LeonMMcoset/leonwww
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docker

Browse Source
This commit is contained in:
Face
2025-08-25 14:51:08 +03:00
parent e42ffdb8fa
commit 1cf81bbfee
4 changed files with 113 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
dns/Dockerfile
View File

@@ -24,7 +24,8 @@ FROM alpine:3.19
RUN apk add --no-cache \ RUN apk add --no-cache \
ca-certificates \ ca-certificates \
postgresql-client postgresql-client \
wget
RUN addgroup -g 1001 -S appgroup && \ RUN addgroup -g 1001 -S appgroup && \
adduser -u 1001 -S appuser -G appgroup adduser -u 1001 -S appuser -G appgroup
@@ -32,11 +33,13 @@ RUN addgroup -g 1001 -S appgroup && \
WORKDIR /app WORKDIR /app
COPY --from=builder /app/target/release/webx_dns /app/webx_dns COPY --from=builder /app/target/release/webx_dns /app/webx_dns
COPY --from=builder /app/migrations ./migrations COPY --from=builder /app/migrations ./migrations
RUN mkdir -p /app/config /app/data && \ RUN mkdir -p /app/config /app/data /home/matt/gurted/dns/certs && \
chown -R appuser:appgroup /app chown -R appuser:appgroup /app && \
chown -R appuser:appgroup /home/matt && \
ls -la /home/matt/gurted/dns/ && \
echo "Directory structure created successfully"
USER appuser USER appuser
@@ -46,4 +49,4 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1 CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
# Default command # Default command
CMD ["./webx_dns", "--config", "/app/config/config.toml", "start"] CMD ["sh", "-c", "ls -la /home/matt/gurted/dns/certs/ && ./webx_dns --config /app/config/config.toml start"]

4
dns/docker-compose.yml
View File

@@ -10,7 +10,5 @@ services:
volumes: volumes:
- ./config.toml:/app/config/config.toml:ro - ./config.toml:/app/config/config.toml:ro
- ./data:/app/data - ./data:/app/data
- ./certs:/app/certs:ro - ./certs:/home/matt/gurted/dns/certs:ro
- ./localhost+2.pem:/app/config/tls.pem:ro
- ./localhost+2-key.pem:/app/config/tls-key.pem:ro
restart: unless-stopped restart: unless-stopped

32
protocol/cli/gurty.service Normal file
View File

@@ -0,0 +1,32 @@
[Unit]
Description=Gurty GURT Protocol Server
Documentation=https://github.com/outpoot/gurted
After=network.target
Wants=network.target
[Service]
Type=simple
User=gurty
Group=gurty
WorkingDirectory=/opt/gurty
ExecStart=/opt/gurty/gurty --config /opt/gurty/gurty.toml
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=gurty
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/gurty/logs /var/log/gurty
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target

72
protocol/cli/install.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/bin/bash
set -e
# Configuration
SERVICE_NAME="gurty"
SERVICE_USER="gurty"
SERVICE_GROUP="gurty"
INSTALL_DIR="/opt/gurty"
LOG_DIR="/var/log/gurty"
CONFIG_FILE="gurty.toml"
SERVICE_FILE="gurty.service"
echo "🚀 Installing Gurty GURT Protocol Server..."
if [[ $EUID -ne 0 ]]; then
echo "❌ This script must be run as root (use sudo)"
exit 1
fi
echo "👤 Creating service user and group..."
if ! getent group "$SERVICE_GROUP" > /dev/null 2>&1; then
groupadd --system "$SERVICE_GROUP"
fi
if ! getent passwd "$SERVICE_USER" > /dev/null 2>&1; then
useradd --system --gid "$SERVICE_GROUP" --create-home --home-dir "$INSTALL_DIR" --shell /usr/sbin/nologin --comment "Gurty GURT Protocol Server" "$SERVICE_USER"
fi
echo "📁 Creating directories..."
mkdir -p "$INSTALL_DIR"
mkdir -p "$LOG_DIR"
echo "🔨 Building gurty binary..."
cargo build --release
echo "📋 Installing files..."
cp target/release/gurty "$INSTALL_DIR/"
cp "$CONFIG_FILE" "$INSTALL_DIR/"
cp localhost+2.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️ TLS certificate not found, you may need to generate one"
cp localhost+2-key.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️ TLS private key not found, you may need to generate one"
echo "🔒 Setting permissions..."
chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR"
chown -R "$SERVICE_USER:$SERVICE_GROUP" "$LOG_DIR"
chmod +x "$INSTALL_DIR/gurty"
chmod 600 "$INSTALL_DIR"/*.pem 2>/dev/null || true
chmod 644 "$INSTALL_DIR/$CONFIG_FILE"
echo "⚙️ Installing systemd service..."
cp "$SERVICE_FILE" /etc/systemd/system/
systemctl daemon-reload
echo "🎯 Enabling and starting service..."
systemctl enable "$SERVICE_NAME"
systemctl start "$SERVICE_NAME"
echo "✅ Installation complete!"
echo ""
echo "Service commands:"
echo " sudo systemctl start gurty # Start the service"
echo " sudo systemctl stop gurty # Stop the service"
echo " sudo systemctl restart gurty # Restart the service"
echo " sudo systemctl status gurty # Check service status"
echo " sudo systemctl reload gurty # Reload configuration"
echo " sudo journalctl -u gurty -f # View logs"
echo ""
echo "Configuration file: $INSTALL_DIR/$CONFIG_FILE"
echo "Log directory: $LOG_DIR"
echo ""
systemctl status "$SERVICE_NAME" --no-pager