grant/matrix-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8fe56cd2eb5b554802c1a9f7d842ad89dd2b12ac
matrix-bridge/docker-entrypoint.sh
T
Keysat a7529eb0b7 Containerize Phase 1 bot: Docker deployment on the Spark 
Add Dockerfile, docker-compose.yml, docker-entrypoint.sh, and .dockerignore
so the bot runs detached and survives reboots, replacing the foreground venv run.

The image is generic (no secrets/deployment specifics baked in): host networking
reaches both Synapse and the Mac; .env, config.toml, and the SSH key are mounted
read-only. The entrypoint is the container's environment seam (D4 analog of
launch-claude.sh) — it generates ~/.ssh/config for the mac-bridge alias from
config.toml [mac] (new hostname/user fields) so the bot's `ssh mac-bridge` stays
unchanged. SSH key mounted not baked; first connect uses accept-new host trust.

Proven live on the Spark: container connects to Synapse and real messages launched
drivable sessions on the phone across 2 rooms via the full chain.
2026-06-15 18:40:05 -05:00

41 lines
1.6 KiB
Bash
Raw Blame History

#!/bin/sh
# matrix-bridge container entrypoint — the container's "environment seam".
#
# Generates ~/.ssh/config for the `mac-bridge` alias from config.toml's [mac] section, then
# execs the bot. This mirrors the Mac side, where launch-claude.sh owns environment setup and
# the bot stays dumb (AGENTS.md D4): SSH-client wiring lives here, not in bot.py. On the Spark
# HOST the bot uses modelo's existing ~/.ssh/config; in the container we recreate just the one
# alias we need, pointing at the mounted key.
set -e
SSH_DIR="$HOME/.ssh"
mkdir -p "$SSH_DIR"
chmod 700 "$SSH_DIR"
# Write ~/.ssh/config straight from config.toml [mac] (no eval; values never hit a shell).
# IdentityFile is the in-container mount target (a container constant, see docker-compose.yml).
# StrictHostKeyChecking=accept-new auto-trusts the Mac's host key on first connect — acceptable
# on the private WireGuard network (same transport-trust reasoning as D9) and avoids an
# interactive prompt that would otherwise hang the bot.
MB_SSH_KEY="${MB_SSH_KEY:-$SSH_DIR/id_ed25519}" \
SSH_CONFIG="$SSH_DIR/config" \
KNOWN_HOSTS="$SSH_DIR/known_hosts" \
python - <<'PY'
import os, tomllib
with open("/app/config.toml", "rb") as f:
mac = tomllib.load(f)["mac"]
config = f"""Host {mac.get('ssh_alias', 'mac-bridge')}
HostName {mac['hostname']}
User {mac['user']}
IdentityFile {os.environ['MB_SSH_KEY']}
IdentitiesOnly yes
StrictHostKeyChecking accept-new
UserKnownHostsFile {os.environ['KNOWN_HOSTS']}
"""
with open(os.environ['SSH_CONFIG'], "w") as f:
f.write(config)
PY
chmod 600 "$SSH_DIR/config"
exec "$@"
Reference in New Issue View Git Blame Copy Permalink