Add ansible, htop, httpie, nmap, wireshark

README.md

@@ -1,2 +1,5 @@
 # containerfiles
-Containerfiles for Podman images
+
+These are Containerfiles I use with Podman on libostree-based Fedora distributions. Inspired by [jessfraz/dockerfiles](https://github.com/jessfraz/dockerfiles), but not nearly as bountiful, because these are intended to be used on an immutable ostree host where it is not feasible to run inside a toolbox container. I will eventually convert these to [podenv](https://github.com/podenv/podenv) configuration files, but, for want of more comprehensive documentation, it will take time to decode how Podenv configuration (and Podenv itself) works.
+
+Feel free to clone this repo and adapt these to your needs!

ansible/Containerfile

@@ -0,0 +1,27 @@
+# https://www.ansible.com/
+#
+# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker.
+#
+# podman run --rm \
+#     -it \
+#     -v ${PWD}/hosts:/etc/ansible/hosts:Z \
+#     -v ${PWD}/ansible.cfg:/etc/ansible/ansible.cfg:Z \
+#     -v ${HOME}/.ssh:/root/.ssh:Z \
+#     ansible all -m ping
+#
+FROM python:3-alpine
+LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
+
+RUN builddeps=' \
+                musl-dev \
+                openssl-dev \
+                libffi-dev \
+                gcc \
+                ' \
+        && apk --no-cache add \
+        ca-certificates \
+        $builddeps \
+        && pip install ansible \
+        && apk del --purge $builddeps
+
+ENTRYPOINT [ "ansible" ]

htop/Containerfile

@@ -0,0 +1,12 @@
+# htop in podman container
+#
+# podman run --rm -it \
+#     --pid host
+#     htop
+#
+FROM alpine:latest
+LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
+
+RUN apk --no-cache add htop
+
+CMD [ "htop" ]

httpie/Containerfile

@@ -0,0 +1,33 @@
+# httpie podman container
+#
+# Note: SELinux requires the :Z attribute set on volumes in Podman/Docker
+#
+# To download a file to the PWD:
+# podman run \
+#     --rm \
+#     -it \
+#     -v ${PWD}:/downloads:Z \
+#     httpie -d <url>
+#
+# To see a webpage:
+# podman run \
+#     --rm \
+#     -it \
+#     httpie <url>
+#
+FROM alpine:latest
+LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
+
+RUN apk --no-cache add \
+        ca-certificates \
+        gcc \
+        musl-dev \
+        python3 \
+        python3-dev \
+        py3-pip \
+        && pip install httpie httpie-unixsocket
+
+RUN mkdir /downloads
+WORKDIR /downloads
+
+ENTRYPOINT [ "http" ]

nmap/Containerfile

@@ -0,0 +1,26 @@
+# nmap podman container image
+#
+# Requires rootful podman to access net interfaces
+#
+# Note: SELinux requires the :Z attribute set when using volumes in Podman/Docker.
+#
+# sudo podman run -it --rm \
+#     --cap-add=NET_RAW \
+#     --cap-add=NET_ADMIN \
+#     --network host \
+#     -v $(pwd):/output:Z \
+#     --name nmap \
+#     nmap <nmap args>
+
+FROM fedora:latest
+LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
+
+RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf \
+    && dnf install -y nmap nmap-ncat \
+    && dnf clean all \
+    && mkdir /output
+
+WORKDIR /output
+
+
+ENTRYPOINT [ "nmap" ]

wireshark/Containerfile

@@ -0,0 +1,43 @@
+# Run Wireshark in podman container
+#
+# Requires rootful podman to access host network.
+#
+# podman run \
+#     --secuirity-opt label=disable \
+#     --net=host \
+#     --cap-add=NET_RAW \
+#     --cap-add=NET_ADMIN \
+#     -e PUID=1000 \
+#     -e PGID=1000 \
+#     -e TZ=America/Chicago \
+#     -e DISPLAY=:0 \
+#     -e XDG_RUNTIME_DIR=/run/user \
+#     -e XDG_SESSION_TYPE=wayland \
+#     -e GDK_BACKEND=wayland \
+#     -e QT_QPA_PLATFORM=wayland \
+#     -e WAYLAND_DISPLAY=wayland-0 \
+#     --mount type=tmpfs,destination=/run/user \
+#     -v /run/user/1000/wayland-0:/run/user/wayland-0 \
+#     -v /tmp/.X11-unix:/tmp/.X11-unix \
+#     --name wireshark \
+#     wireshark
+#
+FROM fedora:latest
+LABEL maintainer "Jeffrey Serio <hyperreal@unixcat.coffee>"
+
+RUN printf "fastestmirror=True\ndeltarpm=True\n" | tee -a /etc/dnf/dnf.conf
+RUN dnf install -y wireshark qt5-qtwayland \
+    && dnf clean all
+
+ENV HOME /home/wireshark
+RUN useradd --create-home -g wireshark --home-dir $HOME wireshark \
+    && chown -R wireshark:wireshark $HOME
+
+RUN chown root:wireshark /usr/bin/dumpcap \
+    && setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
+
+USER wireshark
+
+WORKDIR /home/wireshark
+
+ENTRYPOINT [ "wireshark" ]