NottingHack · AaronJackson · Apr 21, 2026 · Apr 21, 2026
diff --git a/dev/Dockerfile.nginx b/dev/Dockerfile.nginx
@@ -0,0 +1,26 @@
+FROM trafex/php-nginx:3.10.0 AS build
+
+USER root
+
+RUN cd / && \
+    apk add --no-cache php84-pear php84-dev gcc musl-dev make krb5-dev && \
+    wget https://pecl.php.net/get/krb5-1.2.4.tgz && \
+    tar zxf krb5-1.2.4.tgz && cd krb5-1.2.4 && \
+    phpize84 && \
+    ./configure --with-krb5kadm=S && \
+    make -j8 && make install
+
+FROM trafex/php-nginx:3.10.0 AS final
+
+COPY --from=build /usr/lib/php84/modules/krb5.so /usr/lib/php84/modules/krb5.so
+
+USER root
+
+RUN apk add --no-cache php84-pdo_mysql php84-redis krb5 krb5-pkinit \
+    php84-pcntl php84-posix php84-sodium php84-simplexml git && \
+    echo 'extension=krb5.so' > /etc/php84/conf.d/krb5.ini && \
+    echo -e '[safe]\ndirectory = *' > /.gitconfig && \
+    wget https://getcomposer.org/download/2.9.7/composer.phar -O /usr/bin/composer && \
+    chmod a+x /usr/bin/composer
+
+USER nobody
diff --git a/dev/docker-hms-init.sh b/dev/docker-hms-init.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+cd /hms
+
+composer upgrade --no-security-blocking
+
+php artisan make:cache-table || true
+php artisan key:generate
+php artisan migrate
+php artisan doctrine:migration:refresh -n
+php artisan hms:database:refresh-views
+php artisan hms:database:refresh-procedures
+php artisan permissions:defaults
+php artisan meta:sync
+php artisan db:seed
+yes | php artisan passport:install
+yes | php artisan ziggy:generate
diff --git a/dev/docker-init.sql b/dev/docker-init.sql
@@ -0,0 +1 @@
+CREATE DATABASE IF NOT EXISTS hms;
diff --git a/dev/docker-krb5-init.sh b/dev/docker-krb5-init.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+sleep 5
+
+# Setup kerberos keytab
+export KRB5_CONFIG=/shared/krb5.conf
+cat > "$KRB5_CONFIG" <<EOF
+[libdefaults]
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_realm = NOTTINGHACK
+
+[realms]
+ NOTTINGHACK = {
+    kdc = hms-krb5
+    admin_server = hms-krb5
+ }
+EOF
+
+echo 'very-secure-passwords' | kinit admin/admin@NOTTINGHACK
+klist
+
+echo 'very-secure-passwords' | kadmin -q "addprinc -pw very-secure-passwords hms/admin@NOTTINGHACK"
+
+rm -f /shared/hms.keytab
+ktutil <<EOF
+addent  -password -p hms/admin@NOTTINGHACK -k 1 -e aes128-cts-hmac-sha1-96
+very-secure-passwords
+wkt /shared/hms.keytab
+EOF
+chmod a+r /shared/hms.keytab
+
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,97 @@
+networks:
+    hms:
+        driver:  bridge
+        enable_ipv6: false
+
+volumes:
+  hms-shared:
+  hms-mariadb:
+
+x-hms-environment: &hms-environment
+  DB_HOST: hms-mysql
+  DB_USERNAME: root
+  DB_PASSWORD: ""
+  REDIS_HOST: hms-redis
+  KRB_USERNAME: hms/admin
+  KRB_REALM: NOTTINGHACK
+  KRB_KEYTAB: /shared/hms.keytab
+  KRB5_CONFIG: /shared/krb5.conf
+
+services:
+  hms-web:
+    image: hms-php-nginx
+    pull_policy: never
+    build:
+      dockerfile: dev/Dockerfile.nginx
+    ports:
+      - "8080:8080"
+    networks:
+      - hms
+    user: nobody
+    volumes:
+      - ./:/var/www
+      - ./public:/var/www/html
+      - hms-shared:/shared
+    environment:
+      <<: *hms-environment
+
+  hms-mysql:
+    image: mariadb:latest
+    ports:
+      - "3306:3306"
+    networks:
+      - hms
+    volumes:
+      - hms-mariadb:/var/lib/mysql:Z
+      - ./dev/docker-init.sql:/docker-init.sql
+    command: --init-file /docker-init.sql
+    environment:
+      MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 1
+
+  hms-redis:
+    image: redis:latest
+    networks:
+      - hms
+
+  hms-krb5:
+    image: gcavalcante8808/krb5-server
+    networks:
+      - hms
+    volumes:
+      - hms-shared:/shared:rw
+    environment:
+      KRB5_REALM: NOTTINGHACK
+      KRB5_KDC: localhost
+      KRB5_ADMINSERVER: localhost
+      KRB5_PASS: very-secure-passwords
+
+  hms-db-init:
+    image: hms-php-nginx
+    pull_policy: never
+    command: /docker-init.sh
+    user: nobody
+    networks:
+      - hms
+    environment:
+      <<: *hms-environment
+    volumes:
+      - ./dev/docker-hms-init.sh:/docker-init.sh
+      - ./:/hms
+      - hms-shared:/shared
+    depends_on:
+      hms-mysql:
+        condition: service_started
+      hms-web:
+        condition: service_healthy
+
+  hms-krb5-init:
+    image: gcavalcante8808/krb5-server
+    command: /docker-init.sh
+    networks:
+      - hms
+    volumes:
+      - ./dev/docker-krb5-init.sh:/docker-init.sh
+      - hms-shared:/shared
+    depends_on:
+      hms-krb5:
+        condition: service_started