diff options
| author | Astounds <kirito@disroot.org> | 2026-05-29 21:28:22 -0500 |
|---|---|---|
| committer | Astounds <kirito@disroot.org> | 2026-05-29 21:28:22 -0500 |
| commit | f7f266b994a1b7d0e3b54e49e640be35b8078bf0 (patch) | |
| tree | e36c487dff881801724b2829f685bf02b3b8cc77 /entrypoint.sh | |
| parent | 10a101b226e8bcb4797c04c5619386396ed6efa0 (diff) | |
| download | yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.lz yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.xz yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.zip | |
Add hardened Docker support and multi-arch CI
Multi-stage Dockerfile (non-root, Tor-ready), compose file, and
entrypoints. Forgejo CI builds linux/amd64+arm64, scans with
checksum-verified Grype, and pins all actions to commit SHA.
Makefile gains venv bootstrap and docker targets; server.py gains
a --bind flag.
Diffstat (limited to 'entrypoint.sh')
| -rw-r--r-- | entrypoint.sh | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..a63a188 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh +set -eu + +echo "[entrypoint] Starting yt-local..." + +# Optionally start Tor in the background as the tor user +if [ "${ENABLE_TOR:-0}" = "1" ]; then + echo "[entrypoint] Launching Tor daemon..." + su-exec tor /entrypoint-tor.sh & + sleep 3 +fi + +# Drop to appuser. Bind to all interfaces — container networking +# requires 0.0.0.0; actual access is controlled by Docker (-p flag). +exec su-exec appuser python server.py --bind 0.0.0.0 |