diff --git a/.github/workflows/build-scan-push.yml b/.github/workflows/build-scan-push.yml new file mode 100644 index 0000000..74afbe6 --- /dev/null +++ b/.github/workflows/build-scan-push.yml @@ -0,0 +1,91 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Lint Dockerfile with Hadolint + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + + - name: Lint Shell Scripts with ShellCheck + uses: ludeeus/action-shellcheck@master + + - name: Lint Kubernetes Resources with KubeLinter + id: kube-lint-scan + uses: stackrox/kube-linter-action@v1 + with: + directory: k8s + config: .kube-linter/config.yaml + + # Set up Docker Buildx for multi-architecture builds + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # Cache Docker layers for faster builds + - name: Cache Docker Layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-latest + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Log in to Docker Hub + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Log into registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push Docker Image + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + tags: | + ${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:latest + ghcr.io/${{ github.repository_owner }}/docker-bitlbee:latest + cache-from: type=gha + cache-to: type=gha,mode=max + push: ${{ github.event_name != 'pull_request' }} + + - name: Scan Docker Image for Vulnerabilities with Trivy + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:latest + format: 'table' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - name: Upload Trivy Report + uses: actions/upload-artifact@v3 + with: + name: trivy-scan-results + path: trivy-results.json diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml deleted file mode 100755 index 604fe1e..0000000 --- a/.github/workflows/docker-image.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Docker Image CI - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -env: - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build_and_push_to_dockerhub: - name: Build and push Docker image to DockerHub - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - steps: - - name: Checkout repository - uses: actions/checkout@v3 - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry - if: github.event_name != 'pull_request' - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.IMAGE_NAME }} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ env.IMAGE_NAME }}:latest - labels: ${{ steps.meta.outputs.labels }} - - build_and_push_to_ghcr: - name: Build and push Docker image to GHCR - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ghcr.io/${{ env.IMAGE_NAME }} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b0b9c1c --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# Logs +*.log + +# Docker +docker/data/ +.env + +# Kubernetes +k8s/*.secret.yaml + +# Build artifacts +*.o +*.out diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..f8cbb9d --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1 @@ +failure-threshold: error diff --git a/.kube-linter/config.yaml b/.kube-linter/config.yaml new file mode 100644 index 0000000..f1ad3c0 --- /dev/null +++ b/.kube-linter/config.yaml @@ -0,0 +1,5 @@ +checks: + exclude: + - "latest-tag" + - "no-read-only-root-fs" + - "run-as-non-root" diff --git a/Dockerfile b/Dockerfile index 11c320a..3637e6c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,119 @@ -FROM docker.io/buildpack-deps:stable-scm -LABEL maintainer="Michele Bologna " -LABEL name="BitlBee Docker container by Michele Bologna" -LABEL version="mb-3.6-20232412" +FROM docker.io/buildpack-deps:stable-scm AS builder -ENV BITLBEE_VERSION=3.6 +LABEL org.opencontainers.image.title="BitlBee container" \ + org.opencontainers.image.description="A containerized version of BitlBee with additional plugins." \ + org.opencontainers.image.url="https://github.com/mbologna/docker-bitlbee" \ + org.opencontainers.image.licenses="MIT" -COPY build.sh /root -RUN /root/build.sh +ENV BITLBEE_VERSION="3.6" SKYPE4PIDGIN_VERSION="1.7" FACEBOOK_VERSION="1.2.2" + +WORKDIR "/" +RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ + autoconf automake build-essential cmake g++ gettext gcc git \ + gperf imagemagick libtool make libglib2.0-dev libhttp-parser-dev \ + libotr5-dev libpurple-dev libgnutls28-dev libjson-glib-dev libnss3-dev \ + libpng-dev libolm-dev libprotobuf-c-dev libqrencode-dev libssl-dev \ + protobuf-c-compiler libgcrypt20-dev libmarkdown2-dev \ + libpng-dev libpurple-dev librsvg2-bin libsqlite3-dev libwebp-dev \ + libgdk-pixbuf2.0-dev libopusfile-dev \ + libtool-bin netcat-traditional pkg-config sudo && \ + curl -LO https://get.bitlbee.org/src/bitlbee-"$BITLBEE_VERSION".tar.gz && \ + git clone https://github.com/EionRobb/purple-hangouts && \ + git clone https://github.com/EionRobb/purple-discord && \ + git clone https://github.com/matrix-org/purple-matrix && \ + git clone https://github.com/EionRobb/purple-teams && \ + git clone https://github.com/dylex/slack-libpurple && \ + curl -LO https://github.com/EionRobb/skype4pidgin/archive/"$SKYPE4PIDGIN_VERSION".tar.gz && \ + curl -LO https://github.com/bitlbee/bitlbee-facebook/archive/v"$FACEBOOK_VERSION".tar.gz && \ + git clone https://src.alexschroeder.ch/bitlbee-mastodon.git && \ + git clone https://github.com/BenWiederhake/tdlib-purple && \ + rm -fr /var/lib/apt/lists/* + +RUN tar zxvf bitlbee-"$BITLBEE_VERSION".tar.gz +WORKDIR /bitlbee-"$BITLBEE_VERSION" +RUN ./configure --verbose=1 --jabber=1 --otr=1 --purple=1 --strip=1 && \ + make -j"$(nproc)" && \ + make install && \ + make install-bin && \ + make install-doc && \ + make install-dev && \ + make install-etc && \ + make install-plugin-otr + +WORKDIR /purple-hangouts +RUN make -j"$(nproc)" && make install +WORKDIR /purple-discord +RUN make -j"$(nproc)" && make install +WORKDIR /purple-matrix +RUN make -j"$(nproc)" && make install +WORKDIR /purple-teams +RUN make -j"$(nproc)" && make install +WORKDIR /slack-libpurple +RUN make install +WORKDIR / +RUN tar zxvf "$SKYPE4PIDGIN_VERSION".tar.gz +WORKDIR /skype4pidgin-$SKYPE4PIDGIN_VERSION/skypeweb +RUN make -j"$(nproc)" && make install +WORKDIR / +RUN tar zxvf v"$FACEBOOK_VERSION".tar.gz +WORKDIR /bitlbee-facebook-$FACEBOOK_VERSION +RUN ./autogen.sh && make -j"$(nproc)" && make install +WORKDIR /bitlbee-mastodon +RUN sh autogen.sh && ./configure && make -j"$(nproc)" && make install +WORKDIR /tdlib-purple +RUN ./build_and_install.sh + +WORKDIR / +RUN libtool --finish /usr/local/lib/bitlbee + +RUN rm -fr ./bitlbee-"$BITLBEE_VERSION" && \ + rm -fr ./purple* && \ + rm -fr ./slack-libpurple && \ + rm -fr ./skype4pidgin* && \ + rm -fr ./bitlbee-facebook* && \ + rm -fr ./bitlbee-mastodon* && \ + rm -fr ./tdlib-purple && \ + rm -fr -- *.gz && \ + apt-get clean && \ + rm -fr /tmp/* /var/tmp/* + +# FROM docker.io/debian:stable-slim + +# COPY --from=builder /usr/local/etc/bitlbee/ /usr/local/etc/bitlbee/ +# COPY --from=builder /usr/local/lib/bitlbee/ /usr/local/lib/bitlbee/ +# COPY --from=builder /usr/local/lib/pkgconfig/ /usr/local/lib/pkgconfig/ +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libskypeweb.so /usr/slib/x86_64-linux-gnu/purple-2/libskypeweb.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libslack.so /usr/lib/x86_64-linux-gnu/purple-2/libslack.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams.so /usr/lib/x86_64-linux-gnu/purple-2/libteams.so +# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so +# COPY --from=builder /usr/local/sbin/bitlbee /usr/local/sbin/bitlbee +# COPY --from=builder /usr/local/share/bitlbee/ /usr/local/share/bitlbee/ +# COPY --from=builder /usr/local/share/locale/ /usr/local/share/locale/ +# COPY --from=builder /usr/local/share/man/ /usr/local/share/man/ +# COPY --from=builder /usr/local/share/metainfo/ /usr/local/share/metainfo/ + +# RUN apt-get update && apt-get install --no-install-recommends -y \ +# libpurple0 \ +# libotr5 + +RUN adduser --system --home /var/lib/bitlbee --disabled-password \ + --disabled-login --shell /usr/sbin/nologin bitlbee +RUN touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid -VOLUME ["/usr/local/etc/bitlbee"] -VOLUME ["/var/lib/bitlbee"] EXPOSE 6667 -ENTRYPOINT ["/usr/local/sbin/bitlbee"] -CMD ["-c", "/usr/local/etc/bitlbee/bitlbee.conf", "-n", "-v"] + USER bitlbee + +# Define volumes for persistent data +VOLUME ["/var/lib/bitlbee"] + +# Needed for VOLUME permissions +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] + +CMD ["/usr/local/sbin/bitlbee", "-D", "-n", "-v", "-u", "bitlbee"] diff --git a/README.md b/README.md index c205c04..d61e6d1 100755 --- a/README.md +++ b/README.md @@ -1,62 +1,100 @@ -## Features +# BitlBee with additional plugins in a container + +![Docker](https://img.shields.io/docker/pulls/mbologna/docker-bitlbee) +![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mbologna/docker-bitlbee/build-scan-push.yml?branch=master) + +This repository provides a Docker-based setup for running [Bitlbee](https://www.bitlbee.org/) with additional plugins for extended functionality and an optional [Stunnel](https://www.stunnel.org/) service to enable secure IRC communications over TLS. -* In addition to the [Bitlbee's out of the box supported protocols](https://wiki.bitlbee.org/), this container also supports the following protocols: +## Features +- **[Bitlbee](https://www.bitlbee.org)**: A popular gateway that connects instant messaging services with IRC. In addition to the [Bitlbee's out of the box supported protocols](https://wiki.bitlbee.org/), these are the pre-installed plugins: + - Google Hangouts via [purple-hangouts](https://github.com/EionRobb/purple-hangouts) + - Discord via [purple-discord](https://github.com/EionRobb/purple-discord) + - Matrix via [purple-matrix](https://github.com/matrix-org/purple-matrix) + - Microsoft Teams via [teams](https://github.com/EionRobb/purple-teams) + - Slack via [slack-libpurple](https://github.com/dylex/slack-libpurple) - Skype via [skype4pidgin](https://github.com/EionRobb/skype4pidgin) - - Telegram via [tdlib-purple](https://github.com/ars3niy/tdlib-purple) - Facebook (MQTT) via [bitlbee-facebook](https://github.com/bitlbee/bitlbee-facebook) - - Google Hangouts via [purple-hangouts](https://github.com/EionRobb/purple-hangouts) - Mastodon via [bitlbee-mastodon](https://alexschroeder.ch/software/Bitlbee_Mastodon) - - Rocket.Chat via [purple-rocketchat](https://github.com/EionRobb/purple-rocketchat) - - Discord via [bitlbee-discord](https://github.com/sm00th/bitlbee-discord/) - - Slack via [slack-libpurple](https://github.com/dylex/slack-libpurple) - - Steam via [bitlbee-steam](https://github.com/bitlbee/bitlbee-steam) - - Matrix via [purple-matrix](https://github.com/matrix-org/purple-matrix) - - Mattermost via [puple-mattermost](https://github.com/EionRobb/purple-mattermost) - - Instagram via [purple-instagram](https://github.com/EionRobb/purple-instagram) + - Telegram via [tdlib-purple](https://github.com/BenWiederhake/ +- **[Stunnel](https://www.stunnel.org/)**: Adds TLS encryption for secure IRC connections. +- Multi-architecture support: builds for `linux/amd64` and `linux/arm64`. +- Kubernetes resources included for deployment in containerized environments. +- Linting and security scans integrated into CI/CD workflows. + +## Quick Start + +### Running Locally with Podman or Docker Compose + +1. Clone this repository: + ```bash + git clone https://github.com/mbologna/docker-bitlbee.git + cd docker-bitlbee + +2. Build and run the containers: + + ``` + podman-compose up --build + ``` + + If you're using Docker: + ``` + docker-compose up --build + ``` + +3. Access the Bitlbee service on port 6667 and the Stunnel service on port 16697. + +#### Environment Variables + +`UID` and `GID`: Set these to match your local user for proper volume permissions. + +#### Persistent Data + +The `data/` directory is mounted as a volume to store Bitlbee configurations and data. Ensure it is backed up for persistent setups. + +### Kubernetes Deployment + +Kubernetes manifests for deploying Bitlbee and Stunnel are located in the `k8s/` directory. + +1. Apply the manifests: -* The `docker-compose.yml` provided in this repository enables bitlbee to be TLS terminated via [stunnel](https://www.stunnel.org/). +``` +kubectl apply -f k8s/ +``` -## Usage +Verify deployment: +``` +kubectl get pods -n bitlbee +``` +Expose the service as needed (e.g., via `NodePort` or `Ingress`). -1. Clone the project: +## CI/CD Workflow - % git clone https://www.github.com/mbologna/docker-bitlbee +This repository uses GitHub Actions for automated builds and deployments: -2. (Optional) Customize bitlbee configuration file in `etc/bitlbee/bitlbee.conf` +* Build and Push: Docker images are built for amd64 and arm64 platforms and pushed to: + - Docker Hub: `mbologna/docker-bitlbee:latest` + - GitHub Container Registry: `ghcr.io/mbologna/docker-bitlbee:latest` -3. Start `bitlbee` either via: +* Linting: Integrated linters for Dockerfile, shell scripts, and Kubernetes resources. +* Security Scans: Uses Trivy to scan Docker images for vulnerabilities. - * [Docker Compose](https://docs.docker.com/compose/install/) (recommended): +## Local Development - ``` - % docker-compose up - ``` +### Building Multi-Arch Images Locally - * Docker: +For multi-architecture builds with Podman: - ``` - % docker volume create bitlbee_data - % docker run -d --name bitlbee \ - --restart=always \ - -p 16667:6667 \ - -v $PWD/etc/bitlbee:/usr/local/etc/bitlbee \ - mbologna/docker-bitlbee - % docker run -d --name bitlbee-stunnel \ - --restart=always \ - --link bitlbee:bitlbee - -e STUNNEL_SERVICE=bitlbee-stunnel \ - -e STUNNEL_ACCEPT=6697 \ - -e STUNNEL_CONNECT=bitlbee:6667 \ - -p 16697:6697 \ - dweomer/stunnel - ``` +``` +podman build --platform linux/amd64,linux/arm64 -t mbologna/docker-bitlbee:latest . +``` -4. Connect your IRC client either to: +Or with Docker: - * localhost:16697 (TLS terminated) (recommended) - * localhost:16667 (non-TLS, plain connection) +``` +docker buildx build --platform linux/amd64,linux/arm64 -t mbologna/docker-bitlbee:latest --push . +``` -## Building +## Resources -You can build a `bitlbee` image from Dockerfile: `docker build -t="mbologna/docker-bitlbee" github.com/mbologna/docker-bitlbee` +[BitlBee Documentation](https://wiki.bitlbee.org/) diff --git a/build.sh b/build.sh deleted file mode 100755 index 54665be..0000000 --- a/build.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/bash - -apt update -apt install -y --no-install-recommends autoconf automake build-essential \ -cmake g++ gettext gcc git gperf libtool make libglib2.0-dev libhttp-parser-dev \ -libotr5-dev libpurple-dev libgnutls28-dev libjson-glib-dev libpng-dev \ -libolm-dev libprotobuf-c-dev libssl-dev protobuf-c-compiler libgcrypt20-dev \ -libmarkdown2-dev libpng-dev libpurple-dev libsqlite3-dev libwebp-dev \ -libtool-bin pkg-config software-properties-common sudo - -cd -curl -LO# https://get.bitlbee.org/src/bitlbee-$BITLBEE_VERSION.tar.gz -curl -LO# https://github.com/EionRobb/skype4pidgin/archive/1.7.tar.gz -git clone https://github.com/BenWiederhake/tdlib-purple.git -curl -LO# https://github.com/bitlbee/bitlbee-facebook/archive/v1.2.2.tar.gz -git clone https://github.com/EionRobb/purple-hangouts.git -git clone https://alexschroeder.ch/cgit/bitlbee-mastodon -git clone https://github.com/EionRobb/purple-rocketchat.git -git clone https://github.com/sm00th/bitlbee-discord -git clone https://github.com/dylex/slack-libpurple.git -git clone https://github.com/jgeboski/bitlbee-steam.git -git clone https://github.com/matrix-org/purple-matrix.git -git clone https://github.com/EionRobb/purple-mattermost.git -git clone https://github.com/EionRobb/purple-instagram.git - -# # bitlbee -tar zxvf bitlbee-$BITLBEE_VERSION.tar.gz -cd bitlbee-$BITLBEE_VERSION -./configure --jabber=1 --otr=1 --purple=1 -make -make install -make install-dev - -# skypeweb -cd -tar zxvf 1.7.tar.gz -cd skype4pidgin-1.7/skypeweb -make -make install - -# tdlib-purple -cd -cd tdlib-purple -./build_and_install.sh - -# bitlbee-facebook -cd -tar zxvf v1.2.2.tar.gz -cd bitlbee-facebook-1.2.2 -./autogen.sh -make -make install - -# purple-hangouts -cd -cd purple-hangouts -make -make install - -# bitlbee-mastodon -cd -cd bitlbee-mastodon -sh autogen.sh -./configure -make -make install - -# purple-rocketchat -cd -cd purple-rocketchat -make -make install - -# bitlbee-discord -cd -cd bitlbee-discord -./autogen.sh -./configure -make -make install - -# slack-libpurple -cd -cd slack-libpurple -make install - -# bitlbee-steam -cd -cd bitlbee-steam -./autogen.sh -make -make install - -# purple-matrix -cd -cd purple-matrix -make -make install - -# purple-mattermost -cd -cd purple-mattermost -make -make install - -# purple-instagram -cd -cd purple-instagram -make -make install - -# libtool --finish -libtool --finish /usr/local/lib/bitlbee - -# cleanup -apt autoremove --purge -y -apt remove -y --purge autoconf automake autotools-dev binutils binutils-common binutils-x86-64-linux-gnu build-essential \ -bzip2 cmake cpp* dpkg-dev gettext gettext-base libbinutils libgcc-*-dev libsqlite3-dev libstdc++-*-dev \ -libtasn1-*-dev libtool libtool-bin m4 make nettle-dev patch xz-utils -apt clean -rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /tmp/* -cd -rm -fr /root/build.sh -rm -fr $BITLBEE_VERSION* -rm -fr 1.7.tar.gz skype4pidgin-* -rm -fr tdlib-purple* -rm -fr v1.2.1.tar.gz bitlbee-facebook-* -rm -fr purple-hangouts -rm -rf bitlbee-mastodon -rm -rf purple-rocketchat -rm -fr bitlbee-discord* -rm -fr slack-libpurple -rm -fr bitlbee-steam -rm -fr purple-matrix -rm -fr purple-mattermost -rm -fr purple-instagram - -# add user bitlbee -adduser --system --home /var/lib/bitlbee --disabled-password --disabled-login --shell /usr/sbin/nologin bitlbee -touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid diff --git a/docker-compose.yml b/docker-compose.yml index e20f7e2..0c4d974 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,24 +1,41 @@ -version: "2.0" +version: '3.8' services: bitlbee: - build: . - image: docker.io/mbologna/docker-bitlbee + build: + context: . + dockerfile: Dockerfile + image: docker.io/mbologna/docker-bitlbee:latest container_name: bitlbee - restart: always + restart: unless-stopped ports: - - "16667:6667" - networks: - - bitlbee + - "6667:6667" volumes: - - ./etc/bitlbee:/usr/local/etc/bitlbee - - bitlbee_data:/var/lib/bitlbee + - ./data:/var/lib/bitlbee + user: "${UID}:${GID}" # Needed for VOLUME permissions + healthcheck: + test: [ "CMD", "nc", "-z", "localhost", "6667" ] + interval: 30s + retries: 3 + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + networks: + - bitlbee-net + deploy: + resources: + limits: + memory: 512m + cpus: "1.0" + reservations: + memory: 256m + stunnel: - image: docker.io/dweomer/stunnel + image: docker.io/dweomer/stunnel:latest container_name: bitlbee-stunnel restart: always - networks: - - bitlbee ports: - "16697:6697" environment: @@ -27,9 +44,25 @@ services: - STUNNEL_CONNECT=bitlbee:6667 depends_on: - bitlbee - -volumes: - bitlbee_data: + healthcheck: + test: [ "CMD", "nc", "-z", "localhost", "6697" ] + interval: 30s + retries: 3 + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + networks: + - bitlbee-net + deploy: + resources: + limits: + memory: 256m + cpus: "1.0" + reservations: + memory: 128m networks: - bitlbee: + bitlbee-net: + driver: bridge diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..3053ef1 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -euxo pipefail +# Ensure proper permissions on the mounted data directory +if [ "$(stat -c %U /var/lib/bitlbee)" != "bitlbee" ]; then + chown -R bitlbee:nogroup /var/lib/bitlbee +fi +exec "$@" diff --git a/etc/bitlbee/bitlbee.conf b/etc/bitlbee/bitlbee.conf deleted file mode 100755 index 0b0e32f..0000000 --- a/etc/bitlbee/bitlbee.conf +++ /dev/null @@ -1,180 +0,0 @@ -## BitlBee default configuration file -## -## Comments are marked like this. The rest of the file is INI-style. The -## comments should tell you enough about what all settings mean. -## - -[settings] - -## RunMode: -## -## Inetd -- Run from inetd (default) -## Daemon -- Run as a stand-alone daemon, serving all users from one process. -## This saves memory if there are more users, the downside is that when one -## user hits a crash-bug, all other users will also lose their connection. -## ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate -## child processes. This should be pretty safe and reliable to use instead -## of inetd mode. -## -RunMode = ForkDaemon - -## User: -## -## If BitlBee is started by root as a daemon, it can drop root privileges, -## and change to the specified user. -## -User = bitlbee - -## DaemonPort/DaemonInterface: -## -## For daemon mode, you can specify on what interface and port the daemon -## should be listening for connections. -## -# DaemonInterface = 0.0.0.0 -# DaemonPort = 6667 - -## ClientInterface: -## -## If for any reason, you want BitlBee to use a specific address/interface -## for outgoing traffic (IM connections, HTTP(S), etc.), set it here. -## -# ClientInterface = 0.0.0.0 - -## AuthMode -## -## Open -- Accept connections from anyone, use NickServ for user authentication. -## (default) -## Closed -- Require authorization (using the PASS command during login) before -## allowing the user to connect at all. -## Registered -- Only allow registered users to use this server; this disables -## the register- and the account command until the user identifies itself. -## -# AuthMode = Open - -## AuthBackend -## -## By default, the authentication data for a user is stored in the storage -## backend. If you want to authenticate against another authentication system -## (e.g. ldap), you can specify that here. -## -## Beware that this disables password changes and causes passwords for the -## accounts people create to be stored in plain text instead of encrypted with -## their bitlbee password. -## -## Currently available backends: -## -## - storage (internal storage) -## - pam (Linux PAM authentication) -## - ldap (LDAP server configured in the openldap settings) -# -# AuthBackend = storage -# - -## AuthPassword -## -## Password the user should enter when logging into a closed BitlBee server. -## You can also have a BitlBee-style MD5 hash here. Format: "md5:", followed -## by a hash as generated by "bitlbee -x hash ". -## -# AuthPassword = ItllBeBitlBee ## Heh.. Our slogan. ;-) -## or -# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - -## OperPassword -## -## Password that unlocks access to special operator commands. -## -# OperPassword = ChangeMe! -## or -# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX - -## AllowAccountAdd -## -## Whether to allow registered and identified users to add new accounts using -## 'account add' -## -# AllowAccountAdd 1 - -## HostName -## -## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer -## alias for your BitlBee daemon, you can set it here and BitlBee will identify -## itself with that name instead. -## -HostName = bitlbee - -## MotdFile -## -## Specify an alternative MOTD (Message Of The Day) file. Default value depends -## on the --etcdir argument to configure. -## -# MotdFile = /etc/bitlbee/motd.txt - -## ConfigDir -## -## Specify an alternative directory to store all the per-user configuration -## files. (.nicks/.accounts) -## -# ConfigDir = /var/lib/bitlbee - -## Ping settings -## -## BitlBee can send PING requests to the client to check whether it's still -## alive. This is not very useful on local servers, but it does make sense -## when most clients connect to the server over a real network interface. -## (Public servers) Pinging the client will make sure lost clients are -## detected and cleaned up sooner. -## -## PING requests are sent every PingInterval seconds. If no PONG reply has -## been received for PingTimeOut seconds, BitlBee aborts the connection. -## -## To disable the pinging, set at least one of these to 0. -## -# PingInterval = 180 -# PingTimeOut = 300 - -## Using proxy servers for outgoing connections -## -## If you're running BitlBee on a host which is behind a restrictive firewall -## and a proxy server, you can tell BitlBee to use that proxy server here. -## The setting has to be a URL, formatted like one of these examples: -## -## (Obviously, the username and password are optional) -## -# Proxy = http://john:doe@proxy.localnet.com:8080 -# Proxy = socks4://socksproxy.localnet.com -# Proxy = socks5://socksproxy.localnet.com - -## Protocols offered by bitlbee -## -## As recompiling may be quite unpractical for some people, this option -## allows to remove the support of protocol, even if compiled in. If -## nothing is given, there are no restrictions. -## -# Protocols = jabber yahoo - -## Trusted CAs -## -## Path to a file containing a list of trusted certificate authorities used in -## the verification of server certificates. -## -## Uncomment this and make sure the file actually exists and contains all -## certificate authorities you're willing to accept (default value should -## work on at least Debian/Ubuntu systems with the "ca-certificates" package -## installed). As long as the line is commented out, SSL certificate -## verification is completely disabled. -## -## The location of this file may be different on other distros/OSes. For -## example, try /etc/ssl/ca-bundle.pem on OpenSUSE. -## -CAfile = /etc/ssl/certs/ca-certificates.crt - -[defaults] - -## Here you can override the defaults for some per-user settings. Users are -## still able to override your defaults, so this is not a way to restrict -## your users... - -## To enable private mode by default, for example: - -## private = 1 diff --git a/etc/bitlbee/motd.txt b/etc/bitlbee/motd.txt deleted file mode 100755 index e66ca41..0000000 --- a/etc/bitlbee/motd.txt +++ /dev/null @@ -1,16 +0,0 @@ -Welcome to the BitlBee server at %h. - -This server is running BitlBee version %v. -The newest version can be found on http://www.bitlbee.org/ - -You are getting this message because the server administrator has not -yet had the time (or need) to change it. - -For those who don't know it yet, this is not quite a regular Internet -Relay Chat server. Please see the site mentioned above for more -information. - -The developers of the Bee hope you have a buzzing time. --- BitlBee development team. - -... Buzzing, haha, get it? diff --git a/k8s/bitlbee-deployment.yaml b/k8s/bitlbee-deployment.yaml new file mode 100755 index 0000000..151510e --- /dev/null +++ b/k8s/bitlbee-deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bitlbee + namespace: bitlbee +spec: + replicas: 1 + selector: + matchLabels: + app: bitlbee + template: + metadata: + labels: + app: bitlbee + spec: + containers: + - name: bitlbee + image: docker.io/mbologna/docker-bitlbee:latest + ports: + - containerPort: 6667 + volumeMounts: + - mountPath: /var/lib/bitlbee + name: bitlbee-data + resources: + limits: + memory: "512Mi" + cpu: "1" + requests: + memory: "256Mi" + cpu: "1" + livenessProbe: + exec: + command: + - nc + - -z + - localhost + - "6667" + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + exec: + command: + - nc + - -z + - localhost + - "6667" + initialDelaySeconds: 10 + periodSeconds: 30 + volumes: + - name: bitlbee-data + persistentVolumeClaim: + claimName: bitlbee-pvc diff --git a/k8s/bitlbee-namespace.yaml b/k8s/bitlbee-namespace.yaml new file mode 100644 index 0000000..32bcdb9 --- /dev/null +++ b/k8s/bitlbee-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: bitlbee diff --git a/k8s/bitlbee-pvc.yaml b/k8s/bitlbee-pvc.yaml new file mode 100644 index 0000000..e5aee19 --- /dev/null +++ b/k8s/bitlbee-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitlbee-pvc + namespace: bitlbee +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Mi diff --git a/k8s/bitlbee-service.yaml b/k8s/bitlbee-service.yaml new file mode 100644 index 0000000..3f9c66b --- /dev/null +++ b/k8s/bitlbee-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitlbee + namespace: bitlbee +spec: + ports: + - protocol: TCP + port: 6667 + targetPort: 6667 + selector: + app: bitlbee diff --git a/k8s/bitlbee-stunnel-configmap.yaml b/k8s/bitlbee-stunnel-configmap.yaml new file mode 100644 index 0000000..405affe --- /dev/null +++ b/k8s/bitlbee-stunnel-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stunnel-config + namespace: bitlbee +data: + STUNNEL_SERVICE: bitlbee-stunnel + STUNNEL_ACCEPT: "6697" + STUNNEL_CONNECT: bitlbee:6667 diff --git a/k8s/bitlbee-stunnel-deployment.yaml b/k8s/bitlbee-stunnel-deployment.yaml new file mode 100644 index 0000000..2993e8b --- /dev/null +++ b/k8s/bitlbee-stunnel-deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bitlbee-stunnel + namespace: bitlbee +spec: + replicas: 1 + selector: + matchLabels: + app: bitlbee-stunnel + template: + metadata: + labels: + app: bitlbee-stunnel + spec: + containers: + - name: stunnel + image: docker.io/dweomer/stunnel:latest + ports: + - containerPort: 6697 + envFrom: + - configMapRef: + name: stunnel-config + resources: + limits: + memory: "256Mi" + cpu: "1" + requests: + memory: "128Mi" + cpu: "1" + livenessProbe: + exec: + command: + - nc + - -z + - localhost + - "6697" + initialDelaySeconds: 30 + periodSeconds: 30 + readinessProbe: + exec: + command: + - nc + - -z + - localhost + - "6697" + initialDelaySeconds: 10 + periodSeconds: 30 diff --git a/k8s/bitlbee-stunnel-service.yaml b/k8s/bitlbee-stunnel-service.yaml new file mode 100644 index 0000000..5c4ec23 --- /dev/null +++ b/k8s/bitlbee-stunnel-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitlbee-stunnel + namespace: bitlbee +spec: + ports: + - protocol: TCP + port: 6697 + targetPort: 6697 + selector: + app: bitlbee-stunnel