Archives
/
docker-wireguard
mirror of https://github.com/linuxserver/docker-wireguard
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Switch master branch to alpine

Browse Source
pull/260/head
TheSpad 1 year ago
parent 365f789a0c
commit 788970f4cb
No known key found for this signature in database
GPG Key ID: 08F06191F4587860
16 changed files with 419 additions and 667 deletions
Show Stats Download Patch File Download Diff File

6
.github/workflows/call_issue_pr_tracker.yml vendored
Unescape Escape View File

@ -2,9 +2,11 @@ name: Issue & PR Tracker
on:
issues:
types: [opened,reopened,labeled,unlabeled]
types: [opened,reopened,labeled,unlabeled,closed]
pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
pull_request_review:
types: [submitted,edited,dismissed]
jobs:
manage-project:

8
.github/workflows/external_trigger.yml vendored
Unescape Escape View File

@ -14,9 +14,11 @@ jobs:
run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER }}" ]; then
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name)
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
@ -30,6 +32,7 @@ jobs:
fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "**** External version: ${EXT_RELEASE} ****"
echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving last pushed version ****"
image="linuxserver/wireguard"
tag="latest"
@ -65,14 +68,18 @@ jobs:
exit 1
fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****"
echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@ -82,6 +89,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \

18
.github/workflows/external_trigger_scheduler.yml vendored
Unescape Escape View File

@ -2,7 +2,7 @@ name: External Trigger Scheduler
on:
schedule:
- cron: '25 * * * *'
- cron: '51 * * * *'
workflow_dispatch:
jobs:
@ -17,18 +17,18 @@ jobs:
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
if [ "$br" == "$ls_branch" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml)
ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
@ -36,8 +36,10 @@ jobs:
https://api.github.com/repos/linuxserver/docker-wireguard/actions/workflows/external_trigger.yml/dispatches
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
fi
done

4
.github/workflows/package_trigger.yml vendored
Unescape Escape View File

@ -14,13 +14,16 @@ jobs:
run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\". ****"
echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@ -30,6 +33,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \

8
.github/workflows/package_trigger_scheduler.yml vendored
Unescape Escape View File

@ -17,18 +17,16 @@ jobs:
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml | yq -r '.ls_branch')
if [ "${br}" == "${ls_branch}" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} "
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
@ -38,9 +36,11 @@ jobs:
sleep 30
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
fi
done
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"

51
Dockerfile
Unescape Escape View File

@ -1,64 +1,53 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy
FROM ghcr.io/linuxserver/baseimage-alpine:3.17
# set version label
ARG BUILD_DATE
ARG VERSION
ARG WIREGUARD_RELEASE
LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
LABEL maintainer="aptalca"
ENV DEBIAN_FRONTEND="noninteractive"
LABEL maintainer="thespad"
RUN \
echo "**** install dependencies ****" && \
apt-get update && \
apt-get install -y --no-install-recommends \
bc \
build-essential \
dkms \
apk add --no-cache --virtual=build-dependencies \
build-base \
elfutils-dev \
gcc \
git \
linux-headers && \
apk add --no-cache \
bc \
coredns \
gnupg \
ifupdown \
grep \
iproute2 \
iptables \
iputils-ping \
libc6 \
libelf-dev \
ip6tables \
iputils \
libcap-utils \
libqrencode \
net-tools \
openresolv \
perl \
pkg-config \
qrencode && \
update-alternatives --set iptables /usr/sbin/iptables-legacy && \
perl && \
echo "wireguard" >> /etc/modules && \
echo "**** install wireguard-tools ****" && \
if [ -z ${WIREGUARD_RELEASE+x} ]; then \
WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
| jq -r .[0].name); \
| jq -r .[0].name); \
fi && \
cd /app && \
git clone https://git.zx2c4.com/wireguard-linux-compat && \
git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
git checkout "${WIREGUARD_RELEASE}" && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \
make -C src -j$(nproc) && \
make -C src install && \
echo "**** install CoreDNS ****" && \
COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
curl -o \
/tmp/coredns.tar.gz -L \
"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \
tar xf \
/tmp/coredns.tar.gz -C \
/app && \
echo "**** clean up ****" && \
apk del --no-network build-dependencies && \
rm -rf \
/tmp/* \
/var/lib/apt/lists/* \
/var/tmp/*
/tmp/*
# add local files
COPY /root /

51
Dockerfile.aarch64
Unescape Escape View File

@ -1,64 +1,53 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.17
# set version label
ARG BUILD_DATE
ARG VERSION
ARG WIREGUARD_RELEASE
LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
LABEL maintainer="aptalca"
ENV DEBIAN_FRONTEND="noninteractive"
LABEL maintainer="thespad"
RUN \
echo "**** install dependencies ****" && \
apt-get update && \
apt-get install -y --no-install-recommends \
bc \
build-essential \
dkms \
apk add --no-cache --virtual=build-dependencies \
build-base \
elfutils-dev \
gcc \
git \
linux-headers && \
apk add --no-cache \
bc \
coredns \
gnupg \
ifupdown \
grep \
iproute2 \
iptables \
iputils-ping \
libc6 \
libelf-dev \
ip6tables \
iputils \
libcap-utils \
libqrencode \
net-tools \
openresolv \
perl \
pkg-config \
qrencode && \
update-alternatives --set iptables /usr/sbin/iptables-legacy && \
perl && \
echo "wireguard" >> /etc/modules && \
echo "**** install wireguard-tools ****" && \
if [ -z ${WIREGUARD_RELEASE+x} ]; then \
WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
| jq -r .[0].name); \
| jq -r .[0].name); \
fi && \
cd /app && \
git clone https://git.zx2c4.com/wireguard-linux-compat && \
git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
git checkout "${WIREGUARD_RELEASE}" && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \
make -C src -j$(nproc) && \
make -C src install && \
echo "**** install CoreDNS ****" && \
COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
curl -o \
/tmp/coredns.tar.gz -L \
"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \
tar xf \
/tmp/coredns.tar.gz -C \
/app && \
echo "**** clean up ****" && \
apk del --no-network build-dependencies && \
rm -rf \
/tmp/* \
/var/lib/apt/lists/* \
/var/tmp/*
/tmp/*
# add local files
COPY /root /

49
Dockerfile.armhf
Unescape Escape View File

@ -1,64 +1,53 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-jammy
FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.17
# set version label
ARG BUILD_DATE
ARG VERSION
ARG WIREGUARD_RELEASE
LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
LABEL maintainer="aptalca"
ENV DEBIAN_FRONTEND="noninteractive"
LABEL maintainer="thespad"
RUN \
echo "**** install dependencies ****" && \
apt-get update && \
apt-get install -y --no-install-recommends \
bc \
build-essential \
dkms \
apk add --no-cache --virtual=build-dependencies \
build-base \
elfutils-dev \
gcc \
git \
linux-headers && \
apk add --no-cache \
bc \
coredns \
gnupg \
ifupdown \
grep \
iproute2 \
iptables \
iputils-ping \
libc6 \
libelf-dev \
ip6tables \
iputils \
libcap-utils \
libqrencode \
net-tools \
openresolv \
perl \
pkg-config \
qrencode && \
update-alternatives --set iptables /usr/sbin/iptables-legacy && \
perl && \
echo "wireguard" >> /etc/modules && \
echo "**** install wireguard-tools ****" && \
if [ -z ${WIREGUARD_RELEASE+x} ]; then \
WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
| jq -r .[0].name); \
fi && \
cd /app && \
git clone https://git.zx2c4.com/wireguard-linux-compat && \
git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
git checkout "${WIREGUARD_RELEASE}" && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \
make -C src -j$(nproc) && \
make -C src install && \
echo "**** install CoreDNS ****" && \
COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
curl -o \
/tmp/coredns.tar.gz -L \
"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \
tar xf \
/tmp/coredns.tar.gz -C \
/app && \
echo "**** clean up ****" && \
apk del --no-network build-dependencies && \
rm -rf \
/tmp/* \
/var/lib/apt/lists/* \
/var/tmp/*
/tmp/*
# add local files
COPY /root /

93
Jenkinsfile vendored
Unescape Escape View File

@ -24,7 +24,7 @@ pipeline {
DOCKERHUB_IMAGE = 'linuxserver/wireguard'
DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
DIST_IMAGE = 'ubuntu'
DIST_IMAGE = 'alpine'
MULTIARCH='true'
CI='false'
CI_WEB='false'
@ -39,10 +39,11 @@ pipeline {
// Setup all the basic environment variables needed for the build
stage("Set ENV Variables base"){
steps{
sh '''docker pull quay.io/skopeo/stable:v1 || : '''
script{
env.EXIT_STATUS = ''
env.LS_RELEASE = sh(
script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim()
env.LS_RELEASE_NOTES = sh(
script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''',
@ -228,7 +229,7 @@ pipeline {
script{
env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
}
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash'''
sh '''#! /bin/bash
docker run --rm \
-v ${WORKSPACE}:/mnt \
@ -376,6 +377,26 @@ pipeline {
}
}
}
// If this is a master build check the S6 service file perms
stage("Check S6 Service file Permissions"){
when {
branch "master"
environment name: 'CHANGE_ID', value: ''
environment name: 'EXIT_STATUS', value: ''
}
steps {
script{
sh '''#! /bin/bash
WRONG_PERM=$(find ./ -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print)
if [[ -n "${WRONG_PERM}" ]]; then
echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}"
exit 1
else
echo "S6 service file perms look good."
fi '''
}
}
}
/* #######################
GitLab Mirroring
####################### */
@ -668,6 +689,7 @@ pipeline {
]) {
script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
}
sh '''#! /bin/bash
set -e
@ -694,8 +716,6 @@ pipeline {
-e WEB_SCREENSHOT=\"${CI_WEB}\" \
-e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \
-e DO_REGION="ams3" \
-e DO_BUCKET="lsio-ci" \
-t ghcr.io/linuxserver/ci:latest \
python3 test_build.py'''
}
@ -949,8 +969,67 @@ pipeline {
environment name: 'EXIT_STATUS', value: ''
}
steps {
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \
-d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' '''
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"'''
}
}
}

19
README.md
Unescape Escape View File

@ -63,18 +63,12 @@ This image provides various versions that are available via tags. Please read th
| Tag | Available | Description |
| :----: | :----: |--- |
| latest | ✅ | Stable releases with support for compiling Wireguard modules |
| alpine | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules |
| latest | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules. |
| legacy | ✅ | Stable releases with support for compiling Wireguard modules. |
## Application Setup
During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container.
If the kernel is not built-in, or installed on host, the container will check if the kernel headers are present (in `/usr/src`) and if not, it will attempt to download the necessary kernel headers from the `ubuntu xenial/bionic`, `debian/raspbian buster` repos; then will attempt to compile and install the kernel module. If the kernel headers are not found in either `usr/src` or in the repos mentioned, container will sleep indefinitely as wireguard cannot be installed.
If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
This can be run as a server or a client, based on the parameters used.
## Server Mode
@ -147,7 +141,6 @@ services:
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
@ -162,7 +155,6 @@ services:
- LOG_CONFS=true #optional
volumes:
- /path/to/appdata/config:/config
- /lib/modules:/lib/modules #optional
ports:
- 51820:51820/udp
sysctls:
@ -176,7 +168,6 @@ services:
docker run -d \
--name=wireguard \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
@ -190,7 +181,6 @@ docker run -d \
-e LOG_CONFS=true `#optional` \
-p 51820:51820/udp \
-v /path/to/appdata/config:/config \
-v /lib/modules:/lib/modules `#optional` \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--restart unless-stopped \
lscr.io/linuxserver/wireguard:latest
@ -216,7 +206,6 @@ Container images are configured using parameters passed at runtime (such as thos
| `-e PERSISTENTKEEPALIVE_PEERS=` | Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode. |
| `-e LOG_CONFS=true` | Generated QR codes will be displayed in the docker log. Set to `false` to skip log output. |
| `-v /config` | Contains all relevant configuration files. |
| `-v /lib/modules` | Maps host's modules folder. Only required if compiling wireguard modules. |
| `--sysctl=` | Required for client mode. |
### Portainer notice
@ -332,11 +321,11 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **28.01.23:** - Patch wg-quick to suppress false positive sysctl warning.
* **26.04.23:** - Rework branches. Swap alpine and ubuntu builds.
* **29.01.23:** - Rebase to alpine 3.17.
* **10.01.23:** - Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used.
* **26.10.22:** - Better handle unsupported peer names. Improve logging.
* **12.10.22:** - Add Alpine branch. Optimize wg and coredns services.
* **09.10.22:** - Switch back to iptables-legacy due to issues on some hosts.
* **04.10.22:** - Rebase to Jammy. Upgrade to s6v3.
* **16.05.22:** - Improve NAT handling in server mode when multiple ethernet devices are present.
* **23.04.22:** - Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes.

4
jenkins-vars.yml
Unescape Escape View File

@ -15,7 +15,7 @@ repo_vars:
- DOCKERHUB_IMAGE = 'linuxserver/wireguard'
- DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
- PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
- DIST_IMAGE = 'ubuntu'
- DIST_IMAGE = 'alpine'
- MULTIARCH='true'
- CI='false'
- CI_WEB='false'
@ -26,4 +26,4 @@ repo_vars:
- CI_AUTH='user:password'
- CI_WEBPATH=''
sponsor_links:
- { name: "WireGuard", url: "https://www.wireguard.com/donations/" }
- { name: "WireGuard", url: "https://www.wireguard.com/donations/" }

558
package_versions.txt
Unescape Escape View File

@ -1,350 +1,208 @@
NAME VERSION TYPE
adduser 3.118ubuntu5 deb
apt 2.4.8 deb
apt-utils 2.4.8 deb
base-files 12ubuntu4.3 deb
base-passwd 3.5.52build1 deb
bash 5.1-6ubuntu1 deb
bc 1.07.1-3build1 deb
binutils 2.38-4ubuntu2.1 deb
binutils-common 2.38-4ubuntu2.1 deb
binutils-x86-64-linux-gnu 2.38-4ubuntu2.1 deb
bsdutils 1:2.37.2-4ubuntu3 deb
build-essential 12.9ubuntu3 deb
bzip2 1.0.8-5build1 deb
ca-certificates 20211016ubuntu0.22.04.1 deb
cloud.google.com/go/compute/metadata v0.2.3 go-module
coreutils 8.32-4.1ubuntu1 deb
cpp 4:11.2.0-1ubuntu1 deb
cpp-11 11.3.0-1ubuntu1~22.04 deb
cpp-12 12.1.0-2ubuntu1~22.04 deb
curl 7.81.0-1ubuntu1.10 deb
dash 0.5.11+git20210903+057cd650a4ed-3build1 deb
dctrl-tools 2.24-3build2 deb
debconf 1.5.79ubuntu1 deb
debianutils 5.5-1ubuntu2 deb
diffutils 1:3.8-0ubuntu2 deb
dirmngr 2.2.27-3ubuntu2.1 deb
distro-info-data 0.52ubuntu0.3 deb
dkms 2.8.7-2ubuntu2.1 deb
dpkg 1.21.1ubuntu2.1 deb
dpkg-dev 1.21.1ubuntu2.1 deb
e2fsprogs 1.46.5-2ubuntu1.1 deb
findutils 4.8.0-1ubuntu3 deb
g++ 4:11.2.0-1ubuntu1 deb
g++-11 11.3.0-1ubuntu1~22.04 deb
gcc 4:11.2.0-1ubuntu1 deb
gcc-11 11.3.0-1ubuntu1~22.04 deb
gcc-11-base 11.3.0-1ubuntu1~22.04 deb
gcc-12 12.1.0-2ubuntu1~22.04 deb
gcc-12-base 12.1.0-2ubuntu1~22.04 deb
git 1:2.34.1-1ubuntu1.8 deb
git-man 1:2.34.1-1ubuntu1.8 deb
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible go-module
github.com/Azure/go-autorest/autorest v0.11.28 go-module
github.com/Azure/go-autorest/autorest/adal v0.9.18 go-module
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 go-module
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 go-module
github.com/Azure/go-autorest/autorest/date v0.3.0 go-module
github.com/Azure/go-autorest/autorest/to v0.2.0 go-module
github.com/Azure/go-autorest/logger v0.2.1 go-module
github.com/Azure/go-autorest/tracing v0.6.0 go-module
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 go-module
github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.42.0-rc.1 go-module
github.com/DataDog/datadog-go v4.8.2+incompatible go-module
github.com/DataDog/datadog-go/v5 v5.0.2 go-module
github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork go-module
github.com/DataDog/sketches-go v1.2.1 go-module
github.com/antonmedv/expr v1.12.0 go-module
github.com/apparentlymart/go-cidr v1.1.0 go-module
github.com/aws/aws-sdk-go v1.44.194 go-module
github.com/beorn7/perks v1.0.1 go-module
github.com/cespare/xxhash/v2 v2.1.2 go-module
github.com/coredns/caddy v1.1.1 go-module
github.com/coredns/coredns v0.0.0-20230206182419-055b2c31a9cf go-module
github.com/coreos/go-semver v0.3.0 go-module
github.com/coreos/go-systemd/v22 v22.3.2 go-module
github.com/davecgh/go-spew v1.1.1 go-module
github.com/dgraph-io/ristretto v0.1.0 go-module
github.com/dimchansky/utfbom v1.1.1 go-module
github.com/dnstap/golang-dnstap v0.4.0 go-module
github.com/dustin/go-humanize v1.0.0 go-module
github.com/emicklei/go-restful/v3 v3.9.0 go-module
github.com/farsightsec/golang-framestream v0.3.0 go-module
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module
github.com/go-logr/logr v1.2.3 go-module
github.com/go-openapi/jsonpointer v0.19.5 go-module
github.com/go-openapi/jsonreference v0.20.0 go-module
github.com/go-openapi/swag v0.19.14 go-module
github.com/gogo/protobuf v1.3.2 go-module
github.com/golang-jwt/jwt/v4 v4.2.0 go-module
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b go-module
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module
github.com/golang/protobuf v1.5.2 go-module
github.com/google/gnostic v0.5.7-v3refs go-module
github.com/google/go-cmp v0.5.9 go-module
github.com/google/gofuzz v1.2.0 go-module
github.com/google/uuid v1.3.0 go-module
github.com/googleapis/enterprise-certificate-proxy v0.2.1 go-module
github.com/googleapis/gax-go/v2 v2.7.0 go-module
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module
github.com/imdario/mergo v0.3.12 go-module
github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module
github.com/jmespath/go-jmespath v0.4.0 go-module
github.com/josharian/intern v1.0.0 go-module
github.com/json-iterator/go v1.1.12 go-module
github.com/mailru/easyjson v0.7.7 go-module
github.com/matttproud/golang_protobuf_extensions v1.0.4 go-module
github.com/miekg/dns v1.1.50 go-module
github.com/mitchellh/go-homedir v1.1.0 go-module
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module
github.com/modern-go/reflect2 v1.0.2 go-module
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module
github.com/opentracing/opentracing-go v1.2.0 go-module
github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 go-module
github.com/openzipkin/zipkin-go v0.4.1 go-module
github.com/oschwald/geoip2-golang v1.8.0 go-module
github.com/oschwald/maxminddb-golang v1.10.0 go-module
github.com/philhofer/fwd v1.1.1 go-module
github.com/pkg/errors v0.9.1 go-module
github.com/prometheus/client_golang v1.14.0 go-module
github.com/prometheus/client_model v0.3.0 go-module
github.com/prometheus/common v0.39.0 go-module
github.com/prometheus/procfs v0.8.0 go-module
github.com/secure-systems-lab/go-securesystemslib v0.4.0 go-module
github.com/spf13/pflag v1.0.5 go-module
github.com/tinylib/msgp v1.1.6 go-module
gnupg 2.2.27-3ubuntu2.1 deb
gnupg-l10n 2.2.27-3ubuntu2.1 deb
gnupg-utils 2.2.27-3ubuntu2.1 deb
go.etcd.io/etcd/api/v3 v3.5.7 go-module
go.etcd.io/etcd/client/pkg/v3 v3.5.7 go-module
go.etcd.io/etcd/client/v3 v3.5.7 go-module
go.opencensus.io v0.24.0 go-module
go.uber.org/atomic v1.9.0 go-module
go.uber.org/multierr v1.6.0 go-module
go.uber.org/zap v1.17.0 go-module
golang.org/x/crypto v0.0.0-20221010152910-d6f0a8c073c2 go-module
golang.org/x/net v0.4.0 go-module
golang.org/x/oauth2 v0.3.0 go-module
golang.org/x/sys v0.4.0 go-module
golang.org/x/term v0.3.0 go-module
golang.org/x/text v0.5.0 go-module
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 go-module
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 go-module
google.golang.org/api v0.109.0 go-module
google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef go-module
google.golang.org/grpc v1.52.3 go-module
google.golang.org/protobuf v1.28.1 go-module
gopkg.in/DataDog/dd-trace-go.v1 v1.47.0 go-module
gopkg.in/inf.v0 v0.9.1 go-module
gopkg.in/yaml.v2 v2.4.0 go-module
gopkg.in/yaml.v3 v3.0.1 go-module
gpg 2.2.27-3ubuntu2.1 deb
gpg-agent 2.2.27-3ubuntu2.1 deb
gpg-wks-client 2.2.27-3ubuntu2.1 deb
gpg-wks-server 2.2.27-3ubuntu2.1 deb
gpgconf 2.2.27-3ubuntu2.1 deb
gpgsm 2.2.27-3ubuntu2.1 deb
gpgv 2.2.27-3ubuntu2.1 deb
grep 3.7-1build1 deb
gzip 1.10-4ubuntu4.1 deb
hostname 3.23ubuntu2 deb
ifupdown 0.8.36+nmu1ubuntu3 deb
init-system-helpers 1.62 deb
iproute2 5.15.0-1ubuntu2 deb
iptables 1.8.7-1ubuntu5 deb
iputils-ping 3:20211215-1 deb
jq 1.6-2.1ubuntu3 deb
k8s.io/api v0.26.1 go-module
k8s.io/apimachinery v0.26.1 go-module
k8s.io/client-go v0.26.1 go-module
k8s.io/klog/v2 v2.90.0 go-module
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 go-module
k8s.io/utils v0.0.0-20221107191617-1a15be271d1d go-module
kmod 29-1ubuntu1 deb
libacl1 2.3.1-1 deb
libapt-pkg6.0 2.4.8 deb
libasan6 11.3.0-1ubuntu1~22.04 deb
libasan8 12.1.0-2ubuntu1~22.04 deb
libassuan0 2.5.5-1build1 deb
libatomic1 12.1.0-2ubuntu1~22.04 deb
libattr1 1:2.5.1-1build1 deb
libaudit-common 1:3.0.7-1build1 deb
libaudit1 1:3.0.7-1build1 deb
libbinutils 2.38-4ubuntu2.1 deb
libblkid1 2.37.2-4ubuntu3 deb
libbpf0 1:0.5.0-1ubuntu22.04.1 deb
libbrotli1 1.0.9-2build6 deb
libbsd0 0.11.5-1 deb
libbz2-1.0 1.0.8-5build1 deb
libc-bin 2.35-0ubuntu3.1 deb
libc-dev-bin 2.35-0ubuntu3.1 deb
libc6 2.35-0ubuntu3.1 deb
libc6-dev 2.35-0ubuntu3.1 deb
libcap-ng0 0.7.9-2.2build3 deb
libcap2 1:2.44-1build3 deb
libcap2-bin 1:2.44-1build3 deb
libcc1-0 12.1.0-2ubuntu1~22.04 deb
libcom-err2 1.46.5-2ubuntu1.1 deb
libcrypt-dev 1:4.4.27-1 deb
libcrypt1 1:4.4.27-1 deb
libctf-nobfd0 2.38-4ubuntu2.1 deb
libctf0 2.38-4ubuntu2.1 deb
libcurl3-gnutls 7.81.0-1ubuntu1.10 deb
libcurl4 7.81.0-1ubuntu1.10 deb
libdb5.3 5.3.28+dfsg1-0.8ubuntu3 deb
libdebconfclient0 0.261ubuntu1 deb
libdpkg-perl 1.21.1ubuntu2.1 deb
libelf-dev 0.186-1build1 deb
libelf1 0.186-1build1 deb
liberror-perl 0.17029-1 deb
libexpat1 2.4.7-1ubuntu0.2 deb
libext2fs2 1.46.5-2ubuntu1.1 deb
libffi8 3.4.2-4 deb
libgcc-11-dev 11.3.0-1ubuntu1~22.04 deb
libgcc-12-dev 12.1.0-2ubuntu1~22.04 deb
libgcc-s1 12.1.0-2ubuntu1~22.04 deb
libgcrypt20 1.9.4-3ubuntu3 deb
libgdbm-compat4 1.23-1 deb
libgdbm6 1.23-1 deb
libglib2.0-0 2.72.4-0ubuntu1 deb
libgmp10 2:6.2.1+dfsg-3ubuntu1 deb
libgnutls30 3.7.3-4ubuntu1.2 deb
libgomp1 12.1.0-2ubuntu1~22.04 deb
libgpg-error0 1.43-3 deb
libgssapi-krb5-2 1.19.2-2ubuntu0.1 deb
libhogweed6 3.7.3-1build2 deb
libidn2-0 2.3.2-2build1 deb
libip4tc2 1.8.7-1ubuntu5 deb
libip6tc2 1.8.7-1ubuntu5 deb
libisl23 0.24-2build1 deb
libitm1 12.1.0-2ubuntu1~22.04 deb
libjq1 1.6-2.1ubuntu3 deb
libk5crypto3 1.19.2-2ubuntu0.1 deb
libkeyutils1 1.6.1-2ubuntu3 deb
libkmod2 29-1ubuntu1 deb
libkrb5-3 1.19.2-2ubuntu0.1 deb
libkrb5support0 1.19.2-2ubuntu0.1 deb
libksba8 1.6.0-2ubuntu0.2 deb
libldap-2.5-0 2.5.14+dfsg-0ubuntu0.22.04.2 deb
libldap-common 2.5.14+dfsg-0ubuntu0.22.04.2 deb
liblsan0 12.1.0-2ubuntu1~22.04 deb
liblz4-1 1.9.3-2build2 deb
liblzma5 5.2.5-2ubuntu1 deb
libmd0 1.0.4-1build1 deb
libmnl0 1.0.4-3build2 deb
libmount1 2.37.2-4ubuntu3 deb
libmpc3 1.2.1-2build1 deb
libmpdec3 2.5.1-2build2 deb
libmpfr6 4.1.0-3build3 deb
libncurses6 6.3-2 deb
libncursesw6 6.3-2 deb
libnetfilter-conntrack3 1.0.9-1 deb
libnettle8 3.7.3-1build2 deb
libnfnetlink0 1.0.1-3build3 deb
libnftnl11 1.2.1-1build1 deb
libnghttp2-14 1.43.0-1build3 deb
libnpth0 1.6-3build2 deb
libnsl-dev 1.3.0-2build2 deb
libnsl2 1.3.0-2build2 deb
libonig5 6.9.7.1-2build1 deb
libp11-kit0 0.24.0-6build1 deb
libpam-modules 1.4.0-11ubuntu2.3 deb
libpam-modules-bin 1.4.0-11ubuntu2.3 deb
libpam-runtime 1.4.0-11ubuntu2.3 deb
libpam0g 1.4.0-11ubuntu2.3 deb
libpcre2-8-0 10.39-3ubuntu0.1 deb
libpcre3 2:8.39-13ubuntu0.22.04.1 deb
libperl5.34 5.34.0-3ubuntu1.1 deb
libpng16-16 1.6.37-3build5 deb
libprocps8 2:3.3.17-6ubuntu2 deb
libpsl5 0.21.0-1.2build2 deb
libpython3-stdlib 3.10.6-1~22.04 deb
libpython3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb
libpython3.10-stdlib 3.10.6-1~22.04.2ubuntu1 deb
libqrencode4 4.1.1-1 deb
libquadmath0 12.1.0-2ubuntu1~22.04 deb
libreadline8 8.1.2-1 deb
librtmp1 2.4+20151223.gitfa8646d.1-2build4 deb
libsasl2-2 2.1.27+dfsg2-3ubuntu1.2 deb
libsasl2-modules 2.1.27+dfsg2-3ubuntu1.2 deb
libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1.2 deb
libseccomp2 2.5.3-2ubuntu2 deb
libselinux1 3.3-1build2 deb
libsemanage-common 3.3-1build2 deb
libsemanage2 3.3-1build2 deb
libsepol2 3.3-1build1 deb
libsmartcols1 2.37.2-4ubuntu3 deb
libsqlite3-0 3.37.2-2ubuntu0.1 deb
libss2 1.46.5-2ubuntu1.1 deb
libssh-4 0.9.6-2build1 deb
libssl3 3.0.2-0ubuntu1.8 deb
libstdc++-11-dev 11.3.0-1ubuntu1~22.04 deb
libstdc++6 12.1.0-2ubuntu1~22.04 deb
libsystemd0 249.11-0ubuntu3.9 deb
libtasn1-6 4.18.0-4build1 deb
libtinfo6 6.3-2 deb
libtirpc-common 1.3.2-2ubuntu0.1 deb
libtirpc-dev 1.3.2-2ubuntu0.1 deb
libtirpc3 1.3.2-2ubuntu0.1 deb
libtsan0 11.3.0-1ubuntu1~22.04 deb
libtsan2 12.1.0-2ubuntu1~22.04 deb
libubsan1 12.1.0-2ubuntu1~22.04 deb
libudev1 249.11-0ubuntu3.9 deb
libunistring2 1.0-1 deb
libuuid1 2.37.2-4ubuntu3 deb
libxtables12 1.8.7-1ubuntu5 deb
libxxhash0 0.8.1-1 deb
libzstd1 1.4.8+dfsg-3build1 deb
linux-libc-dev 5.15.0-70.77 deb
locales 2.35-0ubuntu3.1 deb
login 1:4.8.1-2ubuntu2.1 deb
logsave 1.46.5-2ubuntu1.1 deb
lsb-base 11.1.0ubuntu4 deb
lsb-release 11.1.0ubuntu4 deb
lto-disabled-list 24 deb
make 4.3-4.1build1 deb
mawk 1.3.4.20200120-3 deb
media-types 7.0.0 deb
mount 2.37.2-4ubuntu3 deb
ncurses-base 6.3-2 deb
ncurses-bin 6.3-2 deb
net-tools 1.60+git20181103.0eebece-1ubuntu5 deb
netbase 6.3 deb
netcat 1.218-4ubuntu1 deb
netcat-openbsd 1.218-4ubuntu1 deb
openresolv 3.12.0-2 deb
openssl 3.0.2-0ubuntu1.8 deb
passwd 1:4.8.1-2ubuntu2.1 deb
patch 2.7.6-7build2 deb
perl 5.34.0-3ubuntu1.1 deb
perl-base 5.34.0-3ubuntu1.1 deb
perl-modules-5.34 5.34.0-3ubuntu1.1 deb
pinentry-curses 1.1.1-1build2 deb
pkg-config 0.29.2-1ubuntu3 deb
procps 2:3.3.17-6ubuntu2 deb
publicsuffix 20211207.1025-1 deb
python 3.10.6 binary
python3 3.10.6-1~22.04 deb
python3-minimal 3.10.6-1~22.04 deb
python3.10 3.10.6-1~22.04.2ubuntu1 deb
python3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb
qrencode 4.1.1-1 deb
readline-common 8.1.2-1 deb
rpcsvc-proto 1.4.2-0ubuntu6 deb
sed 4.8-1ubuntu2 deb
sensible-utils 0.0.17 deb
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 go-module
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 go-module
sigs.k8s.io/yaml v1.3.0 go-module
sysvinit-utils 3.01-1ubuntu1 deb
tar 1.34+dfsg-1ubuntu0.1.22.04.1 deb
tzdata 2023c-0ubuntu0.22.04.0 deb
ubuntu-keyring 2021.03.26 deb
usrmerge 25ubuntu2 deb
util-linux 2.37.2-4ubuntu3 deb
xz-utils 5.2.5-2ubuntu1 deb
zlib1g 1:1.2.11.dfsg-2ubuntu9.2 deb
zlib1g-dev 1:1.2.11.dfsg-2ubuntu9.2 deb
NAME VERSION TYPE
alpine-baselayout 3.4.0-r0 apk
alpine-baselayout-data 3.4.0-r0 apk
alpine-keys 2.4-r1 apk
alpine-release 3.17.3-r0 apk
apk-tools 2.12.10-r1 apk
bash 5.2.15-r0 apk
bc 1.07.1-r2 apk
brotli-libs 1.0.9-r9 apk
busybox 1.35.0 binary
busybox 1.35.0-r29 apk
busybox-binsh 1.35.0-r29 apk
ca-certificates 20220614-r4 apk
ca-certificates-bundle 20220614-r4 apk
cloud.google.com/go/compute v1.7.0 go-module
coredns 1.10.0-r5 apk
coreutils 9.1-r0 apk
curl 8.0.1-r0 apk
gdbm 1.23-r0 apk
github.com/Azure/azure-sdk-for-go v66.0.0+incompatible go-module
github.com/Azure/go-autorest/autorest v0.11.28 go-module
github.com/Azure/go-autorest/autorest/adal v0.9.18 go-module
github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 go-module
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 go-module
github.com/Azure/go-autorest/autorest/date v0.3.0 go-module
github.com/Azure/go-autorest/autorest/to v0.2.0 go-module
github.com/Azure/go-autorest/logger v0.2.1 go-module
github.com/Azure/go-autorest/tracing v0.6.0 go-module
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 go-module
github.com/DataDog/datadog-go v4.8.2+incompatible go-module
github.com/DataDog/datadog-go/v5 v5.0.2 go-module
github.com/DataDog/sketches-go v1.2.1 go-module
github.com/PuerkitoBio/purell v1.1.1 go-module
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 go-module
github.com/apparentlymart/go-cidr v1.1.0 go-module
github.com/aws/aws-sdk-go v1.44.95 go-module
github.com/beorn7/perks v1.0.1 go-module
github.com/cespare/xxhash/v2 v2.1.2 go-module
github.com/coredns/caddy v1.1.1 go-module
github.com/coredns/coredns (devel) go-module
github.com/coredns/unbound v0.0.7 go-module
github.com/coreos/go-semver v0.3.0 go-module
github.com/coreos/go-systemd/v22 v22.3.2 go-module
github.com/davecgh/go-spew v1.1.1 go-module
github.com/dgraph-io/ristretto v0.1.0 go-module
github.com/dimchansky/utfbom v1.1.1 go-module
github.com/dnstap/golang-dnstap v0.4.0 go-module
github.com/dustin/go-humanize v1.0.0 go-module
github.com/emicklei/go-restful/v3 v3.8.0 go-module
github.com/farsightsec/golang-framestream v0.3.0 go-module
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module
github.com/go-logr/logr v1.2.3 go-module
github.com/go-openapi/jsonpointer v0.19.5 go-module
github.com/go-openapi/jsonreference v0.19.5 go-module
github.com/go-openapi/swag v0.19.14 go-module
github.com/gogo/protobuf v1.3.2 go-module
github.com/golang-jwt/jwt/v4 v4.2.0 go-module
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b go-module
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module
github.com/golang/protobuf v1.5.2 go-module
github.com/google/gnostic v0.5.7-v3refs go-module
github.com/google/go-cmp v0.5.8 go-module
github.com/google/gofuzz v1.2.0 go-module
github.com/google/uuid v1.3.0 go-module
github.com/googleapis/enterprise-certificate-proxy v0.1.0 go-module
github.com/googleapis/gax-go/v2 v2.4.0 go-module
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module
github.com/imdario/mergo v0.3.12 go-module
github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module
github.com/jmespath/go-jmespath v0.4.0 go-module
github.com/josharian/intern v1.0.0 go-module
github.com/json-iterator/go v1.1.12 go-module
github.com/mailru/easyjson v0.7.7 go-module
github.com/matttproud/golang_protobuf_extensions v1.0.1 go-module
github.com/miekg/coredns-git v0.0.0-20210209133530-8360cff99ce7 go-module
github.com/miekg/dns v1.1.50 go-module
github.com/miekg/unbound v0.0.0-20210309082708-dbeefb4cdb29 go-module
github.com/mitchellh/go-homedir v1.1.0 go-module
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module
github.com/modern-go/reflect2 v1.0.2 go-module
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module
github.com/opentracing/opentracing-go v1.2.0 go-module
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 go-module
github.com/openzipkin/zipkin-go v0.4.0 go-module
github.com/oschwald/geoip2-golang v1.8.0 go-module
github.com/oschwald/maxminddb-golang v1.10.0 go-module
github.com/oz123/coredns-netbox-plugin v0.4.0 go-module
github.com/philhofer/fwd v1.1.1 go-module
github.com/pkg/errors v0.9.1 go-module
github.com/prometheus/client_golang v1.13.0 go-module
github.com/prometheus/client_model v0.2.0 go-module
github.com/prometheus/common v0.37.0 go-module
github.com/prometheus/procfs v0.8.0 go-module
github.com/spf13/pflag v1.0.5 go-module
github.com/tinylib/msgp v1.1.2 go-module
gmp 6.2.1-r2 apk
gnupg 2.2.40-r0 apk
gnupg-dirmngr 2.2.40-r0 apk
gnupg-gpgconf 2.2.40-r0 apk
gnupg-utils 2.2.40-r0 apk
gnupg-wks-client 2.2.40-r0 apk
gnutls 3.7.8-r3 apk
go.etcd.io/etcd/api/v3 v3.5.4 go-module
go.etcd.io/etcd/client/pkg/v3 v3.5.4 go-module
go.etcd.io/etcd/client/v3 v3.5.4 go-module
go.opencensus.io v0.23.0 go-module
go.uber.org/atomic v1.9.0 go-module
go.uber.org/multierr v1.6.0 go-module
go.uber.org/zap v1.17.0 go-module
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa go-module
golang.org/x/net v0.0.0-20220722155237-a158d28d115b go-module
golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 go-module
golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 go-module
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 go-module
golang.org/x/text v0.3.7 go-module
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 go-module
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f go-module
google.golang.org/api v0.95.0 go-module
google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f go-module
google.golang.org/grpc v1.49.0 go-module
google.golang.org/protobuf v1.28.1 go-module
gopkg.in/DataDog/dd-trace-go.v1 v1.41.0 go-module
gopkg.in/inf.v0 v0.9.1 go-module
gopkg.in/yaml.v2 v2.4.0 go-module
gopkg.in/yaml.v3 v3.0.1 go-module
gpg 2.2.40-r0 apk
gpg-agent 2.2.40-r0 apk
gpg-wks-server 2.2.40-r0 apk
gpgsm 2.2.40-r0 apk
gpgv 2.2.40-r0 apk
grep 3.8-r1 apk
ip6tables 1.8.8-r2 apk
iproute2 6.0.0-r1 apk
iproute2-minimal 6.0.0-r1 apk
iproute2-ss 6.0.0-r1 apk
iproute2-tc 6.0.0-r1 apk
iptables 1.8.8-r2 apk
iputils 20211215-r0 apk
jq 1.6-r2 apk
k8s.io/api v0.25.0 go-module
k8s.io/apimachinery v0.25.0 go-module
k8s.io/client-go v0.24.4 go-module
k8s.io/klog/v2 v2.80.1 go-module
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 go-module
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed go-module
libacl 2.3.1-r1 apk
libassuan 2.5.5-r1 apk
libattr 2.5.1-r2 apk
libbsd 0.11.7-r0 apk
libbz2 1.0.8-r4 apk
libc-utils 0.7.2-r3 apk
libcap-utils 2.66-r0 apk
libcap2 2.66-r0 apk
libcrypto3 3.0.8-r3 apk
libcurl 8.0.1-r0 apk
libelf 0.187-r2 apk
libevent 2.1.12-r5 apk
libffi 3.4.4-r0 apk
libgcrypt 1.10.1-r0 apk
libgpg-error 1.46-r1 apk
libintl 0.21.1-r1 apk
libksba 1.6.3-r0 apk
libldap 2.6.3-r6 apk
libmd 1.0.4-r0 apk
libmnl 1.0.5-r0 apk
libnftnl 1.2.4-r0 apk
libpng 1.6.38-r0 apk
libproc 3.3.17-r2 apk
libqrencode 4.1.1-r1 apk
libsasl 2.1.28-r3 apk
libssl3 3.0.8-r3 apk
libtasn1 4.19.0-r0 apk
libunistring 1.1-r0 apk
linux-pam 1.5.2-r1 apk
mii-tool 2.10-r0 apk
musl 1.2.3-r4 apk
musl-fts 1.2.7-r3 apk
musl-utils 1.2.3-r4 apk
ncurses-libs 6.3_p20221119-r0 apk
ncurses-terminfo-base 6.3_p20221119-r0 apk
net-tools 2.10-r0 apk
netcat-openbsd 1.130-r4 apk
nettle 3.8.1-r0 apk
nghttp2-libs 1.51.0-r0 apk
npth 1.6-r2 apk
oniguruma 6.9.8-r0 apk
openresolv 3.12.0-r1 apk
p11-kit 0.24.1-r1 apk
pcre2 10.42-r0 apk
perl 5.36.0-r1 apk
pinentry 1.2.1-r0 apk
procps 3.3.17-r2 apk
readline 8.2.0-r0 apk
scanelf 1.3.5-r1 apk
shadow 4.13-r0 apk
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 go-module
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 go-module
sigs.k8s.io/yaml v1.2.0 go-module
skalibs 2.12.0.1-r0 apk
sqlite-libs 3.40.1-r0 apk
ssl_client 1.35.0-r29 apk
tzdata 2023c-r0 apk
unbound-libs 1.17.1-r0 apk
utmps-libs 0.1.2.0-r1 apk
xz 5.2.9-r0 apk
xz-libs 5.2.9-r0 apk
zlib 1.2.13-r0 apk

18
readme-vars.yml
Unescape Escape View File

@ -16,8 +16,8 @@ available_architectures:
# development version
development_versions: true
development_versions_items:
- { tag: "latest", desc: "Stable releases with support for compiling Wireguard modules" }
- { tag: "alpine", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules" }
- { tag: "latest", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules." }
- { tag: "legacy", desc: "Stable releases with support for compiling Wireguard modules." }
# container parameters
common_param_env_vars_enabled: true
@ -25,9 +25,6 @@ param_container_name: "{{ project_name }}"
param_usage_include_vols: true
param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
opt_param_usage_include_vols: true
opt_param_volumes:
- { vol_path: "/lib/modules", vol_host_path: "/lib/modules", desc: "Maps host's modules folder. Only required if compiling wireguard modules." }
param_usage_include_ports: true
param_ports:
- { external_port: "51820", internal_port: "51820/udp", port_desc: "wireguard port" }
@ -37,7 +34,6 @@ param_env_vars:
cap_add_param: true
cap_add_param_vars:
- { cap_add_var: "NET_ADMIN" }
- { cap_add_var: "SYS_MODULE" }
custom_params:
- { name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true" }
@ -61,12 +57,6 @@ app_setup_block_enabled: true
app_setup_block: |
During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container.
If the kernel is not built-in, or installed on host, the container will check if the kernel headers are present (in `/usr/src`) and if not, it will attempt to download the necessary kernel headers from the `ubuntu xenial/bionic`, `debian/raspbian buster` repos; then will attempt to compile and install the kernel module. If the kernel headers are not found in either `usr/src` or in the repos mentioned, container will sleep indefinitely as wireguard cannot be installed.
If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
This can be run as a server or a client, based on the parameters used.
## Server Mode
@ -127,11 +117,11 @@ app_setup_block: |
# changelog
changelogs:
- { date: "28.01.23:", desc: "Patch wg-quick to suppress false positive sysctl warning." }
- { date: "26.04.23:", desc: "Rework branches. Swap alpine and ubuntu builds." }
- { date: "29.01.23:", desc: "Rebase to alpine 3.17." }
- { date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used." }
- { date: "26.10.22:", desc: "Better handle unsupported peer names. Improve logging." }
- { date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services." }
- { date: "09.10.22:", desc: "Switch back to iptables-legacy due to issues on some hosts." }
- { date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3." }
- { date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present." }
- { date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes." }

22
root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run
Unescape Escape View File

@ -166,17 +166,17 @@ if [[ -n "$PEERS" ]]; then
generate_confs
save_vars
else
echo "**** Server mode is selected ****"
if [[ -f /config/.donoteditthisfile ]]; then
. /config/.donoteditthisfile
fi
if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then
echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
generate_confs
save_vars
else
echo "**** No changes to parameters. Existing configs are used. ****"
fi
echo "**** Server mode is selected ****"
if [[ -f /config/.donoteditthisfile ]]; then
. /config/.donoteditthisfile
fi
if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then
echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
generate_confs
save_vars
else
echo "**** No changes to parameters. Existing configs are used. ****"
fi
fi
else
echo "**** Client mode selected. ****"

159
root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
Unescape Escape View File

@ -6,161 +6,12 @@ echo "Uname info: $(uname -a)"
# check for wireguard module
ip link del dev test 2>/dev/null
if ip link add dev test type wireguard; then
echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****"
SKIP_COMPILE="true"
ip link del dev test
if [[ ! -f /built_wireguard_module ]]; then
if capsh --print | grep "Current:" | grep -q "cap_sys_module"; then
echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****"
fi
echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****"
ip link del dev test
if capsh --current | grep "Current:" | grep -q "cap_sys_module"; then
echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****"
fi
else
echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
fi
# install headers if necessary
if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; then
echo "**** Attempting kernel header install ****"
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
apt-get install -y \
linux-headers-$(uname -r)
elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then
echo "**** Raspbian kernel naming convention detected, attempting to install raspbian kernel headers ****"
curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add -
echo -e \
"deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \
> /etc/apt/sources.list.d/raspbian.list
apt-get update
apt-get install -y \
raspberrypi-kernel-headers
elif uname -v | grep -q 'Ubuntu'; then
echo "**** Ubuntu kernel detected, but likely not Jammy. ****"
echo "**** Attempting to install kernel headers from Ubuntu Focal repo ****"
if uname -m | grep -q 'x86_64'; then
echo -e \
"deb http://archive.ubuntu.com/ubuntu/ focal main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted" \
> /etc/apt/sources.list.d/xenial-bionic-focal.list
else
echo -e \
"deb http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted" \
> /etc/apt/sources.list.d/xenial-bionic-focal.list
fi
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
apt-get install -y \
linux-headers-$(uname -r)
else
echo "**** No kernel headers found in the Ubuntu Focal repo!! Trying Ubuntu Bionic. ****"
sed -i 's/focal/bionic/g' /etc/apt/sources.list.d/xenial-bionic-focal.list
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
apt-get install -y \
linux-headers-$(uname -r)
else
echo "**** No kernel headers found in the Ubuntu Bionic repo!! Trying Ubuntu Xenial. ****"
sed -i 's/bionic/xenial/g' /etc/apt/sources.list.d/xenial-bionic-focal.list
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
apt-get install -y \
linux-headers-$(uname -r)
else
echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****"
rm -rf /etc/apt/sources.list.d/xenial-bionic-focal.list
fi
fi
fi
elif uname -v | grep -q 'Debian'; then
echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****"
curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add -
curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | apt-key add -
cat <<DUDE > /etc/apt/sources.list.d/debian.list
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free
deb http://deb.debian.org/debian buster-backports main contrib non-free
deb-src http://deb.debian.org/debian buster-backports main contrib non-free
DUDE
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
if uname -r | grep -qs "bpo"; then
echo "**** Backported kernel detected ****"
apt-get install -y -t buster-backports \
linux-headers-$(uname -r)
else
apt-get install -y \
linux-headers-$(uname -r)
fi
else
echo "**** Attempting to install kernel headers from the Debian Stretch repo ****"
curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add -
curl -s https://ftp-master.debian.org/keys/archive-key-9-security.asc | apt-key add -
sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list
apt-get update
if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
if uname -r | grep -qs "bpo"; then
echo "**** Backported kernel detected ****"
apt-get install -y -t stretch-backports \
linux-headers-$(uname -r)
else
apt-get install -y \
linux-headers-$(uname -r)
fi
else
echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****"
rm -rf /etc/apt/sources.list.d/debian.list
fi
fi
else
echo "**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****"
fi
fi
if [ "$SKIP_COMPILE" != "true" ]; then
if [ -e /lib/modules/$(uname -r)/build ]; then
echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****"
if [ ! -f /lib/modules/$(uname -r)/build/certs/signing_key.pem ]; then
mkdir -p /lib/modules/$(uname -r)/build/certs
cd /lib/modules/$(uname -r)/build/certs
cat <<DUDE >> x509.genkey
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
DUDE
echo "**** Generating signing key ****"
openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem
fi
cd /app
echo "**** Building the module ****"
make -C wireguard-linux-compat/src -j$(nproc)
make -C wireguard-linux-compat/src install
echo "**** Let's test our new module. ****"
ip link del dev test 2>/dev/null
if ip link add dev test type wireguard; then
echo "**** The module is active, moving forward with setup. ****"
ip link del dev test
touch /built_wireguard_module
else
echo "**** The module is not active, review the logs. Sleeping now. . . ****"
sleep infinity
fi
else
echo "**** Kernel headers don't seem to be available in Ubuntu, Debian and Raspbian repos, or shared from the host; therefore can't compile the module. Sleeping now. . . ****"
echo "**** The wireguard module is not active. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
sleep infinity
fi
fi

18
root/etc/s6-overlay/s6-rc.d/svc-coredns/run
Unescape Escape View File

@ -7,14 +7,16 @@ fi
if [[ ${USE_COREDNS} == "false" ]]; then
s6-notifyoncheck -d -n 300 -w 1000 -c "echo **** Disabling CoreDNS ****" \
sleep infinity
elif grep -q "health" /config/coredns/Corefile; then
exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "redirfd -w 1 /dev/null curl -s http://localhost:8080/health" \
cd /config/coredns \
/app/coredns -dns.port=53
else
exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -zu localhost 53" \
if grep -q "health" /config/coredns/Corefile; then
exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "redirfd -w 1 /dev/null curl -s http://localhost:8080/health" \
cd /config/coredns \
/usr/bin/coredns -dns.port=53
else
exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -zu localhost 53" \
cd /config/coredns \
/app/coredns -dns.port=53
/usr/bin/coredns -dns.port=53
fi
fi

Write Preview
Loading…
Cancel
Save