IPFS sidecar (#2)

.github/workflows/container.yml

@@ -0,0 +1,42 @@
+name: Publish Container
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      ### Prepare docker & login to Dockerhub
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      
+      ### Build and push docker image
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: "fluencelabs/node:latest,fluencelabs/node:v${{github.run_number}}"

.vscode/settings.json

@@ -0,0 +1,20 @@
+{
+    "[dockerfile]": {
+        "editor.quickSuggestions": {
+            "strings": true
+        },
+        "editor.formatOnSave": false
+    },
+    "shellformat.effectLanguages": [
+        "shellscript",
+        // "dockerfile",
+        "dotenv",
+        "hosts",
+        "jvmoptions",
+        "ignore",
+        "gitignore",
+        "properties",
+        "spring-boot-properties",
+        "azcli"
+    ]
+}

Dockerfile

@@ -0,0 +1,46 @@
+### NOTE: original linuxserver.org docker-ipfs image also builds & runs migrations.
+###		  If needed, go to https://github.com/linuxserver/docker-ipfs to see how it's done.
+ 
+FROM ipfs/go-ipfs:v0.9.0 as ipfs
+
+FROM fluencelabs/fluence:latest as fluence
+
+FROM ghcr.io/linuxserver/baseimage-ubuntu:bionic
+
+# TODO:
+# - set version
+# - set build date
+
+# environment
+ENV IPFS_PATH=/config/ipfs
+ENV RUST_LOG="info,aquamarine=warn,tokio_threadpool=info,tokio_reactor=info,mio=info,tokio_io=info,soketto=info,yamux=info,multistream_select=info,libp2p_secio=info,libp2p_websocket::framed=info,libp2p_ping=info,libp2p_core::upgrade::apply=info,libp2p_kad::kbucket=info,cranelift_codegen=info,wasmer_wasi=info,cranelift_codegen=info,wasmer_wasi=info"
+ENV RUST_BACKTRACE="1"
+## set /fluence as the CMD binary
+ENV S6_CMD_ARG0="/fluence"
+
+RUN \
+ echo "**** install packages ****" && \
+ apt-get update && \
+ apt-get install -y \
+	less \
+	logrotate \
+	curl && \
+ echo "**** cleanup ****" && \
+ apt-get clean && \
+ rm -rf \
+	/tmp/* \
+	/var/lib/apt/lists/* \
+	/var/tmp/*
+
+# copy files
+COPY s6/root/ /
+COPY --from=ipfs /usr/local/bin/ipfs /usr/bin/ipfs
+# TODO: copy binary to /usr/bin & state to /config/fluence
+COPY --from=fluence /fluence /fluence
+COPY --from=fluence /.fluence /.fluence
+COPY --from=fluence /builtins /builtins
+
+# ports and volumes
+EXPOSE 5001
+VOLUME ["/config"]
+VOLUME ["/.fluence"]

s6/root/defaults/ipfs_preshared_swarm.key

@@ -0,0 +1,3 @@
+/key/swarm/psk/1.0.0/
+/base16/
+a3ff4566ee853b0cf9d5fa7346f91f9c7cde5c6efeaba94f90ad049c1e30267f

s6/root/etc/cont-init.d/20-config

@@ -0,0 +1,31 @@
+#!/usr/bin/with-contenv bash
+
+# IPFS_PATH is set to /config/ipfs in Dockerfile
+# ipfs config
+if [ ! -d "/config/ipfs" ]; then
+	ipfs init
+	ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
+	ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST"]'
+	ipfs config --json Addresses.API '"/ip4/0.0.0.0/tcp/5001"'
+	ipfs config --json Addresses.Gateway '"/ip4/0.0.0.0/tcp/8080"'
+
+	# remove default bootstraps
+	ipfs bootstrap rm --all
+
+	# enable Private Network feature by copying swarm.key to $IPFS_HOME
+	# https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#private-networks
+	cp /defaults/ipfs_preshared_swarm.key /config/ipfs/swarm.key
+
+	# to check that Private Network is enabled, look for a line
+	# 'Swarm is limited to private network of peers with the swarm key'
+	# in IPFS logs @ /config/log/ipfs
+fi
+
+# make our folders
+mkdir -p \
+	/config/log/ipfs \
+	/run
+
+# permissions
+chown -R abc:abc /config
+chmod -R 644 /etc/logrotate.d

s6/root/etc/services.d/ipfs/log/run

@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bash
+
+# s6-setuidgid abc - run as a user abc (unprivileged)
+
+# n30          - keep 30 rotated log files
+# s10000000    - rotate when log reachs 10MB
+# S30000000    - keep only 30 MB of rotated (and compressed) logs
+# T            - prepend timestamp to each line
+# !"gzip -nq9" - compresses logs on rotation
+exec \
+    s6-setuidgid abc s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/log/ipfs

s6/root/etc/services.d/ipfs/run

@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bash
+
+exec \
+	# seems like IPFS logs most logs to stderr, so
+	# map stderr to stdout so s6-log can catch it
+	fdmove -c 2 1 \
+	s6-setuidgid abc ipfs daemon