grant/matrix-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee8408d182183d2d46a93a0478c874ec773a66b5
matrix-bridge/Dockerfile
T
Keysat a7529eb0b7 Containerize Phase 1 bot: Docker deployment on the Spark 
Add Dockerfile, docker-compose.yml, docker-entrypoint.sh, and .dockerignore
so the bot runs detached and survives reboots, replacing the foreground venv run.

The image is generic (no secrets/deployment specifics baked in): host networking
reaches both Synapse and the Mac; .env, config.toml, and the SSH key are mounted
read-only. The entrypoint is the container's environment seam (D4 analog of
launch-claude.sh) — it generates ~/.ssh/config for the mac-bridge alias from
config.toml [mac] (new hostname/user fields) so the bot's `ssh mac-bridge` stays
unchanged. SSH key mounted not baked; first connect uses accept-new host trust.

Proven live on the Spark: container connects to Synapse and real messages launched
drivable sessions on the phone across 2 rooms via the full chain.
2026-06-15 18:40:05 -05:00

28 lines
1.1 KiB
Docker
Raw Blame History

# matrix-bridge bot — Phase 1 container.
#
# Runs on the Spark (always-on Linux + Docker). docker-compose uses host networking so the
# bot reaches BOTH Synapse (clearnet TLS) and the Mac (WireGuard, via the `mac-bridge` SSH alias).
#
# The image is GENERIC: no deployment specifics and no secrets are baked in. At runtime
# docker-compose mounts .env, config.toml, and the SSH key (all read-only); the entrypoint
# generates ~/.ssh/config for the alias from config.toml's [mac] section before launching.
FROM python:3.12-slim
# openssh-client: the bot shells out to `ssh mac-bridge ...` (the proven Phase 0 seam).
RUN apt-get update \
&& apt-get install -y --no-install-recommends openssh-client \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY src/ ./src/
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# .env and config.toml arrive via read-only mounts at runtime (never baked).
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["python", "-u", "src/bot.py"]
Reference in New Issue View Git Blame Copy Permalink