From cd1968d191b30dc3d2c875bb44b8b3b8c79d5edf Mon Sep 17 00:00:00 2001 From: aptalca Date: Wed, 8 Apr 2020 10:46:14 -0400 Subject: [PATCH 1/3] update the scripts to use templates --- README.md | 1 + readme-vars.yml | 1 + root/app/add-peer | 30 ++++++++++++++---------------- root/app/show-peer | 5 ++++- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index ac13b94..00310af 100644 --- a/README.md +++ b/README.md @@ -253,6 +253,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **08.04.20:** - Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). * **05.04.20:** - Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs. * **01.04.20:** - Add `show-peer` script and include info on host installed headers. * **31.03.20:** - Initial Release. diff --git a/readme-vars.yml b/readme-vars.yml index 8e1375c..36f54ad 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -74,6 +74,7 @@ app_setup_block: | # changelog changelogs: + - { date: "08.04.20:", desc: "Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." } - { date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs." } - { date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers." } - { date: "31.03.20:", desc: "Initial Release." } diff --git a/root/app/add-peer b/root/app/add-peer index f1bda6f..447527f 100755 --- a/root/app/add-peer +++ b/root/app/add-peer @@ -1,12 +1,20 @@ #!/usr/bin/with-contenv bash -if [ ! -f /config/wg0.conf ] || [ -z "$PEERS" ] || [ -z "$SERVERURL" ]; then +if [ ! -f /config/wg0.conf ] || [ -z "$PEERS" ]; then echo "Wireguard is not set up in server mode" exit 0 fi +INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} +INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') +if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then + SERVERURL=$(curl icanhazip.com) +fi +SERVERPORT=${SERVERPORT:-51820} +PEERDNS=${PEERDNS:-8.8.8.8} + for i in {1..254}; do - if grep -q "AllowedIPs = 10.13.13.$(( $i + 1 ))/32" /config/wg0.conf; then + if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then echo "Peer $i exists" else echo "Adding new Peer $i" @@ -15,24 +23,14 @@ for i in {1..254}; do umask 077 wg genkey | tee /config/peer${i}/privatekey-peer${i} | wg pubkey > /config/peer${i}/publickey-peer${i} fi - SERVERPORT=${SERVERPORT:-51820} - PEERDNS=${PEERDNS:-8.8.8.8} + eval "`printf %s` cat < /config/peer${i}/peer${i}.conf -[Interface] -Address = 10.13.13.$(( $i + 1 )) -PrivateKey = $(cat /config/peer${i}/privatekey-peer${i}) -ListenPort = 51820 -DNS = ${PEERDNS} - -[Peer] -PublicKey = $(cat /config/server/publickey-server) -Endpoint = ${SERVERURL}:${SERVERPORT} -AllowedIPs = 0.0.0.0/0, ::/0 -DUDE +`cat /config/templates/peer.conf` +DUDE" cat <> /config/wg0.conf [Peer] PublicKey = $(cat /config/peer${i}/publickey-peer${i}) -AllowedIPs = 10.13.13.$(( $i + 1 ))/32 +AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32 DUDE echo "PEER ${i} QR code:" diff --git a/root/app/show-peer b/root/app/show-peer index 4264343..b283464 100755 --- a/root/app/show-peer +++ b/root/app/show-peer @@ -5,8 +5,11 @@ if [ ! $# -gt 0 ]; then exit 0 fi +INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} +INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') + for i in "$@"; do - if grep -q "AllowedIPs = 10.13.13.$(( $i + 1 ))/32" /config/wg0.conf; then + if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then echo "PEER $i QR code:" qrencode -t ansiutf8 < /config/peer${i}/peer${i}.conf else From cb8e6a1a634bd12f47ff2c03fc233bd5da895c1f Mon Sep 17 00:00:00 2001 From: aptalca Date: Wed, 8 Apr 2020 13:32:43 -0400 Subject: [PATCH 2/3] multi-arch, add coredns --- Dockerfile | 9 ++++++ Dockerfile.aarch64 | 51 +++++++++++++++++++++++++++++++++ Dockerfile.armhf | 51 +++++++++++++++++++++++++++++++++ Jenkinsfile | 2 +- README.md | 8 ++++-- jenkins-vars.yml | 2 +- readme-vars.yml | 10 +++++-- root/app/add-peer | 4 ++- root/defaults/Corefile | 3 ++ root/etc/cont-init.d/30-config | 33 +++++++++++++++++---- root/etc/services.d/coredns/run | 6 ++++ 11 files changed, 165 insertions(+), 14 deletions(-) create mode 100644 Dockerfile.aarch64 create mode 100644 Dockerfile.armhf create mode 100644 root/defaults/Corefile create mode 100644 root/etc/services.d/coredns/run diff --git a/Dockerfile b/Dockerfile index c8ad383..fa01dd8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,15 @@ RUN \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ apt-get install resolvconf && \ + echo "**** install CoreDNS ****" && \ + COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ + curl -o \ + /tmp/coredns.tar.gz -L \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ + tar xf \ + /tmp/coredns.tar.gz -C \ + /app && \ echo "**** clean up ****" && \ rm -rf \ /tmp/* \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 new file mode 100644 index 0000000..1e2b3a4 --- /dev/null +++ b/Dockerfile.aarch64 @@ -0,0 +1,51 @@ +FROM lsiobase/ubuntu:arm64v8-bionic + +# set version label +ARG BUILD_DATE +ARG VERSION +ARG WIREGUARD_RELEASE +LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" +LABEL maintainer="aptalca" + +ENV DEBIAN_FRONTEND="noninteractive" + +RUN \ + echo "**** install dependencies ****" && \ + apt-get update && \ + apt-get install -y \ + curl \ + dkms \ + gnupg \ + ifupdown \ + iproute2 \ + iptables \ + iputils-ping \ + libc6 \ + perl \ + qrencode && \ + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ + echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ + echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ + echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ + echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ + apt-get install resolvconf && \ + echo "**** install CoreDNS ****" && \ + COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ + curl -o \ + /tmp/coredns.tar.gz -L \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \ + tar xf \ + /tmp/coredns.tar.gz -C \ + /app && \ + echo "**** clean up ****" && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* + +# add local files +COPY /root / + +# ports and volumes +EXPOSE 51820/udp diff --git a/Dockerfile.armhf b/Dockerfile.armhf new file mode 100644 index 0000000..347ba62 --- /dev/null +++ b/Dockerfile.armhf @@ -0,0 +1,51 @@ +FROM lsiobase/ubuntu:arm32v7-bionic + +# set version label +ARG BUILD_DATE +ARG VERSION +ARG WIREGUARD_RELEASE +LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" +LABEL maintainer="aptalca" + +ENV DEBIAN_FRONTEND="noninteractive" + +RUN \ + echo "**** install dependencies ****" && \ + apt-get update && \ + apt-get install -y \ + curl \ + dkms \ + gnupg \ + ifupdown \ + iproute2 \ + iptables \ + iputils-ping \ + libc6 \ + perl \ + qrencode && \ + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ + echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ + echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ + echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ + echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ + apt-get install resolvconf && \ + echo "**** install CoreDNS ****" && \ + COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ + curl -o \ + /tmp/coredns.tar.gz -L \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ + tar xf \ + /tmp/coredns.tar.gz -C \ + /app && \ + echo "**** clean up ****" && \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* + +# add local files +COPY /root / + +# ports and volumes +EXPOSE 51820/udp diff --git a/Jenkinsfile b/Jenkinsfile index 8e97c40..b943ff0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,7 +24,7 @@ pipeline { DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' DIST_IMAGE = 'ubuntu' - MULTIARCH='false' + MULTIARCH='true' CI='false' CI_WEB='false' CI_PORT='8080' diff --git a/README.md b/README.md index 00310af..a95b783 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,8 @@ The architectures supported by this image are: | Architecture | Tag | | :----: | --- | | x86-64 | amd64-latest | +| arm64 | arm64v8-latest | +| armhf | arm32v7-latest | ## Usage @@ -162,10 +164,12 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel   ## Application Setup -This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). +This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). +With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). + This can be run as a server or a client, based on the parameters used. ## Server Mode @@ -253,7 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **08.04.20:** - Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). +* **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). * **05.04.20:** - Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs. * **01.04.20:** - Add `show-peer` script and include info on host installed headers. * **31.03.20:** - Initial Release. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index ee922c2..b611109 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -16,7 +16,7 @@ repo_vars: - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - DIST_IMAGE = 'ubuntu' - - MULTIARCH='false' + - MULTIARCH='true' - CI='false' - CI_WEB='false' - CI_PORT='8080' diff --git a/readme-vars.yml b/readme-vars.yml index 36f54ad..701c837 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -10,6 +10,8 @@ project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_ # supported architectures available_architectures: - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} + - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} + - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"} # development version development_versions: false @@ -43,7 +45,7 @@ opt_param_env_vars: - { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"} - { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."} - { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode."} - - { env_var: "PEERDNS", env_value: "8.8.8.8", desc: "DNS server set in peer/client configs. Used in server mode."} + - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."} - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."} optional_block_1: false @@ -52,10 +54,12 @@ optional_block_1_items: "" # application setup block app_setup_block_enabled: true app_setup_block: | - This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). + This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). + With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). + This can be run as a server or a client, based on the parameters used. ## Server Mode @@ -74,7 +78,7 @@ app_setup_block: | # changelog changelogs: - - { date: "08.04.20:", desc: "Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." } + - { date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." } - { date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs." } - { date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers." } - { date: "31.03.20:", desc: "Initial Release." } diff --git a/root/app/add-peer b/root/app/add-peer index 447527f..f9cf686 100755 --- a/root/app/add-peer +++ b/root/app/add-peer @@ -11,7 +11,9 @@ if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then SERVERURL=$(curl icanhazip.com) fi SERVERPORT=${SERVERPORT:-51820} -PEERDNS=${PEERDNS:-8.8.8.8} +if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then + PEERDNS="${INTERFACE}.1" +fi for i in {1..254}; do if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then diff --git a/root/defaults/Corefile b/root/defaults/Corefile new file mode 100644 index 0000000..cfcfa0b --- /dev/null +++ b/root/defaults/Corefile @@ -0,0 +1,3 @@ +. { + forward . 127.0.0.11 +} \ No newline at end of file diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 29f5639..d736e68 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -1,6 +1,6 @@ #!/usr/bin/with-contenv bash -mkdir -p /config/templates +mkdir -p /config/{templates,coredns} # install headers and wireguard apt-get update @@ -8,7 +8,18 @@ if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then apt-get install -y \ linux-headers-$(uname -r) \ wireguard +elif uname -r | grep -q 'v7l+'; then + echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers" + curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - + echo -e \ + "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ + > /etc/apt/sources.list.d/raspbian.list + apt-get update + apt-get install -y \ + raspberrypi-kernel-headers \ + wireguard elif uname -v | grep -q 'Ubuntu'; then + echo "Attempting to install kernel headers from Ubuntu Xenial repo" curl -s http://archive.ubuntu.com/ubuntu/dists/xenial/Release.gpg | apt-key add - echo -e \ "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ @@ -19,11 +30,12 @@ elif uname -v | grep -q 'Ubuntu'; then linux-headers-$(uname -r) \ wireguard else - echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work" + echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work" apt-get install -y \ wireguard fi elif uname -v | grep -q 'Debian'; then + echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - echo -e \ "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free" \ @@ -34,6 +46,7 @@ elif uname -v | grep -q 'Debian'; then linux-headers-$(uname -r) \ wireguard else + echo "Attempting to install kernel headers from the Debian Stretch repo" curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list apt-get update @@ -42,13 +55,13 @@ elif uname -v | grep -q 'Debian'; then linux-headers-$(uname -r) \ wireguard else - echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work" + echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" apt-get install -y \ wireguard fi fi else - echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work" + echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work" apt-get install -y \ wireguard fi @@ -120,11 +133,15 @@ if [ -n "$PEERS" ]; then fi SERVERPORT=${SERVERPORT:-51820} echo "External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container" - PEERDNS=${PEERDNS:-8.8.8.8} - echo "DNS server is set to $PEERDNS" INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} echo "Internal subnet is set to $INTERNAL_SUBNET" INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') + if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then + PEERDNS="${INTERFACE}.1" + echo "PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS." + else + echo "Peer DNS servers will be set to $PEERDNS" + fi if [ ! -f /config/wg0.conf ]; then echo "No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs" generate_confs @@ -149,6 +166,10 @@ else fi fi +# set up CoreDNS +[[ ! -f /config/coredns/Corefile ]] && \ + cp /defaults/Corefile /config/coredns/Corefile + # permissions chown -R abc:abc \ /config diff --git a/root/etc/services.d/coredns/run b/root/etc/services.d/coredns/run new file mode 100644 index 0000000..f073c29 --- /dev/null +++ b/root/etc/services.d/coredns/run @@ -0,0 +1,6 @@ +#!/usr/bin/with-contenv bash + +cd /config/coredns + +exec \ + /app/coredns -dns.port=53 \ No newline at end of file From e724cf3644a404af6b60273d46968359bb41dcac Mon Sep 17 00:00:00 2001 From: aptalca Date: Thu, 9 Apr 2020 11:39:46 -0400 Subject: [PATCH 3/3] update readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a95b783..2bf3316 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ docker create \ -e SERVERURL=wireguard.domain.com `#optional` \ -e SERVERPORT=51820 `#optional` \ -e PEERS=1 `#optional` \ - -e PEERDNS=8.8.8.8 `#optional` \ + -e PEERDNS=auto `#optional` \ -e INTERNAL_SUBNET=10.13.13.0 `#optional` \ -p 51820:51820/udp \ -v /path/to/appdata/config:/config \ @@ -104,7 +104,7 @@ services: - SERVERURL=wireguard.domain.com #optional - SERVERPORT=51820 #optional - PEERS=1 #optional - - PEERDNS=8.8.8.8 #optional + - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0 #optional volumes: - /path/to/appdata/config:/config @@ -129,7 +129,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e SERVERURL=wireguard.domain.com` | External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically | | `-e SERVERPORT=51820` | External port for docker host. Used in server mode. | | `-e PEERS=1` | Number of peers to create confs for. Required for server mode. | -| `-e PEERDNS=8.8.8.8` | DNS server set in peer/client configs. Used in server mode. | +| `-e PEERDNS=auto` | DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward. | | `-e INTERNAL_SUBNET=10.13.13.0` | Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. | | `-v /config` | Contains all relevant configuration files. | | `-v /lib/modules` | Maps host's modules folder. | @@ -257,7 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). +* **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). * **05.04.20:** - Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs. * **01.04.20:** - Add `show-peer` script and include info on host installed headers. * **31.03.20:** - Initial Release.