Skip to content

Commit 503b1c9

Browse files
MagicalTuxclaude
andcommitted
Add a Dockerfile for a container deployment (RunPod-friendly)
A small (~250 MB) single-stage image: it pulls the latest release binary onto nvidia/cuda:*-base and sets NVIDIA_DRIVER_CAPABILITIES so the runtime mounts libcuda + libnvidia-ml. No CUDA toolkit, no GUI libs (the tray degrades to headless), and TLS roots are bundled, so nothing else is needed at run time. ENTRYPOINT runs the worker against a /data volume. This is the clean "run it permanently" answer for container hosts like RunPod, which have no systemd: the container runtime re-runs the entrypoint on every start, so the worker comes up automatically and survives restarts. `.dockerignore` keeps the build context empty (nothing is copied from the repo — the binary is fetched). README gains a "Run in a container" section. Image builds clean and carries the binary; verified the identical release binary already runs on a RunPod RTX 4090. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 589a647 commit 503b1c9

3 files changed

Lines changed: 63 additions & 0 deletions

File tree

.dockerignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# The Dockerfile pulls the release binary; nothing from the repo is needed in the
2+
# build context, so ignore everything (keeps the context tiny — no multi-GB target/).
3+
*

Dockerfile

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
# decryptd — GPU worker for decrypt, as a small self-contained container.
2+
#
3+
# The image carries just the release binary. Everything GPU-related — libcuda and
4+
# libnvidia-ml — is injected at runtime by the NVIDIA container runtime, so there's
5+
# no CUDA toolkit here. decryptd also needs no GUI libraries (the tray degrades to
6+
# headless) and bundles its own TLS roots, so nothing else is required at runtime.
7+
#
8+
# Build:
9+
# docker build -t decryptd .
10+
# Run (needs the NVIDIA container runtime; `--restart` makes it permanent):
11+
# docker run -d --name decryptd --restart unless-stopped --gpus all \
12+
# -v decryptd-data:/data decryptd
13+
#
14+
# On RunPod: push this image to a registry and use it as the pod's image — RunPod
15+
# runs the entrypoint on every start, so the worker comes up automatically and
16+
# survives restarts. Mount a volume at /data to keep the worker id + cache.
17+
FROM nvidia/cuda:12.4.1-base-ubuntu22.04
18+
19+
LABEL org.opencontainers.image.source="https://github.com/KarpelesLab/decryptd" \
20+
org.opencontainers.image.description="GPU worker for decrypt"
21+
22+
# Expose the host GPU through the NVIDIA runtime: `compute` = CUDA (libcuda),
23+
# `utility` = NVML/nvidia-smi (the tray's temperature/power readout).
24+
ENV NVIDIA_VISIBLE_DEVICES=all \
25+
NVIDIA_DRIVER_CAPABILITIES=compute,utility
26+
27+
# Fetch the latest release binary. curl + ca-certificates are needed only to
28+
# download it at build time and are removed in the same layer to keep the image
29+
# lean. Override --build-arg DECRYPTD_URL=... to pin a specific version.
30+
ARG DECRYPTD_URL=https://github.com/KarpelesLab/decryptd/releases/latest/download/decryptd-linux-x86_64.tar.gz
31+
RUN set -eux; \
32+
apt-get update; \
33+
apt-get install -y --no-install-recommends ca-certificates curl; \
34+
curl -fSL "$DECRYPTD_URL" | tar -xz --no-same-owner -C /usr/local/bin decryptd; \
35+
chmod +x /usr/local/bin/decryptd; \
36+
apt-get purge -y --auto-remove curl ca-certificates; \
37+
rm -rf /var/lib/apt/lists/*
38+
39+
# Persist the worker id + download cache across restarts by mounting a volume here.
40+
VOLUME /data
41+
WORKDIR /data
42+
ENTRYPOINT ["/usr/local/bin/decryptd", "--workdir", "/data"]

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,24 @@ nohup ./decryptd >decryptd.log 2>&1 &
6767
For an always-on contributor, run it under a service manager (systemd on Linux,
6868
a scheduled task / service on Windows) so it restarts on boot.
6969

70+
### Run in a container
71+
72+
The included `Dockerfile` builds a small (~250 MB) image containing just the
73+
worker. The GPU is supplied at run time by the
74+
[NVIDIA container runtime](https://github.com/NVIDIA/nvidia-container-toolkit)
75+
no CUDA toolkit or GUI libraries go in the image.
76+
77+
```sh
78+
docker build -t decryptd .
79+
docker run -d --name decryptd --restart unless-stopped --gpus all \
80+
-v decryptd-data:/data decryptd
81+
```
82+
83+
Mount a volume at `/data` to keep the worker id and download cache across
84+
restarts. On **RunPod** (or any container host), push the image to a registry and
85+
use it as the pod's image: the entrypoint launches the worker, so it starts
86+
automatically and comes back after a restart — no systemd needed.
87+
7088
### Options
7189

7290
You normally don't need any of these.

0 commit comments

Comments
 (0)