [ "./zoom" ] ================================================ FILE: zsh/.zshrc ================================================ ================================================ FILE: zsh/Dockerfile ================================================ FROM alpine:latest COPY ./.zshrc /root/.zshrc RUN apk --no-cache add \ shadow \ zsh \ && chsh -s /bin/zsh || true ENV SHELL /usr/bin/zsh WORKDIR /root ENTRYPOINT ["/bin/zsh"]