Add ansible, htop, httpie, nmap, wireshark

This commit is contained in:
Jeffrey Serio 2022-02-15 20:42:32 -06:00
parent 1e67f0970b
commit 7c1e4e8e88
6 changed files with 145 additions and 1 deletions

View File

@ -1,2 +1,5 @@
# containerfiles # containerfiles
Containerfiles for Podman images
These are Containerfiles I use with Podman on libostree-based Fedora distributions. Inspired by [jessfraz/dockerfiles](https://github.com/jessfraz/dockerfiles), but not nearly as bountiful, because these are intended to be used on an immutable ostree host where it is not feasible to run inside a toolbox container. I will eventually convert these to [podenv](https://github.com/podenv/podenv) configuration files, but, for want of more comprehensive documentation, it will take time to decode how Podenv configuration (and Podenv itself) works.
Feel free to clone this repo and adapt these to your needs!

27
ansible/Containerfile Normal file
View File

@ -0,0 +1,27 @@
# https://www.ansible.com/
#
# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker.
#
# podman run --rm \
# -it \
# -v ${PWD}/hosts:/etc/ansible/hosts:Z \
# -v ${PWD}/ansible.cfg:/etc/ansible/ansible.cfg:Z \
# -v ${HOME}/.ssh:/root/.ssh:Z \
# ansible all -m ping
#
FROM python:3-alpine
LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
RUN builddeps=' \
musl-dev \
openssl-dev \
libffi-dev \
gcc \
' \
&& apk --no-cache add \
ca-certificates \
$builddeps \
&& pip install ansible \
&& apk del --purge $builddeps
ENTRYPOINT [ "ansible" ]

12
htop/Containerfile Normal file
View File

@ -0,0 +1,12 @@
# htop in podman container
#
# podman run --rm -it \
# --pid host
# htop
#
FROM alpine:latest
LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
RUN apk --no-cache add htop
CMD [ "htop" ]

33
httpie/Containerfile Normal file
View File

@ -0,0 +1,33 @@
# httpie podman container
#
# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker
#
# To download a file to the PWD:
# podman run \
# --rm \
# -it \
# -v ${PWD}:/downloads:Z \
# httpie -d <url>
#
# To see a webpage:
# podman run \
# --rm \
# -it \
# httpie <url>
#
FROM alpine:latest
LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
RUN apk --no-cache add \
ca-certificates \
gcc \
musl-dev \
python3 \
python3-dev \
py3-pip \
&& pip install httpie httpie-unixsocket
RUN mkdir /downloads
WORKDIR /downloads
ENTRYPOINT [ "http" ]

26
nmap/Containerfile Normal file
View File

@ -0,0 +1,26 @@
# nmap podman container image
#
# Requires rootful podman to access net interfaces
#
# Note: SELinux requires the :Z attribute set when using volumes in Podman/Docker.
#
# sudo podman run -it --rm \
# --cap-add=NET_RAW \
# --cap-add=NET_ADMIN \
# --network host \
# -v $(pwd):/output:Z \
# --name nmap \
# nmap <nmap args>
FROM fedora:latest
LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf \
&& dnf install -y nmap nmap-ncat \
&& dnf clean all \
&& mkdir /output
WORKDIR /output
ENTRYPOINT [ "nmap" ]

43
wireshark/Containerfile Normal file
View File

@ -0,0 +1,43 @@
# Run Wireshark in podman container
#
# Requires rootful podman to access host network.
#
# podman run \
# --secuirity-opt label=disable \
# --net=host \
# --cap-add=NET_RAW \
# --cap-add=NET_ADMIN \
# -e PUID=1000 \
# -e PGID=1000 \
# -e TZ=America/Chicago \
# -e DISPLAY=:0 \
# -e XDG_RUNTIME_DIR=/run/user \
# -e XDG_SESSION_TYPE=wayland \
# -e GDK_BACKEND=wayland \
# -e QT_QPA_PLATFORM=wayland \
# -e WAYLAND_DISPLAY=wayland-0 \
# --mount type=tmpfs,destination=/run/user \
# -v /run/user/1000/wayland-0:/run/user/wayland-0 \
# -v /tmp/.X11-unix:/tmp/.X11-unix \
# --name wireshark \
# wireshark
#
FROM fedora:latest
LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf
RUN dnf install -y wireshark qt5-qtwayland \
&& dnf clean all
ENV HOME /home/wireshark
RUN useradd --create-home -g wireshark --home-dir $HOME wireshark \
&& chown -R wireshark:wireshark $HOME
RUN chown root:wireshark /usr/bin/dumpcap \
&& setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
USER wireshark
WORKDIR /home/wireshark
ENTRYPOINT [ "wireshark" ]