Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add Docker image #101

Merged
merged 3 commits into from
Nov 18, 2024
Merged

feat: add Docker image #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
416e1a4
feat: add bare-bones alpine-based docker image
M0dEx Nov 17, 2024
dfb4521
ci: automatically build Docker images for releases
M0dEx Nov 17, 2024
e641fe4
docs: add documentation for Docker
M0dEx Nov 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,37 @@ jobs:
with:
files: |
quincy-windows-x86_64.zip

build-docker-image:
name: Build Docker image

runs-on: ubuntu-latest

strategy:
matrix:
platform:
- linux/amd64
- linux/arm64
crypto:
- standard
- quantum
steps:
- uses: docker/setup-qemu-action@v3
name: Set up QEMU
- uses: docker/setup-buildx-action@v3
name: Set up Docker Buildx
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/build-push-action@v6
name: Build and push
with:
push: true
platforms: ${{ matrix.platform }}
build-args: |
FEATURES=crypto-${{ matrix.crypto }},jemalloc
tags: |
${{ env.DOCKERHUB_USERNAME }}/quincy:${{ startsWith(matrix.crypto, 'standard') && github.ref_name || format('{0}-{1}', github.ref_name, matrix.crypto) }}
${{ env.DOCKERHUB_USERNAME }}/quincy:${{ startsWith(matrix.crypto, 'standard') && 'latest' || format('latest-{0}', matrix.crypto) }}
38 changes: 38 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
FROM rust:alpine3.20 AS builder

# Install pre-requisites
RUN apk add build-base gcompat jemalloc-dev

# Create a new directory for our application
WORKDIR /tmp/quincy-build

# Copy the source code into the container
COPY src ./src
COPY Cargo.toml Cargo.lock ./

# Build the application
ARG FEATURES="crypto-standard,jemalloc"
RUN cargo build --release --no-default-features --features "${FEATURES}"

FROM alpine:3.20

# Create needed directories
RUN mkdir -p /etc/quincy

# Install glibc
RUN apk add gcompat jemalloc libcap-setcap

# Copy the binary from the builder stage
COPY --from=builder /tmp/quincy-build/target/release/quincy-client /tmp/quincy-build/target/release/quincy-server /tmp/quincy-build/target/release/quincy-users /usr/local/bin/

# Add required capability to executable
RUN setcap \
'cap_net_admin=+ep cap_net_bind_service=+ep' /usr/local/bin/quincy-client \
'cap_net_admin=+ep cap_net_bind_service=+ep' /usr/local/bin/quincy-server

# Run under a non-root account
RUN addgroup -S quincy && adduser -S quincy -G quincy
USER quincy

# Set the working directory
WORKDIR /usr/srv/quincy
31 changes: 31 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,42 @@ The [`tokio`](https://github.com/tokio-rs/tokio) runtime is used to provide an e
## Installation
Binaries are currently available for Windows, Linux (x86_64) and macOS (aarch64) for every official release.

### Cargo
Using cargo, installation of any published version can be done with a simple command:
```bash
cargo install quincy
```

### Docker
Docker images are available on [Docker Hub](https://hub.docker.com/r/m0dex/quincy) in different flavours:
- `quincy:latest`: The latest version of Quincy with pre-quantum cryptography
- `quincy:latest-quantum`: The latest version of Quincy with post-quantum cryptography
- `quincy:<version>-standard`: A specific version of Quincy with pre-quantum cryptography
- `quincy:<version>-quantum`: A specific version of Quincy with post-quantum cryptography

To run the client/server, you need to add a volume with the configuration files and add needed capabilities:
```bash
docker run
--rm # remove the container after it stops
--cap-add=NET_ADMIN # needed for creating the TUN interface
--device=/dev/net/tun # needed for creating the TUN interface
-p "55555:55555" # server port-forwarding
-v <configuration directory>:/etc/quincy # directory with the configuration files
m0dex/quincy:latest # or any of the other tags
quincy-server --config-path /etc/quincy/server.toml
```

To add or remove a user to the `users` file, you can run the following command:
```bash
docker run
--rm # remove the container after it stops
-it # interactive mode
-v <configuration directory>:/etc/quincy # directory with the configuration files
m0dex/quincy:latest # or any of the other tags
quincy-users --add /etc/quincy/users
# quincy-users --delete /etc/quincy/users
```

## Building from sources
As Quincy does not rely upon any non-Rust libraries, the build process is incredibly simple:
```bash
Expand Down