From 11974a1169b99c52d9fd69c5d80bbefdd5c42075 Mon Sep 17 00:00:00 2001 From: Davide Grilli Date: Wed, 11 Mar 2026 20:43:23 +0100 Subject: [PATCH] feat: add Docker support for palladium-lightning node - Dockerfile.palladium-lightning: multi-stage build (ubuntu:22.04) builder stage compiles lightningd from source with git submodules; runtime stage copies palladium-cli from palladium-node:local image (no Rust plugins, no cross-compilation, amd64 only) - docker-compose.lightning.yml: joins external `palladium-net`, exposes port 9735 (P2P), connects to palladiumd:2332 via RPC using credentials from .env - .env.example: template for PALLADIUM_RPCUSER / PALLADIUM_RPCPASSWORD - .gitignore: add .env to prevent accidental credential commits --- .env.example | 4 ++ .gitignore | 3 ++ Dockerfile.palladium-lightning | 98 ++++++++++++++++++++++++++++++++++ docker-compose.lightning.yml | 46 ++++++++++++++++ 4 files changed, 151 insertions(+) create mode 100644 .env.example create mode 100644 Dockerfile.palladium-lightning create mode 100644 docker-compose.lightning.yml diff --git a/.env.example b/.env.example new file mode 100644 index 000000000..cc9fed1c3 --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +# Copy this file to .env and fill in your palladiumd RPC credentials. +# The .env file is gitignored — never commit it. +PALLADIUM_RPCUSER=your_rpc_user +PALLADIUM_RPCPASSWORD=your_rpc_password diff --git a/.gitignore b/.gitignore index 7422504e3..5073d97b1 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,9 @@ cli/lightning-cli # Custom local binaries for testing /palladium-bin/ +# Local secrets — never commit +.env + coverage # Coverage profiling data files *.profraw diff --git a/Dockerfile.palladium-lightning b/Dockerfile.palladium-lightning new file mode 100644 index 000000000..efe272415 --- /dev/null +++ b/Dockerfile.palladium-lightning @@ -0,0 +1,98 @@ +# syntax=docker/dockerfile:1.7-labs +# Palladium Lightning — production image (amd64, no cross-compilation, no Rust plugins) + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 1: builder +# ────────────────────────────────────────────────────────────────────────────── +FROM ubuntu:22.04 AS builder + +SHELL ["/bin/bash", "-euo", "pipefail", "-c"] + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + autoconf \ + automake \ + build-essential \ + ca-certificates \ + gcc \ + git \ + gettext \ + jq \ + libffi-dev \ + libicu-dev \ + libprotobuf-c-dev \ + libsodium-dev \ + libsqlite3-dev \ + libssl-dev \ + libtool \ + pkg-config \ + protobuf-compiler \ + python3-dev \ + zlib1g-dev && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +WORKDIR /opt/lightningd + +# Copy source (excluding .git, added back below for submodule init) +COPY --exclude=.git/ . . +COPY .git/ .git/ + +RUN git submodule update --init --recursive --depth 1 --jobs "$(nproc)" + +RUN ./configure \ + --prefix=/tmp/lightning_install \ + --disable-valgrind \ + --disable-compat + +RUN make install-program -j"$(nproc)" + +# Strip debug symbols to reduce image size +RUN find /tmp/lightning_install -type f -executable \ + -exec sh -c 'file "$1" | grep -q ELF && strip --strip-unneeded "$1"' _ {} \; + + +# ────────────────────────────────────────────────────────────────────────────── +# Stage 2: runtime +# ────────────────────────────────────────────────────────────────────────────── +FROM ubuntu:22.04 AS lightningd + +SHELL ["/bin/bash", "-euo", "pipefail", "-c"] + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + inotify-tools \ + jq \ + libffi8 \ + libicu70 \ + libsodium23 \ + libsqlite3-0 \ + socat && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +# palladium-cli is needed by the bcli plugin to talk to palladiumd. +# Copy it from the already-built palladium-node image so we don't duplicate binaries. +# Build palladium-node:local first: docker compose -f docker-compose.yml build +COPY --from=palladium-node:local /usr/local/bin/palladium-cli /usr/local/bin/palladium-cli + +# Lightning binaries and plugins +COPY --from=builder /tmp/lightning_install/ /usr/local/ + +COPY tools/docker-entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENV LIGHTNINGD_DATA=/root/.lightning +ENV LIGHTNINGD_NETWORK=palladium +ENV LIGHTNINGD_PORT=9735 +ENV LIGHTNINGD_RPC_PORT=9835 +ENV EXPOSE_TCP=false + +EXPOSE 9735 + +VOLUME ["/root/.lightning"] + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker-compose.lightning.yml b/docker-compose.lightning.yml new file mode 100644 index 000000000..bf46df7b0 --- /dev/null +++ b/docker-compose.lightning.yml @@ -0,0 +1,46 @@ +# Palladium Lightning — docker-compose +# +# Joins the existing `palladium-net` network created by the palladiumd compose stack. +# The palladium-node:local image must be built before this one (palladium-cli is copied from it). +# +# Usage: +# # 1. Create .env with RPC credentials (see .env.example) +# # 2. Ensure palladiumd is running on palladium-net +# docker compose -f docker-compose.lightning.yml build +# docker compose -f docker-compose.lightning.yml up -d +# +# # Check status +# docker logs palladium-lightning +# docker exec palladium-lightning lightning-cli --network=palladium getinfo + +networks: + palladium-net: + external: true # created by the palladiumd compose stack + +services: + palladium-lightning: + build: + context: . + dockerfile: Dockerfile.palladium-lightning + image: palladium-lightning:local + container_name: palladium-lightning + restart: unless-stopped + networks: + - palladium-net + ports: + - "0.0.0.0:9735:9735" # Lightning P2P — must be reachable from the internet + # RPC (9835) is NOT exposed on the host. + # Use: docker exec palladium-lightning lightning-cli --network=palladium + volumes: + - ./.lightning:/root/.lightning + environment: + LIGHTNINGD_NETWORK: palladium + EXPOSE_TCP: "false" + command: > + --network=palladium + --palladium-rpcconnect=palladiumd + --palladium-rpcport=2332 + --palladium-rpcuser=${PALLADIUM_RPCUSER} + --palladium-rpcpassword=${PALLADIUM_RPCPASSWORD} + --palladium-cli=/usr/local/bin/palladium-cli + --log-level=info