Docker setup with my common work tools for IaC, ConfigManagement, neovim, rust tooling.
Initially the idea was to use alpine for security, but using musl and rust sometimes brings problems due to glibc requirements for certain crates. Additionally, at the time of this writing, the ubuntu image had no critical vuln and the alpine:3.18.2 had a few.
The container drops privilege to a user that mirrors the UID of the Host OS UID, so that writing files to disk is done through the same UID permissions.
Dropping privileges is done by su-exec.
Docker image tagged 3.2.1
$ docker pull sebOsp/tvl:3.2.1- Based on Alpine 3.20 (2024-06-06)
- neoVim 0.10 with coc, etc. code completion tooling, vim-plug with pre-installed settings, etc.
- Ansible
- Python
- Git-flow
- Everyday shell utils such as bat, fd, fzf, ripgrep, starship
- Terraform
- Astrovim
- Python
In the ubuntu version, if the outside user id is 1000, it has to use /home/ubuntu
Otherwise /home/sre needs to be used, this is so that we can preserve the user id inside the container.
$ touch $HOME/.docker_bash_hist
# Otherwise, you can do this to have bash_history shared
$ ln -s $HOME/.bash_history $HOME/.docker_bash_hist
$ docker run --rm --name test -v $HOME/:/home/ubuntu/work/ -e LOCAL_USER_ID=(id -u $USER) -it sebosp/tvl:3.2.1
# To work without networking:
$ docker run --network none --rm --name test -v $HOME/:/home/ubuntu/work/ -e LOCAL_USER_ID=(id -u $USER) -it sebosp/tvl:3.2.1if strace is needed for a debugging something, you can use --cap-add=SYS_PTRACE as part of the docker run flags.
- Update asciicast