Hardened, distroless container images built with melange + apko on Wolfi.
vegops.sh/containers — live vulnerability reports, updated daily.
- Distroless — no shell, no package manager at runtime.
- Minimal CVEs — rebuilt daily with the latest Wolfi security patches.
- Signed — with cosign keyless signing.
- SBOM included — SPDX generated automatically by apko.
- Multi-arch — supporting both
x86_64andaarch64.
| Image | Description | Build Strategy |
|---|---|---|
ghcr.io/vegops/adguard |
AdGuard Home DNS server | Compiled from source (Go + npm) |
ghcr.io/vegops/bitcoin-core |
Bitcoin Core daemon | Pre-built binaries, GPG verified |
ghcr.io/vegops/bitcoin-knots |
Bitcoin Knots daemon | Compiled from source (CMake) |
ghcr.io/vegops/chown |
chown CLI | Custom build with musl (.NET) |
ghcr.io/vegops/dotnet |
.NET Runtime | Wolfi packages (apko-only) |
ghcr.io/vegops/electrs |
Electrum Rust Server | Compiled from source (Rust) |
ghcr.io/vegops/fulcrum |
Fulcrum SPV server | Compiled from source (qmake) |
ghcr.io/vegops/ghost |
Ghost publishing platform | Official npm package + yarn |
ghcr.io/vegops/go |
Go programming language | Wolfi package (apko-only) |
ghcr.io/vegops/i2pd |
I2P daemon | Compiled from source (make) |
ghcr.io/vegops/libtorrent |
libtorrent-rasterbar library | Compiled from source (CMake) |
ghcr.io/vegops/lidarr |
Lidarr music manager | Compiled from source (.NET + yarn) |
ghcr.io/vegops/lnd |
Lightning Network Daemon | Pre-built binaries, GPG verified |
ghcr.io/vegops/miniupnpc |
MiniUPnP CLI/Library | Compiled from source (make) |
ghcr.io/vegops/openssl |
OpenSSL CLI | Wolfi package (apko-only) |
ghcr.io/vegops/openssl-static |
OpenSSL static library | Compiled from source (CMake) |
ghcr.io/vegops/plex |
Plex Media Server | Official Debian package |
ghcr.io/vegops/postgres |
PostgreSQL database | Wolfi package (apko-only) |
ghcr.io/vegops/prometheus-minimal |
Prometheus monitoring | Compiled from source (Go) |
ghcr.io/vegops/prowlarr |
Prowlarr indexer manager | Compiled from source (.NET + yarn) |
ghcr.io/vegops/qbittorrent |
qBittorrent nox client | Source-built + VueTorrent |
ghcr.io/vegops/qt-minimal |
Minimal Qt 6 | Compiled from source (CMake) |
ghcr.io/vegops/radarr |
Radarr movie manager | Compiled from source (.NET + yarn) |
ghcr.io/vegops/rocksdb |
RocksDB static library | Compiled from source (make) |
ghcr.io/vegops/seerr |
Seerr request manager | Compiled from source (Node + pnpm) |
ghcr.io/vegops/sonarr |
Sonarr TV manager | Compiled from source (.NET + yarn) |
ghcr.io/vegops/sqlite |
SQLite CLI | Wolfi package (apko-only) |
ghcr.io/vegops/tautulli |
Tautulli analytics for Plex | Compiled from source (Python) |
ghcr.io/vegops/tor |
Tor anonymity network | Compiled from source (autoconf) |
ghcr.io/vegops/vaultwarden |
Vaultwarden password manager | Compiled from source (Rust) |
All images are signed with cosign keyless signing via Sigstore. Verify any image with:
cosign verify \
--certificate-identity-regexp="https://github.com/vegops/containers" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/vegops/tor:latest# Example: build tor image
apko build tor/apko.yaml ghcr.io/vegops/tor:test output.tar --arch x86_64Inspired by projects like linuxserver, rtvkiz/minimal, home-operations, and 11notes.
Their work in containerization, homelabs, and simplicity has strongly influenced this repository, which follows a similar philosophy focused on hardened, reproducible OCI images.
Released under the MIT License.