-
Notifications
You must be signed in to change notification settings - Fork 26
Expand file tree
/
Copy pathDockerfile
More file actions
122 lines (90 loc) · 4.6 KB
/
Dockerfile
File metadata and controls
122 lines (90 loc) · 4.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
FROM debian:13 AS base
ENV GID=1234
ENV UID=1234
# Single consolidated apt-get layer + ccache
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get -y install \
build-essential ccache libssl-dev autoconf automake flex \
byacc gawk git vim procps net-tools iputils-ping bind9-host \
libmaxminddb-dev libgeoip-dev pkg-config \
nodejs npm && \
rm -rf /var/lib/apt/lists/*
# --- Configure stage: only invalidated by autotools input changes ---
FROM base AS configure
RUN mkdir -p /home/nefarious/nefarious2/ircd /home/nefarious/nefarious2/ircd/test /home/nefarious/ircd
WORKDIR /home/nefarious/nefarious2
# Copy ONLY the files configure needs — source changes won't bust this cache
COPY configure.in acinclude.m4 aclocal.m4 configure install-sh config.guess config.sub ./
COPY config.h.in ./
COPY Makefile.in ./
COPY ircd/Makefile.in ./ircd/
COPY ircd/test/Makefile.in ./ircd/test/
COPY include/ ./include/
# AC_INIT(ircd/ircd.c) sanity check — touch instead of COPY to avoid cache bust on source changes
RUN touch ircd/ircd.c
# GeoIP re-enabled — Debian 13 ships working libmaxminddb + legacy GeoIP
RUN ./configure --prefix=/home/nefarious --libdir=/home/nefarious/ircd --enable-debug \
--with-maxcon=4096 --with-geoip=/usr
# --- Build stage: ccache makes incremental rebuilds fast ---
FROM configure AS build
# Copy all remaining source (this layer busts on any .c/.h change)
COPY . /home/nefarious/nefarious2
# .release is generated before docker build (e.g. by CI) and needs to be in ircd/ where version.c.SH runs
RUN test -f .release && cp .release ircd/.release || true
# ccache via BuildKit cache mount — persists across docker builds
ENV PATH="/usr/lib/ccache:${PATH}"
RUN --mount=type=cache,target=/root/.ccache \
make -j$(nproc)
# make install runs an interactive SSL generator - pre-create pem to skip, then remove so entrypoint generates fresh one
RUN touch /home/nefarious/ircd/ircd.pem && make install && \
rm /home/nefarious/ircd/ircd.pem
# --- Build iauthd-ts (npm install cached unless package.json changes) ---
FROM base AS build-iauthd
WORKDIR /iauthd-ts
# Copy only dependency manifests first — npm ci cached until these change
COPY tools/iauthd-ts/package.json tools/iauthd-ts/package-lock.json ./
RUN npm ci
# Now copy source and build — only this layer busts on .ts changes
COPY tools/iauthd-ts/ ./
RUN npm run build
# Prepare production install
RUN mkdir -p /iauthd-ts-prod && \
cp -r dist /iauthd-ts-prod/ && \
cp package.json package-lock.json /iauthd-ts-prod/
WORKDIR /iauthd-ts-prod
RUN npm ci --omit=dev
# --- Runtime stage: clean image with only runtime dependencies ---
FROM debian:13 AS runtime
# Minimal runtime packages + GeoIP database + valgrind (opt-in via NEFARIOUS_VALGRIND=1)
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
apt-get -y install --no-install-recommends \
nodejs openssl procps net-tools \
geoip-database libmaxminddb0 libgeoip1t64 valgrind && \
rm -rf /var/lib/apt/lists/*
RUN groupadd -g 1234 nefarious && \
useradd -u 1234 -g 1234 nefarious && \
mkdir -p /home/nefarious/ircd /home/nefarious/ircd/cores && \
chown -R nefarious:nefarious /home/nefarious
# Copy built ircd artifacts from build stage
COPY --from=build --chown=nefarious:nefarious /home/nefarious/ircd/ /home/nefarious/ircd/
COPY --from=build --chown=nefarious:nefarious /home/nefarious/bin/ /home/nefarious/bin/
# Copy iauthd-ts from its dedicated build stage
COPY --from=build-iauthd --chown=nefarious:nefarious /iauthd-ts-prod/ /home/nefarious/ircd/iauthd-ts/
# Symlink ircd.log to stdout so docker logs captures it
RUN ln -sf /dev/stdout /home/nefarious/ircd/ircd.log
USER nefarious
WORKDIR /home/nefarious/ircd
COPY ./tools/docker/dockerentrypoint.sh /home/nefarious/dockerentrypoint.sh
COPY ./tools/linesync/gitsync.sh /home/nefarious/ircd/gitsync.sh
# Create wrapper script for iauthd.pl that runs the Node.js version
RUN printf '#!/bin/sh\nexec node /home/nefarious/ircd/iauthd-ts/dist/index.js "$@"\n' > /home/nefarious/ircd/iauthd.pl && \
chmod +x /home/nefarious/ircd/iauthd.pl
#ircd-docker.conf includes the other config files
COPY tools/docker/ircd-docker.conf /home/nefarious/ircd/ircd-docker.conf
COPY tools/docker/base.conf-dist /home/nefarious/ircd/base.conf-dist
COPY tools/docker/ircd.conf /home/nefarious/ircd/ircd.conf
COPY tools/docker/linesync.conf /home/nefarious/ircd/linesync.conf
ENTRYPOINT ["/home/nefarious/dockerentrypoint.sh"]
# Run IRCd in foreground with debug logging
# Set NEFARIOUS_VALGRIND=1 in environment to run under Valgrind
CMD ["/home/nefarious/bin/ircd", "-n", "-x", "5", "-f", "ircd-docker.conf"]