Add initial TMKMS stack

stack-orchestrator/compose/docker-compose-tmkms.yml

@@ -0,0 +1,10 @@
+services:
+  tmkms:
+    restart: unless-stopped
+    image: cerc/tmkms:local
+    command: ["bash", "-c", "/opt/run.sh"]
+    volumes:
+      - ./tmkms:/root
+      - ../config/tmkms/run.sh:/opt/run.sh
+    ports:
+      - "26659"

stack-orchestrator/config/tmkms/run.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then
+  set -x
+fi
+
+set -e
+
+TMKMS_HOME=/root/.tmkms
+
+echo "Starting tmkms..."
+tmkms start --config $TMKMS_HOME/tmkms.toml

stack-orchestrator/container-build/tmkms/Dockerfile

@@ -0,0 +1,56 @@
+# -------- Stage 1: Build --------
+FROM debian:bookworm-slim AS builder
+
+ARG BACKEND=softsign
+ARG VERSION=main
+
+# Install build dependencies
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    build-essential \
+    clang \
+    curl \
+    git \
+    pkg-config \
+    libsodium-dev \
+    libssl-dev \
+    ca-certificates && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN useradd -m builder
+USER builder
+WORKDIR /home/builder
+
+ENV PATH="/home/builder/.cargo/bin:$PATH"
+
+# Install Rust
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
+    rustup component add rustfmt clippy
+
+# Clone and build TMKMS
+RUN git clone --depth 1 --branch ${VERSION} https://github.com/iqlusioninc/tmkms.git && \
+    cd tmkms && \
+    cargo build --release --features=${BACKEND}
+
+# -------- Stage 2: Runtime --------
+FROM debian:bookworm-slim
+
+# Install runtime dependencies only
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    libssl3 \
+    libsodium23 \
+    ca-certificates && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Copy compiled binary
+COPY --from=builder /home/builder/tmkms/target/release/tmkms /usr/local/bin/tmkms
+
+# Create runtime user
+RUN useradd -m tmkmsuser
+USER tmkmsuser
+WORKDIR /home/tmkmsuser
+
+# Default command, override with `docker run ... bash` etc.
+CMD ["tmkms"]

stack-orchestrator/container-build/tmkms/build.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+# Build cerc/tmkms
+source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
+
+# See: https://stackoverflow.com/a/246128/1701505
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+docker build -t cerc/tmkms:local  ${build_command_args} -f ${SCRIPT_DIR}/Dockerfile ${CERC_REPO_BASE_DIR}/tmkms

stack-orchestrator/stacks/tmkms/stack.yml

@@ -0,0 +1,9 @@
+version: "1.0"
+name: tmkms
+description: "TMKMS for signing consensus messages"
+repos:
+  - https://github.com/iqlusioninc/tmkms.git@v0.14.0
+containers:
+  - cerc/tmkms
+pods:
+  - tmkms