{"id":22222291,"url":"https://github.com/bartmr/docker-workspaces","last_synced_at":"2025-07-27T16:32:54.410Z","repository":{"id":37756300,"uuid":"496539816","full_name":"Bartmr/docker-workspaces","owner":"Bartmr","description":"Protecting my data and client's data, by running day-to-day apps inside Docker containers","archived":false,"fork":false,"pushed_at":"2023-04-24T09:53:05.000Z","size":85,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-04T04:34:59.810Z","etag":null,"topics":["chrome","cybersecurity","docker"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Bartmr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-26T08:26:25.000Z","updated_at":"2025-02-07T00:03:45.000Z","dependencies_parsed_at":"2023-02-01T03:00:48.442Z","dependency_job_id":null,"html_url":"https://github.com/Bartmr/docker-workspaces","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Bartmr/docker-workspaces","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bartmr%2Fdocker-workspaces","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bartmr%2Fdocker-workspaces/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bartmr%2Fdocker-workspaces/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bartmr%2Fdocker-workspaces/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Bartmr","download_url":"https://codeload.github.com/Bartmr/docker-workspaces/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bartmr%2Fdocker-workspaces/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267387128,"owners_count":24079178,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chrome","cybersecurity","docker"],"created_at":"2024-12-02T23:17:48.862Z","updated_at":"2025-07-27T16:32:54.156Z","avatar_url":"https://github.com/Bartmr.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Some of my day-to-day software, in Docker containers\n\nAfter knowing that saved Chrome passwords and cookies in Linux are not protected against malicious dependencies in our development environment or other apps in our system, I decided to run my core apps in Docker containers, where their data is not accessible without sudo, and a personal understanding of where stuff is being saved.\n\nContrary to \u003chttps://github.com/jessfraz/dockerfiles/\u003e, docker-workspaces:\n  - runs Chrome in a sandbox\n  - encrypts passwords and cookies with the help of an also dockerized gnome-keychain\n  - works with your headphones\n\n## Development\n\n### Practices\n\n- Enable the `sudo` command in the containers so you can easily update the software in the containers with `sudo apt update \u0026\u0026 sudo apt upgrade`, while using said software and not needing to rebuild and restart the container.\n- Always use a non-root user as early as possible in Dockerfile.\n  - Make sure all Docker containers run with a non-root user\n- Try to use Docker base images based on the host operating system\n  - Example: if you use Ubuntu 22.04, you should use `FROM ubuntu:22.04` in your Dockerfiles\n\n### Useful snippets\n\n- Upgrade all packages without rebuilding the whole image and any base images that it uses\n  ```\n  ARG CACHEBUST\n  RUN echo \"cache bust $CACHEBUST\"\n\n  RUN apt-get update \u0026\u0026 apt-get upgrade -y --no-install-recommends\n  ```\n\n- Set timezone inside container\n  - Dockerfile\n    ```\n    ARG TZ\n    ENV TZ=$TZ\n    RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \u0026\u0026 echo $TZ \u003e /etc/timezone\n    RUN apt-get install -y tzdata\n    ```\n  - When running the docker container\n    ```\n    -v /etc/timezone:/etc/timezone:ro\n    -v /etc/localtime:/etc/localtime:ro\n    ```\n  - Before starting the software inside the docker container\n    ```\n    export TZ=$(cat /etc/timezone)\n    ```\n- Add `sudo` to container\n  - add final user to `sudo` group\n  - set it's password\n    ```\n    RUN echo \"user:password\" | chpasswd\n    ```\n\n### Links\n\n- [Using dynamically created devices (--device-cgroup-rule)](https://docs.docker.com/engine/reference/commandline/run/#-using-dynamically-created-devices---device-cgroup-rule)\n- [Access an NVIDIA GPU](https://docs.docker.com/engine/reference/commandline/run/#access-an-nvidia-gpu)\n- \u003chttps://blog.jessfraz.com/post/docker-containers-on-the-desktop/\u003e\n- https://docs.docker.com/engine/reference/builder/#buildkit\n- https://leimao.github.io/blog/Docker-Container-Audio/\n- https://github.com/docker/buildx\n\n### To think about\n\n- Using X11 in Mac\n  - taken from \u003chttps://github.com/blacktop/docker-ghidra/blob/master/README.md\u003e\n\n  1. Install XQuartz `brew install xquartz`\n  2. Install socat `brew install socat`\n  3. `open -a XQuartz` and make sure you **\"Allow connections from network clients\"** (in XQuartz \u003e Preferences... \u003e Security)\n  4. Now add the IP using Xhost with: `xhost + 127.0.0.1` or `xhost + $(ipconfig getifaddr en0)`\n  5. Start socat `socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\\\"$DISPLAY\\\"`\n  6. Start up Ghidra\n\n  ```bash\n  $ docker run --init -it --rm \\\n              --name ghidra \\\n              --cpus 2 \\\n              --memory 4g \\\n              -e MAXMEM=4G \\\n              -e DISPLAY=host.docker.internal:0 \\\n              -v /path/to/samples:/samples \\\n              -v /path/to/projects:/root \\\n              blacktop/ghidra\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbartmr%2Fdocker-workspaces","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbartmr%2Fdocker-workspaces","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbartmr%2Fdocker-workspaces/lists"}