-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
77 lines (60 loc) · 3.55 KB
/
Dockerfile
File metadata and controls
77 lines (60 loc) · 3.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# ══════════════════════════════════════════════════════════════════
# Bulwark v3.0 — Ubuntu 24.04 + Node.js 22 + AI CLIs + Ollama
# AI-powered server management platform
# ══════════════════════════════════════════════════════════════════
FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
# ── System packages ──────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
curl gnupg ca-certificates git openssh-client bash sudo \
python3 make g++ \
# Terminal tools (used by views)
procps htop net-tools iproute2 \
# pg_dump/psql for DB backups (version must match or exceed server)
lsb-release \
# Cron for cron-enhanced view
cron \
&& rm -rf /var/lib/apt/lists/*
# ── PostgreSQL 17 client (pg_dump/psql must match server version) ─
RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' && \
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/pgdg.gpg && \
apt-get update && apt-get install -y --no-install-recommends postgresql-client-17 && \
rm -rf /var/lib/apt/lists/*
# ── Node.js 22 (required for Codex CLI) ─────────────────────────
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
apt-get install -y --no-install-recommends nodejs && \
rm -rf /var/lib/apt/lists/*
# ── Docker CLI (for Docker management view via mounted socket) ──
RUN install -m 0755 -d /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" > /etc/apt/sources.list.d/docker.list && \
apt-get update && apt-get install -y --no-install-recommends docker-ce-cli && \
rm -rf /var/lib/apt/lists/*
# ── AI CLIs (BYOK — users bring their own API keys) ─────────────
RUN npm install -g @anthropic-ai/claude-code @openai/codex 2>/dev/null || true
# ── Non-root user (Claude CLI refuses --dangerously-skip-permissions as root) ─
RUN useradd -m -s /bin/bash -G sudo bulwark && \
echo 'bulwark ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# ── App setup ────────────────────────────────────────────────────
WORKDIR /app
COPY package.json package-lock.json* ./
RUN npm install --production
COPY server.js ./
COPY write-config.js ./
COPY routes/ ./routes/
COPY lib/ ./lib/
COPY docs/ ./docs/
COPY public/ ./public/
COPY media/ ./media/
COPY scripts/ ./scripts/
# Ensure data dirs exist with write permissions
RUN mkdir -p /app/data/backups && chown -R bulwark:bulwark /app
ENV NODE_ENV=production
ENV MONITOR_PORT=3001
ENV OLLAMA_BASE_URL=http://ollama:11434
ENV OLLAMA_MODEL=qwen3:8b
EXPOSE 3001
USER bulwark
HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=10s \
CMD curl -sf http://localhost:3001/api/health || exit 1
CMD ["node", "server.js"]