diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 4cca2ad..2d3799f 100755 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,2 +1,3 @@ +github: linuxserver open_collective: linuxserver custom: ["https://www.wireguard.com/donations/",] diff --git a/Dockerfile b/Dockerfile index fa01dd8..7ca9661 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN \ echo "**** install dependencies ****" && \ apt-get update && \ apt-get install -y \ + bc \ curl \ dkms \ gnupg \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 1e2b3a4..9aa7a40 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -13,6 +13,7 @@ RUN \ echo "**** install dependencies ****" && \ apt-get update && \ apt-get install -y \ + bc \ curl \ dkms \ gnupg \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 347ba62..a09dc5a 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -13,6 +13,7 @@ RUN \ echo "**** install dependencies ****" && \ apt-get update && \ apt-get install -y \ + bc \ curl \ dkms \ gnupg \ diff --git a/Jenkinsfile b/Jenkinsfile index b943ff0..1122c83 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -347,7 +347,9 @@ pipeline { sh "docker build --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm32v7-${META_TAG} lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" - sh "docker push lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" + retry(5) { + sh "docker push lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" + } sh '''docker rmi \ ${IMAGE}:arm32v7-${META_TAG} \ lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :''' @@ -374,7 +376,9 @@ pipeline { sh "docker build --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} \ --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${META_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." sh "docker tag ${IMAGE}:arm64v8-${META_TAG} lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - sh "docker push lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" + retry(5) { + sh "docker push lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" + } sh '''docker rmi \ ${IMAGE}:arm64v8-${META_TAG} \ lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :''' @@ -539,18 +543,22 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { + retry(5) { + sh '''#! /bin/bash + set -e + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin + echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + for PUSHIMAGE in "${QUAYIMAGE}" "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do + docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} + docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest + docker push ${PUSHIMAGE}:latest + docker push ${PUSHIMAGE}:${META_TAG} + done + ''' + } sh '''#! /bin/bash - set -e - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - for PUSHIMAGE in "${QUAYIMAGE}" "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do - docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest - docker push ${PUSHIMAGE}:latest - docker push ${PUSHIMAGE}:${META_TAG} - done for DELETEIMAGE in "${QUAYIMAGE}" "${GITHUBIMAGE}" "{GITLABIMAGE}" "${IMAGE}"; do docker rmi \ ${DELETEIMAGE}:${META_TAG} \ @@ -581,59 +589,61 @@ pipeline { passwordVariable: 'QUAYPASS' ] ]) { - sh '''#! /bin/bash - set -e - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - if [ "${CI}" == "false" ]; then - docker pull lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} - docker pull lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} - docker tag lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} - fi - for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}"; do - docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} - docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest - docker push ${MANIFESTIMAGE}:amd64-${META_TAG} - docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm32v7-latest - docker push ${MANIFESTIMAGE}:arm64v8-latest - docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:latest - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} - done - for LEGACYIMAGE in "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker tag ${IMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:amd64-${META_TAG} - docker tag ${IMAGE}:arm32v7-${META_TAG} ${LEGACYIMAGE}:arm32v7-${META_TAG} - docker tag ${IMAGE}:arm64v8-${META_TAG} ${LEGACYIMAGE}:arm64v8-${META_TAG} - docker tag ${LEGACYIMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:latest - docker tag ${LEGACYIMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:${META_TAG} - docker tag ${LEGACYIMAGE}:arm32v7-${META_TAG} ${LEGACYIMAGE}:arm32v7-latest - docker tag ${LEGACYIMAGE}:arm64v8-${META_TAG} ${LEGACYIMAGE}:arm64v8-latest - docker push ${LEGACYIMAGE}:amd64-${META_TAG} - docker push ${LEGACYIMAGE}:arm32v7-${META_TAG} - docker push ${LEGACYIMAGE}:arm64v8-${META_TAG} - docker push ${LEGACYIMAGE}:latest - docker push ${LEGACYIMAGE}:${META_TAG} - docker push ${LEGACYIMAGE}:arm32v7-latest - docker push ${LEGACYIMAGE}:arm64v8-latest - done - ''' + retry(5) { + sh '''#! /bin/bash + set -e + echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin + echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin + echo $GITHUB_TOKEN | docker login docker.pkg.github.com -u LinuxServer-CI --password-stdin + echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin + if [ "${CI}" == "false" ]; then + docker pull lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} + docker pull lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} + docker tag lsiodev/buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} + docker tag lsiodev/buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} + fi + for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}"; do + docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} + docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} + docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} + docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest + docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest + docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest + docker push ${MANIFESTIMAGE}:amd64-${META_TAG} + docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG} + docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} + docker push ${MANIFESTIMAGE}:amd64-latest + docker push ${MANIFESTIMAGE}:arm32v7-latest + docker push ${MANIFESTIMAGE}:arm64v8-latest + docker manifest push --purge ${MANIFESTIMAGE}:latest || : + docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest + docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm + docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 + docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : + docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} + docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm + docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 + docker manifest push --purge ${MANIFESTIMAGE}:latest + docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} + done + for LEGACYIMAGE in "${GITHUBIMAGE}" "${QUAYIMAGE}"; do + docker tag ${IMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:amd64-${META_TAG} + docker tag ${IMAGE}:arm32v7-${META_TAG} ${LEGACYIMAGE}:arm32v7-${META_TAG} + docker tag ${IMAGE}:arm64v8-${META_TAG} ${LEGACYIMAGE}:arm64v8-${META_TAG} + docker tag ${LEGACYIMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:latest + docker tag ${LEGACYIMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:${META_TAG} + docker tag ${LEGACYIMAGE}:arm32v7-${META_TAG} ${LEGACYIMAGE}:arm32v7-latest + docker tag ${LEGACYIMAGE}:arm64v8-${META_TAG} ${LEGACYIMAGE}:arm64v8-latest + docker push ${LEGACYIMAGE}:amd64-${META_TAG} + docker push ${LEGACYIMAGE}:arm32v7-${META_TAG} + docker push ${LEGACYIMAGE}:arm64v8-${META_TAG} + docker push ${LEGACYIMAGE}:latest + docker push ${LEGACYIMAGE}:${META_TAG} + docker push ${LEGACYIMAGE}:arm32v7-latest + docker push ${LEGACYIMAGE}:arm64v8-latest + done + ''' + } sh '''#! /bin/bash for DELETEIMAGE in "${QUAYIMAGE}" "${GITHUBIMAGE}" "${GITLABIMAGE}" "${IMAGE}"; do docker rmi \ diff --git a/README.md b/README.md index 0352f82..ac0c617 100644 --- a/README.md +++ b/README.md @@ -177,7 +177,7 @@ If the environment variable `PEERS` is set to a number, the container will run i Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET` and `PEERDNS` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs. -To add more peers/clients later on, you can run `docker exec -it wireguard /app/add-peer` while the container is running. +To add more peers/clients later on, you increment the `PEERS` environment variable and recreate the container. To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` (Keep in mind that the QR codes are also stored as PNGs in the config folder). @@ -257,6 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. * **13.04.20:** - Fix bug that forced conf recreation on every start. * **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops). diff --git a/readme-vars.yml b/readme-vars.yml index f4752de..6e48464 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -67,7 +67,7 @@ app_setup_block: | Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET` and `PEERDNS` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs. - To add more peers/clients later on, you can run `docker exec -it wireguard /app/add-peer` while the container is running. + To add more peers/clients later on, you increment the `PEERS` environment variable and recreate the container. To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` (Keep in mind that the QR codes are also stored as PNGs in the config folder). @@ -78,6 +78,7 @@ app_setup_block: | # changelog changelogs: + - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } - { date: "13.04.20:", desc: "Fix bug that forced conf recreation on every start." } - { date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 4fcd154..e73db9a 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -20,7 +20,6 @@ elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+'); then wireguard elif uname -v | grep -q 'Ubuntu'; then echo "Attempting to install kernel headers from Ubuntu Xenial repo" - curl -s http://archive.ubuntu.com/ubuntu/dists/xenial/Release.gpg | apt-key add - echo -e \ "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ > /etc/apt/sources.list.d/xenial.list @@ -38,22 +37,38 @@ elif uname -v | grep -q 'Debian'; then echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - echo -e \ - "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free" \ + "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ > /etc/apt/sources.list.d/debian.list apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + if uname -r | grep -qs "bpo"; then + echo "Backported kernel detected" + apt-get install -y -t buster-backports \ + linux-headers-$(uname -r) + apt-get install -y \ + wireguard + else + apt-get install -y \ + linux-headers-$(uname -r) \ + wireguard + fi else echo "Attempting to install kernel headers from the Debian Stretch repo" curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + if uname -r | grep -qs "bpo"; then + echo "Backported kernel detected" + apt-get install -y -t stretch-backports \ + linux-headers-$(uname -r) + apt-get install -y \ + wireguard + else + apt-get install -y \ + linux-headers-$(uname -r) \ + wireguard + fi else echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" apt-get install -y \