diff --git a/Makefile b/Makefile index f34f87e..eeaf499 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,9 @@ compose-build: ## Run docker-compose build compose-up: ## Run docker-compose up docker-compose -f docker/compose.yml up -d --force-recreate +compose-up-build: ## Run docker-compose and build + docker compose -f docker/compose.yml up --build -d + compose-down: ## Run docker-compose down docker-compose -f docker/compose.yml down diff --git a/README.md b/README.md index b7ce7f0..0c0ac8a 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,10 @@ ip link show # get the name of your PHYSICAL interface make compose-up ``` +> [!WARNING] +> In Fedora, where selinux is enforced by default, I'm having some problems. +> Quick fix (not secure): `sudo setenforce 0` + > By default, nflux will allow SSH (22) connections from any IP. Avoid blocking your SSH connection if testing in remote servers (VPS). # Local development diff --git a/docker/Dockerfile b/docker/Dockerfile index 1572a89..5869776 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,17 +2,20 @@ FROM docker.io/rust:1 as build-env WORKDIR /app -COPY . /app - RUN set -eux ;\ cargo install bpf-linker ;\ rustup install stable && rustup toolchain install nightly --component rust-src +COPY . /app + # cargo xtask build --release RUN cargo xtask build --release +# Strip debugging symbols to reduce binary size +RUN strip target/release/nflux + FROM gcr.io/distroless/cc-debian12 -COPY --from=build-env /app/target/release/nflux / +COPY --from=build-env /app/target/release/nflux /app/nflux -CMD ["./nflux"] +CMD ["/app/nflux"] diff --git a/docker/compose.yml b/docker/compose.yml index abd836b..d7c19db 100644 --- a/docker/compose.yml +++ b/docker/compose.yml @@ -6,12 +6,7 @@ services: restart: unless-stopped network_mode: host cap_add: - # Required caps: - # - CAP_NET_ADMIN - # - CAP_BPF - # - CAP_PERFMON - # Insecure, by the moment give all capabilities - - ALL + - ALL container_name: nflux environment: - NFLUX_CONFIG_FILE_PATH=/nflux.toml