Jip-Hop/README.md

Last active August 27, 2024 16:40

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Jip-Hop/4704ba4aa87c99f342b2846ed7885a5d.js"></script>
Save Jip-Hop/4704ba4aa87c99f342b2846ed7885a5d to your computer and use it in GitHub Desktop.

Download ZIP

Persistent Debian 'jail' on TrueNAS SCALE to install software (docker-compose, portainer, podman, etc.) with full access to all files via bind mounts. Without modifying the host OS at all thanks to systemd-nspawn!

Raw

Development of Jailmaker continues in this git repo.

I've opened up Github Discussions to further discuss Jailmaker.

Codelica commented Jun 27, 2023

@aardvarkl Github doesn't but I'm Codelica on Discord and on the TrueNAS community there also.

aardvarkl commented Jun 27, 2023

and I am Confused on TN on Discord - I think I have sent you a request

PackElend commented Jun 28, 2023

At that point there is a "safe" and isolated install of Docker running which can be used

can you define safe? If you add an external interface is any network traffic to/from the Docker going through that interface or is there still shared network resources of the host?

Codelica commented Jun 28, 2023

can you define safe? If you add an external interface is any network traffic to/from the Docker going through that interface or is there still shared network resources of the host?

By safe I mean if IX decides to remove Docker from their base Scale host install (like they going to do I believe) and just keep k3s/containerd, my install of Docker (running under their system) shouldn't be affected. As it's really no different than any other custom container running. So unless they do away with all custom containers, leaving only installs from app catalogs, it should be fine. That would be extreme IMO, and even then I guess it could be done by creating a catalog and config, etc -- but would be a pain.

As far as networking goes, adding other interfaces just gives flexibility. Basically I wanted my Docker apps with their own interface (leaving NAS & Plex stuff alone on my main 10G interface). So I gave it one interface on the LAN one one that's a private network for internal service backends for other machines (dbs, message bus, etc) as I do dev work. Both show (net1, net2) in the docker container with local routes to their subnets. So local traffic from Docker apps to the LAN uses net1 for example. But by default the default internet route would be the eth0 interface that the custom container provides via k3s. But that can be changed by just changing the default route within the Docker container to point to my gateway off net1 for example.

Anyway, I have messages from you guys on Discord so we can continue there. : )

Author

Jip-Hop commented Aug 13, 2023

I think it makes more sense now to continue the discussion over here:
https://github.com/Jip-Hop/jailmaker/discussions

😄

Author

Jip-Hop commented Aug 14, 2023

Does any of you use jailmaker alongside Apps? Please let me know about your experience in this poll in order to support this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment