From e1a03797d87a2669a31fc201c0ce0b8af528a691 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <fair@miscworks.net>
Date: Fri, 29 Apr 2022 09:54:43 -0400
Subject: [PATCH] Docker support

---
 Dockerfile                      | 49 +++++++++++++++++++++++++++++++++
 SETUP.md                        | 30 +++++++++++++++++++-
 docker-run.sh                   | 36 ++++++++++++++++++++++++
 node/Dockerfile                 | 13 +++++++++
 node/docker-run.sh              | 16 +++++++++++
 node/example-config-docker.json |  7 +++++
 node/example-config.json        |  2 +-
 7 files changed, 151 insertions(+), 2 deletions(-)
 create mode 100644 Dockerfile
 create mode 100755 docker-run.sh
 create mode 100644 node/Dockerfile
 create mode 100755 node/docker-run.sh
 create mode 100644 node/example-config-docker.json

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..dde51d2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,49 @@
+FROM docker.io/alpine:3.15
+
+ARG TARGETARCH=amd64
+
+RUN apk add --no-cache \
+      python3 py3-pip py3-setuptools py3-wheel \
+      py3-pillow \
+      py3-aiohttp \
+      py3-magic \
+      py3-ruamel.yaml \
+      py3-commonmark \
+      py3-prometheus-client \
+      # encryption
+      py3-olm \
+      py3-cffi \
+      py3-pycryptodome \
+      py3-unpaddedbase64 \
+      py3-future \
+      # proxy support
+      py3-aiohttp-socks \
+      py3-pysocks \
+      # Other dependencies
+      ffmpeg \
+      ca-certificates \
+      su-exec \
+      netcat-openbsd \
+      bash \
+      curl \
+      jq \
+      yq
+
+WORKDIR /opt/matrix-appservice-kakaotalk
+
+COPY requirements.txt optional-requirements.txt ./
+RUN apk add --virtual .build-deps python3-dev libffi-dev build-base \
+ && pip3 install -r requirements.txt -r optional-requirements.txt \
+ && apk del .build-deps
+
+# Copy specific files & directories to avoid copying the node directory
+COPY LICENSE setup.py docker-run.sh ./
+COPY matrix_appservice_kakaotalk matrix_appservice_kakaotalk
+RUN apk add --no-cache git && pip3 install .[e2be] && apk del git \
+  # This doesn't make the image smaller, but it's needed so that the `version` command works properly
+  && cp matrix_appservice_kakaotalk/example-config.yaml . && rm -rf matrix_appservice_kakaotalk
+
+ENV UID=1337 GID=1337
+VOLUME /data
+
+CMD ["./docker-run.sh"]
diff --git a/SETUP.md b/SETUP.md
index 4c87a77..7b5a4b9 100644
--- a/SETUP.md
+++ b/SETUP.md
@@ -67,4 +67,32 @@ To use them as-is, follow these steps after [initial setup](#initial-setup):
 Simply `git pull` or `git rebase` the latest changes and rerun any installation commands (`npm install`, `pip install -Ur ...`).
 
 # Docker
-Coming soon!
+These instructions describe how to run the bridge with Docker containers.
+
+## Notes
+* Any `docker` commands mentioned below need to be run with `sudo` unless you have configured your system otherwise. See [Docker docs](https://docs.docker.com/engine/install/linux-postinstall/) for details.
+* All configuration files created by the Docker containers will be `chown`ed to UID/GID 1337. Use `sudo` access on the host to edit them.
+* The `docker` commands below mount the working directory as `/data`, so make sure you always run them in the correct directory.
+
+## Limitations
+* Images must be built manually for now. It is planned for there to be prebuilt images available to pull.
+
+## Initial setup
+1. `cd` to the directory where you cloned this repository
+1. Ensure that the repository root and `node` directories are writable by UID/GID 1337. A coarse way to achieve this is with `chmod o+w . node`
+1. `cd` to the `node` directory, and build the image for the Node module with `docker build . -t matrix-appservice-kakaotalk-node`
+1. Run a container for the Node module for the first time, so it can create a config file for you: `docker run --rm -v $(pwd):/data:z matrix-appservice-kakaotalk-node`
+1. Update the generated config file `config.json` to your liking
+1. Run the Node module with `docker run --restart unless-stopped -v $(pwd):/data:z matrix-appservice-kakaotalk-node`
+1. Open a new shell, since the prior `docker run` command runs in the foreground (unless `-d` is used)
+1. `cd` to the repository root, and build the image for the bridge module with `docker build . -t matrix-appservice-kakaotalk`
+1. Run a container for the bridge module for the first time, so it can create a config file for you: `docker run --rm -v $(pwd):/data:z matrix-appservice-kakaotalk`
+1. Update the generated config file `config.yaml` to your liking. You'll at least need to change the homeserver settings, appservice address and permissions, and the rpc connection to the Node module
+    * Note that the Node module container's `/data/` directory is accessible in the bridge module's container at `/data/node/`
+    * Thus, if the Node module is configured to use a unix socket at `/data/<sock_name>`, the bridge module's config must set `rpc.connection.path: /data/node/<sockname>`
+1. Generate the appservice registration by running the container again, and update your homeserver configuration to accept it
+1. Run the bridge module with `docker run --restart unless-stopped -v $(pwd):/data:z matrix-appservice-kakaotalk`
+    * Additionally, you should either add the bridge to the same Docker network as your homeserver and database with `--network=<name>` (when they are running in Docker), or expose the correct port(s) with `-p <port>:<port>` or `--network=host` (when they are running outside Docker).
+
+## Upgrading
+Simply `git pull` or `git rebase` the latest changes, rerun all `docker build` commands, then run new containers for the freshly-built images.
diff --git a/docker-run.sh b/docker-run.sh
new file mode 100755
index 0000000..a221dcf
--- /dev/null
+++ b/docker-run.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# Define functions.
+function fixperms {
+	chown -R $UID:$GID /data
+
+	# /opt/matrix-appservice-kakaotalk is read-only, so disable file logging if it's pointing there.
+	if [[ "$(yq e '.logging.handlers.file.filename' /data/config.yaml)" == "./matrix-appservice-kakaotalk.log" ]]; then
+		yq -I4 e -i 'del(.logging.root.handlers[] | select(. == "file"))' /data/config.yaml
+		yq -I4 e -i 'del(.logging.handlers.file)' /data/config.yaml
+	fi
+}
+
+cd /opt/matrix-appservice-kakaotalk
+
+if [ ! -f /data/config.yaml ]; then
+	cp example-config.yaml /data/config.yaml
+	echo "Didn't find a config file."
+	echo "Copied default config file to /data/config.yaml"
+	echo "Modify that config file to your liking."
+	echo "Start the container again after that to generate the registration file."
+	fixperms
+	exit
+fi
+
+if [ ! -f /data/registration.yaml ]; then
+	python3 -m matrix_appservice_kakaotalk -g -c /data/config.yaml -r /data/registration.yaml || exit $?
+	echo "Didn't find a registration file."
+	echo "Generated one for you."
+	echo "See https://docs.mau.fi/bridges/general/registering-appservices.html on how to use it."
+	fixperms
+	exit
+fi
+
+fixperms
+exec su-exec $UID:$GID python3 -m matrix_appservice_kakaotalk -c /data/config.yaml
diff --git a/node/Dockerfile b/node/Dockerfile
new file mode 100644
index 0000000..0c98725
--- /dev/null
+++ b/node/Dockerfile
@@ -0,0 +1,13 @@
+FROM docker.io/node:16-alpine3.15
+
+ARG TARGETARCH=amd64
+
+WORKDIR /opt/matrix-appservice-kakaotalk/node
+
+COPY . ./
+RUN npm i
+
+ENV UID=1337 GID=1337
+VOLUME /data
+
+CMD ["./docker-run.sh"]
diff --git a/node/docker-run.sh b/node/docker-run.sh
new file mode 100755
index 0000000..df3602f
--- /dev/null
+++ b/node/docker-run.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+if [ ! -w . ]; then
+	echo "Please ensure the /data volume of this container is writable for user:group $UID:$GID." >&2
+	exit
+fi
+
+if [ ! -f /data/config.json ]; then
+	cp example-config-docker.json /data/config.json
+	echo "Didn't find a config file."
+	echo "Copied default config file to /data/config.json"
+	echo "Modify that config file to your liking, then restart the container."
+	exit
+fi
+
+node src/main.js --config /data/config.json
diff --git a/node/example-config-docker.json b/node/example-config-docker.json
new file mode 100644
index 0000000..85969e6
--- /dev/null
+++ b/node/example-config-docker.json
@@ -0,0 +1,7 @@
+{
+	"listen": {
+		"type": "unix",
+		"path": "/data/puppet.sock",
+		"force": false
+	}
+}
diff --git a/node/example-config.json b/node/example-config.json
index 5b07153..444565e 100644
--- a/node/example-config.json
+++ b/node/example-config.json
@@ -2,6 +2,6 @@
 	"listen": {
 		"type": "unix",
 		"path": "/var/run/matrix-appservice-kakaotalk/rpc.sock",
-        "force": false
+		"force": false
 	}
 }