Initial Upload

2025-12-17 12:32:50 +13:00
commit 3015f48118
471 changed files with 141143 additions and 0 deletions
--- a/docker/Dockerfile.supervised
+++ b/docker/Dockerfile.supervised
@@ -0,0 +1,134 @@
+# Tracearr All-in-One Image (Supervised)
+# Runs TimescaleDB, Redis, and Tracearr in a single container
+# Ideal for simple deployments, Unraid, Synology, etc.
+
+FROM node:22-bookworm-slim AS builder
+
+RUN corepack enable && corepack prepare pnpm@10.24.0 --activate
+
+WORKDIR /app
+
+# Copy ALL workspace package.json files for lockfile resolution
+COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
+COPY apps/server/package.json ./apps/server/
+COPY apps/web/package.json ./apps/web/
+COPY apps/mobile/package.json ./apps/mobile/
+COPY packages/shared/package.json ./packages/shared/
+COPY packages/test-utils/package.json ./packages/test-utils/
+
+# Install dependencies
+RUN pnpm install --frozen-lockfile
+
+# Copy source code
+COPY . .
+
+# Build only production packages
+RUN pnpm turbo run build --filter=@tracearr/shared --filter=@tracearr/server --filter=@tracearr/web
+
+# =============================================================================
+# Production All-in-One Image
+# =============================================================================
+FROM debian:bookworm-slim
+
+# Install dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    supervisor \
+    gosu \
+    openssl \
+    tzdata \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Node.js 22
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y nodejs \
+    && corepack enable \
+    && corepack prepare pnpm@10.24.0 --activate \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install PostgreSQL 15 + TimescaleDB
+RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
+    && curl -fsSL https://packagecloud.io/timescale/timescaledb/gpgkey | gpg --dearmor -o /usr/share/keyrings/timescaledb-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/timescaledb-keyring.gpg] https://packagecloud.io/timescale/timescaledb/debian/ bookworm main" > /etc/apt/sources.list.d/timescaledb.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
+        postgresql-15 \
+        timescaledb-2-postgresql-15 \
+        timescaledb-tools \
+        timescaledb-toolkit-postgresql-15 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Redis
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    redis-server \
+    && rm -rf /var/lib/apt/lists/*
+
+# Note: PostgreSQL config is applied during initdb in entrypoint-supervised.sh
+# The /etc/postgresql/15/main/ config is not used since we use a custom data directory
+
+# Configure Redis to listen only on localhost
+RUN sed -i 's/^bind .*/bind 127.0.0.1/' /etc/redis/redis.conf \
+    && sed -i 's/^daemonize yes/daemonize no/' /etc/redis/redis.conf
+
+# Create app directory
+WORKDIR /app
+
+# Copy built application from builder
+COPY --from=builder /app/package.json ./
+COPY --from=builder /app/pnpm-workspace.yaml ./
+COPY --from=builder /app/pnpm-lock.yaml ./
+COPY --from=builder /app/apps/server/package.json ./apps/server/
+COPY --from=builder /app/apps/server/dist ./apps/server/dist
+COPY --from=builder /app/apps/web/dist ./apps/web/dist
+COPY --from=builder /app/packages/shared/package.json ./packages/shared/
+COPY --from=builder /app/packages/shared/dist ./packages/shared/dist
+COPY --from=builder /app/apps/server/src/db/migrations ./apps/server/src/db/migrations
+
+# GeoIP database (bundled for geolocation features)
+COPY data/GeoLite2-City.mmdb ./data/GeoLite2-City.mmdb
+
+# Install production dependencies
+RUN pnpm install --prod --frozen-lockfile
+
+# Create tracearr user for running the application (non-root)
+RUN groupadd --system --gid 1001 tracearr \
+    && useradd --system --uid 1001 --gid tracearr --shell /bin/false tracearr
+
+# Create data directories with proper ownership
+RUN mkdir -p /data/postgres /data/redis /data/tracearr /var/log/supervisor \
+    && chown -R postgres:postgres /data/postgres \
+    && chown -R redis:redis /data/redis \
+    && chown -R tracearr:tracearr /data/tracearr /app
+
+# Supervisord configuration
+COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Startup scripts
+COPY docker/entrypoint-supervised.sh /entrypoint.sh
+COPY docker/start-tracearr.sh /start-tracearr.sh
+RUN chmod 755 /entrypoint.sh /start-tracearr.sh
+
+# Environment defaults
+ENV NODE_ENV=production \
+    LOG_LEVEL=info \
+    PORT=3000 \
+    HOST=0.0.0.0 \
+    TZ=UTC \
+    DATABASE_URL=postgresql://tracearr:tracearr@127.0.0.1:5432/tracearr \
+    REDIS_URL=redis://127.0.0.1:6379
+
+# Expose only the web port
+EXPOSE 3000
+
+# Volumes for persistent data
+VOLUME ["/data/postgres", "/data/redis", "/data/tracearr"]
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD curl -f http://127.0.0.1:3000/health || exit 1
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]