9fa97ebb5c
Test and build / test_floonet-rs (push) Has been cancelled
nostr-rs-relay + a default-deny admission pipeline (kinds 0,3,5,13,1059, 10002,10050,27235 only), NIP-42 auth, neutral NIP-11, a built-in name authority (paid names via GoblinPay), and a config-toggled co-located mixnet exit supervisor. Single binary + installer + hardened systemd, or Docker Compose. Relay core untouched (additive admission + authority).
55 lines
1.3 KiB
Docker
55 lines
1.3 KiB
Docker
FROM docker.io/library/rust:1-bookworm as builder
|
|
ARG CARGO_LOG
|
|
RUN apt-get update \
|
|
&& apt-get install -y cmake protobuf-compiler \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
RUN USER=root cargo install cargo-auditable
|
|
RUN USER=root cargo new --bin floonet-rs
|
|
WORKDIR ./floonet-rs
|
|
COPY ./Cargo.toml ./Cargo.toml
|
|
COPY ./Cargo.lock ./Cargo.lock
|
|
# build dependencies only (caching)
|
|
RUN cargo auditable build --release --locked
|
|
# get rid of starter project code
|
|
RUN rm src/*.rs
|
|
|
|
# copy project source code
|
|
COPY ./src ./src
|
|
COPY ./proto ./proto
|
|
COPY ./assets ./assets
|
|
COPY ./build.rs ./build.rs
|
|
|
|
# build auditable release using locked deps
|
|
RUN rm ./target/release/deps/floonet*
|
|
RUN cargo auditable build --release --locked
|
|
|
|
FROM docker.io/library/debian:bookworm-slim
|
|
|
|
ARG APP=/usr/src/app
|
|
ARG APP_DATA=/usr/src/app/db
|
|
RUN apt-get update \
|
|
&& apt-get install -y ca-certificates tzdata sqlite3 libc6 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
EXPOSE 8080
|
|
|
|
ENV TZ=Etc/UTC \
|
|
APP_USER=appuser
|
|
|
|
RUN groupadd $APP_USER \
|
|
&& useradd -g $APP_USER $APP_USER \
|
|
&& mkdir -p ${APP} \
|
|
&& mkdir -p ${APP_DATA}
|
|
|
|
COPY --from=builder /floonet-rs/target/release/floonet-rs ${APP}/floonet-rs
|
|
|
|
RUN chown -R $APP_USER:$APP_USER ${APP}
|
|
|
|
USER $APP_USER
|
|
WORKDIR ${APP}
|
|
|
|
ENV RUST_LOG=info,floonet_rs=info
|
|
ENV APP_DATA=${APP_DATA}
|
|
|
|
CMD ./floonet-rs --db ${APP_DATA}
|