mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 17:56:34 +00:00
e5551c4591
BSB needs BSB_LIVE=true for production mode. Without it, warns about non-production and tries to write sec-config.yaml (which is read-only). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
91 lines
3 KiB
Docker
91 lines
3 KiB
Docker
# BetterFrame server — BSB container with built plugins.
|
|
#
|
|
# sec-config.yaml is generated at build time from sec-config.template.yaml
|
|
# via envsubst. Secrets come from Coolify build args (set in UI, not in git).
|
|
#
|
|
# Build args (set in Coolify UI as secrets):
|
|
# BF_PG_PASSWORD postgres password
|
|
# BF_FIRMWARE_SIGNING_KEY Ed25519 PEM for firmware signing
|
|
# BF_FIRMWARE_IMPORT_API_KEY CI bearer token
|
|
# BF_OTA_IMPORT_API_KEY CI bearer token
|
|
# BF_MQTT_URL mqtt://broker:1883 (optional)
|
|
# BF_MQTT_USERNAME (optional)
|
|
# BF_MQTT_PASSWORD (optional)
|
|
#
|
|
# Non-secret build args (defaults work for standard compose):
|
|
# BF_DB_DRIVER postgres|sqlite (default: postgres)
|
|
# BF_PG_HOST (default: postgres)
|
|
# BF_PG_PORT (default: 5432)
|
|
# BF_PG_DATABASE (default: betterframe)
|
|
# BF_PG_USER (default: betterframe)
|
|
# BF_NODERED_URL (default: http://nodered:1880)
|
|
# BF_SELF_URL (default: http://server:18080)
|
|
# BF_SERVER_VERSION (default: dev)
|
|
|
|
FROM node:24-trixie-slim AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
build-essential python3 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY package.json package-lock.json ./
|
|
COPY server/package.json ./server/
|
|
COPY tsconfig.base.json ./
|
|
RUN npm ci && npm rebuild argon2
|
|
|
|
COPY server ./server
|
|
|
|
WORKDIR /app/server
|
|
RUN npm run build
|
|
|
|
# ---- Runtime ----
|
|
FROM betterweb/service-base:node
|
|
|
|
# All config build args — secrets set in Coolify UI, not in git
|
|
ARG BF_SERVER_VERSION=dev
|
|
ARG BF_DB_DRIVER=postgres
|
|
ARG BF_PG_HOST=postgres
|
|
ARG BF_PG_PORT=5432
|
|
ARG BF_PG_DATABASE=betterframe
|
|
ARG BF_PG_USER=betterframe
|
|
ARG BF_PG_PASSWORD=betterframe
|
|
ARG BF_PG_POOL_MAX=10
|
|
ARG BF_NODERED_URL=http://nodered:1880
|
|
ARG BF_SELF_URL=http://server:18080
|
|
ARG BF_FIRMWARE_SIGNING_KEY=
|
|
ARG BF_FIRMWARE_IMPORT_API_KEY=
|
|
ARG BF_OTA_IMPORT_API_KEY=
|
|
ARG BF_MQTT_URL=
|
|
ARG BF_MQTT_USERNAME=
|
|
ARG BF_MQTT_PASSWORD=
|
|
ARG BF_MQTT_TOPIC_PREFIX=betterframe
|
|
|
|
# Install extras (Alpine base) — run as root before BSB drops privileges
|
|
RUN apk add --no-cache gettext ffmpeg
|
|
|
|
RUN mkdir -p /var/lib/betterframe && chown 1000:1000 /var/lib/betterframe
|
|
|
|
# Copy built plugin + deps into BSB workdir
|
|
COPY --from=builder /app/node_modules /home/bsb/node_modules
|
|
COPY --from=builder /app/server/lib /home/bsb/lib
|
|
COPY --from=builder /app/server/bsb-plugin.json /home/bsb/bsb-plugin.json
|
|
COPY --from=builder /app/server/package.json /home/bsb/package.json
|
|
COPY --from=builder /app/tsconfig.base.json /home/bsb/tsconfig.base.json
|
|
|
|
# Generate sec-config.yaml from template + build args
|
|
COPY sec-config.template.yaml /tmp/sec-config.template.yaml
|
|
RUN envsubst < /tmp/sec-config.template.yaml > /home/bsb/sec-config.yaml \
|
|
&& chmod 444 /home/bsb/sec-config.yaml \
|
|
&& rm /tmp/sec-config.template.yaml
|
|
|
|
# Bake version
|
|
RUN echo "$BF_SERVER_VERSION" > /home/bsb/.bf-version
|
|
|
|
ENV NODE_ENV=production
|
|
ENV BSB_LIVE=true
|
|
|
|
VOLUME /var/lib/betterframe
|
|
|
|
EXPOSE 18080 18081 18082
|