init
This commit is contained in:
commit
c89d84b38f
5 changed files with 145 additions and 0 deletions
67
Dockerfile
Normal file
67
Dockerfile
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
FROM ubuntu:noble AS builder
|
||||
|
||||
LABEL maintainer="Andreas Neue <an@dnix.de>"
|
||||
|
||||
ARG VERSION=insp4
|
||||
ARG CONFIGUREARGS=
|
||||
ARG EXTRASMODULES=
|
||||
ARG BUILD_DEPENDENCIES=
|
||||
|
||||
# Stage 0: Build from source
|
||||
COPY modules/ /src/modules/
|
||||
|
||||
RUN apt update
|
||||
RUN apt -y install gcc g++ make git perl wget gnutls-dev pkg-config $BUILD_DEPENDENCIES
|
||||
|
||||
RUN groupadd -r -g 10000 ircd && \
|
||||
useradd -r -g ircd -u 10000 -m -d /inspircd -s /sbin/nologin ircd && \
|
||||
chown -R ircd:ircd /inspircd
|
||||
|
||||
RUN git clone --branch $VERSION https://github.com/inspircd/inspircd.git inspircd-src
|
||||
|
||||
WORKDIR /inspircd-src
|
||||
RUN git checkout $(git describe --abbrev=0 --tags $VERSION)
|
||||
|
||||
## Add modules
|
||||
RUN { [ $(ls /src/modules/ | wc -l) -gt 0 ] && cp -r /src/modules/* /inspircd-src/src/modules/ || echo "No modules overwritten/added by repository"; }
|
||||
RUN echo $EXTRASMODULES | xargs --no-run-if-empty ./modulemanager install
|
||||
|
||||
RUN ./configure --prefix /inspircd --example-dir /inspircd/examples --uid 10000 --gid 10000
|
||||
RUN echo $CONFIGUREARGS | xargs --no-run-if-empty ./configure
|
||||
RUN make -j`getconf _NPROCESSORS_ONLN` install
|
||||
|
||||
## Wipe out vanilla config; entrypoint.sh will handle repopulating it at runtime
|
||||
RUN rm -rf /inspircd/conf/*
|
||||
|
||||
# Stage 1: Create optimized runtime container
|
||||
FROM dr.dnix.de/baseimage
|
||||
|
||||
LABEL maintainer="Andreas Neue <an@dnix.de>"
|
||||
|
||||
ARG RUN_DEPENDENCIES=
|
||||
|
||||
RUN apt update
|
||||
RUN apt -y upgrade
|
||||
RUN apt -y install sudo $RUN_DEPENDENCIES
|
||||
|
||||
RUN groupadd -r -g 10000 ircd && \
|
||||
useradd -r -g ircd -u 10000 -m -d /inspircd -s /sbin/nologin ircd && \
|
||||
chown -R ircd:ircd /inspircd
|
||||
|
||||
COPY --chown=ircd:ircd run /etc/my_init.d/
|
||||
COPY --chown=ircd:ircd entrypoint.sh /
|
||||
COPY --from=builder --chown=ircd:ircd /inspircd/ /inspircd/
|
||||
|
||||
#USER ircd
|
||||
|
||||
EXPOSE 6667 6697 7000 7001
|
||||
|
||||
WORKDIR /
|
||||
|
||||
#HEALTHCHECK \
|
||||
# --interval=60s \
|
||||
# --timeout=3s \
|
||||
# --start-period=60s \
|
||||
# --retries=3 \
|
||||
# CMD \
|
||||
# /usr/bin/nc -z localhost 6667
|
||||
14
Makefile
Normal file
14
Makefile
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
.PHONY: build shell
|
||||
|
||||
DOCKER_IMAGE := dr.dnix.de/inspircd
|
||||
|
||||
all: build push
|
||||
|
||||
build:
|
||||
docker build --no-cache -f Dockerfile -t $(DOCKER_IMAGE) .
|
||||
|
||||
push:
|
||||
docker push $(DOCKER_IMAGE)
|
||||
|
||||
shell: build
|
||||
docker run --rm -it $(DOCKER_IMAGE) bash
|
||||
62
entrypoint.sh
Executable file
62
entrypoint.sh
Executable file
|
|
@ -0,0 +1,62 @@
|
|||
#!/bin/sh
|
||||
# shellcheck disable=SC2068
|
||||
|
||||
INSPIRCD_ROOT="/inspircd"
|
||||
|
||||
# TODO fix/make configuration better
|
||||
# Make sure that the volume contains a default config but don't override an existing one
|
||||
if [ ! -e $INSPIRCD_ROOT/conf/inspircd.conf ] && [ -w $INSPIRCD_ROOT/conf/ ]; then
|
||||
# shellcheck disable=SC2336
|
||||
cp -r /conf/* $INSPIRCD_ROOT/conf/
|
||||
elif [ ! -w $INSPIRCD_ROOT/conf/ ]; then
|
||||
echo "
|
||||
##################################
|
||||
### ###
|
||||
### Can't write to volume! ###
|
||||
### Please change owner ###
|
||||
### to uid 10000 ###
|
||||
### ###
|
||||
##################################
|
||||
"
|
||||
fi
|
||||
|
||||
# Link certificates from secrets
|
||||
# See https://docs.docker.com/engine/swarm/secrets/
|
||||
if [ -e /run/secrets/inspircd.key ] && [ -e /run/secrets/inspircd.crt ]; then
|
||||
ln -s /run/secrets/inspircd.key $INSPIRCD_ROOT/conf/key.pem
|
||||
ln -s /run/secrets/inspircd.crt $INSPIRCD_ROOT/conf/cert.pem
|
||||
fi
|
||||
|
||||
# Make sure there is a certificate or generate a new one
|
||||
if [ ! -e $INSPIRCD_ROOT/conf/cert.pem ] && [ ! -e $INSPIRCD_ROOT/conf/key.pem ]; then
|
||||
cat > /tmp/cert.template <<EOF
|
||||
cn = "${INSP_TLS_CN:-irc.example.com}"
|
||||
email = "${INSP_TLS_MAIL:-nomail@irc.example.com}"
|
||||
unit = "${INSP_TLS_UNIT:-Example Server Admins}"
|
||||
organization = "${INSP_TLS_ORG:-Example IRC Network}"
|
||||
locality = "${INSP_TLS_LOC:-Example City}"
|
||||
state = "${INSP_TLS_STATE:-Example State}"
|
||||
country = "${INSP_TLS_COUNTRY:-XZ}"
|
||||
expiration_days = ${INSP_TLS_DURATION:-365}
|
||||
tls_www_client
|
||||
tls_www_server
|
||||
signing_key
|
||||
encryption_key
|
||||
cert_signing_key
|
||||
crl_signing_key
|
||||
code_signing_key
|
||||
ocsp_signing_key
|
||||
time_stamping_key
|
||||
EOF
|
||||
/usr/bin/certtool --generate-privkey --bits 4096 --sec-param normal --outfile $INSPIRCD_ROOT/conf/key.pem
|
||||
/usr/bin/certtool --generate-self-signed --load-privkey $INSPIRCD_ROOT/conf/key.pem --outfile $INSPIRCD_ROOT/conf/cert.pem --template /tmp/cert.template
|
||||
rm /tmp/cert.template
|
||||
fi
|
||||
|
||||
# Make sure dhparams are present
|
||||
if [ ! -e $INSPIRCD_ROOT/conf/dhparams.pem ]; then
|
||||
/usr/bin/certtool --generate-dh-params --sec-param normal --outfile $INSPIRCD_ROOT/conf/dhparams.pem
|
||||
fi
|
||||
|
||||
cd $INSPIRCD_ROOT
|
||||
exec env INSPIRCD_ROOT=$INSPIRCD_ROOT $INSPIRCD_ROOT/bin/inspircd --nofork $@
|
||||
0
modules/.stay
Normal file
0
modules/.stay
Normal file
2
run
Executable file
2
run
Executable file
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
sudo -u ircd /entrypoint.sh
|
||||
Loading…
Add table
Add a link
Reference in a new issue