From 1cf81bbfee1d36808f7bdc2083c2cf64aff6fcc1 Mon Sep 17 00:00:00 2001
From: Face <69168154+face-hh@users.noreply.github.com>
Date: Mon, 25 Aug 2025 14:51:08 +0300
Subject: [PATCH] docker

---
 dns/Dockerfile             | 13 ++++---
 dns/docker-compose.yml     |  4 +--
 protocol/cli/gurty.service | 32 +++++++++++++++++
 protocol/cli/install.sh    | 72 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 113 insertions(+), 8 deletions(-)
 create mode 100644 protocol/cli/gurty.service
 create mode 100644 protocol/cli/install.sh

diff --git a/dns/Dockerfile b/dns/Dockerfile
index f45d4cc..915e340 100644
--- a/dns/Dockerfile
+++ b/dns/Dockerfile
@@ -24,7 +24,8 @@ FROM alpine:3.19
 
 RUN apk add --no-cache \
     ca-certificates \
-    postgresql-client
+    postgresql-client \
+    wget
 
 RUN addgroup -g 1001 -S appgroup && \
     adduser -u 1001 -S appuser -G appgroup
@@ -32,11 +33,13 @@ RUN addgroup -g 1001 -S appgroup && \
 WORKDIR /app
 
 COPY --from=builder /app/target/release/webx_dns /app/webx_dns
-
 COPY --from=builder /app/migrations ./migrations
 
-RUN mkdir -p /app/config /app/data && \
-    chown -R appuser:appgroup /app
+RUN mkdir -p /app/config /app/data /home/matt/gurted/dns/certs && \
+    chown -R appuser:appgroup /app && \
+    chown -R appuser:appgroup /home/matt && \
+    ls -la /home/matt/gurted/dns/ && \
+    echo "Directory structure created successfully"
 
 USER appuser
 
@@ -46,4 +49,4 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
 
 # Default command
-CMD ["./webx_dns", "--config", "/app/config/config.toml", "start"]
+CMD ["sh", "-c", "ls -la /home/matt/gurted/dns/certs/ && ./webx_dns --config /app/config/config.toml start"]
diff --git a/dns/docker-compose.yml b/dns/docker-compose.yml
index c52484d..1c50717 100644
--- a/dns/docker-compose.yml
+++ b/dns/docker-compose.yml
@@ -10,7 +10,5 @@ services:
     volumes:
       - ./config.toml:/app/config/config.toml:ro
       - ./data:/app/data
-      - ./certs:/app/certs:ro
-      - ./localhost+2.pem:/app/config/tls.pem:ro
-      - ./localhost+2-key.pem:/app/config/tls-key.pem:ro
+      - ./certs:/home/matt/gurted/dns/certs:ro
     restart: unless-stopped
diff --git a/protocol/cli/gurty.service b/protocol/cli/gurty.service
new file mode 100644
index 0000000..f15b1c6
--- /dev/null
+++ b/protocol/cli/gurty.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=Gurty GURT Protocol Server
+Documentation=https://github.com/outpoot/gurted
+After=network.target
+Wants=network.target
+
+[Service]
+Type=simple
+User=gurty
+Group=gurty
+WorkingDirectory=/opt/gurty
+ExecStart=/opt/gurty/gurty --config /opt/gurty/gurty.toml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=gurty
+
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/gurty/logs /var/log/gurty
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+LimitNOFILE=65536
+LimitNPROC=4096
+
+[Install]
+WantedBy=multi-user.target
diff --git a/protocol/cli/install.sh b/protocol/cli/install.sh
new file mode 100644
index 0000000..2d5f318
--- /dev/null
+++ b/protocol/cli/install.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+set -e
+
+# Configuration
+SERVICE_NAME="gurty"
+SERVICE_USER="gurty"
+SERVICE_GROUP="gurty"
+INSTALL_DIR="/opt/gurty"
+LOG_DIR="/var/log/gurty"
+CONFIG_FILE="gurty.toml"
+SERVICE_FILE="gurty.service"
+
+echo "🚀 Installing Gurty GURT Protocol Server..."
+
+if [[ $EUID -ne 0 ]]; then
+   echo "❌ This script must be run as root (use sudo)"
+   exit 1
+fi
+
+echo "👤 Creating service user and group..."
+if ! getent group "$SERVICE_GROUP" > /dev/null 2>&1; then
+    groupadd --system "$SERVICE_GROUP"
+fi
+
+if ! getent passwd "$SERVICE_USER" > /dev/null 2>&1; then
+    useradd --system --gid "$SERVICE_GROUP" --create-home --home-dir "$INSTALL_DIR" --shell /usr/sbin/nologin --comment "Gurty GURT Protocol Server" "$SERVICE_USER"
+fi
+
+echo "📁 Creating directories..."
+mkdir -p "$INSTALL_DIR"
+mkdir -p "$LOG_DIR"
+
+echo "🔨 Building gurty binary..."
+cargo build --release
+
+echo "📋 Installing files..."
+cp target/release/gurty "$INSTALL_DIR/"
+cp "$CONFIG_FILE" "$INSTALL_DIR/"
+cp localhost+2.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️  TLS certificate not found, you may need to generate one"
+cp localhost+2-key.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️  TLS private key not found, you may need to generate one"
+
+echo "🔒 Setting permissions..."
+chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR"
+chown -R "$SERVICE_USER:$SERVICE_GROUP" "$LOG_DIR"
+chmod +x "$INSTALL_DIR/gurty"
+chmod 600 "$INSTALL_DIR"/*.pem 2>/dev/null || true
+chmod 644 "$INSTALL_DIR/$CONFIG_FILE"
+
+echo "⚙️  Installing systemd service..."
+cp "$SERVICE_FILE" /etc/systemd/system/
+systemctl daemon-reload
+
+echo "🎯 Enabling and starting service..."
+systemctl enable "$SERVICE_NAME"
+systemctl start "$SERVICE_NAME"
+
+echo "✅ Installation complete!"
+echo ""
+echo "Service commands:"
+echo "  sudo systemctl start gurty     # Start the service"
+echo "  sudo systemctl stop gurty      # Stop the service"
+echo "  sudo systemctl restart gurty   # Restart the service"
+echo "  sudo systemctl status gurty    # Check service status"
+echo "  sudo systemctl reload gurty    # Reload configuration"
+echo "  sudo journalctl -u gurty -f    # View logs"
+echo ""
+echo "Configuration file: $INSTALL_DIR/$CONFIG_FILE"
+echo "Log directory: $LOG_DIR"
+echo ""
+
+systemctl status "$SERVICE_NAME" --no-pager