manage linux uids and gids as dojo system parameters

4 years ago · ca344339d5
10 changed files with 77 additions and 12 deletions
--- a/docker/my-dojo/.env
+++ b/docker/my-dojo/.env
@ -32,6 +32,9 @@ MYSQL_DATABASE=samourai-main
 # BITCOIND
 #########################################

+BITCOIND_LINUX_UID=1105
+BITCOIND_LINUX_GID=1108
+
 BITCOIND_DNSSEED=0
 BITCOIND_DNS=0

@ -67,3 +70,35 @@ NODE_TRACKER_UNCONF_TXS_PERIOD=300000
 #########################################

 INDEXER_BATCH_SIZE=10
+
+
+#########################################
+# TOR
+#########################################
+
+TOR_LINUX_UID=1104
+TOR_LINUX_GID=1107
+
+
+#########################################
+# WHIRLPOOL
+#########################################
+
+WHIRLPOOL_LINUX_UID=1110
+WHIRLPOOL_LINUX_GID=1113
+
+
+#########################################
+# INDEXER
+#########################################
+
+INDEXER_LINUX_UID=1106
+INDEXER_LINUX_GID=1109
+
+
+#########################################
+# SOROBAN
+#########################################
+
+SOROBAN_LINUX_UID=1111
+SOROBAN_LINUX_GID=1114
--- a/docker/my-dojo/bitcoin/Dockerfile
+++ b/docker/my-dojo/bitcoin/Dockerfile
@ -12,6 +12,11 @@ ENV     BITCOIN_ASC_URL     https://bitcoincore.org/bin/bitcoin-core-0.21.0/SHA2
 ENV     BITCOIN_PGP_KS_URI  hkp://keyserver.ubuntu.com:80
 ENV     BITCOIN_PGP_KEY     01EA5486DE18A882D4C2684590C8019E36C2E964

+ARG     BITCOIND_LINUX_UID
+ARG     BITCOIND_LINUX_GID
+ARG     TOR_LINUX_GID
+
+
 RUN     set -ex && \
        apt-get update && \
        apt-get install -qq --no-install-recommends ca-certificates dirmngr gosu gpg gpg-agent wget && \
@ -30,9 +35,9 @@ RUN     set -ex && \

 # Create groups bitcoin & tor
 # Create user bitcoin and add it to groups
-RUN     addgroup --system -gid 1108 bitcoin && \
-        addgroup --system -gid 1107 tor && \
-        adduser --system --ingroup bitcoin -uid 1105 bitcoin && \
+RUN     addgroup --system -gid ${BITCOIND_LINUX_GID} bitcoin && \
+        addgroup --system -gid ${TOR_LINUX_GID} tor && \
+        adduser --system --ingroup bitcoin -uid ${BITCOIND_LINUX_UID} bitcoin && \
        usermod -a -G tor bitcoin

 # Create data directory
--- a/docker/my-dojo/docker-compose.yaml
+++ b/docker/my-dojo/docker-compose.yaml
@ -30,6 +30,8 @@ services:
    build:
      context: ./../..
      dockerfile: ./docker/my-dojo/node/Dockerfile
+      args:
+        TOR_LINUX_GID: ${TOR_LINUX_GID}
    env_file:
      - ./.env
      - ./conf/docker-common.conf
@ -90,6 +92,9 @@ services:
    container_name: tor
    build:
      context: ./tor
+      args:
+        TOR_LINUX_UID: ${TOR_LINUX_UID}
+        TOR_LINUX_GID: ${TOR_LINUX_GID}
    env_file:
      - ./.env
      - ./conf/docker-bitcoind.conf
--- a/docker/my-dojo/indexer/Dockerfile
+++ b/docker/my-dojo/indexer/Dockerfile
@ -4,13 +4,16 @@ ENV     INDEXER_HOME        /home/indexer
 ENV     INDEXER_VERSION     0.4.0
 ENV     INDEXER_URL         https://code.samourai.io/dojo/addrindexrs.git

+ARG     INDEXER_LINUX_GID
+ARG     INDEXER_LINUX_UID
+
 RUN     apt-get update && \
        apt-get install -y clang cmake git && \
        apt-get install -y libsnappy-dev

 # Create group and user indexer
-RUN     addgroup --system -gid 1109 indexer && \
-        adduser --system --ingroup indexer -uid 1106 indexer
+RUN     addgroup --system -gid ${INDEXER_LINUX_GID} indexer && \
+        adduser --system --ingroup indexer -uid ${INDEXER_LINUX_UID} indexer

 # Create data directory
 RUN     mkdir "$INDEXER_HOME/addrindexrs" && \
--- a/docker/my-dojo/node/Dockerfile
+++ b/docker/my-dojo/node/Dockerfile
@ -1,9 +1,11 @@
 FROM    node:12-buster

-ENV     APP_DIR     /home/node/app
+ENV     APP_DIR                 /home/node/app
+ARG     TOR_LINUX_GID
+

 # Add node user to tor group
-RUN     addgroup --system -gid 1107 tor && \
+RUN     addgroup --system -gid ${TOR_LINUX_GID} tor && \
        usermod -a -G tor node

 # Install forever
--- a/docker/my-dojo/overrides/bitcoind.install.yaml
+++ b/docker/my-dojo/overrides/bitcoind.install.yaml
@ -6,6 +6,10 @@ services:
    container_name: bitcoind
    build:
      context: ./bitcoin
+      args:
+        BITCOIND_LINUX_UID: ${BITCOIND_LINUX_UID}
+        BITCOIND_LINUX_GID: ${BITCOIND_LINUX_GID}
+        TOR_LINUX_GID: ${TOR_LINUX_GID}
    env_file:
      - ./.env
      - ./conf/docker-common.conf
--- a/docker/my-dojo/overrides/indexer.install.yaml
+++ b/docker/my-dojo/overrides/indexer.install.yaml
@ -6,6 +6,9 @@ services:
    container_name: indexer
    build:
      context: ./indexer
+      args:
+        INDEXER_LINUX_UID: ${INDEXER_LINUX_UID}
+        INDEXER_LINUX_GID: ${INDEXER_LINUX_GID}
    env_file:
      - ./.env
      - ./conf/docker-common.conf
--- a/docker/my-dojo/overrides/whirlpool.install.yaml
+++ b/docker/my-dojo/overrides/whirlpool.install.yaml
@ -6,6 +6,9 @@ services:
    container_name: whirlpool
    build:
      context: ./whirlpool
+      args:
+        WHIRLPOOL_LINUX_UID: ${WHIRLPOOL_LINUX_UID}
+        WHIRLPOOL_LINUX_GID: ${WHIRLPOOL_LINUX_GID}
    env_file:
      - ./.env
      - ./conf/docker-common.conf
--- a/docker/my-dojo/tor/Dockerfile
+++ b/docker/my-dojo/tor/Dockerfile
@ -17,6 +17,9 @@ ENV     GOLANG_SHA256       50fe8e13592f8cf22304b9c4adfc11849a2c3d281b1d7e09c924
 ENV     OBFS4_URL           https://github.com/Yawning/obfs4.git
 ENV     OBFS4_VERSION       0.0.11

+ARG     TOR_LINUX_UID
+ARG     TOR_LINUX_GID
+

 # Install Tor
 RUN     set -ex && \
@ -68,8 +71,8 @@ RUN     cd /usr/local/src && \
        rm -rf obfs4proxy

 # Create group & user tor
-RUN     addgroup --system -gid 1107 tor && \
-        adduser --system --ingroup tor -uid 1104 tor
+RUN     addgroup --system -gid ${TOR_LINUX_GID} tor && \
+        adduser --system --ingroup tor -uid ${TOR_LINUX_UID} tor

 # Create /etc/tor directory
 RUN     mkdir -p /etc/tor/ && \
--- a/docker/my-dojo/whirlpool/Dockerfile
+++ b/docker/my-dojo/whirlpool/Dockerfile
@ -3,6 +3,8 @@ FROM    debian:buster
 ENV     WHIRLPOOL_HOME                /home/whirlpool
 ENV     WHIRLPOOL_DIR                 /usr/local/whirlpool-cli

+ARG     WHIRLPOOL_LINUX_UID
+ARG     WHIRLPOOL_LINUX_GID

 # Install prerequisites
 # Create group & user whirlpool
@ -11,8 +13,8 @@ ENV     WHIRLPOOL_DIR                 /usr/local/whirlpool-cli
 RUN     set -ex && \
        apt-get update && \
        apt-get install -y libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils gpg wget default-jdk && \
-        addgroup --system -gid 1113 whirlpool && \
-        adduser --system --ingroup whirlpool -uid 1110 whirlpool && \
+        addgroup --system -gid ${WHIRLPOOL_LINUX_GID} whirlpool && \
+        adduser --system --ingroup whirlpool -uid ${WHIRLPOOL_LINUX_UID} whirlpool && \
        mkdir -p "$WHIRLPOOL_HOME/.whirlpool-cli" && \
        chown -Rv whirlpool:whirlpool "$WHIRLPOOL_HOME" && \
        chmod -R 750 "$WHIRLPOOL_HOME" && \