alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add libsql

Browse Source
This commit is contained in:
Sun-ZhenXing
2025-12-29 18:05:34 +08:00
parent 4c7b3afc10
commit 953bb146ba
18 changed files with 1128 additions and 502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
builds/debian-dind/.env.example
View File

@@ -3,8 +3,8 @@
# Timezone (default: UTC)
TZ=UTC
# Debian version (default: 13.2)
DEBIAN_VERSION=13.2
# Debian version (default: 13.2-slim)
DEBIAN_VERSION=13.2-slim
# Docker port override (default: 2375)
DIND_PORT_OVERRIDE=2375

2
builds/debian-dind/Dockerfile
View File

@@ -1,4 +1,4 @@
ARG DEBIAN_VERSION=13.2
ARG DEBIAN_VERSION=13.2-slim
FROM debian:${DEBIAN_VERSION}
# Install dependencies

22
builds/debian-dind/README.md
View File

@@ -4,7 +4,7 @@ A Docker-in-Docker (DinD) service based on Debian, allowing you to run Docker in
## Features
- Based on latest stable Debian (13.2)
- Based on latest stable Debian (13.2-slim)
- Out-of-the-box Docker daemon
- Optional NVIDIA Container Toolkit for GPU support
- Resource limits configured
@@ -36,14 +36,14 @@ A Docker-in-Docker (DinD) service based on Debian, allowing you to run Docker in
Key environment variables (see `.env.example` for all options):
| Variable | Description | Default |
| ------------------------ | ----------------------------------- | ------- |
| `DEBIAN_VERSION` | Debian base image version | `13.2` |
| `DIND_PORT_OVERRIDE` | Host port for Docker daemon | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | Install NVIDIA toolkit during build | `false` |
| `TZ` | Timezone | `UTC` |
| `DIND_CPU_LIMIT` | CPU limit | `2.0` |
| `DIND_MEMORY_LIMIT` | Memory limit | `4G` |
| Variable | Description | Default |
| ------------------------ | ----------------------------------- | ----------- |
| `DEBIAN_VERSION` | Debian base image version | `13.2-slim` |
| `DIND_PORT_OVERRIDE` | Host port for Docker daemon | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | Install NVIDIA toolkit during build | `false` |
| `TZ` | Timezone | `UTC` |
| `DIND_CPU_LIMIT` | CPU limit | `2.0` |
| `DIND_MEMORY_LIMIT` | Memory limit | `4G` |
## GPU Support
@@ -112,13 +112,13 @@ variables:
When building the image manually:
- `DEBIAN_VERSION`: Debian base version (default: `13.2`)
- `DEBIAN_VERSION`: Debian base version (default: `13.2-slim`)
- `INSTALL_NVIDIA_TOOLKIT`: Install NVIDIA toolkit (default: `false`)
Example:
```bash
docker build --build-arg DEBIAN_VERSION=13.2 --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
docker build --build-arg DEBIAN_VERSION=13.2-slim --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
```
## License

22
builds/debian-dind/README.zh.md
View File

@@ -4,7 +4,7 @@
## 特性
- 基于最新稳定版 Debian13.2
- 基于最新稳定版 Debian13.2-slim
- 开箱即用的 Docker 守护进程
- 可选的 NVIDIA Container Toolkit支持 GPU
- 配置了资源限制
@@ -36,14 +36,14 @@
主要环境变量(查看 `.env.example` 了解所有选项):
| 变量 | 说明 | 默认值 |
| ------------------------ | ------------------------- | ------- |
| `DEBIAN_VERSION` | Debian 基础镜像版本 | `13.2` |
| `DIND_PORT_OVERRIDE` | Docker 守护进程的主机端口 | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | 构建时安装 NVIDIA 工具包 | `false` |
| `TZ` | 时区 | `UTC` |
| `DIND_CPU_LIMIT` | CPU 限制 | `2.0` |
| `DIND_MEMORY_LIMIT` | 内存限制 | `4G` |
| 变量 | 说明 | 默认值 |
| ------------------------ | ------------------------- | ----------- |
| `DEBIAN_VERSION` | Debian 基础镜像版本 | `13.2-slim` |
| `DIND_PORT_OVERRIDE` | Docker 守护进程的主机端口 | `2375` |
| `INSTALL_NVIDIA_TOOLKIT` | 构建时安装 NVIDIA 工具包 | `false` |
| `TZ` | 时区 | `UTC` |
| `DIND_CPU_LIMIT` | CPU 限制 | `2.0` |
| `DIND_MEMORY_LIMIT` | 内存限制 | `4G` |
## GPU 支持
@@ -112,13 +112,13 @@ variables:
手动构建镜像时:
- `DEBIAN_VERSION`Debian 基础版本(默认:`13.2`
- `DEBIAN_VERSION`Debian 基础版本(默认:`13.2-slim`
- `INSTALL_NVIDIA_TOOLKIT`:安装 NVIDIA 工具包(默认:`false`
示例:
```bash
docker build --build-arg DEBIAN_VERSION=13.2 --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
docker build --build-arg DEBIAN_VERSION=13.2-slim --build-arg INSTALL_NVIDIA_TOOLKIT=true -t debian-dind-gpu .
```
## 许可证

12
builds/debian-dind/docker-compose.yaml
View File

@@ -17,13 +17,13 @@ services:
context: .
dockerfile: Dockerfile
args:
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2}
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2-slim}
- INSTALL_NVIDIA_TOOLKIT=${INSTALL_NVIDIA_TOOLKIT:-false}
privileged: true
ports:
- "${DIND_PORT_OVERRIDE:-2375}:2375"
volumes:
- dind-data:/var/lib/docker
- dind_data:/var/lib/docker
environment:
- TZ=${TZ:-UTC}
- DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-}
@@ -52,13 +52,13 @@ services:
context: .
dockerfile: Dockerfile
args:
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2}
- DEBIAN_VERSION=${DEBIAN_VERSION:-13.2-slim}
- INSTALL_NVIDIA_TOOLKIT=true
privileged: true
ports:
- "${DIND_PORT_OVERRIDE:-2375}:2375"
volumes:
- dind-gpu-data:/var/lib/docker
- dind_gpu_data:/var/lib/docker
environment:
- TZ=${TZ:-UTC}
- DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-}
@@ -86,5 +86,5 @@ services:
- gpu
volumes:
dind-data:
dind-gpu-data:
dind_data:
dind_gpu_data:

70
builds/debian-dind/dockerd-entrypoint.sh
View File

@@ -5,46 +5,46 @@ set -e
# https://github.com/docker-library/docker/blob/master/24/dind/dockerd-entrypoint.sh
if [ -z "$DOCKER_HOST" ]; then
case "$1" in
dockerd*)
# If we're running dockerd, we need to make sure we have cgroups mounted
if [ ! -d /sys/fs/cgroup ]; then
mkdir -p /sys/fs/cgroup
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
case "$1" in
dockerd*)
# If we're running dockerd, we need to make sure we have cgroups mounted
if [ ! -d /sys/fs/cgroup ]; then
mkdir -p /sys/fs/cgroup
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
# Mount cgroup v2 if available and not mounted
if [ -e /sys/fs/cgroup/cgroup.controllers ] && ! mountpoint -q /sys/fs/cgroup; then
mount -t cgroup2 -o nsdelegate cgroup2 /sys/fs/cgroup
fi
# Mount cgroup v2 if available and not mounted
if [ -e /sys/fs/cgroup/cgroup.controllers ] && ! mountpoint -q /sys/fs/cgroup; then
mount -t cgroup2 -o nsdelegate cgroup2 /sys/fs/cgroup
fi
# If /sys/fs/cgroup is not a cgroup2 mount, we might need to mount cgroup v1 hierarchies
if ! mountpoint -q /sys/fs/cgroup || [ "$(stat -f -c %T /sys/fs/cgroup)" != "cgroup2fs" ]; then
if [ -d /sys/fs/cgroup/cgroup.controllers ]; then
# It is cgroup2 but maybe not mounted as such?
# Actually if it exists, it's likely v2.
:
else
# cgroup v1
for subsystem in $(awk '/^[^#]/ { print $1 }' /proc/cgroups); do
mkdir -p "/sys/fs/cgroup/$subsystem"
if ! mountpoint -q "/sys/fs/cgroup/$subsystem"; then
mount -t cgroup -o "$subsystem" cgroup "/sys/fs/cgroup/$subsystem"
fi
done
fi
fi
;;
esac
# If /sys/fs/cgroup is not a cgroup2 mount, we might need to mount cgroup v1 hierarchies
if ! mountpoint -q /sys/fs/cgroup || [ "$(stat -f -c %T /sys/fs/cgroup)" != "cgroup2fs" ]; then
if [ -d /sys/fs/cgroup/cgroup.controllers ]; then
# It is cgroup2 but maybe not mounted as such?
# Actually if it exists, it's likely v2.
:
else
# cgroup v1
for subsystem in $(awk '/^[^#]/ { print $1 }' /proc/cgroups); do
mkdir -p "/sys/fs/cgroup/$subsystem"
if ! mountpoint -q "/sys/fs/cgroup/$subsystem"; then
mount -t cgroup -o "$subsystem" cgroup "/sys/fs/cgroup/$subsystem"
fi
done
fi
fi
;;
esac
fi
if [ "$1" = 'dockerd' ] || [ "${1#-}" != "$1" ]; then
# if the first argument is "dockerd" or a flag (starts with -)
if [ "${1#-}" != "$1" ]; then
set -- dockerd "$@"
fi
# if the first argument is "dockerd" or a flag (starts with -)
if [ "${1#-}" != "$1" ]; then
set -- dockerd "$@"
fi
# Explicitly use iptables-legacy if available, as it is often more stable for DinD
if command -v update-alternatives >/dev/null; then

2
builds/kata-inside-dind/.env.example
View File

@@ -2,7 +2,7 @@
# GLOBAL_REGISTRY=registry.example.com/
# Debian Version
DEBIAN_VERSION=13.2
DEBIAN_VERSION=13.2-slim
# Kata Containers Version
KATA_VERSION=3.24.0

5
builds/kata-inside-dind/Dockerfile
View File

@@ -1,4 +1,4 @@
ARG DEBIAN_VERSION=13.2
ARG DEBIAN_VERSION=13.2-slim
FROM debian:${DEBIAN_VERSION}
# Install dependencies
@@ -57,7 +57,8 @@ RUN if [ "${ARCH}" = "amd64" ]; then ARCH="x86_64"; fi \
&& curl -fsSL https://github.com/firecracker-microvm/firecracker/releases/download/v${FIRECRACKER_VERSION}/firecracker-v${FIRECRACKER_VERSION}-${ARCH}.tgz -o firecracker.tgz \
&& tar -xzf firecracker.tgz \
&& mv release-v${FIRECRACKER_VERSION}-${ARCH}/firecracker-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/firecracker \
&& chmod +x /usr/local/bin/firecracker \
&& mv release-v${FIRECRACKER_VERSION}-${ARCH}/jailer-v${FIRECRACKER_VERSION}-${ARCH} /usr/local/bin/jailer \
&& chmod +x /usr/local/bin/firecracker /usr/local/bin/jailer \
&& rm -rf release-v${FIRECRACKER_VERSION}-${ARCH} firecracker.tgz
# Set up dind

24
builds/kata-inside-dind/README.md
View File

@@ -84,18 +84,18 @@ cat /sys/module/kvm_intel/parameters/nested
### Environment Variables
| Variable | Default | Description |
| ------------------------------ | -------- | --------------------------------------------- |
| `DEBIAN_VERSION` | `13.2` | Base Debian version |
| `KATA_VERSION` | `3.24.0` | Kata Containers version |
| `FIRECRACKER_VERSION` | `1.10.1` | Version of Firecracker VMM to install |
| `KATA_DIND_VERSION` | `0.2.0` | Built image version tag |
| `TZ` | `UTC` | Timezone for the container |
| `KATA_LOGGING_LEVEL` | `info` | Kata logging level (debug, info, warn, error) |
| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU limit in cores |
| `KATA_DIND_MEMORY_LIMIT` | `4G` | Memory limit |
| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU reservation in cores |
| `KATA_DIND_MEMORY_RESERVATION` | `1G` | Memory reservation |
| Variable | Default | Description |
| ------------------------------ | ----------- | --------------------------------------------- |
| `DEBIAN_VERSION` | `13.2-slim` | Base Debian version |
| `KATA_VERSION` | `3.24.0` | Kata Containers version |
| `FIRECRACKER_VERSION` | `1.10.1` | Version of Firecracker VMM to install |
| `KATA_DIND_VERSION` | `0.2.0` | Built image version tag |
| `TZ` | `UTC` | Timezone for the container |
| `KATA_LOGGING_LEVEL` | `info` | Kata logging level (debug, info, warn, error) |
| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU limit in cores |
| `KATA_DIND_MEMORY_LIMIT` | `4G` | Memory limit |
| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU reservation in cores |
| `KATA_DIND_MEMORY_RESERVATION` | `1G` | Memory reservation |
## Usage Examples

24
builds/kata-inside-dind/README.zh.md
View File

@@ -84,18 +84,18 @@ cat /sys/module/kvm_intel/parameters/nested
### 环境变量
| 变量 | 默认值 | 说明 |
| ------------------------------ | -------- | ----------------------------------------- |
| `DEBIAN_VERSION` | `13.2` | 基础 Debian 版本 |
| `KATA_VERSION` | `3.24.0` | Kata Containers 版本 |
| `FIRECRACKER_VERSION` | `1.10.1` | 要安装的 Firecracker VMM 版本 |
| `KATA_DIND_VERSION` | `0.2.0` | 构建的镜像版本标签 |
| `TZ` | `UTC` | 容器的时区 |
| `KATA_LOGGING_LEVEL` | `info` | Kata 日志级别debug、info、warn、error |
| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU 限制(核心数) |
| `KATA_DIND_MEMORY_LIMIT` | `4G` | 内存限制 |
| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU 预留(核心数) |
| `KATA_DIND_MEMORY_RESERVATION` | `1G` | 内存预留 |
| 变量 | 默认值 | 说明 |
| ------------------------------ | ----------- | ----------------------------------------- |
| `DEBIAN_VERSION` | `13.2-slim` | 基础 Debian 版本 |
| `KATA_VERSION` | `3.24.0` | Kata Containers 版本 |
| `FIRECRACKER_VERSION` | `1.10.1` | 要安装的 Firecracker VMM 版本 |
| `KATA_DIND_VERSION` | `0.2.0` | 构建的镜像版本标签 |
| `TZ` | `UTC` | 容器的时区 |
| `KATA_LOGGING_LEVEL` | `info` | Kata 日志级别debug、info、warn、error |
| `KATA_DIND_CPU_LIMIT` | `2.00` | CPU 限制(核心数) |
| `KATA_DIND_MEMORY_LIMIT` | `4G` | 内存限制 |
| `KATA_DIND_CPU_RESERVATION` | `0.50` | CPU 预留(核心数) |
| `KATA_DIND_MEMORY_RESERVATION` | `1G` | 内存预留 |
## 使用示例

2
builds/kata-inside-dind/docker-compose.yaml
View File

@@ -18,7 +18,7 @@ services:
context: .
dockerfile: Dockerfile
args:
DEBIAN_VERSION: ${DEBIAN_VERSION:-13.2}
DEBIAN_VERSION: ${DEBIAN_VERSION:-13.2-slim}
KATA_VERSION: ${KATA_VERSION:-3.24.0}
FIRECRACKER_VERSION: ${FIRECRACKER_VERSION:-1.14.0}
privileged: true

9
builds/kata-inside-dind/dockerd-entrypoint.sh
View File

@@ -78,6 +78,15 @@ if [ -f /etc/kata-containers/configuration-fc.toml ] && [ -x /usr/local/bin/fire
sed -i 's|path = ".*firecracker"|path = "/usr/local/bin/firecracker"|g' /etc/kata-containers/configuration-fc.toml || true
fi
fi
# Update jailer path if available
if [ -x /usr/local/bin/jailer ]; then
if ! grep -q "jailer_path = \"/usr/local/bin/jailer\"" /etc/kata-containers/configuration-fc.toml 2>/dev/null; then
if [ -w /etc/kata-containers/configuration-fc.toml ]; then
sed -i 's|jailer_path = ".*jailer"|jailer_path = "/usr/local/bin/jailer"|g' /etc/kata-containers/configuration-fc.toml || true
fi
fi
fi
fi
# Enable debug logging if requested