53 lines
1.4 KiB
Docker
53 lines
1.4 KiB
Docker
# Keywarden - Centralized SSH Key Management and Deployment
|
|
# Multi-stage build for minimal image size
|
|
|
|
# Stage 1: Build
|
|
FROM golang:1.26.2-alpine AS builder
|
|
|
|
RUN apk add --no-cache gcc musl-dev sqlite-dev
|
|
|
|
WORKDIR /build
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
ARG VERSION=""
|
|
RUN set -e; \
|
|
if [ -z "$VERSION" ]; then \
|
|
VERSION=$(grep 'var Version' internal/version/version.go | sed 's/.*"\(.*\)".*/\1/'); \
|
|
fi; \
|
|
CGO_ENABLED=1 GOOS=linux go build -o keywarden -ldflags="-s -w -X git.techniverse.net/scriptos/keywarden/internal/version.Version=${VERSION}" ./cmd/keywarden/
|
|
|
|
# Stage 2: Runtime
|
|
FROM alpine:3.21
|
|
|
|
RUN apk add --no-cache ca-certificates sqlite-libs tzdata curl su-exec
|
|
|
|
RUN addgroup -S keywarden && adduser -S keywarden -G keywarden
|
|
|
|
WORKDIR /app
|
|
COPY --from=builder /build/keywarden .
|
|
COPY entrypoint.sh .
|
|
|
|
RUN mkdir -p /data/keys /data/master /data/avatars && \
|
|
chown -R keywarden:keywarden /data /app && \
|
|
chmod +x /app/entrypoint.sh
|
|
|
|
ENV KEYWARDEN_PORT=8080
|
|
ENV KEYWARDEN_DB_PATH=/data/keywarden.db
|
|
ENV KEYWARDEN_DATA_DIR=/data
|
|
ENV KEYWARDEN_KEYS_DIR=/data/keys
|
|
ENV KEYWARDEN_MASTER_DIR=/data/master
|
|
ENV KEYWARDEN_ENCRYPTION_KEY=change-me-encryption-key-32chars
|
|
ENV TZ=UTC
|
|
|
|
EXPOSE 8080
|
|
|
|
VOLUME ["/data"]
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD curl -f http://localhost:${KEYWARDEN_PORT:-8080}/api/health || exit 1
|
|
|
|
ENTRYPOINT ["/app/entrypoint.sh"]
|