xmpp-proxy/integration/Dockerfile

78 lines
4.0 KiB
Docker

# base image
FROM docker.io/library/archlinux AS base
ENV PACMAN_MIRROR https://burtrum.org/archlinux
ENV TZ=America/New_York
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \
echo -e "Server = $PACMAN_MIRROR/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist && \
pacman -Syu --noconfirm --disable-download-timeout
# build some things
FROM base AS build
RUN pacman -S --noconfirm --disable-download-timeout --needed rust cargo git mercurial base-devel \
lua52 lua52-expat lua52-filesystem lua52-sec lua52-socket && \
mkdir -p /build/{src,target}/ && \
hg clone 'https://hg.prosody.im/prosody-modules/' /build/prosody-modules && rm -rf /build/prosody-modules/.hg && \
git clone https://aur.archlinux.org/scansion-hg.git /build/scansion-hg && \
git clone https://aur.archlinux.org/lua52-cjson.git /build/lua52-cjson && \
chown -R nobody: /build/ && ls -lah /build/ && \
cd /build/lua52-cjson && su -m -s /bin/bash nobody makepkg && pacman -U --noconfirm --needed lua52-cjson-*.pkg.tar* && \
cd /build/scansion-hg && su -m -s /bin/bash nobody makepkg
RUN pacman -S --noconfirm --disable-download-timeout --needed unbound gcc luarocks && luarocks --lua-version 5.2 install luaunbound && cp /usr/lib/lua/5.2/lunbound.so /build/
COPY ./Cargo.* /build/
COPY ./src/ /build/src/
#COPY ./target/ /build/target/
ARG BUILD=0
RUN if [ $BUILD -eq 0 ]; then cd /build && cargo build --release; fi
# final image
FROM base
COPY --from=build /build/*/*.pkg.tar* /tmp/
RUN pacman -S --noconfirm --disable-download-timeout --needed bind nginx prosody lua52-sec ejabberd nss mkcert curl unbound && \
pacman -U --noconfirm --needed /tmp/*.pkg.tar* && rm -f /tmp/*.pkg.tar* && \
mkdir -p /opt/xmpp-proxy/prosody-modules/ /opt/prosody-modules/ /scansion && mkcert -install && \
mkdir -p /etc/certs/ecdsa && cd /etc/certs/ecdsa && \
mkcert -ecdsa -client -cert-file one.example.org.crt -key-file one.example.org.key one.example.org && \
mkcert -ecdsa -client -cert-file two.example.org.crt -key-file two.example.org.key two.example.org && \
mkcert -ecdsa -client -cert-file xp1.example.org.crt -key-file xp1.example.org.key xp1.example.org && \
mkcert -ecdsa -client -cert-file xp2.example.org.crt -key-file xp2.example.org.key xp2.example.org && \
mkcert -ecdsa -client -cert-file wildcard.crt -key-file wildcard.key '*.example.org' && \
cp wildcard.crt legacy_ssl.crt && cp wildcard.key legacy_ssl.key && \
cp wildcard.crt https.crt && cp wildcard.key https.key && \
mkdir -p /etc/certs/rsa && cd /etc/certs/rsa && \
mkcert -client -cert-file one.example.org.crt -key-file one.example.org.key one.example.org && \
mkcert -client -cert-file two.example.org.crt -key-file two.example.org.key two.example.org && \
mkcert -client -cert-file xp1.example.org.crt -key-file xp1.example.org.key xp1.example.org && \
mkcert -client -cert-file xp2.example.org.crt -key-file xp2.example.org.key xp2.example.org && \
mkcert -client -cert-file wildcard.crt -key-file wildcard.key '*.example.org' && \
cp wildcard.crt legacy_ssl.crt && cp wildcard.key legacy_ssl.key && \
cp wildcard.crt https.crt && cp wildcard.key https.key && \
chmod -R 777 /etc/certs/ && rm -rf /etc/prosody/certs && ln -sf /etc/certs/rsa /etc/prosody/certs
COPY --from=build /build/prosody-modules /opt/prosody-modules
COPY --from=build /usr/bin/true /build/target/release/xmpp-prox[y] /usr/bin/
COPY --from=build /build/lunbound.so /usr/lib/lua/5.2/lunbound.so
COPY ./integration/named.conf /etc/
COPY ./integration/00-no-tls/example.org.zone /var/named/
COPY ./integration/00-no-tls/prosody1.cfg.lua /etc/prosody/prosody.cfg.lua
COPY ./contrib/prosody-modules /opt/xmpp-proxy/prosody-modules
COPY ./integration/*.scs /scansion/
RUN mkdir -p /run/prosody/
ARG ECDSA=0
RUN if [ $ECDSA -ne 0 ]; then rm -rf /etc/prosody/certs && ln -sf /etc/certs/ecdsa /etc/prosody/certs; fi