Archives/docker-wireguard
2
0
Fork 0
mirror of https://github.com/linuxserver/docker-wireguard synced 2024-11-06 09:20:26 +00:00
Code Issues Projects Releases Wiki Activity

Rebase to 3.20

Browse Source
This commit is contained in:
thespad 2024-05-24 15:30:42 +01:00
parent ca9b10cf73
commit cdfbdacea2
No known key found for this signature in database
GPG Key ID: 08F06191F4587860
7 changed files with 47 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/external_trigger.yml vendored
View File

@ -20,7 +20,8 @@ jobs:
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name)
EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:'"wireguard-tools"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "**** Can't retrieve external version, exiting ****"
FAILURE_REASON="Can't retrieve external version for wireguard branch master"
@ -73,6 +74,14 @@ jobs:
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"wireguard-tools"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then
echo "**** New version ${EXT_RELEASE} found; but not all arch repos updated yet; exiting ****"
echo "New version ${EXT_RELEASE} found; but not all arch repos updated yet; exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for wireguard tag latest is detected, however not all arch repos are updated yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY

25
Dockerfile
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine:3.19
FROM ghcr.io/linuxserver/baseimage-alpine:3.20
# set version label
ARG BUILD_DATE
@ -11,11 +11,6 @@ LABEL maintainer="thespad"
RUN \
echo "**** install dependencies ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
elfutils-dev \
git \
linux-headers && \
apk add --no-cache \
bc \
coredns \
@ -28,7 +23,8 @@ RUN \
libcap-utils \
libqrencode-tools \
net-tools \
openresolv && \
openresolv \
wireguard-tools && \
echo "wireguard" >> /etc/modules && \
cd /sbin && \
for i in ! !-save !-restore; do \
@ -37,22 +33,11 @@ RUN \
ln -s iptables-legacy$(echo "${i}" | cut -c2-) iptables$(echo "${i}" | cut -c2-) && \
ln -s ip6tables-legacy$(echo "${i}" | cut -c2-) ip6tables$(echo "${i}" | cut -c2-); \
done && \
echo "**** install wireguard-tools ****" && \
if [ -z ${WIREGUARD_RELEASE+x} ]; then \
WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
| jq -r .[0].name); \
fi && \
cd /app && \
git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
git checkout "${WIREGUARD_RELEASE}" && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \
make -C src -j$(nproc) && \
make -C src install && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick && \
rm -rf /etc/wireguard && \
ln -s /config/wg_confs /etc/wireguard && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** clean up ****" && \
apk del --no-network build-dependencies && \
rm -rf \
/tmp/*

25
Dockerfile.aarch64
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.19
FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20
# set version label
ARG BUILD_DATE
@ -11,11 +11,6 @@ LABEL maintainer="thespad"
RUN \
echo "**** install dependencies ****" && \
apk add --no-cache --virtual=build-dependencies \
build-base \
elfutils-dev \
git \
linux-headers && \
apk add --no-cache \
bc \
coredns \
@ -28,7 +23,8 @@ RUN \
libcap-utils \
libqrencode-tools \
net-tools \
openresolv && \
openresolv \
wireguard-tools && \
echo "wireguard" >> /etc/modules && \
cd /sbin && \
for i in ! !-save !-restore; do \
@ -37,22 +33,11 @@ RUN \
ln -s iptables-legacy$(echo "${i}" | cut -c2-) iptables$(echo "${i}" | cut -c2-) && \
ln -s ip6tables-legacy$(echo "${i}" | cut -c2-) ip6tables$(echo "${i}" | cut -c2-); \
done && \
echo "**** install wireguard-tools ****" && \
if [ -z ${WIREGUARD_RELEASE+x} ]; then \
WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \
| jq -r .[0].name); \
fi && \
cd /app && \
git clone https://git.zx2c4.com/wireguard-tools && \
cd wireguard-tools && \
git checkout "${WIREGUARD_RELEASE}" && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \
make -C src -j$(nproc) && \
make -C src install && \
sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick && \
rm -rf /etc/wireguard && \
ln -s /config/wg_confs /etc/wireguard && \
printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
echo "**** clean up ****" && \
apk del --no-network build-dependencies && \
rm -rf \
/tmp/*

22
Jenkinsfile vendored
View File

@ -25,14 +25,17 @@ pipeline {
DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
DIST_IMAGE = 'alpine'
DIST_TAG = '3.20'
DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/'
DIST_REPO_PACKAGES = 'wireguard-tools'
MULTIARCH='true'
CI='false'
CI_WEB='false'
CI_PORT='8080'
CI_SSL='false'
CI_DELAY='120'
CI_DOCKERENV='TZ=US/Pacific'
CI_AUTH='user:password'
CI_DELAY='60'
CI_DOCKERENV=''
CI_AUTH=''
CI_WEBPATH=''
}
stages {
@ -110,14 +113,15 @@ pipeline {
/* ########################
External Release Tagging
######################## */
// If this is a custom command to determine version use that command
stage("Set tag custom bash"){
// If this is an alpine repo change for external version determine an md5 from the version string
stage("Set tag Alpine Repo"){
steps{
script{
env.EXT_RELEASE = sh(
script: ''' curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name ''',
script: '''curl -sL "${DIST_REPO}x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:'"${DIST_REPO_PACKAGES}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://' ''',
returnStdout: true).trim()
env.RELEASE_LINK = 'custom_command'
env.RELEASE_LINK = 'alpine_repo'
}
}
}
@ -852,11 +856,11 @@ pipeline {
"tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' '''
echo "Pushing New release for Tag"
sh '''#! /bin/bash
echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo "Updating external repo packages to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo '{"tag_name":"'${META_TAG}'",\
"target_commitish": "master",\
"name": "'${META_TAG}'",\
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Repo Changes:**\\n\\n' > start
printf '","draft": false,"prerelease": false}' >> releasebody.json
paste -d'\\0' start releasebody.json > releasebody.json.done
curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''

5
README.md
View File

@ -160,7 +160,7 @@ services:
- PERSISTENTKEEPALIVE_PEERS= #optional
- LOG_CONFS=true #optional
volumes:
- /path/to/appdata/config:/config
- /path/to/wireguard/config:/config
- /lib/modules:/lib/modules #optional
ports:
- 51820:51820/udp
@ -188,7 +188,7 @@ docker run -d \
-e PERSISTENTKEEPALIVE_PEERS= `#optional` \
-e LOG_CONFS=true `#optional` \
-p 51820:51820/udp \
-v /path/to/appdata/config:/config \
-v /path/to/wireguard/config:/config \
-v /lib/modules:/lib/modules `#optional` \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--restart unless-stopped \
@ -382,6 +382,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **24.05.24:** - Rebase to Alpine 3.20, install wireguard-tools from Alpine repo.
* **10.03.24:** - Use iptables-legacy on Alpine 3.19.
* **05.03.24:** - Rebase master to Alpine 3.19.
* **03.10.23:** - **Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`.

13
jenkins-vars.yml
View File

@ -2,12 +2,10 @@
# jenkins variables
project_name: docker-wireguard
external_type: na
custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name"
external_type: alpine_repo
release_type: stable
release_tag: latest
ls_branch: master
build_armhf: false
repo_vars:
- CONTAINER_NAME = 'wireguard'
- BUILD_VERSION_ARG = 'WIREGUARD_VERSION'
@ -17,14 +15,17 @@ repo_vars:
- DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
- PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
- DIST_IMAGE = 'alpine'
- DIST_TAG = '3.20'
- DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/'
- DIST_REPO_PACKAGES = 'wireguard-tools'
- MULTIARCH='true'
- CI='false'
- CI_WEB='false'
- CI_PORT='8080'
- CI_SSL='false'
- CI_DELAY='120'
- CI_DOCKERENV='TZ=US/Pacific'
- CI_AUTH='user:password'
- CI_DELAY='60'
- CI_DOCKERENV=''
- CI_AUTH=''
- CI_WEBPATH=''
sponsor_links:
- { name: "WireGuard", url: "https://www.wireguard.com/donations/" }

7
readme-vars.yml
View File

@ -23,7 +23,7 @@ common_param_env_vars_enabled: true
param_container_name: "{{ project_name }}"
param_usage_include_vols: true
param_volumes:
- { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
- { vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Contains all relevant configuration files." }
opt_param_usage_include_vols: true
opt_param_volumes:
- { vol_path: "/lib/modules", vol_host_path: "/lib/modules", desc: "Host kernel modules for situations where they're not already loaded." }
@ -118,9 +118,9 @@ app_setup_block: |
Site-to-site VPN in server mode requires customizing the `AllowedIPs` statement for a specific peer in `wg0.conf`. Since `wg0.conf` is autogenerated when server vars are changed, it is not recommended to edit it manually.
In order to customize the `AllowedIPs` statement for a specific peer in `wg0.conf`, you can set an env var `SERVER_ALLOWEDIPS_PEER_<peer name or number>` to the additional subnets you'd like to add, comma separated and excluding the peer IP (ie. `"192.168.1.0/24,192.168.2.0/24"`). Replace `<peer name or number>` with either the name or number of a peer (whichever is used in the `PEERS` var).
For instance `SERVER_ALLOWEDIPS_PEER_laptop="192.168.1.0/24,192.168.2.0/24"` will result in the wg0.conf entry `AllowedIPs = 10.13.13.2,192.168.1.0/24,192.168.2.0/24` for the peer named `laptop`.
Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary.
Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access.
@ -128,6 +128,7 @@ app_setup_block: |
# changelog
changelogs:
- { date: "24.05.24:", desc: "Rebase to Alpine 3.20, install wireguard-tools from Alpine repo." }
- { date: "10.03.24:", desc: "Use iptables-legacy on Alpine 3.19." }
- { date: "05.03.24:", desc: "Rebase master to Alpine 3.19." }
- { date: "03.10.23:", desc: "**Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`." }