From c89d84b38f5abcf19d8e1636de4ef7635df8e642 Mon Sep 17 00:00:00 2001
From: Andreas Neue <an@dnix.de>
Date: Tue, 3 Feb 2026 09:29:37 +0100
Subject: [PATCH] init

---
 Dockerfile    | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++
 Makefile      | 14 +++++++++++
 entrypoint.sh | 62 +++++++++++++++++++++++++++++++++++++++++++++++
 modules/.stay |  0
 run           |  2 ++
 5 files changed, 145 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100755 entrypoint.sh
 create mode 100644 modules/.stay
 create mode 100755 run

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6d312f2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,67 @@
+FROM ubuntu:noble AS builder
+
+LABEL maintainer="Andreas Neue <an@dnix.de>"
+
+ARG VERSION=insp4
+ARG CONFIGUREARGS=
+ARG EXTRASMODULES=
+ARG BUILD_DEPENDENCIES=
+
+# Stage 0: Build from source
+COPY modules/ /src/modules/
+
+RUN apt update
+RUN apt -y install gcc g++ make git perl wget gnutls-dev pkg-config $BUILD_DEPENDENCIES
+
+RUN groupadd -r -g 10000 ircd && \
+    useradd -r -g ircd -u 10000 -m -d /inspircd -s /sbin/nologin ircd && \
+    chown -R ircd:ircd /inspircd
+
+RUN git clone --branch $VERSION https://github.com/inspircd/inspircd.git inspircd-src
+
+WORKDIR /inspircd-src
+RUN git checkout $(git describe --abbrev=0 --tags $VERSION)
+
+## Add modules
+RUN { [ $(ls /src/modules/ | wc -l) -gt 0 ] && cp -r /src/modules/* /inspircd-src/src/modules/ || echo "No modules overwritten/added by repository"; }
+RUN echo $EXTRASMODULES | xargs --no-run-if-empty ./modulemanager install
+
+RUN ./configure --prefix /inspircd --example-dir /inspircd/examples --uid 10000 --gid 10000
+RUN echo $CONFIGUREARGS | xargs --no-run-if-empty ./configure
+RUN make -j`getconf _NPROCESSORS_ONLN` install
+
+## Wipe out vanilla config; entrypoint.sh will handle repopulating it at runtime
+RUN rm -rf /inspircd/conf/*
+
+# Stage 1: Create optimized runtime container
+FROM dr.dnix.de/baseimage
+
+LABEL maintainer="Andreas Neue <an@dnix.de>"
+
+ARG RUN_DEPENDENCIES=
+
+RUN apt update
+RUN apt -y upgrade
+RUN apt -y install sudo $RUN_DEPENDENCIES
+
+RUN groupadd -r -g 10000 ircd && \
+    useradd -r -g ircd -u 10000 -m -d /inspircd -s /sbin/nologin ircd && \
+    chown -R ircd:ircd /inspircd
+
+COPY --chown=ircd:ircd run /etc/my_init.d/ 
+COPY --chown=ircd:ircd entrypoint.sh /
+COPY --from=builder --chown=ircd:ircd /inspircd/ /inspircd/
+
+#USER ircd
+
+EXPOSE 6667 6697 7000 7001
+
+WORKDIR /
+
+#HEALTHCHECK \
+#        --interval=60s \
+#        --timeout=3s \
+#        --start-period=60s \
+#        --retries=3 \
+#    CMD \
+#        /usr/bin/nc -z localhost 6667
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a98fd6b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,14 @@
+.PHONY: build shell
+
+DOCKER_IMAGE := dr.dnix.de/inspircd
+
+all: build push
+
+build:
+	docker build --no-cache -f Dockerfile -t $(DOCKER_IMAGE) .
+
+push:
+	docker push $(DOCKER_IMAGE)
+
+shell: build
+	docker run --rm -it $(DOCKER_IMAGE) bash
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..a9e2ecc
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+# shellcheck disable=SC2068
+
+INSPIRCD_ROOT="/inspircd"
+
+# TODO fix/make configuration better
+# Make sure that the volume contains a default config but don't override an existing one
+if [ ! -e $INSPIRCD_ROOT/conf/inspircd.conf ] && [ -w $INSPIRCD_ROOT/conf/ ]; then
+    # shellcheck disable=SC2336
+    cp -r /conf/* $INSPIRCD_ROOT/conf/
+elif [ ! -w $INSPIRCD_ROOT/conf/ ]; then
+    echo "
+        ##################################
+        ###                            ###
+        ###   Can't write to volume!   ###
+        ###    Please change owner     ###
+        ###        to uid 10000        ###
+        ###                            ###
+        ##################################
+    "
+fi
+
+# Link certificates from secrets
+# See https://docs.docker.com/engine/swarm/secrets/
+if [ -e /run/secrets/inspircd.key ] && [ -e /run/secrets/inspircd.crt ]; then
+    ln -s /run/secrets/inspircd.key $INSPIRCD_ROOT/conf/key.pem
+    ln -s /run/secrets/inspircd.crt $INSPIRCD_ROOT/conf/cert.pem
+fi
+
+# Make sure there is a certificate or generate a new one
+if [ ! -e $INSPIRCD_ROOT/conf/cert.pem ] && [ ! -e $INSPIRCD_ROOT/conf/key.pem ]; then
+    cat > /tmp/cert.template <<EOF
+cn              = "${INSP_TLS_CN:-irc.example.com}"
+email           = "${INSP_TLS_MAIL:-nomail@irc.example.com}"
+unit            = "${INSP_TLS_UNIT:-Example Server Admins}"
+organization    = "${INSP_TLS_ORG:-Example IRC Network}"
+locality        = "${INSP_TLS_LOC:-Example City}"
+state           = "${INSP_TLS_STATE:-Example State}"
+country         = "${INSP_TLS_COUNTRY:-XZ}"
+expiration_days = ${INSP_TLS_DURATION:-365}
+tls_www_client
+tls_www_server
+signing_key
+encryption_key
+cert_signing_key
+crl_signing_key
+code_signing_key
+ocsp_signing_key
+time_stamping_key
+EOF
+    /usr/bin/certtool --generate-privkey --bits 4096 --sec-param normal --outfile $INSPIRCD_ROOT/conf/key.pem
+    /usr/bin/certtool --generate-self-signed --load-privkey $INSPIRCD_ROOT/conf/key.pem --outfile $INSPIRCD_ROOT/conf/cert.pem --template /tmp/cert.template
+    rm /tmp/cert.template
+fi
+
+# Make sure dhparams are present
+if [ ! -e $INSPIRCD_ROOT/conf/dhparams.pem ]; then
+    /usr/bin/certtool --generate-dh-params --sec-param normal --outfile $INSPIRCD_ROOT/conf/dhparams.pem
+fi
+
+cd $INSPIRCD_ROOT
+exec env INSPIRCD_ROOT=$INSPIRCD_ROOT $INSPIRCD_ROOT/bin/inspircd --nofork $@
diff --git a/modules/.stay b/modules/.stay
new file mode 100644
index 0000000..e69de29
diff --git a/run b/run
new file mode 100755
index 0000000..4ef912f
--- /dev/null
+++ b/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+sudo -u ircd /entrypoint.sh