From 788970f4cbb5a12d43f5d65cefa6436dba66c6ce Mon Sep 17 00:00:00 2001 From: TheSpad Date: Wed, 26 Apr 2023 09:50:27 +0100 Subject: [PATCH] Switch master branch to alpine --- .github/workflows/call_issue_pr_tracker.yml | 6 +- .github/workflows/external_trigger.yml | 8 + .../workflows/external_trigger_scheduler.yml | 18 +- .github/workflows/package_trigger.yml | 4 + .../workflows/package_trigger_scheduler.yml | 8 +- Dockerfile | 51 +- Dockerfile.aarch64 | 51 +- Dockerfile.armhf | 49 +- Jenkinsfile | 93 ++- README.md | 19 +- jenkins-vars.yml | 4 +- package_versions.txt | 558 +++++++----------- readme-vars.yml | 18 +- .../s6-rc.d/init-wireguard-confs/run | 22 +- .../s6-rc.d/init-wireguard-module/run | 159 +---- root/etc/s6-overlay/s6-rc.d/svc-coredns/run | 18 +- 16 files changed, 419 insertions(+), 667 deletions(-) diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml index 87243e2c..2c307843 100755 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -2,9 +2,11 @@ name: Issue & PR Tracker on: issues: - types: [opened,reopened,labeled,unlabeled] + types: [opened,reopened,labeled,unlabeled,closed] pull_request_target: - types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] jobs: manage-project: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index c5eb5ca2..b4537edd 100755 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -14,9 +14,11 @@ jobs: run: | if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER }}" ]; then echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" + echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****" + echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY echo "**** Retrieving external version ****" EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name) if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then @@ -30,6 +32,7 @@ jobs: fi EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') echo "**** External version: ${EXT_RELEASE} ****" + echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY echo "**** Retrieving last pushed version ****" image="linuxserver/wireguard" tag="latest" @@ -65,14 +68,18 @@ jobs: exit 1 fi echo "**** Last pushed version: ${IMAGE_VERSION} ****" + echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" + echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" + echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" + echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=false \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") @@ -82,6 +89,7 @@ jobs: buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" echo "**** Jenkins job build url: ${buildurl} ****" + echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY echo "**** Attempting to change the Jenkins job description ****" curl -iX POST \ "${buildurl}submitDescription" \ diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index b677c14b..61c03c71 100755 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -2,7 +2,7 @@ name: External Trigger Scheduler on: schedule: - - cron: '25 * * * *' + - cron: '51 * * * *' workflow_dispatch: jobs: @@ -17,18 +17,18 @@ jobs: run: | echo "**** Branches found: ****" git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) do br=$(echo "$br" | sed 's|origin/||g') echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) - if [ "$br" == "$ls_branch" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" + ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml) + ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') + ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') + if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then + echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." + echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ @@ -36,8 +36,10 @@ jobs: https://api.github.com/repos/linuxserver/docker-wireguard/actions/workflows/external_trigger.yml/dispatches else echo "**** Workflow doesn't exist; skipping trigger. ****" + echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" + echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index 410a286d..32bf4865 100755 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -14,13 +14,16 @@ jobs: run: | if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER }}" ]; then echo "**** Github secret PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" + echo "Github secret \`PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" + echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY exit 0 fi echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\". ****" + echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=true \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") @@ -30,6 +33,7 @@ jobs: buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" echo "**** Jenkins job build url: ${buildurl} ****" + echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY echo "**** Attempting to change the Jenkins job description ****" curl -iX POST \ "${buildurl}submitDescription" \ diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index e9c4f2e0..bb2efa7c 100755 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -17,18 +17,16 @@ jobs: run: | echo "**** Branches found: ****" git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) do br=$(echo "$br" | sed 's|origin/||g') echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) + ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml | yq -r '.ls_branch') if [ "${br}" == "${ls_branch}" ]; then echo "**** Branch ${br} appears to be live; checking workflow. ****" if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" + echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY triggered_branches="${triggered_branches}${br} " curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ @@ -38,9 +36,11 @@ jobs: sleep 30 else echo "**** Workflow doesn't exist; skipping trigger. ****" + echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" diff --git a/Dockerfile b/Dockerfile index 373922b4..f6a95f4d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,64 +1,53 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-ubuntu:jammy +FROM ghcr.io/linuxserver/baseimage-alpine:3.17 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - dkms \ + apk add --no-cache --virtual=build-dependencies \ + build-base \ + elfutils-dev \ + gcc \ git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ gnupg \ - ifupdown \ + grep \ iproute2 \ iptables \ - iputils-ping \ - libc6 \ - libelf-dev \ + ip6tables \ + iputils \ + libcap-utils \ + libqrencode \ net-tools \ openresolv \ - perl \ - pkg-config \ - qrencode && \ - update-alternatives --set iptables /usr/sbin/iptables-legacy && \ + perl && \ + echo "wireguard" >> /etc/modules && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ + | jq -r .[0].name); \ fi && \ cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ git clone https://git.zx2c4.com/wireguard-tools && \ cd wireguard-tools && \ git checkout "${WIREGUARD_RELEASE}" && \ sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ make -C src -j$(nproc) && \ make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + /tmp/* # add local files COPY /root / diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 629b2aab..0f03e472 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,64 +1,53 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-jammy +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.17 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - dkms \ + apk add --no-cache --virtual=build-dependencies \ + build-base \ + elfutils-dev \ + gcc \ git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ gnupg \ - ifupdown \ + grep \ iproute2 \ iptables \ - iputils-ping \ - libc6 \ - libelf-dev \ + ip6tables \ + iputils \ + libcap-utils \ + libqrencode \ net-tools \ openresolv \ - perl \ - pkg-config \ - qrencode && \ - update-alternatives --set iptables /usr/sbin/iptables-legacy && \ + perl && \ + echo "wireguard" >> /etc/modules && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ + | jq -r .[0].name); \ fi && \ cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ git clone https://git.zx2c4.com/wireguard-tools && \ cd wireguard-tools && \ git checkout "${WIREGUARD_RELEASE}" && \ sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ make -C src -j$(nproc) && \ make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + /tmp/* # add local files COPY /root / diff --git a/Dockerfile.armhf b/Dockerfile.armhf index abe3a0e0..28189c41 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,64 +1,53 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-jammy +FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.17 # set version label ARG BUILD_DATE ARG VERSION ARG WIREGUARD_RELEASE LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" +LABEL maintainer="thespad" RUN \ echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - dkms \ + apk add --no-cache --virtual=build-dependencies \ + build-base \ + elfutils-dev \ + gcc \ git \ + linux-headers && \ + apk add --no-cache \ + bc \ + coredns \ gnupg \ - ifupdown \ + grep \ iproute2 \ iptables \ - iputils-ping \ - libc6 \ - libelf-dev \ + ip6tables \ + iputils \ + libcap-utils \ + libqrencode \ net-tools \ openresolv \ - perl \ - pkg-config \ - qrencode && \ - update-alternatives --set iptables /usr/sbin/iptables-legacy && \ + perl && \ + echo "wireguard" >> /etc/modules && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ | jq -r .[0].name); \ fi && \ cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ git clone https://git.zx2c4.com/wireguard-tools && \ cd wireguard-tools && \ git checkout "${WIREGUARD_RELEASE}" && \ sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ make -C src -j$(nproc) && \ make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ echo "**** clean up ****" && \ + apk del --no-network build-dependencies && \ rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* + /tmp/* # add local files COPY /root / diff --git a/Jenkinsfile b/Jenkinsfile index 2f0deb4d..7c4c3dc7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,7 +24,7 @@ pipeline { DOCKERHUB_IMAGE = 'linuxserver/wireguard' DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - DIST_IMAGE = 'ubuntu' + DIST_IMAGE = 'alpine' MULTIARCH='true' CI='false' CI_WEB='false' @@ -39,10 +39,11 @@ pipeline { // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + sh '''docker pull quay.io/skopeo/stable:v1 || : ''' script{ env.EXIT_STATUS = '' env.LS_RELEASE = sh( - script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', + script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() env.LS_RELEASE_NOTES = sh( script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', @@ -228,7 +229,7 @@ pipeline { script{ env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml' } - sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' + sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash''' sh '''#! /bin/bash docker run --rm \ -v ${WORKSPACE}:/mnt \ @@ -376,6 +377,26 @@ pipeline { } } } + // If this is a master build check the S6 service file perms + stage("Check S6 Service file Permissions"){ + when { + branch "master" + environment name: 'CHANGE_ID', value: '' + environment name: 'EXIT_STATUS', value: '' + } + steps { + script{ + sh '''#! /bin/bash + WRONG_PERM=$(find ./ -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print) + if [[ -n "${WRONG_PERM}" ]]; then + echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}" + exit 1 + else + echo "S6 service file perms look good." + fi ''' + } + } + } /* ####################### GitLab Mirroring ####################### */ @@ -668,6 +689,7 @@ pipeline { ]) { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' + env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' } sh '''#! /bin/bash set -e @@ -694,8 +716,6 @@ pipeline { -e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ - -e DO_REGION="ams3" \ - -e DO_BUCKET="lsio-ci" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } @@ -949,8 +969,67 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \ - -d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' ''' + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"''' + } } } diff --git a/README.md b/README.md index 8b8f39e7..3a2f8278 100644 --- a/README.md +++ b/README.md @@ -63,18 +63,12 @@ This image provides various versions that are available via tags. Please read th | Tag | Available | Description | | :----: | :----: |--- | -| latest | ✅ | Stable releases with support for compiling Wireguard modules | -| alpine | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules | +| latest | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules. | +| legacy | ✅ | Stable releases with support for compiling Wireguard modules. | ## Application Setup During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container. -If the kernel is not built-in, or installed on host, the container will check if the kernel headers are present (in `/usr/src`) and if not, it will attempt to download the necessary kernel headers from the `ubuntu xenial/bionic`, `debian/raspbian buster` repos; then will attempt to compile and install the kernel module. If the kernel headers are not found in either `usr/src` or in the repos mentioned, container will sleep indefinitely as wireguard cannot be installed. - -If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). - -With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). - This can be run as a server or a client, based on the parameters used. ## Server Mode @@ -147,7 +141,6 @@ services: container_name: wireguard cap_add: - NET_ADMIN - - SYS_MODULE environment: - PUID=1000 - PGID=1000 @@ -162,7 +155,6 @@ services: - LOG_CONFS=true #optional volumes: - /path/to/appdata/config:/config - - /lib/modules:/lib/modules #optional ports: - 51820:51820/udp sysctls: @@ -176,7 +168,6 @@ services: docker run -d \ --name=wireguard \ --cap-add=NET_ADMIN \ - --cap-add=SYS_MODULE \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ @@ -190,7 +181,6 @@ docker run -d \ -e LOG_CONFS=true `#optional` \ -p 51820:51820/udp \ -v /path/to/appdata/config:/config \ - -v /lib/modules:/lib/modules `#optional` \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ lscr.io/linuxserver/wireguard:latest @@ -216,7 +206,6 @@ Container images are configured using parameters passed at runtime (such as thos | `-e PERSISTENTKEEPALIVE_PEERS=` | Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode. | | `-e LOG_CONFS=true` | Generated QR codes will be displayed in the docker log. Set to `false` to skip log output. | | `-v /config` | Contains all relevant configuration files. | -| `-v /lib/modules` | Maps host's modules folder. Only required if compiling wireguard modules. | | `--sysctl=` | Required for client mode. | ### Portainer notice @@ -332,11 +321,11 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **28.01.23:** - Patch wg-quick to suppress false positive sysctl warning. +* **26.04.23:** - Rework branches. Swap alpine and ubuntu builds. +* **29.01.23:** - Rebase to alpine 3.17. * **10.01.23:** - Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used. * **26.10.22:** - Better handle unsupported peer names. Improve logging. * **12.10.22:** - Add Alpine branch. Optimize wg and coredns services. -* **09.10.22:** - Switch back to iptables-legacy due to issues on some hosts. * **04.10.22:** - Rebase to Jammy. Upgrade to s6v3. * **16.05.22:** - Improve NAT handling in server mode when multiple ethernet devices are present. * **23.04.22:** - Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 1b241b7f..9a3c819b 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -15,7 +15,7 @@ repo_vars: - DOCKERHUB_IMAGE = 'linuxserver/wireguard' - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - - DIST_IMAGE = 'ubuntu' + - DIST_IMAGE = 'alpine' - MULTIARCH='true' - CI='false' - CI_WEB='false' @@ -26,4 +26,4 @@ repo_vars: - CI_AUTH='user:password' - CI_WEBPATH='' sponsor_links: - - { name: "WireGuard", url: "https://www.wireguard.com/donations/" } \ No newline at end of file + - { name: "WireGuard", url: "https://www.wireguard.com/donations/" } diff --git a/package_versions.txt b/package_versions.txt index 70c29fad..aa4caf48 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,350 +1,208 @@ -NAME VERSION TYPE -adduser 3.118ubuntu5 deb -apt 2.4.8 deb -apt-utils 2.4.8 deb -base-files 12ubuntu4.3 deb -base-passwd 3.5.52build1 deb -bash 5.1-6ubuntu1 deb -bc 1.07.1-3build1 deb -binutils 2.38-4ubuntu2.1 deb -binutils-common 2.38-4ubuntu2.1 deb -binutils-x86-64-linux-gnu 2.38-4ubuntu2.1 deb -bsdutils 1:2.37.2-4ubuntu3 deb -build-essential 12.9ubuntu3 deb -bzip2 1.0.8-5build1 deb -ca-certificates 20211016ubuntu0.22.04.1 deb -cloud.google.com/go/compute/metadata v0.2.3 go-module -coreutils 8.32-4.1ubuntu1 deb -cpp 4:11.2.0-1ubuntu1 deb -cpp-11 11.3.0-1ubuntu1~22.04 deb -cpp-12 12.1.0-2ubuntu1~22.04 deb -curl 7.81.0-1ubuntu1.10 deb -dash 0.5.11+git20210903+057cd650a4ed-3build1 deb -dctrl-tools 2.24-3build2 deb -debconf 1.5.79ubuntu1 deb -debianutils 5.5-1ubuntu2 deb -diffutils 1:3.8-0ubuntu2 deb -dirmngr 2.2.27-3ubuntu2.1 deb -distro-info-data 0.52ubuntu0.3 deb -dkms 2.8.7-2ubuntu2.1 deb -dpkg 1.21.1ubuntu2.1 deb -dpkg-dev 1.21.1ubuntu2.1 deb -e2fsprogs 1.46.5-2ubuntu1.1 deb -findutils 4.8.0-1ubuntu3 deb -g++ 4:11.2.0-1ubuntu1 deb -g++-11 11.3.0-1ubuntu1~22.04 deb -gcc 4:11.2.0-1ubuntu1 deb -gcc-11 11.3.0-1ubuntu1~22.04 deb -gcc-11-base 11.3.0-1ubuntu1~22.04 deb -gcc-12 12.1.0-2ubuntu1~22.04 deb -gcc-12-base 12.1.0-2ubuntu1~22.04 deb -git 1:2.34.1-1ubuntu1.8 deb -git-man 1:2.34.1-1ubuntu1.8 deb -github.com/Azure/azure-sdk-for-go v68.0.0+incompatible go-module -github.com/Azure/go-autorest/autorest v0.11.28 go-module -github.com/Azure/go-autorest/autorest/adal v0.9.18 go-module -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 go-module -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 go-module -github.com/Azure/go-autorest/autorest/date v0.3.0 go-module -github.com/Azure/go-autorest/autorest/to v0.2.0 go-module -github.com/Azure/go-autorest/logger v0.2.1 go-module -github.com/Azure/go-autorest/tracing v0.6.0 go-module -github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 go-module -github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.42.0-rc.1 go-module -github.com/DataDog/datadog-go v4.8.2+incompatible go-module -github.com/DataDog/datadog-go/v5 v5.0.2 go-module -github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork go-module -github.com/DataDog/sketches-go v1.2.1 go-module -github.com/antonmedv/expr v1.12.0 go-module -github.com/apparentlymart/go-cidr v1.1.0 go-module -github.com/aws/aws-sdk-go v1.44.194 go-module -github.com/beorn7/perks v1.0.1 go-module -github.com/cespare/xxhash/v2 v2.1.2 go-module -github.com/coredns/caddy v1.1.1 go-module -github.com/coredns/coredns v0.0.0-20230206182419-055b2c31a9cf go-module -github.com/coreos/go-semver v0.3.0 go-module -github.com/coreos/go-systemd/v22 v22.3.2 go-module -github.com/davecgh/go-spew v1.1.1 go-module -github.com/dgraph-io/ristretto v0.1.0 go-module -github.com/dimchansky/utfbom v1.1.1 go-module -github.com/dnstap/golang-dnstap v0.4.0 go-module -github.com/dustin/go-humanize v1.0.0 go-module -github.com/emicklei/go-restful/v3 v3.9.0 go-module -github.com/farsightsec/golang-framestream v0.3.0 go-module -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module -github.com/go-logr/logr v1.2.3 go-module -github.com/go-openapi/jsonpointer v0.19.5 go-module -github.com/go-openapi/jsonreference v0.20.0 go-module -github.com/go-openapi/swag v0.19.14 go-module -github.com/gogo/protobuf v1.3.2 go-module -github.com/golang-jwt/jwt/v4 v4.2.0 go-module -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b go-module -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module -github.com/golang/protobuf v1.5.2 go-module -github.com/google/gnostic v0.5.7-v3refs go-module -github.com/google/go-cmp v0.5.9 go-module -github.com/google/gofuzz v1.2.0 go-module -github.com/google/uuid v1.3.0 go-module -github.com/googleapis/enterprise-certificate-proxy v0.2.1 go-module -github.com/googleapis/gax-go/v2 v2.7.0 go-module -github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module -github.com/imdario/mergo v0.3.12 go-module -github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module -github.com/jmespath/go-jmespath v0.4.0 go-module -github.com/josharian/intern v1.0.0 go-module -github.com/json-iterator/go v1.1.12 go-module -github.com/mailru/easyjson v0.7.7 go-module -github.com/matttproud/golang_protobuf_extensions v1.0.4 go-module -github.com/miekg/dns v1.1.50 go-module -github.com/mitchellh/go-homedir v1.1.0 go-module -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module -github.com/modern-go/reflect2 v1.0.2 go-module -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module -github.com/opentracing/opentracing-go v1.2.0 go-module -github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 go-module -github.com/openzipkin/zipkin-go v0.4.1 go-module -github.com/oschwald/geoip2-golang v1.8.0 go-module -github.com/oschwald/maxminddb-golang v1.10.0 go-module -github.com/philhofer/fwd v1.1.1 go-module -github.com/pkg/errors v0.9.1 go-module -github.com/prometheus/client_golang v1.14.0 go-module -github.com/prometheus/client_model v0.3.0 go-module -github.com/prometheus/common v0.39.0 go-module -github.com/prometheus/procfs v0.8.0 go-module -github.com/secure-systems-lab/go-securesystemslib v0.4.0 go-module -github.com/spf13/pflag v1.0.5 go-module -github.com/tinylib/msgp v1.1.6 go-module -gnupg 2.2.27-3ubuntu2.1 deb -gnupg-l10n 2.2.27-3ubuntu2.1 deb -gnupg-utils 2.2.27-3ubuntu2.1 deb -go.etcd.io/etcd/api/v3 v3.5.7 go-module -go.etcd.io/etcd/client/pkg/v3 v3.5.7 go-module -go.etcd.io/etcd/client/v3 v3.5.7 go-module -go.opencensus.io v0.24.0 go-module -go.uber.org/atomic v1.9.0 go-module -go.uber.org/multierr v1.6.0 go-module -go.uber.org/zap v1.17.0 go-module -golang.org/x/crypto v0.0.0-20221010152910-d6f0a8c073c2 go-module -golang.org/x/net v0.4.0 go-module -golang.org/x/oauth2 v0.3.0 go-module -golang.org/x/sys v0.4.0 go-module -golang.org/x/term v0.3.0 go-module -golang.org/x/text v0.5.0 go-module -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 go-module -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 go-module -google.golang.org/api v0.109.0 go-module -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef go-module -google.golang.org/grpc v1.52.3 go-module -google.golang.org/protobuf v1.28.1 go-module -gopkg.in/DataDog/dd-trace-go.v1 v1.47.0 go-module -gopkg.in/inf.v0 v0.9.1 go-module -gopkg.in/yaml.v2 v2.4.0 go-module -gopkg.in/yaml.v3 v3.0.1 go-module -gpg 2.2.27-3ubuntu2.1 deb -gpg-agent 2.2.27-3ubuntu2.1 deb -gpg-wks-client 2.2.27-3ubuntu2.1 deb -gpg-wks-server 2.2.27-3ubuntu2.1 deb -gpgconf 2.2.27-3ubuntu2.1 deb -gpgsm 2.2.27-3ubuntu2.1 deb -gpgv 2.2.27-3ubuntu2.1 deb -grep 3.7-1build1 deb -gzip 1.10-4ubuntu4.1 deb -hostname 3.23ubuntu2 deb -ifupdown 0.8.36+nmu1ubuntu3 deb -init-system-helpers 1.62 deb -iproute2 5.15.0-1ubuntu2 deb -iptables 1.8.7-1ubuntu5 deb -iputils-ping 3:20211215-1 deb -jq 1.6-2.1ubuntu3 deb -k8s.io/api v0.26.1 go-module -k8s.io/apimachinery v0.26.1 go-module -k8s.io/client-go v0.26.1 go-module -k8s.io/klog/v2 v2.90.0 go-module -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 go-module -k8s.io/utils v0.0.0-20221107191617-1a15be271d1d go-module -kmod 29-1ubuntu1 deb -libacl1 2.3.1-1 deb -libapt-pkg6.0 2.4.8 deb -libasan6 11.3.0-1ubuntu1~22.04 deb -libasan8 12.1.0-2ubuntu1~22.04 deb -libassuan0 2.5.5-1build1 deb -libatomic1 12.1.0-2ubuntu1~22.04 deb -libattr1 1:2.5.1-1build1 deb -libaudit-common 1:3.0.7-1build1 deb -libaudit1 1:3.0.7-1build1 deb -libbinutils 2.38-4ubuntu2.1 deb -libblkid1 2.37.2-4ubuntu3 deb -libbpf0 1:0.5.0-1ubuntu22.04.1 deb -libbrotli1 1.0.9-2build6 deb -libbsd0 0.11.5-1 deb -libbz2-1.0 1.0.8-5build1 deb -libc-bin 2.35-0ubuntu3.1 deb -libc-dev-bin 2.35-0ubuntu3.1 deb -libc6 2.35-0ubuntu3.1 deb -libc6-dev 2.35-0ubuntu3.1 deb -libcap-ng0 0.7.9-2.2build3 deb -libcap2 1:2.44-1build3 deb -libcap2-bin 1:2.44-1build3 deb -libcc1-0 12.1.0-2ubuntu1~22.04 deb -libcom-err2 1.46.5-2ubuntu1.1 deb -libcrypt-dev 1:4.4.27-1 deb -libcrypt1 1:4.4.27-1 deb -libctf-nobfd0 2.38-4ubuntu2.1 deb -libctf0 2.38-4ubuntu2.1 deb -libcurl3-gnutls 7.81.0-1ubuntu1.10 deb -libcurl4 7.81.0-1ubuntu1.10 deb -libdb5.3 5.3.28+dfsg1-0.8ubuntu3 deb -libdebconfclient0 0.261ubuntu1 deb -libdpkg-perl 1.21.1ubuntu2.1 deb -libelf-dev 0.186-1build1 deb -libelf1 0.186-1build1 deb -liberror-perl 0.17029-1 deb -libexpat1 2.4.7-1ubuntu0.2 deb -libext2fs2 1.46.5-2ubuntu1.1 deb -libffi8 3.4.2-4 deb -libgcc-11-dev 11.3.0-1ubuntu1~22.04 deb -libgcc-12-dev 12.1.0-2ubuntu1~22.04 deb -libgcc-s1 12.1.0-2ubuntu1~22.04 deb -libgcrypt20 1.9.4-3ubuntu3 deb -libgdbm-compat4 1.23-1 deb -libgdbm6 1.23-1 deb -libglib2.0-0 2.72.4-0ubuntu1 deb -libgmp10 2:6.2.1+dfsg-3ubuntu1 deb -libgnutls30 3.7.3-4ubuntu1.2 deb -libgomp1 12.1.0-2ubuntu1~22.04 deb -libgpg-error0 1.43-3 deb -libgssapi-krb5-2 1.19.2-2ubuntu0.1 deb -libhogweed6 3.7.3-1build2 deb -libidn2-0 2.3.2-2build1 deb -libip4tc2 1.8.7-1ubuntu5 deb -libip6tc2 1.8.7-1ubuntu5 deb -libisl23 0.24-2build1 deb -libitm1 12.1.0-2ubuntu1~22.04 deb -libjq1 1.6-2.1ubuntu3 deb -libk5crypto3 1.19.2-2ubuntu0.1 deb -libkeyutils1 1.6.1-2ubuntu3 deb -libkmod2 29-1ubuntu1 deb -libkrb5-3 1.19.2-2ubuntu0.1 deb -libkrb5support0 1.19.2-2ubuntu0.1 deb -libksba8 1.6.0-2ubuntu0.2 deb -libldap-2.5-0 2.5.14+dfsg-0ubuntu0.22.04.2 deb -libldap-common 2.5.14+dfsg-0ubuntu0.22.04.2 deb -liblsan0 12.1.0-2ubuntu1~22.04 deb -liblz4-1 1.9.3-2build2 deb -liblzma5 5.2.5-2ubuntu1 deb -libmd0 1.0.4-1build1 deb -libmnl0 1.0.4-3build2 deb -libmount1 2.37.2-4ubuntu3 deb -libmpc3 1.2.1-2build1 deb -libmpdec3 2.5.1-2build2 deb -libmpfr6 4.1.0-3build3 deb -libncurses6 6.3-2 deb -libncursesw6 6.3-2 deb -libnetfilter-conntrack3 1.0.9-1 deb -libnettle8 3.7.3-1build2 deb -libnfnetlink0 1.0.1-3build3 deb -libnftnl11 1.2.1-1build1 deb -libnghttp2-14 1.43.0-1build3 deb -libnpth0 1.6-3build2 deb -libnsl-dev 1.3.0-2build2 deb -libnsl2 1.3.0-2build2 deb -libonig5 6.9.7.1-2build1 deb -libp11-kit0 0.24.0-6build1 deb -libpam-modules 1.4.0-11ubuntu2.3 deb -libpam-modules-bin 1.4.0-11ubuntu2.3 deb -libpam-runtime 1.4.0-11ubuntu2.3 deb -libpam0g 1.4.0-11ubuntu2.3 deb -libpcre2-8-0 10.39-3ubuntu0.1 deb -libpcre3 2:8.39-13ubuntu0.22.04.1 deb -libperl5.34 5.34.0-3ubuntu1.1 deb -libpng16-16 1.6.37-3build5 deb -libprocps8 2:3.3.17-6ubuntu2 deb -libpsl5 0.21.0-1.2build2 deb -libpython3-stdlib 3.10.6-1~22.04 deb -libpython3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb -libpython3.10-stdlib 3.10.6-1~22.04.2ubuntu1 deb -libqrencode4 4.1.1-1 deb -libquadmath0 12.1.0-2ubuntu1~22.04 deb -libreadline8 8.1.2-1 deb -librtmp1 2.4+20151223.gitfa8646d.1-2build4 deb -libsasl2-2 2.1.27+dfsg2-3ubuntu1.2 deb -libsasl2-modules 2.1.27+dfsg2-3ubuntu1.2 deb -libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1.2 deb -libseccomp2 2.5.3-2ubuntu2 deb -libselinux1 3.3-1build2 deb -libsemanage-common 3.3-1build2 deb -libsemanage2 3.3-1build2 deb -libsepol2 3.3-1build1 deb -libsmartcols1 2.37.2-4ubuntu3 deb -libsqlite3-0 3.37.2-2ubuntu0.1 deb -libss2 1.46.5-2ubuntu1.1 deb -libssh-4 0.9.6-2build1 deb -libssl3 3.0.2-0ubuntu1.8 deb -libstdc++-11-dev 11.3.0-1ubuntu1~22.04 deb -libstdc++6 12.1.0-2ubuntu1~22.04 deb -libsystemd0 249.11-0ubuntu3.9 deb -libtasn1-6 4.18.0-4build1 deb -libtinfo6 6.3-2 deb -libtirpc-common 1.3.2-2ubuntu0.1 deb -libtirpc-dev 1.3.2-2ubuntu0.1 deb -libtirpc3 1.3.2-2ubuntu0.1 deb -libtsan0 11.3.0-1ubuntu1~22.04 deb -libtsan2 12.1.0-2ubuntu1~22.04 deb -libubsan1 12.1.0-2ubuntu1~22.04 deb -libudev1 249.11-0ubuntu3.9 deb -libunistring2 1.0-1 deb -libuuid1 2.37.2-4ubuntu3 deb -libxtables12 1.8.7-1ubuntu5 deb -libxxhash0 0.8.1-1 deb -libzstd1 1.4.8+dfsg-3build1 deb -linux-libc-dev 5.15.0-70.77 deb -locales 2.35-0ubuntu3.1 deb -login 1:4.8.1-2ubuntu2.1 deb -logsave 1.46.5-2ubuntu1.1 deb -lsb-base 11.1.0ubuntu4 deb -lsb-release 11.1.0ubuntu4 deb -lto-disabled-list 24 deb -make 4.3-4.1build1 deb -mawk 1.3.4.20200120-3 deb -media-types 7.0.0 deb -mount 2.37.2-4ubuntu3 deb -ncurses-base 6.3-2 deb -ncurses-bin 6.3-2 deb -net-tools 1.60+git20181103.0eebece-1ubuntu5 deb -netbase 6.3 deb -netcat 1.218-4ubuntu1 deb -netcat-openbsd 1.218-4ubuntu1 deb -openresolv 3.12.0-2 deb -openssl 3.0.2-0ubuntu1.8 deb -passwd 1:4.8.1-2ubuntu2.1 deb -patch 2.7.6-7build2 deb -perl 5.34.0-3ubuntu1.1 deb -perl-base 5.34.0-3ubuntu1.1 deb -perl-modules-5.34 5.34.0-3ubuntu1.1 deb -pinentry-curses 1.1.1-1build2 deb -pkg-config 0.29.2-1ubuntu3 deb -procps 2:3.3.17-6ubuntu2 deb -publicsuffix 20211207.1025-1 deb -python 3.10.6 binary -python3 3.10.6-1~22.04 deb -python3-minimal 3.10.6-1~22.04 deb -python3.10 3.10.6-1~22.04.2ubuntu1 deb -python3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb -qrencode 4.1.1-1 deb -readline-common 8.1.2-1 deb -rpcsvc-proto 1.4.2-0ubuntu6 deb -sed 4.8-1ubuntu2 deb -sensible-utils 0.0.17 deb -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 go-module -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 go-module -sigs.k8s.io/yaml v1.3.0 go-module -sysvinit-utils 3.01-1ubuntu1 deb -tar 1.34+dfsg-1ubuntu0.1.22.04.1 deb -tzdata 2023c-0ubuntu0.22.04.0 deb -ubuntu-keyring 2021.03.26 deb -usrmerge 25ubuntu2 deb -util-linux 2.37.2-4ubuntu3 deb -xz-utils 5.2.5-2ubuntu1 deb -zlib1g 1:1.2.11.dfsg-2ubuntu9.2 deb -zlib1g-dev 1:1.2.11.dfsg-2ubuntu9.2 deb +NAME VERSION TYPE +alpine-baselayout 3.4.0-r0 apk +alpine-baselayout-data 3.4.0-r0 apk +alpine-keys 2.4-r1 apk +alpine-release 3.17.3-r0 apk +apk-tools 2.12.10-r1 apk +bash 5.2.15-r0 apk +bc 1.07.1-r2 apk +brotli-libs 1.0.9-r9 apk +busybox 1.35.0 binary +busybox 1.35.0-r29 apk +busybox-binsh 1.35.0-r29 apk +ca-certificates 20220614-r4 apk +ca-certificates-bundle 20220614-r4 apk +cloud.google.com/go/compute v1.7.0 go-module +coredns 1.10.0-r5 apk +coreutils 9.1-r0 apk +curl 8.0.1-r0 apk +gdbm 1.23-r0 apk +github.com/Azure/azure-sdk-for-go v66.0.0+incompatible go-module +github.com/Azure/go-autorest/autorest v0.11.28 go-module +github.com/Azure/go-autorest/autorest/adal v0.9.18 go-module +github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 go-module +github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 go-module +github.com/Azure/go-autorest/autorest/date v0.3.0 go-module +github.com/Azure/go-autorest/autorest/to v0.2.0 go-module +github.com/Azure/go-autorest/logger v0.2.1 go-module +github.com/Azure/go-autorest/tracing v0.6.0 go-module +github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 go-module +github.com/DataDog/datadog-go v4.8.2+incompatible go-module +github.com/DataDog/datadog-go/v5 v5.0.2 go-module +github.com/DataDog/sketches-go v1.2.1 go-module +github.com/PuerkitoBio/purell v1.1.1 go-module +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 go-module +github.com/apparentlymart/go-cidr v1.1.0 go-module +github.com/aws/aws-sdk-go v1.44.95 go-module +github.com/beorn7/perks v1.0.1 go-module +github.com/cespare/xxhash/v2 v2.1.2 go-module +github.com/coredns/caddy v1.1.1 go-module +github.com/coredns/coredns (devel) go-module +github.com/coredns/unbound v0.0.7 go-module +github.com/coreos/go-semver v0.3.0 go-module +github.com/coreos/go-systemd/v22 v22.3.2 go-module +github.com/davecgh/go-spew v1.1.1 go-module +github.com/dgraph-io/ristretto v0.1.0 go-module +github.com/dimchansky/utfbom v1.1.1 go-module +github.com/dnstap/golang-dnstap v0.4.0 go-module +github.com/dustin/go-humanize v1.0.0 go-module +github.com/emicklei/go-restful/v3 v3.8.0 go-module +github.com/farsightsec/golang-framestream v0.3.0 go-module +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module +github.com/go-logr/logr v1.2.3 go-module +github.com/go-openapi/jsonpointer v0.19.5 go-module +github.com/go-openapi/jsonreference v0.19.5 go-module +github.com/go-openapi/swag v0.19.14 go-module +github.com/gogo/protobuf v1.3.2 go-module +github.com/golang-jwt/jwt/v4 v4.2.0 go-module +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b go-module +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module +github.com/golang/protobuf v1.5.2 go-module +github.com/google/gnostic v0.5.7-v3refs go-module +github.com/google/go-cmp v0.5.8 go-module +github.com/google/gofuzz v1.2.0 go-module +github.com/google/uuid v1.3.0 go-module +github.com/googleapis/enterprise-certificate-proxy v0.1.0 go-module +github.com/googleapis/gax-go/v2 v2.4.0 go-module +github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module +github.com/imdario/mergo v0.3.12 go-module +github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module +github.com/jmespath/go-jmespath v0.4.0 go-module +github.com/josharian/intern v1.0.0 go-module +github.com/json-iterator/go v1.1.12 go-module +github.com/mailru/easyjson v0.7.7 go-module +github.com/matttproud/golang_protobuf_extensions v1.0.1 go-module +github.com/miekg/coredns-git v0.0.0-20210209133530-8360cff99ce7 go-module +github.com/miekg/dns v1.1.50 go-module +github.com/miekg/unbound v0.0.0-20210309082708-dbeefb4cdb29 go-module +github.com/mitchellh/go-homedir v1.1.0 go-module +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module +github.com/modern-go/reflect2 v1.0.2 go-module +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module +github.com/opentracing/opentracing-go v1.2.0 go-module +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 go-module +github.com/openzipkin/zipkin-go v0.4.0 go-module +github.com/oschwald/geoip2-golang v1.8.0 go-module +github.com/oschwald/maxminddb-golang v1.10.0 go-module +github.com/oz123/coredns-netbox-plugin v0.4.0 go-module +github.com/philhofer/fwd v1.1.1 go-module +github.com/pkg/errors v0.9.1 go-module +github.com/prometheus/client_golang v1.13.0 go-module +github.com/prometheus/client_model v0.2.0 go-module +github.com/prometheus/common v0.37.0 go-module +github.com/prometheus/procfs v0.8.0 go-module +github.com/spf13/pflag v1.0.5 go-module +github.com/tinylib/msgp v1.1.2 go-module +gmp 6.2.1-r2 apk +gnupg 2.2.40-r0 apk +gnupg-dirmngr 2.2.40-r0 apk +gnupg-gpgconf 2.2.40-r0 apk +gnupg-utils 2.2.40-r0 apk +gnupg-wks-client 2.2.40-r0 apk +gnutls 3.7.8-r3 apk +go.etcd.io/etcd/api/v3 v3.5.4 go-module +go.etcd.io/etcd/client/pkg/v3 v3.5.4 go-module +go.etcd.io/etcd/client/v3 v3.5.4 go-module +go.opencensus.io v0.23.0 go-module +go.uber.org/atomic v1.9.0 go-module +go.uber.org/multierr v1.6.0 go-module +go.uber.org/zap v1.17.0 go-module +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa go-module +golang.org/x/net v0.0.0-20220722155237-a158d28d115b go-module +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 go-module +golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 go-module +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 go-module +golang.org/x/text v0.3.7 go-module +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 go-module +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f go-module +google.golang.org/api v0.95.0 go-module +google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f go-module +google.golang.org/grpc v1.49.0 go-module +google.golang.org/protobuf v1.28.1 go-module +gopkg.in/DataDog/dd-trace-go.v1 v1.41.0 go-module +gopkg.in/inf.v0 v0.9.1 go-module +gopkg.in/yaml.v2 v2.4.0 go-module +gopkg.in/yaml.v3 v3.0.1 go-module +gpg 2.2.40-r0 apk +gpg-agent 2.2.40-r0 apk +gpg-wks-server 2.2.40-r0 apk +gpgsm 2.2.40-r0 apk +gpgv 2.2.40-r0 apk +grep 3.8-r1 apk +ip6tables 1.8.8-r2 apk +iproute2 6.0.0-r1 apk +iproute2-minimal 6.0.0-r1 apk +iproute2-ss 6.0.0-r1 apk +iproute2-tc 6.0.0-r1 apk +iptables 1.8.8-r2 apk +iputils 20211215-r0 apk +jq 1.6-r2 apk +k8s.io/api v0.25.0 go-module +k8s.io/apimachinery v0.25.0 go-module +k8s.io/client-go v0.24.4 go-module +k8s.io/klog/v2 v2.80.1 go-module +k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 go-module +k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed go-module +libacl 2.3.1-r1 apk +libassuan 2.5.5-r1 apk +libattr 2.5.1-r2 apk +libbsd 0.11.7-r0 apk +libbz2 1.0.8-r4 apk +libc-utils 0.7.2-r3 apk +libcap-utils 2.66-r0 apk +libcap2 2.66-r0 apk +libcrypto3 3.0.8-r3 apk +libcurl 8.0.1-r0 apk +libelf 0.187-r2 apk +libevent 2.1.12-r5 apk +libffi 3.4.4-r0 apk +libgcrypt 1.10.1-r0 apk +libgpg-error 1.46-r1 apk +libintl 0.21.1-r1 apk +libksba 1.6.3-r0 apk +libldap 2.6.3-r6 apk +libmd 1.0.4-r0 apk +libmnl 1.0.5-r0 apk +libnftnl 1.2.4-r0 apk +libpng 1.6.38-r0 apk +libproc 3.3.17-r2 apk +libqrencode 4.1.1-r1 apk +libsasl 2.1.28-r3 apk +libssl3 3.0.8-r3 apk +libtasn1 4.19.0-r0 apk +libunistring 1.1-r0 apk +linux-pam 1.5.2-r1 apk +mii-tool 2.10-r0 apk +musl 1.2.3-r4 apk +musl-fts 1.2.7-r3 apk +musl-utils 1.2.3-r4 apk +ncurses-libs 6.3_p20221119-r0 apk +ncurses-terminfo-base 6.3_p20221119-r0 apk +net-tools 2.10-r0 apk +netcat-openbsd 1.130-r4 apk +nettle 3.8.1-r0 apk +nghttp2-libs 1.51.0-r0 apk +npth 1.6-r2 apk +oniguruma 6.9.8-r0 apk +openresolv 3.12.0-r1 apk +p11-kit 0.24.1-r1 apk +pcre2 10.42-r0 apk +perl 5.36.0-r1 apk +pinentry 1.2.1-r0 apk +procps 3.3.17-r2 apk +readline 8.2.0-r0 apk +scanelf 1.3.5-r1 apk +shadow 4.13-r0 apk +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 go-module +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 go-module +sigs.k8s.io/yaml v1.2.0 go-module +skalibs 2.12.0.1-r0 apk +sqlite-libs 3.40.1-r0 apk +ssl_client 1.35.0-r29 apk +tzdata 2023c-r0 apk +unbound-libs 1.17.1-r0 apk +utmps-libs 0.1.2.0-r1 apk +xz 5.2.9-r0 apk +xz-libs 5.2.9-r0 apk +zlib 1.2.13-r0 apk diff --git a/readme-vars.yml b/readme-vars.yml index ccfe2ba6..389dde04 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -16,8 +16,8 @@ available_architectures: # development version development_versions: true development_versions_items: - - { tag: "latest", desc: "Stable releases with support for compiling Wireguard modules" } - - { tag: "alpine", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules" } + - { tag: "latest", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules." } + - { tag: "legacy", desc: "Stable releases with support for compiling Wireguard modules." } # container parameters common_param_env_vars_enabled: true @@ -25,9 +25,6 @@ param_container_name: "{{ project_name }}" param_usage_include_vols: true param_volumes: - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." } -opt_param_usage_include_vols: true -opt_param_volumes: - - { vol_path: "/lib/modules", vol_host_path: "/lib/modules", desc: "Maps host's modules folder. Only required if compiling wireguard modules." } param_usage_include_ports: true param_ports: - { external_port: "51820", internal_port: "51820/udp", port_desc: "wireguard port" } @@ -37,7 +34,6 @@ param_env_vars: cap_add_param: true cap_add_param_vars: - { cap_add_var: "NET_ADMIN" } - - { cap_add_var: "SYS_MODULE" } custom_params: - { name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true" } @@ -61,12 +57,6 @@ app_setup_block_enabled: true app_setup_block: | During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container. - If the kernel is not built-in, or installed on host, the container will check if the kernel headers are present (in `/usr/src`) and if not, it will attempt to download the necessary kernel headers from the `ubuntu xenial/bionic`, `debian/raspbian buster` repos; then will attempt to compile and install the kernel module. If the kernel headers are not found in either `usr/src` or in the repos mentioned, container will sleep indefinitely as wireguard cannot be installed. - - If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). - - With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). - This can be run as a server or a client, based on the parameters used. ## Server Mode @@ -127,11 +117,11 @@ app_setup_block: | # changelog changelogs: - - { date: "28.01.23:", desc: "Patch wg-quick to suppress false positive sysctl warning." } + - { date: "26.04.23:", desc: "Rework branches. Swap alpine and ubuntu builds." } + - { date: "29.01.23:", desc: "Rebase to alpine 3.17." } - { date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used." } - { date: "26.10.22:", desc: "Better handle unsupported peer names. Improve logging." } - { date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services." } - - { date: "09.10.22:", desc: "Switch back to iptables-legacy due to issues on some hosts." } - { date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3." } - { date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present." } - { date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes." } diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run index 610712ee..98bcf5af 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run @@ -166,17 +166,17 @@ if [[ -n "$PEERS" ]]; then generate_confs save_vars else - echo "**** Server mode is selected ****" - if [[ -f /config/.donoteditthisfile ]]; then - . /config/.donoteditthisfile - fi - if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then - echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****" - generate_confs - save_vars - else - echo "**** No changes to parameters. Existing configs are used. ****" - fi + echo "**** Server mode is selected ****" + if [[ -f /config/.donoteditthisfile ]]; then + . /config/.donoteditthisfile + fi + if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then + echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****" + generate_confs + save_vars + else + echo "**** No changes to parameters. Existing configs are used. ****" + fi fi else echo "**** Client mode selected. ****" diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run index 97bfcb3d..50f3f171 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run @@ -6,161 +6,12 @@ echo "Uname info: $(uname -a)" # check for wireguard module ip link del dev test 2>/dev/null if ip link add dev test type wireguard; then - echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****" - SKIP_COMPILE="true" - ip link del dev test - if [[ ! -f /built_wireguard_module ]]; then - if capsh --print | grep "Current:" | grep -q "cap_sys_module"; then - echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****" - fi + echo "**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****" + ip link del dev test + if capsh --current | grep "Current:" | grep -q "cap_sys_module"; then + echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****" fi else - echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****" -fi - -# install headers if necessary -if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; then - echo "**** Attempting kernel header install ****" - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then - echo "**** Raspbian kernel naming convention detected, attempting to install raspbian kernel headers ****" - curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - - echo -e \ - "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ - > /etc/apt/sources.list.d/raspbian.list - apt-get update - apt-get install -y \ - raspberrypi-kernel-headers - elif uname -v | grep -q 'Ubuntu'; then - echo "**** Ubuntu kernel detected, but likely not Jammy. ****" - echo "**** Attempting to install kernel headers from Ubuntu Focal repo ****" - if uname -m | grep -q 'x86_64'; then - echo -e \ - "deb http://archive.ubuntu.com/ubuntu/ focal main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted" \ - > /etc/apt/sources.list.d/xenial-bionic-focal.list - else - echo -e \ - "deb http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted" \ - > /etc/apt/sources.list.d/xenial-bionic-focal.list - fi - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu Focal repo!! Trying Ubuntu Bionic. ****" - sed -i 's/focal/bionic/g' /etc/apt/sources.list.d/xenial-bionic-focal.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu Bionic repo!! Trying Ubuntu Xenial. ****" - sed -i 's/bionic/xenial/g' /etc/apt/sources.list.d/xenial-bionic-focal.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) - else - echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" - rm -rf /etc/apt/sources.list.d/xenial-bionic-focal.list - fi - fi - fi - elif uname -v | grep -q 'Debian'; then - echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****" - curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - - curl -s https://ftp-master.debian.org/keys/archive-key-10-security.asc | apt-key add - - cat < /etc/apt/sources.list.d/debian.list -deb http://deb.debian.org/debian buster main contrib non-free -deb-src http://deb.debian.org/debian buster main contrib non-free -deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb http://deb.debian.org/debian buster-updates main contrib non-free -deb-src http://deb.debian.org/debian buster-updates main contrib non-free -deb http://deb.debian.org/debian buster-backports main contrib non-free -deb-src http://deb.debian.org/debian buster-backports main contrib non-free -DUDE - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "**** Backported kernel detected ****" - apt-get install -y -t buster-backports \ - linux-headers-$(uname -r) - else - apt-get install -y \ - linux-headers-$(uname -r) - fi - else - echo "**** Attempting to install kernel headers from the Debian Stretch repo ****" - curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - - curl -s https://ftp-master.debian.org/keys/archive-key-9-security.asc | apt-key add - - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "**** Backported kernel detected ****" - apt-get install -y -t stretch-backports \ - linux-headers-$(uname -r) - else - apt-get install -y \ - linux-headers-$(uname -r) - fi - else - echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****" - rm -rf /etc/apt/sources.list.d/debian.list - fi - fi - else - echo "**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****" - fi -fi - -if [ "$SKIP_COMPILE" != "true" ]; then - if [ -e /lib/modules/$(uname -r)/build ]; then - echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****" - if [ ! -f /lib/modules/$(uname -r)/build/certs/signing_key.pem ]; then - mkdir -p /lib/modules/$(uname -r)/build/certs - cd /lib/modules/$(uname -r)/build/certs - cat <> x509.genkey -[ req ] -default_bits = 4096 -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = myexts - -[ req_distinguished_name ] -CN = Modules - -[ myexts ] -basicConstraints=critical,CA:FALSE -keyUsage=digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -DUDE - echo "**** Generating signing key ****" - openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem - fi - cd /app - echo "**** Building the module ****" - make -C wireguard-linux-compat/src -j$(nproc) - make -C wireguard-linux-compat/src install - echo "**** Let's test our new module. ****" - ip link del dev test 2>/dev/null - if ip link add dev test type wireguard; then - echo "**** The module is active, moving forward with setup. ****" - ip link del dev test - touch /built_wireguard_module - else - echo "**** The module is not active, review the logs. Sleeping now. . . ****" - sleep infinity - fi - else - echo "**** Kernel headers don't seem to be available in Ubuntu, Debian and Raspbian repos, or shared from the host; therefore can't compile the module. Sleeping now. . . ****" + echo "**** The wireguard module is not active. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****" sleep infinity - fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index d1276534..4ade84c8 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -7,14 +7,16 @@ fi if [[ ${USE_COREDNS} == "false" ]]; then s6-notifyoncheck -d -n 300 -w 1000 -c "echo **** Disabling CoreDNS ****" \ sleep infinity -elif grep -q "health" /config/coredns/Corefile; then - exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "redirfd -w 1 /dev/null curl -s http://localhost:8080/health" \ - cd /config/coredns \ - /app/coredns -dns.port=53 else - exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -zu localhost 53" \ + if grep -q "health" /config/coredns/Corefile; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "redirfd -w 1 /dev/null curl -s http://localhost:8080/health" \ + cd /config/coredns \ + /usr/bin/coredns -dns.port=53 + else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -zu localhost 53" \ cd /config/coredns \ - /app/coredns -dns.port=53 + /usr/bin/coredns -dns.port=53 + fi fi