feat: dockerized bootnode (#405)

Co-authored-by: noot <36753753+noot@users.noreply.github.com>

scripts/docker-swapd/Dockerfile

@@ -0,0 +1,61 @@
+FROM golang:1.20 as builder
+
+# Download monero-wallet-rpc. We need bzip2 to unpack the tar file.
+RUN apt-get update && apt-get install -y bzip2
+RUN arch=$(uname -m | sed 's/x86_64/linux64/; s/aarch64/linuxarm8/') && \
+    curl -sSL "https://downloads.getmonero.org/cli/${arch}" -o monero.tar.bz2
+RUN tar xvjf monero.tar.bz2 --no-anchored monero-wallet-rpc --strip-components=1
+
+# Build the swapd and swapcli binaries. The BRANCH argument can be set to a
+# branch, release tag, "latest", or a commit hash.
+ARG VERSION=master
+RUN go install -tags=prod \
+    github.com/athanorlabs/atomic-swap/cmd/swapd@"${VERSION}" \
+    github.com/athanorlabs/atomic-swap/cmd/swapcli@"${VERSION}"
+RUN /go/bin/swapd --version
+
+FROM debian:bullseye-slim
+RUN apt-get update && apt-get install -y ca-certificates gosu
+
+# /usr/local/bin has swapd, swapcli, monero-wallet-rpc and
+# docker-entrypoint.sh.
+COPY --from=builder /go/monero-wallet-rpc /usr/local/bin/
+COPY --from=builder /go/bin/ /usr/local/bin/
+COPY ./docker-entrypoint.sh /usr/local/bin/
+
+VOLUME /data
+
+# USER_UID and USER_GID are defined as ARGs so that, if desired, you can
+# build the container with a UID equal to some user outside the container
+# that will own the files in /data.
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+RUN groupadd --gid "${USER_GID}" atomic && \
+    useradd --no-log-init --home-dir /atomic-swap \
+      --uid "${USER_UID}" --gid "${USER_GID}" -m atomic && \
+    ln -s /data /atomic-swap/.atomicswap
+
+# 9900 the default p2p port. swapd also listens to swapcli on 127.0.0.1:5000,
+# which is not accessible outside the container by default. You have 2 options
+# to interact with this RPC port:
+# (1) Use swapcli inside the container::
+#     $ docker exec CONTAINER_NAME_OR_ID swapcli SUBCOMMAND ...
+# (2) Run the container with --network=host so 127.0.0.1:5000 is the same
+#     port inside and outside of the container.
+EXPOSE 9900/udp
+EXPOSE 9900/tcp
+
+# The swapd environment (dev, stagenet, mainnet) can be convigured via the
+# SWAPD_ENV environment variable or using swapd's --env flag (which takes
+# precidence). In docker, we use the environment variable to configure file
+# permissions of the correct directory in the data volume. The suggested
+# ways of working with this are:
+# (1) Set SWAPD_ENV variable and don't use the CLI flag
+# (2) Use swapd's --env=ENVIRONMENT CLI flag, but set SWAPD_ENV to the
+#     identical environment or the empty string.
+ENV SWAPD_ENV=stagenet
+ENV SWAPD_ETH_ENDPOINT=https://rpc.sepolia.org/
+ENV SWAPD_LOG_LEVEL=info
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD ["swapd"]

scripts/docker-swapd/build-docker-image.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -e
+
+IMAGE_NAME="atomic-swapd"
+
+# VERSION can be "latest", a release tag, a hash or a branch name that does not
+# contain slashes. The version must be pushed to github, local changes are not
+# seen. The variable both defines which version of the tools is go install'ed
+# inside the container, as well as the docker image tag.
+VERSION="latest"
+
+# Run docker build from the directory of this script
+cd "$(dirname "$0")"
+
+docker build \
+	--build-arg "VERSION=${VERSION}" \
+	--build-arg "USER_UID=$(id -u)" \
+	--build-arg "USER_GID=$(id -g)" \
+	. -t "${IMAGE_NAME}:${VERSION}"
+
+echo "built ${IMAGE_NAME}:${VERSION}"

scripts/docker-swapd/docker-entrypoint.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+cmd="$(basename "${1}")"
+
+#
+# If we are running swapd and SWAPD_ENV is set, so this script
+# knows where swapd will be writing data, we ensure that the
+# atomic user that runs swapd has access the directories where
+# the data is written.
+#
+if [[ "${cmd}" == 'swapd' ]] && [[ -n "${SWAPD_ENV}" ]]; then
+
+	if ! [[ "${SWAPD_ENV}" =~ ^dev|stagenet|mainnet$ ]]; then
+		echo "invalid SWAPD_ENV value"
+		exit 1
+	fi
+
+	if [[ "${*}:1}" =~ '--data-dir' ]]; then
+		echo "Setting --data-dir is not recommended for dockerized swapd."
+		echo "If required, unset SWAPD_ENV or override the entrypoint."
+		exit 1
+	fi
+
+	data_dir="/data/${SWAPD_ENV}"
+
+	# create the directory if it does not exist
+	if [[ ! -d "${data_dir}" ]]; then
+		mkdir --mode=700 "${data_dir}"
+	fi
+
+	# ensure the files are owned by the atomic user
+	chown -R atomic.atomic "${data_dir}"
+fi
+
+# Run swapd and swapcli commands as the atomic user for reduced
+# privileges.
+if [[ "${cmd}" == 'swapd' || "${cmd}" == 'swapcli' ]]; then
+	exec gosu atomic "$@"
+fi
+
+exec "$@"

scripts/docker-swapd/run-docker-image.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+set -e
+
+# SWAPD_ENV/SWAPD_ETH_ENDPOINT are only set if not already set. See further down
+# for all the SWAPD_* environment variables that can be set for swapd.
+SWAPD_ENV="${SWAPD_ENV:-"stagenet"}"
+SWAPD_ETH_ENDPOINT="${SWAPD_ETH_ENDPOINT:-"https://rpc.sepolia.org/"}"
+
+# You can only run one container with the same name at the same time. Having
+# docker run fail because a same-named container already exists is good, as both
+# containers need to have a distinct mount dir.
+CONTAINER_NAME="${CONTAINER_NAME:-"swapd-${SWAPD_ENV}"}"
+IMAGE_NAME="atomic-swapd"
+VERSION="latest" # image tag
+
+# We mount one directory above what swapd considers its "data-dir". Data
+# files will be created in ${DATA_MOUNT_DIR}/${SWAPD_ENV}.
+DATA_MOUNT_DIR="${HOME}/.atomicswap/docker"
+
+# Setting NETWORK to "host" allows you to run swapcli commands on the local
+# host. You can also use "bridge", which requires all swapcli commands to
+# be run from inside the container.
+NETWORK="host"
+
+env_args=()
+
+add_env_arg() {
+	local env_name=$1
+	local env_value=${!env_name}
+
+	# Add --env flag argument if the variable is defined and non-empty
+	if [[ -n ${env_value} ]]; then
+		env_args+=(--env "${env_name}=${env_value}")
+	fi
+}
+
+add_env_arg SWAPD_ENV
+add_env_arg SWAPD_ETH_ENDPOINT
+add_env_arg SWAPD_RPC_PORT
+add_env_arg SWAPD_LIBP2P_PORT
+add_env_arg SWAPD_MONEROD_HOST
+add_env_arg SWAPD_MONEROD_PORT
+add_env_arg SWAPD_ETH_PRIVKEY
+add_env_arg SWAPD_BOOTNODES
+add_env_arg SWAPD_LOG_LEVEL
+
+# Pre-create the mounted dir, or docker creates it with root as the owner.
+mkdir -p "${DATA_MOUNT_DIR}"
+
+# turn on command echo
+set -x
+
+exec docker run --rm -v "${DATA_MOUNT_DIR}:/data" "${env_args[@]}" \
+	--network="${NETWORK}" \
+	--name="${CONTAINER_NAME}" \
+	"${IMAGE_NAME}:${VERSION}"