approach to binding a directory (from host machine) to containers `$HOME` directory

[capsulecorplab]

I have a use case where I'd like to configure and persist dotfiles/folders in the $HOME directory of a container running the ubuntu-vnc-xfce-g3 image. My current working approach has been to bind a directory from my host machine that contains the expected dotfiles/folders (s.a., .vnc/) to the container's $HOME directory via the following docker-compose.yml file and docker-compose up command, where ./shared is the persistent folder containing the expected dotfiles/folders,

---
version: "3.7"
services:
  ubuntu-vnc-xfce-g3:
    build: .
    image: accetto/ubuntu-vnc-xfce-g3:latest
    ports:
      - "5901:5901"
    user: "0"
    environment:
      VNC_PW: password
    shm_size: '512m'
    stdin_open: true # docker run -i
    tty: true        # docker run -t
    volumes:
      - type: bind
        source: ./shared
        target: /home/headless
    security_opt:
      - seccomp=unconfined
...

In the above example, the dotfiles were originally obtained by first binding ./shared (source volume) to a directory nested in /home/headless, s.a., /home/headless/shared (target volume) then copying over the contents of /home/headless/ into /home/headless/shared from within a vnc session, then changing target volume from /home/headless/shared to /home/headless. Would it be possible for the image to be pre-configured to copy these dotfiles into this persistent directory upon initial creation of the container?

[accetto]

Hello @capsulecorplab ,

I'm preparing the answer and testing the many variations of your scenario, but it's growing and the answer is becoming to be too complex. We have to constrain it a little bit.

Can you please answer the following questions?

A) Is your scenario primarily about

1. persisting container states between restarts
2. seeding new containers with/from prefabricated files/folders

B) On what environment are you

1. Windows + WSL2 + Docker Desktop for WIndows
2. Linux + Docker Desktop for Linux
3. Linux, no Docker Desktop for Linux
4. Mac + Docker Desktop for Mac
5. Cloud + Docker (?) + Kubernetes (?)

Also be aware, that your yaml example from above will not work correctly. I'll explain it later.

Regards, accetto

[capsulecorplab]

A) Is your scenario primarily about

1. persisting container states between restarts
2. seeding new containers with/from prefabricated files/folders

kind of both? The behavior I'd like to see is akin to how kasm workspaces binds a kasm_user folder from the host machine to the container's /home/kasm-user (i.e., $HOME) directory for persisting files/folders, but will also copy any files/folders from a /home/kasm-default-profile directory from within the image upon initial creation of the container.

B) On what environment are you

Linux (specifically, Linux Mint 21.1) running docker (version 20.10.12), no Docker Desktop for Linux

Also be aware, that your yaml example from above will not work correctly. I'll explain it later.

I'd be curious as to what you mean, since the yaml example currently works for producing the aforementioned behavior - it just requires the previously mentioned steps of manual copying files/folders into that persistent directory from a previous vnc session

[accetto]

I see, you compare it to Kasm Workspaces. :) I'll check what they provide, because I'm not familiar with them yet. My primary platform is currently Windows with WSL2 and Docker Desktop for Windows. For testing I use Debian with Docker Desktop for Linux or Ubuntu and CentOS without Docker Desktop. So our environments are pretty different, which is not necessarilly a bad thing. :)

[accetto]

I've promised that I'll comment the yaml file you've provided above.

I'll comment out the lines that I would not use.

version: "3.7"
services:
  ubuntu-vnc-xfce-g3:

    ### generally, no need to use 'build' if you don't want to extend the base image
    ### in this case the default file named 'Dockerfile' from the current directory would be used by 'compose'
    ### however, I cannot say anything about it, because I don't know its content
    ### generally speaking, it should extent the base image **correctly**, otherwise it will not work
    # build: .

    ### if you don't want to extend the base image, then just use it
    ### be sure to remove this 'image' tag if you decide to use 'build'
    ### otherwise 'compose' will try to push the image into the default repository
    image: accetto/ubuntu-vnc-xfce-g3:latest

    ports:
    ### I recommend to avoid the ports 5901/6901 on the host
      # - "5901:5901"
    ### I would use some higher ports and I would bind also the noVNC port
      - "25901:5901
      - "26901:6901

    ### I recommend to avoiad the root user if it's not a requirement
    ### e.g. some applications will refuse to run as a root
    # user: "0"
    ### you can override the defualt container user (1000) if you wish
    # user: 1002

    environment:
      VNC_PW: password
      ### just a tip: for testing you could use also an empty password
      # VNC_PW: ""

    ### just a remark: '256m' seems to be usually enough
    shm_size: '512m'

    ### I'm not sure of the purpose of these two lines, I never used it this way
    ### actually the image provides Xfce Desktop, so you should not need them
    ### you can use the terminal inside the container
    # stdin_open: true # docker run -i
    # tty: true        # docker run -t

    volumes:

      ### this way of binding to an external volume on the host
      ### will not work correctly on any environment
      ### I'll provide more detailed explantion later, but 
      ### you should not bind the whole $HOME directory
      # - type: bind
      #   source: ./shared
      #   target: /home/headless
      ### prefer binding the individual subfolders, for example
      - type: bind
        source: ./shared/Documents
        target: /home/headless/Documents
      ### the only working option is to use Docker volumes
      ### note that this will work starting from my release 23.03.2
      # - type: volume
      #   source: my-home-volume
      #   target: /home/headles
      ### note that you'll need to add the following above the 'services' level
      # volumes:
      #   my-home-volume

    ### I'm not sure of the purpose of these two lines
    ### I also haven't found this exact value in the official documentation
    # security_opt:
    #   - seccomp=unconfined

I'll continue in the discussion thread #39 you've opened and I'll put my recommended yaml there.

[accetto]

Closing this issue because it has been continued in the discussion thread #39.