feat: add Docker configuration files and installation script for SurfSense

surfsense_web/Dockerfile

@@ -29,15 +29,22 @@ WORKDIR /app
 # Enable pnpm
 RUN corepack enable pnpm
 
-# Accept build arguments for Next.js public env vars
-ARG NEXT_PUBLIC_FASTAPI_BACKEND_URL
-ARG NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE
-ARG NEXT_PUBLIC_ETL_SERVICE
+# Build with placeholder values for NEXT_PUBLIC_* variables.
+# These are replaced at container startup by docker-entrypoint.js
+# with real values from the container's environment variables.
+ARG NEXT_PUBLIC_FASTAPI_BACKEND_URL=__NEXT_PUBLIC_FASTAPI_BACKEND_URL__
+ARG NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE=__NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE__
+ARG NEXT_PUBLIC_ETL_SERVICE=__NEXT_PUBLIC_ETL_SERVICE__
+ARG NEXT_PUBLIC_ELECTRIC_URL=__NEXT_PUBLIC_ELECTRIC_URL__
+ARG NEXT_PUBLIC_ELECTRIC_AUTH_MODE=__NEXT_PUBLIC_ELECTRIC_AUTH_MODE__
+ARG NEXT_PUBLIC_DEPLOYMENT_MODE=__NEXT_PUBLIC_DEPLOYMENT_MODE__
 
-# Set them as environment variables for the build
 ENV NEXT_PUBLIC_FASTAPI_BACKEND_URL=$NEXT_PUBLIC_FASTAPI_BACKEND_URL
 ENV NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE=$NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE
 ENV NEXT_PUBLIC_ETL_SERVICE=$NEXT_PUBLIC_ETL_SERVICE
+ENV NEXT_PUBLIC_ELECTRIC_URL=$NEXT_PUBLIC_ELECTRIC_URL
+ENV NEXT_PUBLIC_ELECTRIC_AUTH_MODE=$NEXT_PUBLIC_ELECTRIC_AUTH_MODE
+ENV NEXT_PUBLIC_DEPLOYMENT_MODE=$NEXT_PUBLIC_DEPLOYMENT_MODE
 
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
@@ -67,6 +74,10 @@ COPY --from=builder /app/public ./public
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
 
+# Entrypoint scripts for runtime env var substitution
+COPY --chown=nextjs:nodejs docker-entrypoint.js ./docker-entrypoint.js
+COPY --chown=nextjs:nodejs --chmod=755 docker-entrypoint.sh ./docker-entrypoint.sh
+
 USER nextjs
 
 EXPOSE 3000
@@ -76,4 +87,4 @@ ENV PORT=3000
 # server.js is created by next build from the standalone output
 # https://nextjs.org/docs/pages/api-reference/config/next-config-js/output
 ENV HOSTNAME="0.0.0.0"
-CMD ["node", "server.js"] 
+ENTRYPOINT ["/bin/sh", "./docker-entrypoint.sh"]

surfsense_web/docker-entrypoint.js

@@ -0,0 +1,100 @@
+/**
+ * Runtime environment variable substitution for Next.js Docker images.
+ *
+ * Next.js inlines NEXT_PUBLIC_* values at build time. The Docker image is built
+ * with unique placeholder strings (e.g. __NEXT_PUBLIC_FASTAPI_BACKEND_URL__).
+ * This script replaces those placeholders with real values from the container's
+ * environment variables before the server starts.
+ *
+ * Runs once at container startup via docker-entrypoint.sh.
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+const replacements = [
+  [
+    "__NEXT_PUBLIC_FASTAPI_BACKEND_URL__",
+    process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL || "http://localhost:8000",
+  ],
+  [
+    "__NEXT_PUBLIC_ELECTRIC_URL__",
+    process.env.NEXT_PUBLIC_ELECTRIC_URL || "http://localhost:5133",
+  ],
+  [
+    "__NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE__",
+    process.env.NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE || "LOCAL",
+  ],
+  [
+    "__NEXT_PUBLIC_ETL_SERVICE__",
+    process.env.NEXT_PUBLIC_ETL_SERVICE || "DOCLING",
+  ],
+  [
+    "__NEXT_PUBLIC_DEPLOYMENT_MODE__",
+    process.env.NEXT_PUBLIC_DEPLOYMENT_MODE || "self-hosted",
+  ],
+  [
+    "__NEXT_PUBLIC_ELECTRIC_AUTH_MODE__",
+    process.env.NEXT_PUBLIC_ELECTRIC_AUTH_MODE || "insecure",
+  ],
+];
+
+let filesProcessed = 0;
+let filesModified = 0;
+
+function walk(dir) {
+  let entries;
+  try {
+    entries = fs.readdirSync(dir, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      walk(full);
+    } else if (entry.name.endsWith(".js")) {
+      filesProcessed++;
+      let content = fs.readFileSync(full, "utf8");
+      let changed = false;
+      for (const [placeholder, value] of replacements) {
+        if (content.includes(placeholder)) {
+          content = content.replaceAll(placeholder, value);
+          changed = true;
+        }
+      }
+      if (changed) {
+        fs.writeFileSync(full, content);
+        filesModified++;
+      }
+    }
+  }
+}
+
+console.log("[entrypoint] Replacing environment variable placeholders...");
+for (const [placeholder, value] of replacements) {
+  console.log(`  ${placeholder} -> ${value}`);
+}
+
+walk(path.join(__dirname, ".next"));
+
+const serverJs = path.join(__dirname, "server.js");
+if (fs.existsSync(serverJs)) {
+  let content = fs.readFileSync(serverJs, "utf8");
+  let changed = false;
+  filesProcessed++;
+  for (const [placeholder, value] of replacements) {
+    if (content.includes(placeholder)) {
+      content = content.replaceAll(placeholder, value);
+      changed = true;
+    }
+  }
+  if (changed) {
+    fs.writeFileSync(serverJs, content);
+    filesModified++;
+  }
+}
+
+console.log(
+  `[entrypoint] Done. Scanned ${filesProcessed} files, modified ${filesModified}.`
+);

surfsense_web/docker-entrypoint.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+node /app/docker-entrypoint.js
+
+exec node server.js