docker-netbird/arch.dockerfile at master · 11notes/docker-netbird · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# ╔═════════════════════════════════════════════════════╗
# ║                       SETUP                         ║
# ╚═════════════════════════════════════════════════════╝
# GLOBAL
  ARG APP_UID=1000 \
      APP_GID=1000 \
      APP_GO_VERSION=0

# :: FOREIGN IMAGES
  FROM 11notes/nginx:stable AS distroless-nginx
  FROM 11notes/distroless:localhealth AS distroless-localhealth
  FROM 11notes/distroless AS distroless
  FROM 11notes/util AS util
  FROM 11notes/distroless:curl AS distroless-curl

# ╔═════════════════════════════════════════════════════╗
# ║                       BUILD                         ║
# ╚═════════════════════════════════════════════════════╝
# :: ENTRYPOINT
  FROM 11notes/go:${APP_GO_VERSION} AS entrypoint
  COPY ./build/go/entrypoint /go/entrypoint
  RUN set -ex; \
    cd /go/entrypoint; \
    eleven go build /entrypoint main.go; \
    eleven distroless /entrypoint;

# :: NETBIRD
  FROM 11notes/go:${APP_GO_VERSION} AS build
  ARG APP_VERSION \
      BUILD_SRC=netbirdio/netbird.git \
      BUILD_ROOT=/go/netbird \
      BUILD_BIN=/netbird

  RUN set -eux; \
    eleven git clone ${BUILD_SRC} v${APP_VERSION};

  RUN set -eux; \
    cd ${BUILD_ROOT}; \
    sed -i 's/"development"/"v'${APP_VERSION}'"/' ${BUILD_ROOT}/version/version.go; \
    sed -i 's|"gorm.io/driver/sqlite"|"github.com/glebarez/sqlite"|' ${BUILD_ROOT}/management/server/geolocation/database.go; \
    sed -i 's|"gorm.io/driver/sqlite"|"github.com/glebarez/sqlite"|' ${BUILD_ROOT}/management/server/geolocation/store.go;

  RUN set -eux; \
    eleven git clone dexidp/dex.git;

  COPY ./build/go/dex /go/dex

  RUN set -eux; \
    cd ${BUILD_ROOT}; \
    go mod edit -replace github.com/dexidp/dex=/go/dex;

  RUN set -eux; \
    cd ${BUILD_ROOT}; \
    eleven go patch github.com/jackc/pgx/v5 v5.9.0 CVE-2026-33816;

  RUN set -eux; \
    cd ${BUILD_ROOT}; \
    eleven go build ${BUILD_BIN} ./combined; \
    eleven distroless ${BUILD_BIN};

# :: DASHBOARD
  FROM alpine AS dashboard

  RUN set -eux; \
    apk --update --no-cache add \
      curl \
      jq \
      git \
      nodejs \
      npm;

  RUN set -ex; \
    git clone https://github.com/netbirdio/dashboard;

  RUN set -ex; \
    cd /dashboard; \
    npm install; \
    echo '{}' > .local-config.json; \
    npm run build; \
    mkdir -p /distroless/nginx/var; \
    cp -R ./out/*  /distroless/nginx/var;

# :: FILE SYSTEM
  FROM alpine AS file-system
  COPY --from=util / /
  ARG APP_ROOT
  USER root

  RUN set -eux; \
    eleven mkdir /distroless${APP_ROOT}/{etc,var};


# ╔═════════════════════════════════════════════════════╗
# ║                       IMAGE                         ║
# ╚═════════════════════════════════════════════════════╝
  # :: HEADER
  FROM scratch

  # :: default arguments
    ARG TARGETPLATFORM \
        TARGETOS \
        TARGETARCH \
        TARGETVARIANT \
        APP_IMAGE \
        APP_NAME \
        APP_VERSION \
        APP_ROOT \
        APP_UID \
        APP_GID \
        APP_NO_CACHE

  # :: default environment
    ENV APP_IMAGE=${APP_IMAGE} \
        APP_NAME=${APP_NAME} \
        APP_VERSION=${APP_VERSION} \
        APP_ROOT=${APP_ROOT}

  # :: app specific environment
    ENV AUTH_AUDIENCE="netbird-dashboard" \
        AUTH_CLIENT_ID="netbird-dashboard" \
        AUTH_CLIENT_SECRET="" \
        USE_AUTH0="false" \
        AUTH_SUPPORTED_SCOPES="openid profile email groups" \
        AUTH_REDIRECT_URI="/#callback" \
        AUTH_SILENT_REDIRECT_URI="/#silent-callback" \
        NETBIRD_TOKEN_SOURCE="accessToken" \
        NETBIRD_DRAG_QUERY_PARAMS="false" \
        NGINX_SSL_PORT=443 \
        LETSENCRYPT_DOMAIN="none" \
        NETBIRD_HOTJAR_TRACK_ID="" \
        NETBIRD_GOOGLE_ANALYTICS_ID="" \
        NETBIRD_GOOGLE_TAG_MANAGER_ID="" \
        NETBIRD_WASM_PATH=""

  # :: multi-stage
    COPY --from=distroless / /
    COPY --from=distroless-localhealth / /
    COPY --from=entrypoint /distroless/ /
    COPY --from=build /distroless/ /
    COPY --from=dashboard --chown=${APP_UID}:${APP_GID} /distroless/ /
    COPY --from=distroless-nginx --chown=${APP_UID}:${APP_GID} / /
    COPY --from=file-system --chown=${APP_UID}:${APP_GID} /distroless/ /
    COPY --chown=${APP_UID}:${APP_GID} ./rootfs/ /

    COPY --from=distroless-curl / /

# :: PERSISTENT DATA
  VOLUME ["${APP_ROOT}/etc", "${APP_ROOT}/var"]

# :: MONITORING
  HEALTHCHECK --interval=5s --timeout=2s --start-period=5s \
    CMD ["/usr/local/bin/localhealth", "http://127.0.0.1:9000/health"]

# :: EXECUTE
  USER ${APP_UID}:${APP_GID}
  ENTRYPOINT ["/usr/local/bin/entrypoint"]