Welcome to our container images, if looking for a container start by browsing the GitHub Packages page for this repo's packages.
The goal of this project is to support semantically versioned, rootless, and multiple architecture containers for various applications.
It also adheres to a KISS principle, logging to stdout, one process per container, no s6-overlay and all images are built on top of Alpine or Ubuntu.
The containers built here do not use immutable tags, as least not in the more common way you have seen from linuxserver.io or Bitnami.
We do take a similar approach but instead of appending a -ls69 or -r420 prefix to the tag we instead insist on pinning to the sha256 digest of the image, while this is not as pretty it is just as functional in making the images immutable.
| Container | Immutable |
|---|---|
ghcr.io/home-operations/sonarr:rolling |
❌ |
ghcr.io/home-operations/sonarr:4.0.13.2932 |
❌ |
ghcr.io/home-operations/sonarr:rolling@sha256:8053... |
✅ |
ghcr.io/home-operations/sonarr:4.0.13.2932@sha256:8053... |
✅ |
If pinning an image to the sha256 digest, tools like Renovate support updating the container on a digest or application version change.
There is no multiple "channels" of the same application. For example Prowlarr, Radarr, Lidarr, and Sonarr will only have the develop branch published and not the master "stable" branch. Qbittorrent will only be published with LibTorrent 2.x.
To run these containers as non-root make sure you update your configuration to the user and group you want.
networks:
sonarr:
name: sonarr
external: true
services:
sonarr:
image: ghcr.io/home-operations/sonarr:4.0.13.2932
container_name: sonarr
user: 65534:65534
# ...apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarr
# ...
spec:
# ...
template:
# ...
spec:
# ...
securityContext:
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
fsGroupChangePolicy: OnRootMismatch
# ...Some applications do not support defining configuration via environment variables and instead only allow certain config to be set in the command line arguments for the app. To circumvent this, for applications that have an entrypoint.sh read below.
-
First read the Kubernetes docs on defining command and arguments for a Container.
-
Look up the documentation for the application and find a argument you would like to set.
-
Set the extra arguments in the
argssection like below.args: - --port - "8080"
For applications that need to have persistent configuration data the config volume is hardcoded to /config inside the container. This is not able to be changed in most cases.
These container images are signed using the attest-build-provenance action.
The attestations can be checked with the following command, verifying that the image is actually built by the GitHub CI system:
gh attestation verify --repo home-operations/containers oci://ghcr.io/home-operations/${App}:${TAG}We encourage the use of upstream container images whenever possible. However, there are scenarios where using an upstream image may not be feasible—such as when tools like s6-overlay or gosu are needed, or when the application exhibits unusual behaviors, particularly when running as root. In such cases, contributing to this repository might make sense.
If you’re considering contributing, please note that we only accept pull requests under the following conditions:
- The upstream application is actively maintained,
- and there is no official upstream container,
- or the official image does not support multi-architecture builds,
- or the official image relies on tools like s6-overlay, gosu, or other unconventional initialization mechanisms.
Containers here can be deprecated at any point, this could be for any reason described below.
- The upstream application is no longer actively developed
- The upstream application has an official upstream container that follows closely to the mission statement described here
- The upstream application has been replaced with a better alternative
- The maintenance burden of keeping the container here is too bothersome
Note: Deprecated containers will remained published to this repo for 6 months after which they will be pruned.
A lot of inspiration and ideas are thanks to the hard work of the home-ops community, hotio.dev and linuxserver.io contributors.