tag alpine image as latest

add readme.md
alpine: workarounds for use cases with custom exports files
2025-10-30 00:22:43 -04:00 · 2025-10-30 00:17:49 -04:00 · 2025-10-30 00:15:51 -04:00 · 2025-10-29 18:13:45 -04:00
3 changed files with 66 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,45 @@
+# thealmightydrawingtablet/nfs-krb
+
+it's an NFS server with kerberos integrated out of the box !
+
+## why?
+
+because nobody else has made one for some reason ¯\\\_(ツ)\_/¯
+
+# usage
+
+### sharing directory via env var
+
+```bash
+# works for both ubuntu and alpine images
+docker run -d --privileged -v /path/on/host:/container/srv \
+	-e SHARED_DIRECTORY=/container/srv -e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+```
+
+### bring your own `/etc/exports`
+
+```bash
+# ubuntu
+docker run -d --privileged -v /path/on/host:/container/srv -v ./exports:/etc/exports \
+	-e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+
+# alpine
+docker run -d --privileged -v /path/on/host:/container/srv/folder-1 -v /another/thing:/container/srv/folder-2 -v ./exports:/etc/exports.mnt \
+	-e PERMITTED=10.0.0.0/8 \
+	-e NFS_KRB_PRINC=nfs/localhost.local -e NFS_KRB_REALM=LOCALHOST.LOCAL -e NFS_KRB_PWD='unguessable!'
+```
+
+## recognized configuration environment variables
+
+| Variable           | Default            | Required | Alpine | Ubuntu | Description                                                                     |
+| ------------------ | ------------------ | -------- | ------ | ------ | ------------------------------------------------------------------------------- |
+| `NFS_KRB_REALM`    | -                  | yes      | ✅     | ✅     | Kerberos realm to authenticate with.                                            |
+| `NFS_KRB_PRINC`    | -                  | yes      | ✅     | ✅     | the service principal which will be added to the keytab.                        |
+| `NFS_KRB_PWD`      | -                  | yes      | ✅     | ✅     | kerberos database master password, as well as the password for `NFS_KRB_PRINC`. |
+| `RW_MODE`          | `rw`               | no       | ✅     | ✅     | controls NFS export read/write mode and the per-share option string.            |
+| `SRV_TZ`           | `America/New_York` | no       | ✅     | ❌     | overrides the system timezone.                                                  |
+| `SHARED_DIRECTORY` | -                  | no       | ✅     | ✅     | determines whether to configure a singular export.                              |
+| `PERMITTED`        | `*`                | no       | ✅     | ✅     | provides the allowed client list for a single exported directory.               |
+
--- a/build.sh
+++ b/build.sh
@ -1,10 +1,10 @@
 #!/bin/bash

 IMAGE=${IMAGE:-"thealmightydrawingtablet/nfs-krb"}
-VERSION=$(git tag --sort=-committerdate | head -n 1)
+VERSION=$(git tag --sort=-committerdate | grep -vi debug | head -n 1)

 docker build --progress=plain -t "${IMAGE}:ubuntu" -t "${IMAGE}:${VERSION}-ubuntu" -f ./Dockerfile.ubuntu .
-docker build --progress=plain -t "${IMAGE}:alpine" -t "${IMAGE}:${VERSION}-alpine" .
+docker build --progress=plain -t "${IMAGE}:alpine" -t "${IMAGE}:${VERSION}-alpine" -t "${IMAGE}:latest" .

 if [ "$1" == "push" ]; then
 	docker push --all-tags "${IMAGE}"
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-set -xuo pipefail
+set -xo pipefail
 trap "stop; exit 0;" SIGTERM SIGINT

 stop()
@ -13,7 +13,7 @@ stop()
 	exit
 }

-DEFALUT_TIMEZONE="America/New York"
+DEFALUT_TIMEZONE="America/New_York"
 DEFAULT_PERMITTED="*"
 RW_MODE="rw"
 UID=${NFS_UID:-0}
@ -39,6 +39,23 @@ if [ -n "${SHARED_DIRECTORY}" ]; then
 EOE

 	chmod 777 "${SHARED_DIRECTORY}"
+else
+	cp /etc/exports.mnt /etc/exports
+	grep -vi "^[[:space:]]*#" /etc/exports | while read -r line; do
+			if [ -n "${line}" ]; then
+				trimmed="${line##*([[:space:]])}"
+				# shellcheck disable=SC2001
+				rcdir="$(eval "declare -a str=($( echo "$trimmed" | sed 's/[][`~!@#$%^&*():;<>.,?|{}=+-]/\\&/g' )); echo \${str[0]}")"
+				cdir="${rcdir##*(\")}"
+				echo "${cdir}"
+				mkdir -p "/exports${cdir}"
+				mount --bind -o rw "${cdir}" "/exports${cdir}"
+				chmod 777 "/exports${cdir}"
+			fi
+	done
+	sed -i -r '/^[[:space:]]*#/!s/^("?)/\1\/exports/' /etc/exports
+	# root entry
+	echo -e "\n/exports *(rw,no_root_squash,insecure,no_subtree_check,nohide,fsid=0,sync,sec=krb5p:krb5i:krb5)" >> /etc/exports
 fi

 # setup logging
@ -48,9 +65,6 @@ syslogd

 exportfs -rvaf

-echo "${NFS_KRB_REALM}" > /etc/hostname
-
-
 export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3'
 cat >> /etc/conf.d/nfs <<EOC
 OPTS_RPC_MOUNTD="${OPTS_RPC_MOUNTD}"
Author	SHA1	Message	Date
☙◦ The Tablet ❀ GamerGirlandCo ◦❧	2ac4b483ea	tag alpine image as `latest`	2025-10-30 00:22:43 -04:00
☙◦ The Tablet ❀ GamerGirlandCo ◦❧	e12b8dc9a0	add readme.md	2025-10-30 00:17:49 -04:00
☙◦ The Tablet ❀ GamerGirlandCo ◦❧	6f0b01aeca	alpine: workarounds for use cases with custom exports files	2025-10-30 00:15:51 -04:00
☙◦ The Tablet ❀ GamerGirlandCo ◦❧	a75674f812	ensure `debug` tag isn't pushed to docker	2025-10-29 18:13:45 -04:00