fixed conflicts

Author: dnsi0

docs/env.md

@@ -137,6 +137,7 @@ The `DOCKER_COMPUTE_ENVIRONMENTS` environment variable should be a JSON array of
   {
     "socketPath": "/var/run/docker.sock",
     "scanImages": true,
+    "enableNetwork": false,
     "imageRetentionDays": 7,
     "imageCleanupInterval": 86400,
     "resources": [
@@ -195,7 +196,9 @@ The `DOCKER_COMPUTE_ENVIRONMENTS` environment variable should be a JSON array of
 #### Configuration Options
 
 - **socketPath**: Path to the Docker socket (e.g., docker.sock).
-- **scanImages**: If the docker images should be scan for vulnerabilities using trivy. If yes and critical vulnerabilities are found, then C2D job is refused
+- **scanImages**: Whether Docker images should be scanned for vulnerabilities using Trivy. If enabled and critical vulnerabilities are found, the C2D job is rejected.
+- **scanImageDBUpdateInterval**: How often to update the vulnerability database, in seconds. Default: 43200 (12 hours)
+- **enableNetwork**: Whether networking is enabled for algorithm containers. Default: false
 - **imageRetentionDays** - how long docker images are kept, in days. Default: 7
 - **imageCleanupInterval** - how often to run cleanup for docker images, in seconds. Min: 3600 (1hour), Default: 86400 (24 hours)
 - **paymentClaimInterval** - how often to run payment claiming, in seconds. Default: 3600 (1 hour)

src/@types/C2D/C2D.ts

@@ -167,6 +167,7 @@ export interface C2DDockerConfig {
   scanImages?: boolean
   scanImageDBUpdateInterval?: number // Default: 12 hours
   environments: C2DEnvironmentConfig[]
+  enableNetwork?: boolean // whether network is enabled for algorithm containers
 }
 
 export type ComputeResultType =

src/components/c2d/compute_engine_docker.ts

@@ -88,6 +88,8 @@ export class C2DEngineDocker extends C2DEngine {
   private trivyCachePath: string
   private cpuAllocations: Map<string, number[]> = new Map()
   private envCpuCoresMap: Map<string, number[]> = new Map()
+  private enableNetwork: boolean
+
   public constructor(
     clusterConfig: C2DClusterInfo,
     db: C2DDatabase,
@@ -110,6 +112,7 @@ export class C2DEngineDocker extends C2DEngine {
     this.paymentClaimInterval = clusterConfig.connection.paymentClaimInterval || 3600 // 1 hour
     this.scanImages = clusterConfig.connection.scanImages || false // default is not to scan images for now, until it's prod ready
     this.scanImageDBUpdateInterval = clusterConfig.connection.scanImageDBUpdateInterval
+    this.enableNetwork = clusterConfig.connection.enableNetwork ?? false
     if (
       clusterConfig.connection.protocol &&
       clusterConfig.connection.host &&
@@ -1788,7 +1791,6 @@ export class C2DEngineDocker extends C2DEngine {
       // create the container
       const mountVols: any = { '/data': {} }
       const hostConfig: HostConfig = {
-        NetworkMode: 'none', // no network inside the container
         Mounts: [
           {
             Type: 'volume',
@@ -1798,6 +1800,9 @@ export class C2DEngineDocker extends C2DEngine {
           }
         ]
       }
+      if (!this.enableNetwork) {
+        hostConfig.NetworkMode = 'none' // no network inside the container
+      }
       // disk
       // if (diskSize && diskSize > 0) {
       //  hostConfig.StorageOpt = {

src/utils/config/schemas.ts

@@ -209,7 +209,10 @@ export const C2DDockerConfigSchema = z.array(
     certPath: z.string().optional(),
     keyPath: z.string().optional(),
     imageRetentionDays: z.number().int().min(1).optional().default(7),
-    imageCleanupInterval: z.number().int().min(3600).optional().default(86400),
+    imageCleanupInterval: z.number().int().min(3600).optional().default(86400), // min 1 hour, default 24 hours
+    scanImages: z.boolean().optional().default(false),
+    scanImageDBUpdateInterval: z.number().int().min(3600).optional().default(43200), // default 43200 (12 hours)
+    enableNetwork: z.boolean().optional().default(false),
     environments: z.array(C2DEnvironmentConfigSchema).min(1)
   })
 )