veilid/Dockerfile.server

FROM docker.io/library/rust:1.81.0-bullseye as builder

# Install build dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    libssl-dev \
    pkg-config \
    cmake \
    && rm -rf /var/lib/apt/lists/*

# Set up working directory and copy everything
WORKDIR /veilid
COPY . .

# Build veilid-server and veilid-cli
RUN cargo build --release --bin veilid-server && \
    cargo build --release --bin veilid-cli

# Create a minimal runtime image
FROM debian:bullseye-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    libssl1.1 \
    && rm -rf /var/lib/apt/lists/*

# Create veilid user and directories
RUN groupadd -r veilid && useradd -r -g veilid veilid
RUN mkdir -p /etc/veilid-server /var/db/veilid-server/protected_store /var/db/veilid-server/table_store /var/db/veilid-server/block_store /var/db/veilid-server/ipc /var/log/veilid /home/veilid/.veilid-cli
RUN chown -R veilid:veilid /var/db/veilid-server /var/log/veilid /etc/veilid-server /home/veilid/.veilid-cli
RUN chmod 750 /var/db/veilid-server/protected_store /var/db/veilid-server/table_store /var/db/veilid-server/block_store /var/db/veilid-server/ipc /var/db/veilid-server /var/log/veilid

# Copy the compiled binaries from builder stage
COPY --from=builder /veilid/target/release/veilid-server /usr/bin/
COPY --from=builder /veilid/target/release/veilid-cli /usr/bin/
RUN chmod 755 /usr/bin/veilid-server /usr/bin/veilid-cli

# Copy the docker configuration file
COPY docker-config/veilid-server-docker.conf /etc/veilid-server/veilid-server.conf

# Set up veilid-cli environment for the veilid user
RUN echo "client_api:" > /home/veilid/.veilid-cli/config && \
    echo "  address: '127.0.0.1:5959'" >> /home/veilid/.veilid-cli/config && \
    chown -R veilid:veilid /home/veilid/.veilid-cli && \
    chmod -R 755 /home/veilid/.veilid-cli

# Make sure all necessary directories are writable by the veilid user
RUN chmod 1777 /tmp && \
    chmod -R 1777 /var/db/veilid-server/ipc && \
    mkdir -p /var/db/veilid-cli && \
    mkdir -p /home/veilid/.veilid-cli && \
    mkdir -p /home/veilid/.config/veilid-cli && \
    mkdir -p /home/veilid/.cache && \
    mkdir -p /home/veilid/.local/share && \
    mkdir -p /var/run/user/$(id -u veilid) && \
    chown -R veilid:veilid /var/db/veilid-cli /home/veilid /var/run/user/$(id -u veilid) && \
    chmod -R 777 /var/db/veilid-cli /home/veilid/.veilid-cli /home/veilid/.config /home/veilid/.cache /home/veilid/.local /var/run/user/$(id -u veilid)

# Expose the default ports for veilid
EXPOSE 5150/tcp 5150/udp 5959/tcp

# Add healthcheck using veilid-cli to check server status
# Using veilid-cli -e to execute the nodeid command and verify output
# Added a 60 second startup period to allow the server to initialize fully
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD HOME=/home/veilid \
        XDG_CONFIG_HOME=/home/veilid/.config \
        XDG_CACHE_HOME=/home/veilid/.cache \
        XDG_DATA_HOME=/home/veilid/.local/share \
        XDG_RUNTIME_DIR=/var/run/user/$(id -u veilid) \
        VEILID_CLI_CONFIG_DIR=/home/veilid/.veilid-cli \
        veilid-cli -e nodeid | grep -q "VLD0:" || exit 1

# Create volume mount points for persistent data and configuration
VOLUME ["/var/db/veilid-server/protected_store", "/var/db/veilid-server/table_store", "/var/db/veilid-server/block_store", "/var/log/veilid", "/etc/veilid-server", "/var/db/veilid-cli"]

# Set environment variables for veilid-cli
ENV HOME=/home/veilid \
    XDG_CONFIG_HOME=/home/veilid/.config \
    XDG_CACHE_HOME=/home/veilid/.cache \
    XDG_DATA_HOME=/home/veilid/.local/share \
    XDG_RUNTIME_DIR=/var/run/user/$(id -u veilid) \
    VEILID_CLI_CONFIG_DIR=/home/veilid/.veilid-cli

# Switch to non-root user
USER veilid

# Command to run
CMD ["veilid-server", "-c", "/etc/veilid-server/veilid-server.conf"]