Added dockerfile for build alpine based boringtun wireguard client

2023-02-27 22:14:47 +00:00
parent babbc67a66
commit c7c6d48fad
5 changed files with 83 additions and 0 deletions
--- a/27
+++ b/27
@@ -0,0 +1,27 @@
+FROM alpine:latest
+
+RUN apk add --no-cache alpine-sdk rustup \
+ && rustup-init -y --target x86_64-unknown-linux-musl --default-toolchain beta --profile minimal \
+ #&& curl https://sh.rustup.rs -sSf | sh -s -- -y  --default-host x86_64-unknown-linux-musl --profile minimal \
+ && source ~/.cargo/env \
+ && cargo install --target x86_64-unknown-linux-musl boringtun-cli
+
+FROM alpine:latest
+
+COPY --from=0 /root/.cargo/bin/boringtun-cli /usr/bin/boringtun
+
+RUN apk add --no-cache tini wireguard-tools \
+ && apk add --no-cache --virtual .build-deps libcap \
+ && setcap cap_net_admin+ep /usr/bin/boringtun \
+ && apk del --purge .build-deps \
+ && printf '%s\n' '#!/bin/sh' 'mkdir -p /var/run/wireguard && chown "$LOGNAME:" /var/run/wireguard && exec su -s /usr/bin/boringtun -- "$LOGNAME" "$@"' \
+  | tee /usr/local/bin/boringtun \
+ && printf '%s\n' '#!/bin/bash' 'if [[ $# -eq 2 && $1 == up ]]; then' ' eval "$(sed -e "/^# ~~ function override insertion point ~~$/q" /usr/bin/wg-quick)"' '  add_if() { kill -18 $$ && until test -S "/var/run/wireguard/$INTERFACE.sock"; do sleep 1 && kill -0 $$ || return; done; }' '    die() { echo "$PROGRAM: $*" >&2; kill -9 $$; exit 1; }' '       auto_su' '      parse_options "$2"' '   ( cmd_up & )' ' kill -19 $$' '  cmd exec "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" --foreground "$INTERFACE"' 'else' '       exec /usr/bin/wg-quick "$@"' 'fi' \
+  | tee /usr/local/bin/wg-quick \
+ && chmod a+x /usr/local/bin/boringtun /usr/local/bin/wg-quick
+
+VOLUME ["/etc/wireguard"]
+
+ENV WG_QUICK_USERSPACE_IMPLEMENTATION=boringtun LOGNAME=nobody INTERFACE=wg0
+COPY set_gateway.sh /etc/wireguard/
+ENTRYPOINT ["/sbin/tini", "--", "/bin/sh", "-c", "test -f \"/etc/wireguard/$INTERFACE.conf\" || ( umask 077 && printf '%s\\n' '[Interface]' 'Address = 10.8.0.1/24' 'PostUp = iptables --table nat --append POSTROUTING --jump MASQUERADE' 'PostDown = iptables --table nat --delete POSTROUTING --jump MASQUERADE' 'ListenPort = 51820' \"PrivateKey = $(wg genkey)\" | tee \"/etc/wireguard/$INTERFACE.conf\" ) && test -c /dev/net/tun || { mkdir -p /dev/net && mknod -m 666 /dev/net/tun c 10 200; } && exec wg-quick up \"$INTERFACE\"", "--"]
--- a/README.md
+++ b/README.md
@@ -0,0 +1,8 @@
+Boringtun based wireguard client for linux. Modifyed Dockerfile to correct borintun-cli install and copy. The sample wireguard config uses a set_gateway script to excluding from the default route the wireguard vpn server.
+
+Needed container parameters:
+--cap-add=NET_ADMIN 
+--cap-add MKNOD 
+--cap-add NET_RAW 
+--privileged 
+--device=/dev/net/tun 
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+set -e
+
+declare -r WG_INTERFACE=${1:-wg0}
+
+function infinite_loop() {
+  # Handle shutdown behavior
+  trap 'shutdown_wg "$1"' SIGTERM SIGINT SIGQUIT
+
+  sleep infinity &
+  wait $!
+}
+
+function shutdown_wg() {
+  echo "Shutting down Wireguard (boringtun)"
+  wg-quick down "$1"
+  exit 0
+}
+
+function start_wg() {
+  echo "Starting up Wireguard (boringtun)"
+  wg-quick up "$1"
+  infinite_loop "$1"
+}
+
+#if [[ "$1" =~ ^wg.*$ ]]; then
+if [ -f "/etc/wireguard/${WG_INTERFACE}.conf" ]; then
+  start_wg ${WG_INTERFACE}
+else
+  exec "$@"
+fi
--- a/set_gateway.sh
+++ b/set_gateway.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+IP_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}');
+route add -host vps.vizpartingatlan.hu gw $IP_GATEWAY
--- a/12
+++ b/12
@@ -0,0 +1,12 @@
+[Interface]
+Address = 
+PrivateKey = 
+DNS = 1.1.1.1
+PreUp = /etc/wireguard/set_gateway.sh
+
+[Peer]
+PublicKey = 
+PresharedKey = 
+AllowedIPs = 0.0.0.0/0
+Endpoint =
+PersistentKeepalive = 15