chore: Rename containers to containerfiles

containerfiles/Caddyfile

@@ -0,0 +1,9 @@
+relay.example.com {
+        @ws {
+                header Connection Upgrade
+                header Upgrade websocket
+        }
+        tls you@example.com
+        reverse_proxy @ws relay:8088
+        reverse_proxy relay:8088
+}

containerfiles/docker-compose.relay.caddy.yml

@@ -0,0 +1,33 @@
+services:
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    ports:
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile # your caddyfile
+      - ./cert:/etc/caddy/certs
+    depends_on:
+      - relay
+    networks:
+      - relay_network
+    restart: unless-stopped
+
+  relay:
+    #image: ghcr.io/nestrilabs/nestri/relay:nightly # Offical relay image
+    image: ghcr.io/datcaptainhorse/nestri-relay:latest # Most current relay image
+    container_name: relay
+    environment:
+     #- AUTO_ADD_LOCAL_IP=false # use with WEBRTC_NAT_IPS
+     #- WEBRTC_NAT_IPS=1.2.3.4 # Add the LAN IP of your container here if connections fail
+      - VERBOSE=true
+      - DEBUG=true
+    ports:
+      - "8088:8088/udp"
+    networks:
+      - relay_network
+    restart:
+      unless-stopped
+networks:
+  relay_network:
+    driver: bridge

containerfiles/docker-compose.relay.traefik.yml

@@ -0,0 +1,52 @@
+services:
+  traefik:
+    image: "traefik:v2.3"
+    restart: always
+    container_name: "traefik"
+    networks:
+      - traefik
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.network=traefik"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web-secure.address=:443"
+      - "--certificatesresolvers.default.acme.tlschallenge=true"
+      - "--certificatesresolvers.default.acme.email=foo@example.com" # Your email for tls challenge
+      - "--certificatesresolvers.default.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt" # Your letsencrypt folder for certificate persistence
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    restart:
+      unless-stopped
+  relay:
+    #image: ghcr.io/nestrilabs/nestri/relay:nightly # Offical relay image
+    image: ghcr.io/datcaptainhorse/nestri-relay:latest # Most current relay image
+    container_name: relay
+    environment:
+      - AUTO_ADD_LOCAL_IP=false # Use with WEBRTC_NAT_IPS
+      #- WEBRTC_NAT_IPS=1.2.3.4 # Add the LAN IP of your container here if connections fail
+      - VERBOSE=true
+      - DEBUG=true
+    ports:
+      - "8088:8088/udp"
+    networks:
+      - traefik
+    restart:
+      unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.relay.rule=Host(`relay.example.com`) # Your domain for tls challenge
+      - traefik.http.routers.relay.tls=true
+      - traefik.http.routers.relay.tls.certresolver=default
+      - traefik.http.routers.relay.entrypoints=web-secure
+      - traefik.http.services.relay.loadbalancer.server.port=8088
+networks:
+  traefik:
+    external: true

containerfiles/maitred.Containerfile

@@ -0,0 +1,12 @@
+FROM docker.io/golang:1.24-bookworm AS go-build
+WORKDIR /builder
+COPY packages/maitred/ /builder/
+RUN go build
+
+FROM docker.io/golang:1.24-bookworm
+COPY --from=go-build /builder/maitred /maitred/maitred
+WORKDIR /maitred
+
+RUN apt update && apt install -y --no-install-recommends pciutils
+
+ENTRYPOINT ["/maitred/maitred"]

containerfiles/playsite.Containerfile

@@ -0,0 +1,20 @@
+FROM docker.io/node:24-alpine AS base
+
+FROM base AS build
+WORKDIR /usr/src/app
+COPY package.json ./
+COPY patches ./patches
+COPY packages/input ./packages/input
+COPY packages/play-standalone ./packages/play-standalone
+RUN cd packages/play-standalone && npm install && npm run build
+
+FROM base AS runner
+WORKDIR /www
+COPY --from=build /usr/src/app/packages/play-standalone/dist ./dist
+COPY --from=build /usr/src/app/node_modules ./node_modules
+
+RUN apk add --no-cache tini
+
+EXPOSE 3000
+WORKDIR /www
+ENTRYPOINT ["/sbin/tini", "--", "node", "./dist/server/entry.mjs"]

containerfiles/relay.Containerfile

@@ -0,0 +1,29 @@
+FROM docker.io/golang:1.24-alpine AS go-build
+WORKDIR /builder
+COPY packages/relay/ /builder/
+RUN go build
+
+FROM docker.io/golang:1.24-alpine
+COPY --from=go-build /builder/relay /relay/relay
+WORKDIR /relay
+
+# TODO: Switch running layer to just alpine (doesn't need golang dev stack)
+
+# ENV flags
+ENV REGEN_IDENTITY=false
+ENV VERBOSE=false
+ENV DEBUG=false
+ENV ENDPOINT_PORT=8088
+ENV WEBRTC_UDP_START=0
+ENV WEBRTC_UDP_END=0
+ENV STUN_SERVER="stun.l.google.com:19302"
+ENV WEBRTC_UDP_MUX=8088
+ENV WEBRTC_NAT_IPS=""
+ENV AUTO_ADD_LOCAL_IP=true
+ENV PERSIST_DIR="./persist-data"
+
+EXPOSE $ENDPOINT_PORT
+EXPOSE $WEBRTC_UDP_START-$WEBRTC_UDP_END/udp
+EXPOSE $WEBRTC_UDP_MUX/udp
+
+ENTRYPOINT ["/relay/relay"]

containerfiles/runner.Containerfile

@@ -0,0 +1,220 @@
+# Container build arguments #
+ARG BASE_IMAGE=docker.io/cachyos/cachyos:latest
+
+#******************************************************************************
+# Base Stage - Updates system packages
+#******************************************************************************
+FROM ${BASE_IMAGE} AS base
+
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman --noconfirm -Syu
+
+#******************************************************************************
+# Base Builder Stage - Prepares core build environment
+#******************************************************************************
+FROM base AS base-builder
+
+# Environment setup for Rust and Cargo
+ENV CARGO_HOME=/usr/local/cargo \
+    ARTIFACTS=/artifacts \
+    PATH="${CARGO_HOME}/bin:${PATH}" \
+    RUSTFLAGS="-C link-arg=-fuse-ld=mold"
+
+# Install build essentials and caching tools
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --noconfirm mold rustup && \
+    mkdir -p "${ARTIFACTS}"
+
+# Install latest Rust using rustup
+RUN rustup default stable
+
+# Install cargo-chef with proper caching
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    cargo install -j $(nproc) cargo-chef cargo-c --locked
+
+#******************************************************************************
+# Nestri Server Build Stages
+#******************************************************************************
+FROM base-builder AS nestri-server-deps
+WORKDIR /builder
+
+# Install build dependencies
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --noconfirm meson pkgconf cmake git gcc make \
+    gstreamer gst-plugins-base gst-plugins-good gst-plugin-rswebrtc
+
+#--------------------------------------------------------------------
+FROM nestri-server-deps AS nestri-server-planner
+WORKDIR /builder/nestri
+
+COPY packages/server/Cargo.toml packages/server/Cargo.lock ./
+
+# Prepare recipe for dependency caching
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    cargo chef prepare --recipe-path recipe.json
+
+#--------------------------------------------------------------------
+FROM nestri-server-deps AS nestri-server-cached-builder
+WORKDIR /builder/nestri
+
+COPY --from=nestri-server-planner /builder/nestri/recipe.json .
+
+# Cache dependencies using cargo-chef
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    cargo chef cook --release --recipe-path recipe.json
+
+
+ENV CARGO_TARGET_DIR=/builder/target
+
+COPY packages/server/ ./
+
+# Build and install directly to artifacts
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    --mount=type=cache,target=/builder/target \
+    cargo build --release && \
+    cp "${CARGO_TARGET_DIR}/release/nestri-server" "${ARTIFACTS}"
+
+#******************************************************************************
+# GST-Wayland Plugin Build Stages
+#******************************************************************************
+FROM base-builder AS gst-wayland-deps
+WORKDIR /builder
+
+# Install build dependencies
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --noconfirm meson pkgconf cmake git gcc make \
+    libxkbcommon wayland gstreamer gst-plugins-base gst-plugins-good libinput
+
+# Clone repository
+RUN git clone --depth 1 -b "dev-dmabuf" https://github.com/DatCaptainHorse/gst-wayland-display.git
+
+#--------------------------------------------------------------------
+FROM gst-wayland-deps AS gst-wayland-planner
+WORKDIR /builder/gst-wayland-display
+
+# Prepare recipe for dependency caching
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    cargo chef prepare --recipe-path recipe.json
+
+#--------------------------------------------------------------------
+FROM gst-wayland-deps AS gst-wayland-cached-builder
+WORKDIR /builder/gst-wayland-display
+
+COPY --from=gst-wayland-planner /builder/gst-wayland-display/recipe.json .
+
+# Cache dependencies using cargo-chef
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    cargo chef cook --release --recipe-path recipe.json
+
+
+ENV CARGO_TARGET_DIR=/builder/target
+
+COPY --from=gst-wayland-planner /builder/gst-wayland-display/ .
+
+# Build and install directly to artifacts
+RUN --mount=type=cache,target=${CARGO_HOME}/registry \
+    --mount=type=cache,target=/builder/target \
+    cargo cinstall --prefix=${ARTIFACTS} --release
+
+#******************************************************************************
+# Final Runtime Stage
+#******************************************************************************
+FROM base AS runtime
+
+### System Configuration ###
+RUN sed -i \
+    -e '/#\[multilib\]/,/#Include = \/etc\/pacman.d\/mirrorlist/ s/#//' \
+    -e "s/#Color/Color/" /etc/pacman.conf && \
+    pacman --noconfirm -Sy archlinux-keyring && \
+    dirmngr </dev/null > /dev/null 2>&1
+
+### Package Installation ###
+# Core system components
+RUN --mount=type=cache,target=/var/cache/pacman/pkg \
+    pacman -Sy --needed --noconfirm \
+        vulkan-intel lib32-vulkan-intel vpl-gpu-rt \
+        vulkan-radeon lib32-vulkan-radeon \
+        mesa \
+        steam steam-native-runtime proton-cachyos gtk3 lib32-gtk3 \
+        sudo xorg-xwayland seatd libinput gamescope mangohud wlr-randr \
+        libssh2 curl wget \
+        pipewire pipewire-pulse pipewire-alsa wireplumber \
+        noto-fonts-cjk supervisor jq chwd lshw pacman-contrib \
+        openssh && \
+    # GStreamer stack
+    pacman -Sy --needed --noconfirm \
+        gstreamer gst-plugins-base gst-plugins-good \
+        gst-plugins-bad gst-plugin-pipewire \
+        gst-plugin-webrtchttp gst-plugin-rswebrtc gst-plugin-rsrtp \
+        gst-plugin-va gst-plugin-qsv && \
+    # lib32 GStreamer stack to fix some games with videos
+    pacman -Sy --needed --noconfirm \
+        lib32-gstreamer lib32-gst-plugins-base lib32-gst-plugins-good && \
+    # Cleanup
+    paccache -rk1 && \
+    rm -rf /usr/share/{info,man,doc}/*
+
+### User Configuration ###
+ENV USER="nestri" \
+    UID=1000 \
+    GID=1000 \
+    USER_PWD="nestri1234" \
+    XDG_RUNTIME_DIR=/run/user/1000 \
+    HOME=/home/nestri \
+    NVIDIA_DRIVER_CAPABILITIES=all
+
+RUN mkdir -p /home/${USER} && \
+    groupadd -g ${GID} ${USER} && \
+    useradd -d /home/${USER} -u ${UID} -g ${GID} -s /bin/bash ${USER} && \
+    chown -R ${USER}:${USER} /home/${USER} && \
+    echo "${USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
+    echo "${USER}:${USER_PWD}" | chpasswd && \
+    mkdir -p /run/user/${UID} && \
+    chown ${USER}:${USER} /run/user/${UID} && \
+    usermod -aG input,video,render,seat root && \
+    usermod -aG input,video,render,seat ${USER}
+
+### System Services Configuration ###
+RUN mkdir -p /run/dbus && \
+    # Wireplumber suspend disable
+    sed -i -z \
+        -e 's/{[[:space:]]*name = node\/suspend-node\.lua,[[:space:]]*type = script\/lua[[:space:]]*provides = hooks\.node\.suspend[[:space:]]*}[[:space:]]*//g' \
+        -e '/wants = \[/{s/hooks\.node\.suspend\s*//; s/,\s*\]/]/}' \
+        /usr/share/wireplumber/wireplumber.conf
+
+### PipeWire Latency Optimizations (1-5ms instead of 20ms) ###
+RUN mkdir -p /etc/pipewire/pipewire.conf.d && \
+    echo "[audio]\
+    \n  default.clock.rate = 48000\
+    \n  default.clock.quantum = 128\
+    \n  default.clock.min-quantum = 128\
+    \n  default.clock.max-quantum = 256" > /etc/pipewire/pipewire.conf.d/low-latency.conf && \
+    mkdir -p /etc/wireplumber/main.lua.d && \
+    echo 'table.insert(default_nodes.rules, {\
+    \n  matches = { { { "node.name", "matches", ".*" } } },\
+    \n  apply_properties = {\
+    \n    ["audio.format"] = "S16LE",\
+    \n    ["audio.rate"] = 48000,\
+    \n    ["audio.channels"] = 2,\
+    \n    ["api.alsa.period-size"] = 128,\
+    \n    ["api.alsa.headroom"] = 0,\
+    \n    ["session.suspend-timeout-seconds"] = 0\
+    \n  }\
+    \n})' > /etc/wireplumber/main.lua.d/50-low-latency.lua && \
+    echo "default-fragments = 2\
+    \ndefault-fragment-size-msec = 2" >> /etc/pulse/daemon.conf && \
+    echo "load-module module-loopback latency_msec=1" >> /etc/pipewire/pipewire.conf.d/loopback.conf
+
+
+### Artifacts and Verification ###
+COPY --from=nestri-server-cached-builder /artifacts/nestri-server /usr/bin/
+COPY --from=gst-wayland-cached-builder /artifacts/lib/ /usr/lib/
+COPY --from=gst-wayland-cached-builder /artifacts/include/ /usr/include/
+RUN which nestri-server && ls -la /usr/lib/ | grep 'gstwaylanddisplay'
+
+### Scripts and Final Configuration ###
+COPY packages/scripts/ /etc/nestri/
+RUN chmod +x /etc/nestri/{envs.sh,entrypoint*.sh} && \
+    locale-gen
+
+ENTRYPOINT ["supervisord", "-c", "/etc/nestri/supervisord.conf"]