This is so damn cool. Relatively secure docker in docker with very an isolated docker daemon context and low overhead. A great alternative to MicroVM's like #Firecracker.

https://www.docker.com/resources/docker-in-docker-containerized-ci-workflows-dockercon-2023/

I love the presentation style too. I followed along in my terminal and everything worked. So much more helpful for me than "go to this website to learn more".

#dind #microvm

@deliverance If #Kaniko is not your speed, You can still do better than #DinD by using #PinD or even #PinP

How to use Podman inside of a container
https://www.redhat.com/sysadmin/podman-inside-container

This way you don't need a daemon, and you can run rootless.

@fyw321 @geerlingguy My 8 node cluster costs around 55W via POE. It is 3 pi4 8G control+worker nodes, and 5 pi4 4G worker-only nodes (1 is actually 8G.)

Storage is #iscsi on spinning rust on #TrueNAS, but you can do all this on local disks.

It handles a LOT:
- #Promstack, #FluxCD, #Calico, various scrapers
- #Adguard
- #Blocky (another adblocking #dns)
- #Jellyfin
- #Ombi, Prowlarr, *arr, Deluge
- Home automation helpers (#ser2sock instances, #zigbee/#zwave 2mqtt, but not HA itself)
- #Argo for builds (deprecated in favor of the x64 cloud lab. Building x64 docker containers on arm is BAD)
- Democratic CSI for iscsi/nfs
- #GoHarbor container registry & #dockerhub cache
- #Mealie recipe manager
- #Monica contact manager
- #SMTP relay to gmail
- #Ubiquiti console (bootstrapping becomes a chicken and egg problem though, if it goes down wrong)
- #Wireguard #VPN server
- #Whoogle
- #VisualStudioCode and a #dind sidecar
- SSL termination for most of the rest of the network

It's just that the test setup is cursed:

The tests run on #GitLab runners using the #Docker executor in privileged mode. This enables us to start a #KVM based #AVD for Android tests and to deploy all individual homeserver implementations using #DinD.

In order to get better debugging information, the headless virtual screen is recorded via #VNC in order to record all ongoing tests for later use.

Some people told us they don't like our tests.