diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c1c9f4d --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +.git* diff --git a/.env.dist b/.env.dist new file mode 100644 index 0000000..0b7290b --- /dev/null +++ b/.env.dist @@ -0,0 +1 @@ +DOCKER_SERVICE_80_TAGS=urlprefix-zeg1jeux.${APP_DOMAIN} diff --git a/.gitignore b/.gitignore index 57a9ee8..1b95216 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +.env cache/ tests/ diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d3cbe1b --- /dev/null +++ b/Makefile @@ -0,0 +1,5 @@ +MYOS ?= ../myos +MYOS_REPOSITORY ?= https://github.com/aynicos/myos +-include $(MYOS)/make/include.mk +$(MYOS): + -@git clone $(MYOS_REPOSITORY) $(MYOS) diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..638ca50 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,95 @@ +FROM seblucas/alpine-nginx-php as dist +LABEL maintainer aynic.os +ARG DOCKER_BUILD_DIR +ARG DOCKER_MACHINE=x86_64 +ARG DOCKER_SYSTEM=Linux + +RUN apk upgrade --no-cache \ + && apk add --no-cache \ + bash \ + ca-certificates \ + gettext \ + libc6-compat \ + libsodium \ + make \ + py3-gpgme \ + py3-pip + +ARG IPFS_VERSION=0.16.0 + +RUN { OS="$(echo ${DOCKER_SYSTEM} |awk '{print tolower($0)}')"; \ + ARCH="$(echo ${DOCKER_MACHINE})"; \ + wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \ + |tar --strip-components 1 -C /usr/local/bin -xJf - shellcheck-stable/shellcheck; } \ + && { ARCH="$(echo ${DOCKER_MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \ + wget -qO - https://github.com/ipfs/kubo/releases/download/v${IPFS_VERSION}/kubo_v${IPFS_VERSION}_${OS}-${ARCH}.tar.gz \ + |tar --strip-components 1 -C /usr/local/bin -xzf - kubo/ipfs; } \ + && mkdir -p /usr/local/lib/shellspec \ + && wget -qO - https://github.com/shellspec/shellspec/archive/refs/heads/master.tar.gz \ + |tar --strip-components 1 -C /usr/local/lib/shellspec -xzf - \ + && ln -s /usr/local/lib/shellspec/shellspec /usr/local/bin/shellspec + +RUN apk add --no-cache --virtual .build-deps \ + build-base \ + cargo \ + libffi-dev \ + openssl-dev \ + py3-wheel \ + python3-dev \ + swig \ + && mkdir -p /usr/local/src/jaklis \ + && wget -qO - https://git.p2p.legal/axiom-team/jaklis/archive/master.tar.gz \ + |tar --strip-components 1 -C /usr/local/src/jaklis -xzf - \ + && pip3 install -r /usr/local/src/jaklis/requirements.txt \ + && ln -s /usr/local/src/jaklis/jaklis.py /usr/local/bin/jaklis \ + && chmod 0755 /usr/local/bin/jaklis \ + && /usr/local/bin/jaklis --help >/dev/null \ + && mkdir -p /usr/local/src/dpgpid \ + && wget -qO - https://git.p2p.legal/aya/dpgpid/archive/master.tar.gz \ + |tar --strip-components 1 -C /usr/local/src/dpgpid -xzf - \ + && pip3 install -r /usr/local/src/dpgpid/requirements.txt \ + && ln -s /usr/local/src/dpgpid/keygen /usr/local/bin/keygen \ + && chmod 0755 /usr/local/bin/keygen \ + && /usr/local/bin/keygen --help >/dev/null \ + && rm -rf /root/.cache \ + && apk del --no-network .build-deps \ + && find ./lib -type f -executable -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + |tr ',' '\n' \ + |sort -u \ + |awk 'system("[ -e /lib/"$1" -o -e /usr/lib/"$1" -o -e ./lib/python'"${PYTHON_RELEASE}"'/site-packages/*/"$1" ]") == 0 { next } { print "so:" $1 }' \ + |xargs -rt apk add --no-cache + +RUN sed -i 's/^}/ location \/ { index index.php; }\n}/' /etc/nginx/http.d/default.conf + +FROM dist as master +ARG DOCKER_BUILD_DIR +ARG DOCKER_GID +ARG SHELL=/bin/bash +ARG UID +ARG USER +ENV UID=${UID} +ENV GID=${UID} +ENV USER=nginx + +# If we provide a numeric UID +RUN [ "$UID" -eq "$UID" ] 2>/dev/null \ +# Remove user with $UID if it is not our $USER + && if [ "$(getent passwd $UID |awk -F: '{print $1}')" != "$USER" ]; then \ + sed -i '/^'$(getent passwd $UID |awk -F: '{print $1}')':x:'$UID':/d' /etc/passwd; \ + sed -i '/^'$(getent group $GID |awk -F: '{print $1}')':x:'$GID':/d' /etc/group; \ + fi \ +# Force $UID if our $USER already exists + && sed -i 's/^'$USER':x:[0-9]\+:[0-9]\+:/'$USER':x:'$UID':'$GID':/' /etc/passwd \ + && sed -i 's/^'$USER':x:[0-9]\+:/'$USER':x:'$GID':/' /etc/group \ +# Create $USER if it does not exist + && if [ "$(getent passwd $UID)" = "" ]; then \ + echo "$USER:x:$UID:$GID::/home/$USER:$SHELL" >> /etc/passwd; \ + echo "$USER:\!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \ + echo "$USER:x:$GID:" >> /etc/group; \ + fi \ + && mkdir -p /home/$USER \ + && chown $UID:$GID /home/$USER \ + || true + +ENV SHELL=${SHELL} +WORKDIR /var/www diff --git a/docker/docker-compose.app.yml b/docker/docker-compose.app.yml new file mode 100644 index 0000000..3cbd62e --- /dev/null +++ b/docker/docker-compose.app.yml @@ -0,0 +1,22 @@ +version: '3.6' + +services: + docker: + environment: + - ENV=${ENV} + - SHELL=${DOCKER_SHELL} + labels: + - SERVICE_80_CHECK_HTTP=/ + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-docker-80 + - SERVICE_80_TAGS=${DOCKER_SERVICE_80_TAGS} + networks: + - private + - public + +networks: + private: + external: true + name: ${DOCKER_NETWORK_PRIVATE} + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..3be539a --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,34 @@ +version: '3.6' + +services: + docker: + build: + args: + - DOCKER_BUILD_DIR=docker + - GID=${GID} + - IPFS_VERSION=${IPFS_VERSION:-0.16.0} + - UID=${UID} + - USER=${USER} + context: ../ + dockerfile: docker/Dockerfile + ports: + - 80 + restart: always + volumes: + - ipfs:${HOME}/.ipfs:cached,ro + - data:/var/www:delegated + working_dir: /var/www + +volumes: + ipfs: + driver: local + driver_opts: + type: none + device: ${HOME}/.ipfs + o: bind + data: + driver: local + driver_opts: + type: none + device: ${APP_DIR:-.} + o: bind