diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..1de56593 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +target \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile index b0d70c95..02236780 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,47 +5,45 @@ FROM rust:latest AS builder COPY . /tmp/rust-teos # Install the dependencies required for building Rust-TEOSd -RUN apt-get update &&\ +RUN apt-get update && \ apt-get -y --no-install-recommends install libffi-dev libssl-dev musl-tools pkg-config -RUN cd /tmp/rust-teos\ +RUN cd /tmp/rust-teos \ + && rustup target add x86_64-unknown-linux-musl \ # Rustfmt is needed to format the grpc stubs generated by tonic. - && rustup target add x86_64-unknown-linux-musl\ - && rustup component add rustfmt\ + && rustup component add rustfmt \ # Cross compile with musl as the target, so teos can run on alpine. - && RUSTFLAGS='-C target-feature=+crt-static' cargo build --manifest-path=teos/Cargo.toml --locked --release --target x86_64-unknown-linux-musl + && cargo build --manifest-path=teos/Cargo.toml --locked --release --target x86_64-unknown-linux-musl # Use a new stage with a smaller base image to reduce image size FROM alpine:latest -RUN apk update && apk upgrade && apk add --update bash - -# UID and GID for the TEOSD user -ENV TEOSD_UID=1001 TEOSD_GID=1001 +RUN apk update && apk upgrade && apk add --update bash sudo # Copy the teos binary from the build stage to the new stage -COPY --from=builder\ - /tmp/rust-teos/target/x86_64-unknown-linux-musl/release/teosd\ +COPY --from=builder \ + /tmp/rust-teos/target/x86_64-unknown-linux-musl/release/teosd \ /tmp/rust-teos/target/x86_64-unknown-linux-musl/release/teos-cli /usr/local/bin/ # Copy the entrypoint script to the container COPY docker/entrypoint.sh /entrypoint.sh -# Set the entrypoint script as executable and add running user -RUN chmod +x /entrypoint.sh\ - && addgroup -g ${TEOSD_GID} -S teosd\ - && adduser -S -G teosd -u ${TEOSD_UID} teosd +# Set the entrypoint script as executable +RUN chmod +x /entrypoint.sh + +# Add a new user (with sudo permisions) +RUN adduser -S teos +RUN echo 'teos ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # Expose the default port used by Rust-TEOSd EXPOSE 9814/tcp -# Switch user so that we don't run stuff as root -USER teosd - # Create a volume for the TEOS data directory -#VOLUME ["/home/teosd/.teos"] -RUN mkdir /home/teosd/.teos -RUN chown 1001:1001 /home/teosd/.teos +RUN mkdir /home/teos/.teos +RUN chown teos /home/teos/.teos + +# Switch user so that we don't run stuff as root +USER teos # Start Rust-TEOS when the container starts ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index b547dbd2..761bb755 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,5 +1,11 @@ #!/bin/sh +# Own the data directory +sudo chown -R teos /home/teos/.teos + +# Allow the configuration file to be edited by anyone (so an outside users can edit it easily) +chmod 666 /home/teos/.teos/teos.toml + # Define the start command START_COMMAND="teosd" @@ -46,10 +52,6 @@ if [[ ! -z ${BTC_RPC_PORT} ]]; then START_COMMAND="$START_COMMAND --btcrpcport $BTC_RPC_PORT" fi -if [[ ! -z ${DATA_DIR} ]]; then - START_COMMAND="$START_COMMAND --datadir $DATA_DIR" -fi - if [[ ! -z ${DEBUG} ]]; then START_COMMAND="$START_COMMAND --debug $DEBUG" fi @@ -66,6 +68,5 @@ if [[ ! -z ${FORCE_UPDATE} ]]; then START_COMMAND="$START_COMMAND --forceupdate $FORCE_UPDATE" fi - # Start the TEOS daemon $START_COMMAND