Split Dockerfile into Build vs Run for compactness. Add password _FILE support. Add environmental variables and documentation for general settings. Synced settings with default anope download.

Author: astoltz

Dockerfile

@@ -1,47 +1,46 @@
-FROM alpine:3.23
-
-LABEL org.opencontainers.image.authors="Anope Team <team@anope.org>"
+FROM alpine:3.23 AS builder
 
 ARG VERSION=2.0
-ARG RUN_DEPENDENCIES="gnutls gnutls-utils mariadb-client mariadb-connector-c sqlite-libs"
 ARG BUILD_DEPENDENCIES="gnutls-dev mariadb-dev sqlite-dev"
 ARG EXTRA_MODULES="m_mysql m_sqlite m_ssl_gnutls"
 
-RUN apk add --no-cache --virtual .build-utils gcc g++ ninja git cmake $BUILD_DEPENDENCIES && \
-    apk add --no-cache --virtual .dependencies libgcc libstdc++ $RUN_DEPENDENCIES && \
-    # Create a user to run anope later
-    adduser -u 10000 -h /anope/ -D -S anope && \
+RUN apk add --no-cache gcc g++ ninja git cmake $BUILD_DEPENDENCIES && \
     mkdir -p /src && \
     cd /src && \
-    # Clone the requested version
     git clone --depth 1 https://github.com/anope/anope.git anope -b $VERSION && \
     cd /src/anope && \
-    # Add and overwrite modules
     for module in $EXTRA_MODULES; do ln -s /src/anope/modules/extra/$module.cpp modules; done && \
     mkdir build && \
     cd /src/anope/build && \
     cmake -DINSTDIR=/anope/ -DDEFUMASK=077 -DCMAKE_BUILD_TYPE=RELEASE -GNinja .. && \
-    # Run build multi-threaded
-    ninja install && \
-    # Uninstall all unnecessary tools after build process
-    apk del .build-utils && \
-    rm -rf /src && \
-    # Provide a data location
+    ninja install
+
+FROM alpine:3.23
+
+LABEL org.opencontainers.image.authors="Anope Team <team@anope.org>"
+
+ARG RUN_DEPENDENCIES="gnutls gnutls-utils mariadb-client mariadb-connector-c sqlite-libs"
+
+RUN apk add --no-cache libgcc libstdc++ $RUN_DEPENDENCIES && \
+    adduser -u 10000 -h /anope/ -D -S anope && \
     mkdir -p /data && \
-    touch /data/anope.db && \
-    ln -s /data/anope.db /anope/data/anope.db && \
-    # Make sure everything is owned by anope
+    touch /data/anope.db
+
+COPY --from=builder /anope /anope
+
+RUN ln -s /data/anope.db /anope/data/anope.db && \
     chown -R anope /anope/ && \
     chown -R anope /data/
 
 COPY ./conf/ /anope/conf/
 
-RUN chown -R anope /anope/conf/
+RUN chown -R anope /anope/conf/ && \
+    chmod 755 /anope/conf/*.sh
 
 WORKDIR /anope/
 
 VOLUME /data/
 
 USER anope
 
-CMD ["/anope/bin/services", "-n"]
+CMD ["/anope/bin/services", "--nofork"]

README.md

@@ -25,22 +25,113 @@ $ docker run --name anope -v /path/to/your/config:/anope/conf/ anope/anope
 ```
 
 
-## Generated configuration
+# Configuration
 
 This image provides various options to configure it by environment variables.
 
-Use the following environment variables to configure your container:
+## Server Information
 
 |Available variables      |Default value                   |Description                                 |
 |-------------------------|--------------------------------|--------------------------------------------|
 |`ANOPE_SERVICES_NAME`    |`services.localhost.net`        |Name of the services. *Important for uplink*|
+|`ANOPE_SERVICES_DESCRIPTION`|`Services for IRC Networks`  |Description of the services                 |
 |`ANOPE_SERVICES_VHOST`   |`services.localhost.net`        |Host used by services pseudo clients        |
+
+## Uplink Configuration
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
 |`ANOPE_UPLINK_IP`        |no default                      |DNS name or IP of the uplink host           |
 |`ANOPE_UPLINK_PORT`      |`7000`                          |Port used to connect to uplink host         |
 |`ANOPE_UPLINK_PASSWORD`  |no default                      |Password used to authenticate against uplink|
+|`ANOPE_UPLINK_PASSWORD_FILE`|no default                   |File containing password used to authenticate against uplink|
+|`ANOPE_UPLINK_IPV6`      |`no`                            |Enable if Services should connect using IPv6|
+|`ANOPE_UPLINK_SSL`       |`no`                            |Enable if Services should connect using SSL |
 
+## Network Information
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
+|`ANOPE_NETWORK_NAME`     |`LocalNet`                      |Name of the network                         |
+|`ANOPE_NICKLEN`          |`31`                            |Maximum allowed nick length                 |
+|`ANOPE_USERLEN`          |`10`                            |Maximum allowed ident length                |
+|`ANOPE_HOSTLEN`          |`64`                            |Maximum allowed hostname length             |
+|`ANOPE_CHANLEN`          |`32`                            |Maximum allowed channel length              |
+|`ANOPE_MODELISTSIZE`     |`100`                           |Maximum number of list modes settable       |
 
-## Database configuration
+## Options
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
+|`ANOPE_CASEMAP`          |`ascii`                         |Case mapping used by services               |
+|`ANOPE_BADPASSLIMIT`     |`5`                             |Invalid password tries before kill          |
+|`ANOPE_BADPASSTIMEOUT`   |`1h`                            |Time after which invalid passwords are forgotten|
+|`ANOPE_UPDATETIMEOUT`    |`2m`                            |Delay between automatic database updates    |
+|`ANOPE_EXPIRETIMEOUT`    |`30m`                           |Delay between checks for expired nicks/chans|
+|`ANOPE_READTIMEOUT`      |`5s`                            |Timeout period for reading from the uplink  |
+|`ANOPE_TIMEOUTCHECK`     |`3s`                            |Frequency at which the timeout list is checked|
+|`ANOPE_RETRYWAIT`        |`60s`                           |Wait time between connection retries        |
+|`ANOPE_HIDEPRIVILEGEDCOMMANDS`|`yes`                      |Hide commands users can't execute           |
+|`ANOPE_HIDEREGISTEREDCOMMANDS`|`yes`                      |Hide commands unregistered users can't execute|
+|`ANOPE_DIDYOUMEANDIFFERENCE`|`4`                          |Max difference for command suggestions      |
+|`ANOPE_CODELENGTH`       |`15`                            |Length of confirmation codes                |
+|`ANOPE_LINELENGTH`       |`100`                           |Max bytes to wrap services messages         |
+|`ANOPE_REGEXENGINE`      |`regex/stdlib`                  |Regex engine to use                         |
+|`ANOPE_LANGUAGES`        |`de_DE.UTF-8 ...`               |List of languages to load                   |
+|`ANOPE_DEFAULTLANGUAGE`  |`es_ES.UTF-8`                   |Default language for users                  |
+
+## Mail Configuration
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
+|`ANOPE_USEMAIL`          |`no`                            |Enable mail commands                        |
+|`ANOPE_SENDMAILPATH`     |`/usr/sbin/sendmail -t`         |Command used for sending emails             |
+|`ANOPE_SENDFROM`         |`services@localhost.net`        |Email address to send from                  |
+|`ANOPE_MAILDELAY`        |`5m`                            |Minimum time between emails                 |
+|`ANOPE_DONTQUOTEADDRESSES`|`yes`                          |Don't quote TO: fields                      |
+|`ANOPE_MAIL_CONTENT_TYPE`|`text/plain; charset=UTF-8`     |Content type for emails                     |
+|`ANOPE_MAIL_REGISTRATION_SUBJECT`|`Nickname registration for {nick}`|Subject for registration emails|
+|`ANOPE_MAIL_REGISTRATION_MESSAGE`|no default              |Message for registration emails             |
+|`ANOPE_MAIL_RESET_SUBJECT`|`Reset password request for {nick}`|Subject for password reset emails      |
+|`ANOPE_MAIL_RESET_MESSAGE`|no default                     |Message for password reset emails           |
+|`ANOPE_MAIL_EMAILCHANGE_SUBJECT`|`Email confirmation`     |Subject for email change emails             |
+|`ANOPE_MAIL_EMAILCHANGE_MESSAGE`|no default               |Message for email change emails             |
+|`ANOPE_MAIL_MEMO_SUBJECT`|`New memo`                      |Subject for memo emails                     |
+|`ANOPE_MAIL_MEMO_MESSAGE`|no default                      |Message for memo emails                     |
+
+## Webcpanel Configuration
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
+|`ANOPE_WEBCPANEL_ENABLE` |`no`                            |Enable webcpanel                            |
+|`ANOPE_WEBCPANEL_TITLE`  |`Anope IRC Services`            |Page title                                  |
+|`ANOPE_HTTPD_IP`         |`0.0.0.0`                       |IP to listen on                             |
+|`ANOPE_HTTPD_PORT`       |`8080`                          |Port to listen on                           |
+|`ANOPE_HTTPD_SSL`        |`no`                            |Listen using SSL                            |
+
+## Operators
+
+You can configure up to 20 operators using indexed variables `ANOPE_x_...` where `x` is a number from 0 to 19.
+
+|Available variables      |Default value                   |Description                                 |
+|-------------------------|--------------------------------|--------------------------------------------|
+|`ANOPE_x_NAME`           |no default                      |Oper's Nickname (Required)                  |
+|`ANOPE_x_TYPE`           |`Services Root`                 |Opertype                                    |
+|`ANOPE_x_REQUIRE_OPER`   |`yes`                           |Require the oper to be oper'd on the ircd   |
+|`ANOPE_x_PASSWORD`       |no default                      |Optional password for oper access           |
+|`ANOPE_x_PASSWORD_FILE`  |no default                      |File containing password for oper access    |
+|`ANOPE_x_CERTFP`         |no default                      |Secure Cert finger print for oper access    |
+|`ANOPE_x_HOST`           |no default                      |Space separated Hostmask(s) for this oper   |
+|`ANOPE_x_VHOST`          |no default                      |Oper Vhost                                  |
+
+Available `ANOPE_x_TYPE` values (from `services.conf`):
+*   `Services Root` (Default): Full access to all commands and privileges.
+*   `Services Administrator`: Access to most administrative commands (BotServ, ChanServ, NickServ, OperServ, Global).
+*   `Services Operator`: Access to basic operator commands (ChanServ, MemoServ, NickServ, OperServ).
+*   `Helper`: Access to HostServ commands.
+
+
+## Database Configuration
 
 This image provides two way to configure database handling. You can use sqlite inside a volume or an external mysqldb.
 
@@ -67,7 +158,10 @@ For a production setup MySQL is the recommended way to set this image up. Checko
 |`ANOPE_MYSQL_PORT`       |`3306`                          |Port used to access the mysql database      |
 |`ANOPE_MYSQL_USER`       |`anope`                         |Username for the MySQL database             |
 |`ANOPE_MYSQL_PASSWORD`   |no default                      |Password for the `ANOPE_MYSQL_USER`         |
+|`ANOPE_MYSQL_PASSWORD_FILE`|no default                    |File containing password for the `ANOPE_MYSQL_USER`|
 |`ANOPE_SQL_LIVE`         |`no`                            |Enable Anope SQL-DB live feature            |
+|`ANOPE_SQL_PREFIX`       |`anope_db_`                     |Prefix for SQL tables                       |
+|`ANOPE_SQL_IMPORT`       |`false`                         |Import data from another DB module on startup|
 
 
 # Updates and updating
@@ -107,4 +201,3 @@ You can also reach many of the project maintainers via the `#anope` IRC channel
 ## Contributing
 
 You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
-

conf/config.sh

@@ -6,10 +6,4 @@ define
     name = "services.host"
     value = "${ANOPE_SERVICES_VHOST:-services.localhost.net}"
 }
-
-define
-{
-    name = "services.name"
-    value = "${ANOPE_SERVICES_NAME:-services.localhost.net}"
-}
 EOF

conf/database.sh

@@ -1,5 +1,9 @@
 #!/bin/sh
 
+if [ -n "$ANOPE_MYSQL_PASSWORD_FILE" ]; then
+	ANOPE_MYSQL_PASSWORD=$(cat "$ANOPE_MYSQL_PASSWORD_FILE")
+fi
+
 if [ "$ANOPE_SQL_LIVE" = "yes" ]; then
     ANOPE_SQL_LIVE="_live"
 else
@@ -19,7 +23,8 @@ cat <<EOF
  * db_sql_live module allows saving and loading databases using one of the SQL engines.
  * This module reads and writes to SQL in real time. Changes to the SQL tables
  * will be immediately reflected into Anope. This module should not be loaded
- * in conjunction with db_sql.
+ * in conjunction with db_sql. It should also not be used on large networks as it
+ * executes quite a lot of queries which can cause performance issues.
  *
  */
 module
@@ -36,19 +41,21 @@ module
 	 * An optional prefix to prepended to the name of each created table.
 	 * Do not use the same prefix for other programs.
 	 */
-	#prefix = "anope_db_"
+	prefix = "${ANOPE_SQL_PREFIX:-anope_db_}"
 
 	/* Whether or not to import data from another database module in to SQL on startup.
 	 * If you enable this, be sure that the database services is configured to use is
-	 * empty and that another database module to import from is loaded before db_sql.
-	 * After you enable this and do a database import you should disable it for
-	 * subsequent restarts.
+	 * empty and that another database module to import from is loaded BEFORE db_sql.
+	 * After you enable this and do a database import you MUST disable it for
+	 * subsequent restarts. If you want to keep writing a flatfile database after the
+	 * SQL import is done you should load db_flatfile AFTER this module.
 	 *
 	 * Note that you can not import databases using db_sql_live. If you want to import
 	 * databases and use db_sql_live you should import them using db_sql, then shut down
 	 * and start services with db_sql_live.
 	 */
-	import = false
+
+	import = ${ANOPE_SQL_IMPORT:-false}
 }
 EOF