From 4f604ba7f852f0bc91d0c55ecf79f2d2e39dea23 Mon Sep 17 00:00:00 2001
From: "Aaron D. Lee" <aaron.daniel.lee@gmail.com>
Date: Tue, 31 Mar 2026 18:07:16 -0400
Subject: [PATCH] Add Docker container setup (port 35811)

- Dockerfile: builds from Sources/ context, installs stegasoo + verisoo + soosef
- docker-compose.yml: single service with persistent volume at /root/.soosef
- entrypoint.sh: auto-init on first run, gunicorn with 2 workers

Build: cd soosef/docker && sudo docker compose build
Run:   sudo docker compose up -d

Port 35811, HTTPS disabled by default (reverse proxy expected)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker/Dockerfile         | 71 +++++++++++++++++++++++++++++++++++++++
 docker/docker-compose.yml | 27 +++++++++++++++
 docker/entrypoint.sh      | 26 ++++++++++++++
 3 files changed, 124 insertions(+)
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/docker-compose.yml
 create mode 100644 docker/entrypoint.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..9633b1c
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,71 @@
+# SooSeF Docker Image
+#
+# Requires stegasoo and verisoo source directories alongside soosef:
+#   Sources/
+#   ├── stegasoo/
+#   ├── verisoo/
+#   └── soosef/     ← build context is parent (Sources/)
+#
+# Build:
+#   docker build -t soosef -f soosef/docker/Dockerfile .
+#
+# Or use docker-compose from soosef/docker/:
+#   docker compose up
+
+FROM python:3.12-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV PIP_ROOT_USER_ACTION=ignore
+
+# System dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    g++ \
+    libc-dev \
+    libffi-dev \
+    libzbar0 \
+    libjpeg-dev \
+    zlib1g-dev \
+    curl \
+    openssl \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# ── Install stegasoo ─────────────────────────────────────────────
+COPY stegasoo/pyproject.toml stegasoo/pyproject.toml
+COPY stegasoo/README.md stegasoo/README.md
+COPY stegasoo/src/ stegasoo/src/
+COPY stegasoo/data/ stegasoo/data/
+COPY stegasoo/frontends/ stegasoo/frontends/
+RUN pip install --no-cache-dir /app/stegasoo[web,dct,audio,cli]
+
+# ── Install verisoo ──────────────────────────────────────────────
+COPY verisoo/pyproject.toml verisoo/pyproject.toml
+COPY verisoo/README.md verisoo/README.md
+COPY verisoo/src/ verisoo/src/
+RUN pip install --no-cache-dir /app/verisoo[cli]
+
+# ── Install soosef ───────────────────────────────────────────────
+COPY soosef/pyproject.toml soosef/pyproject.toml
+COPY soosef/README.md soosef/README.md
+COPY soosef/src/ soosef/src/
+COPY soosef/frontends/ soosef/frontends/
+RUN pip install --no-cache-dir /app/soosef[web,cli]
+
+# ── Runtime setup ────────────────────────────────────────────────
+RUN mkdir -p /root/.soosef
+
+COPY soosef/docker/entrypoint.sh /app/entrypoint.sh
+RUN chmod +x /app/entrypoint.sh
+
+ENV SOOSEF_DATA_DIR=/root/.soosef
+WORKDIR /app/soosef
+
+EXPOSE 35811
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
+    CMD curl -fsk https://localhost:35811/ || curl -fs http://localhost:35811/ || exit 1
+
+ENTRYPOINT ["/app/entrypoint.sh"]
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..7ac2085
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,27 @@
+services:
+  soosef:
+    build:
+      context: ../..   # Sources/ directory (contains stegasoo/, verisoo/, soosef/)
+      dockerfile: soosef/docker/Dockerfile
+    container_name: soosef
+    ports:
+      - "35811:35811"
+    environment:
+      SOOSEF_DATA_DIR: /root/.soosef
+      SOOSEF_PORT: "35811"
+      SOOSEF_WORKERS: "2"
+      SOOSEF_HTTPS_ENABLED: "${SOOSEF_HTTPS_ENABLED:-false}"
+      STEGASOO_CHANNEL_KEY: "${STEGASOO_CHANNEL_KEY:-}"
+    volumes:
+      - soosef-data:/root/.soosef
+    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 2048M
+        reservations:
+          memory: 512M
+
+volumes:
+  soosef-data:
+    driver: local
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 0000000..73d432f
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+# Initialize if needed (generates identity + channel key + config)
+if [ ! -f "$SOOSEF_DATA_DIR/config.json" ]; then
+    echo "First run — initializing SooSeF..."
+    soosef init
+    echo "Initialization complete."
+fi
+
+# Determine HTTPS mode
+HTTPS_FLAG=""
+if [ "${SOOSEF_HTTPS_ENABLED:-true}" = "false" ]; then
+    HTTPS_FLAG="--no-https"
+fi
+
+echo "Starting SooSeF on port ${SOOSEF_PORT:-35811}..."
+
+# Run with gunicorn for production
+exec gunicorn \
+    --bind "0.0.0.0:${SOOSEF_PORT:-35811}" \
+    --workers "${SOOSEF_WORKERS:-2}" \
+    --timeout 180 \
+    --access-logfile - \
+    --error-logfile - \
+    "frontends.web.app:create_app()"