feat: add Docker support for palladium-lightning node

- Dockerfile.palladium-lightning: multi-stage build (ubuntu:22.04) builder stage compiles lightningd from source with git submodules; runtime stage copies palladium-cli from palladium-node:local image (no Rust plugins, no cross-compilation, amd64 only) - docker-compose.lightning.yml: joins external `palladium-net`, exposes port 9735 (P2P), connects to palladiumd:2332 via RPC using credentials from .env - .env.example: template for PALLADIUM_RPCUSER / PALLADIUM_RPCPASSWORD - .gitignore: add .env to prevent accidental credential commits
2026-03-11 20:43:23 +01:00
parent 26f9698bad
commit 11974a1169
4 changed files with 151 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,4 @@
+# Copy this file to .env and fill in your palladiumd RPC credentials.
+# The .env file is gitignored — never commit it.
+PALLADIUM_RPCUSER=your_rpc_user
+PALLADIUM_RPCPASSWORD=your_rpc_password
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,9 @@ cli/lightning-cli
 # Custom local binaries for testing
 /palladium-bin/

+# Local secrets — never commit
+.env
+
 coverage
 # Coverage profiling data files
 *.profraw
--- a/Dockerfile.palladium-lightning
+++ b/Dockerfile.palladium-lightning
@@ -0,0 +1,98 @@
+# syntax=docker/dockerfile:1.7-labs
+# Palladium Lightning — production image (amd64, no cross-compilation, no Rust plugins)
+
+# ──────────────────────────────────────────────────────────────────────────────
+# Stage 1: builder
+# ──────────────────────────────────────────────────────────────────────────────
+FROM ubuntu:22.04 AS builder
+
+SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        autoconf \
+        automake \
+        build-essential \
+        ca-certificates \
+        gcc \
+        git \
+        gettext \
+        jq \
+        libffi-dev \
+        libicu-dev \
+        libprotobuf-c-dev \
+        libsodium-dev \
+        libsqlite3-dev \
+        libssl-dev \
+        libtool \
+        pkg-config \
+        protobuf-compiler \
+        python3-dev \
+        zlib1g-dev && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt/lightningd
+
+# Copy source (excluding .git, added back below for submodule init)
+COPY --exclude=.git/ . .
+COPY .git/ .git/
+
+RUN git submodule update --init --recursive --depth 1 --jobs "$(nproc)"
+
+RUN ./configure \
+        --prefix=/tmp/lightning_install \
+        --disable-valgrind \
+        --disable-compat
+
+RUN make install-program -j"$(nproc)"
+
+# Strip debug symbols to reduce image size
+RUN find /tmp/lightning_install -type f -executable \
+    -exec sh -c 'file "$1" | grep -q ELF && strip --strip-unneeded "$1"' _ {} \;
+
+
+# ──────────────────────────────────────────────────────────────────────────────
+# Stage 2: runtime
+# ──────────────────────────────────────────────────────────────────────────────
+FROM ubuntu:22.04 AS lightningd
+
+SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        inotify-tools \
+        jq \
+        libffi8 \
+        libicu70 \
+        libsodium23 \
+        libsqlite3-0 \
+        socat && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# palladium-cli is needed by the bcli plugin to talk to palladiumd.
+# Copy it from the already-built palladium-node image so we don't duplicate binaries.
+# Build palladium-node:local first: docker compose -f docker-compose.yml build
+COPY --from=palladium-node:local /usr/local/bin/palladium-cli /usr/local/bin/palladium-cli
+
+# Lightning binaries and plugins
+COPY --from=builder /tmp/lightning_install/ /usr/local/
+
+COPY tools/docker-entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENV LIGHTNINGD_DATA=/root/.lightning
+ENV LIGHTNINGD_NETWORK=palladium
+ENV LIGHTNINGD_PORT=9735
+ENV LIGHTNINGD_RPC_PORT=9835
+ENV EXPOSE_TCP=false
+
+EXPOSE 9735
+
+VOLUME ["/root/.lightning"]
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/docker-compose.lightning.yml
+++ b/docker-compose.lightning.yml
@@ -0,0 +1,46 @@
+# Palladium Lightning — docker-compose
+#
+# Joins the existing `palladium-net` network created by the palladiumd compose stack.
+# The palladium-node:local image must be built before this one (palladium-cli is copied from it).
+#
+# Usage:
+#   # 1. Create .env with RPC credentials (see .env.example)
+#   # 2. Ensure palladiumd is running on palladium-net
+#   docker compose -f docker-compose.lightning.yml build
+#   docker compose -f docker-compose.lightning.yml up -d
+#
+#   # Check status
+#   docker logs palladium-lightning
+#   docker exec palladium-lightning lightning-cli --network=palladium getinfo
+
+networks:
+  palladium-net:
+    external: true  # created by the palladiumd compose stack
+
+services:
+  palladium-lightning:
+    build:
+      context: .
+      dockerfile: Dockerfile.palladium-lightning
+    image: palladium-lightning:local
+    container_name: palladium-lightning
+    restart: unless-stopped
+    networks:
+      - palladium-net
+    ports:
+      - "0.0.0.0:9735:9735"   # Lightning P2P — must be reachable from the internet
+      # RPC (9835) is NOT exposed on the host.
+      # Use: docker exec palladium-lightning lightning-cli --network=palladium <command>
+    volumes:
+      - ./.lightning:/root/.lightning
+    environment:
+      LIGHTNINGD_NETWORK: palladium
+      EXPOSE_TCP: "false"
+    command: >
+      --network=palladium
+      --palladium-rpcconnect=palladiumd
+      --palladium-rpcport=2332
+      --palladium-rpcuser=${PALLADIUM_RPCUSER}
+      --palladium-rpcpassword=${PALLADIUM_RPCPASSWORD}
+      --palladium-cli=/usr/local/bin/palladium-cli
+      --log-level=info