Welcome to my container images, if looking for a container start by browsing the container packages.
The goal of this project is to support containers for various applications, while following the best practices including:
- Semantic versioning
- Multiple architectures
- Security best practices
- Rootless PID 1
- Restricted Pod Security Standards
- Read-Only Root Filesystem
- Mount secrets as files
- By default all files in
/secretswill be passed to underlying process (i.e./secrets/MY_SECRETcontents will be passed asMY_SECRETenv) - Also any env ending in
_FILEwill have underlying file passed (i.e.MY_SECRET_FILE=/path/filewill result inMY_SECRET=<contents of /path/file>)
- By default all files in
- Consistent behavior for all images
- Use original image environment variables as closely as possible
- Logging to stdout
- One process per container
- Consistent paths
- All configuration data (files, sqlite databases, caches etc.) should live in
/configendpoint - All assets (photos, movies, Linux ISOs) should live in
/dataendpoint - Writable
/tmp
- All configuration data (files, sqlite databases, caches etc.) should live in
Very few containers (like proxmox-backup-server) are basically full operating systems, squished into container format. These ones need root and rw permissions to work properly. They will be marked accordingly in Available Images table.
These environment variables are universally available across all images:
| ENV | Default | Description |
|---|---|---|
DEBUG_OS |
"" |
When set to any value, implies set -x |
ENVDIR_DIRECTORY |
/secrets |
Directory to pick env variables from |
SKIP_FILE_SECRETS_EXPANSION |
"" |
When set, all _FILE envs won't be expanded and checked |
The containers built here do not use immutable tags, as least not in the more common way you have seen from linuxserver.io or Bitnami.
A similar approach applies here, but instead of appending a -ls69 or -r420 prefix to the tag, instead the sha256 digest of the image is used. While this is not as pretty it is just as functional in making the images immutable.
| Container | Immutable |
|---|---|
ghcr.io/deedee-ops/paperless-ngx:latest |
❌ |
ghcr.io/deedee-ops/paperless-ngx:1.17.4 |
❌ |
ghcr.io/deedee-ops/paperless-ngx:latest@sha256:613c... |
âś… |
ghcr.io/deedee-ops/paperless-ngx:1.17.4@sha256:613c... |
âś… |
If pinning an image to the sha256 digest, tools like Renovate support updating the container on a digest or application version change.
Each Image will be built with a latest tag, along with tags specific to it's version. Available Images Below
| Container | Root/RW | Channel | Image | Latest Tags |
|---|---|---|---|---|
| authelia | stable | ghcr.io/deedee-ops/authelia |     |
|
| bazarr | stable | ghcr.io/deedee-ops/bazarr |    |
|
| csp-exporter | stable | ghcr.io/deedee-ops/csp-exporter |    |
|
| firefly-iii | stable | ghcr.io/deedee-ops/firefly-iii |    |
|
| firefoxsync | stable | ghcr.io/deedee-ops/firefoxsync |   |
|
| gokapi | stable | ghcr.io/deedee-ops/gokapi |  |
|
| gose | stable | ghcr.io/deedee-ops/gose |   |
|
| home-assistant | stable | ghcr.io/deedee-ops/home-assistant |    |
|
| invidious-devel | devel | ghcr.io/deedee-ops/invidious-devel | |
|
| jellyfin | stable | ghcr.io/deedee-ops/jellyfin |    |
|
| jellystat | stable | ghcr.io/deedee-ops/jellystat |   |
|
| lldap | stable | ghcr.io/deedee-ops/lldap |   |
|
| maddy | stable | ghcr.io/deedee-ops/maddy |   |
|
| mbsync-devel | devel | ghcr.io/deedee-ops/mbsync-devel | |
|
| memos | stable | ghcr.io/deedee-ops/memos |   |
|
| miniflux | stable | ghcr.io/deedee-ops/miniflux |    |
|
| miniserve | stable | ghcr.io/deedee-ops/miniserve |   |
|
| navidrome | stable | ghcr.io/deedee-ops/navidrome |   |
|
| offlineimap-devel | devel | ghcr.io/deedee-ops/offlineimap-devel | |
|
| paperless-ngx | stable | ghcr.io/deedee-ops/paperless-ngx |   |
|
| postgres-init | stable | ghcr.io/deedee-ops/postgres-init |   |
|
| postgres-logical-backup | stable | ghcr.io/deedee-ops/postgres-logical-backup | |
|
| prowlarr | stable | ghcr.io/deedee-ops/prowlarr |    |
|
| prowlarr-devel | devel | ghcr.io/deedee-ops/prowlarr-devel | |
|
| prowlarr-nightly | nightly | ghcr.io/deedee-ops/prowlarr-nightly |    |
|
| radarr | stable | ghcr.io/deedee-ops/radarr |     |
|
| radarr-devel | devel | ghcr.io/deedee-ops/radarr-devel | |
|
| radarr-nightly | nightly | ghcr.io/deedee-ops/radarr-nightly |    |
|
| roundcube | stable | ghcr.io/deedee-ops/roundcube |   |
|
| script-exporter | stable | ghcr.io/deedee-ops/script-exporter |   |
|
| sonarr | stable | ghcr.io/deedee-ops/sonarr |    |
|
| sonarr-devel | devel | ghcr.io/deedee-ops/sonarr-devel |  |
|
| syncthing | stable | ghcr.io/deedee-ops/syncthing |  |
|
| talosctl | stable | ghcr.io/deedee-ops/talosctl |   |
|
| tika | stable | ghcr.io/deedee-ops/tika |    |
|
| wakapi | stable | ghcr.io/deedee-ops/wakapi |   |
A lot of inspiration (and a lot of copy-pasting to be honest) are thanks to the hard work of onedr0p containers and home-ops infrastructure.