Ubuntu NAS-Docker

Here we will install

Docker service dependant from the Encrypted Disk

Setup Docker

Install simple docker

Run the following

apt update
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt update
apt-cache policy docker-ce
apt install docker-ce docker-ce-cli containerd.io

And verify the startup

systemctl status docker

Setup a local docker network for persistent utils

This will be needed to contact the host from the guest with a unique address

docker network create -d bridge --subnet 192.168.44.0/24 --gateway 192.168.44.1 dockernet

Start docker after crypt mount

Create another systemd

** /etc/systemd/system/docker **

[Unit]
Description=Start docker service
After=mnt-data.mount
Wants=mnt-data.mount
StopWhenUnneeded=true

[Service]
Type=oneshot
ExecStart=/bin/sh -c '/etc/init.d/docker start'
RemainAfterExit=true
ExecStop=/bin/sh -c '/etc/init.d/docker stop'
Restart=/bin/sh -c '/etc/init.d/docker restart'

Change location

You should then move the docker files on the encrypted disk

Modify the following

** /etc/init.d/docker **

+ DOCKER_OPTS="-g /mnt/data/apps/docker"

Run the following to setup the new docker location

mkdir -p /mnt/data/apps/docker
chmod 777 /mnt/data/apps/docker

Modify the service to start from new location after decrypt

** /lib/systemd/system/docker.service **

+ After=mnt-data.mount
+ Wants=mnt-data.mount
- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ ExecStart=/usr/bin/dockerd -g /mnt/data/apps/docker -H fd:// --containerd=/run/containerd/containerd.sock

Block everything

systemctl daemon-reload
systemctl stop docker

Kill every process founded by the following request

ps aux | grep -i docker | grep -v grep

Move and restart

rsync -aqxP /var/lib/docker/ /mnt/data/apps/docker
systemctl start docker

Install portainer

It's a nice utility to manage docker compose and docker via a web UI

Run docker run -d\ -v "/var/run/docker.sock:/var/run/docker.sock" \ --restart unless-stopped \ --name portainer \ --network dockernet \ -p 9000:9000 portainer/portainer

Go to http://server:9000, prepare the login with user "root" with a very long password and connect the local docker instance with the address. Afterwards we will add ldap users

/var/run/docker.sock

Then at the end of Ldap configuration you will configure the Ldap access

Create a global group

On Users->Team create a new team (e.g. local)
On Endpoints, on the right click on Manage Access and Select user(s) and/or team(s)
Select the local team and save

When you have a user to enable

go on Users->Teams and select the local team
Set the new user as team member
And go on the user and make it "administrator"

Last modified on: June 08, 2020