From f44dd33f711b6366c5b879a1d2bae3d854e7b1a6 Mon Sep 17 00:00:00 2001 From: gyurix Date: Wed, 5 Mar 2025 21:58:15 +0100 Subject: [PATCH] Update .drone.yml and JSON configuration files for service adjustments --- .drone.yml | 2 +- firewall-vpn-proxy-postrouting.json | 151 +++++++++++--------- firewall-vpn-proxy-prerouting.json | 167 ++++++++++++++--------- firewall-vpn-smarthost-loadbalancer.json | 136 ++++++++++-------- vpn-proxy.json | 82 +++++------ 5 files changed, 309 insertions(+), 229 deletions(-) diff --git a/.drone.yml b/.drone.yml index cc46c76..65450b8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,7 +3,7 @@ type: kubernetes name: default node_selector: - physical-node: dev2 + physical-node: dev1 trigger: branch: diff --git a/firewall-vpn-proxy-postrouting.json b/firewall-vpn-proxy-postrouting.json index c0500ee..0fa4c56 100644 --- a/firewall-vpn-proxy-postrouting.json +++ b/firewall-vpn-proxy-postrouting.json @@ -1,65 +1,88 @@ { - "main": { - "SERVICE_NAME": "firewalls", - "DOMAIN": "null" - }, - "containers": [ - { - "IMAGE": "registry.format.hu/firewall", - "UPDATE": "true", - "NAME": "firewall", - "SCALE": "0", - "MEMORY": "64M", - "NETWORK": "host", - "VOLUMES": [ - { - "SOURCE": "/proc/", - "DEST": "/proc/", - "TYPE": "rw" - }, - { - "SOURCE": "/run/", - "DEST": "/run/", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/user/config/services", - "DEST": "/services", - "TYPE": "ro" - }, - { - "SOURCE": "/var/run/docker.sock", - "DEST": "/var/run/docker.sock", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/system/data/dns/hosts.local", - "DEST": "/etc/dns/hosts.local", - "TYPE": "ro" - } - ], - "PORTS": [ ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "ENVS": [ - { "NSENTER": "true" }, - { "POSTROUTING": "true" }, - { "NAME": "NAME", "VALUE": "wireguardproxy" }, - { "TARGET": "smarthostloadbalancer" }, - { "TYPE": "tcp" }, - { "TARGET_PORT_1": "80" }, - { "TARGET_PORT_2": "443" }, - { "COMMENT": "client" } - ], - "EXTRA": "--privileged --rm", - "DEPEND": "null", - "START_ON_BOOT": "false", - "CMD": "null", - "PRE_START": "null", - "POST_START": "null" - } - ] -} + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UPDATE": "true", + "NAME": "firewall", + "SCALE": "0", + "MEMORY": "64M", + "NETWORK": "host", + "VOLUMES": [ + { + "SOURCE": "/proc/", + "DEST": "/proc/", + "TYPE": "rw" + }, + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "NSENTER": "true" + }, + { + "POSTROUTING": "true" + }, + { + "NAME": "NAME", + "VALUE": "wireguardproxy" + }, + { + "TARGET": "smarthostloadbalancer" + }, + { + "TYPE": "tcp" + }, + { + "TARGET_PORT_1": "80" + }, + { + "TARGET_PORT_2": "443" + }, + { + "COMMENT": "client" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/firewall-vpn-proxy-prerouting.json b/firewall-vpn-proxy-prerouting.json index 54f0751..e20c136 100644 --- a/firewall-vpn-proxy-prerouting.json +++ b/firewall-vpn-proxy-prerouting.json @@ -1,69 +1,100 @@ { - "main": { - "SERVICE_NAME": "firewalls", - "DOMAIN": "null" - }, - "containers": [ - { - "IMAGE": "registry.format.hu/firewall", - "UPDATE": "true", - "NAME": "wireguardfirewall", - "SCALE": "0", - "MEMORY": "64M", - "NETWORK": "host", - "VOLUMES": [ - { - "SOURCE": "/proc/", - "DEST": "/proc/", - "TYPE": "rw" - }, - { - "SOURCE": "/run/", - "DEST": "/run/", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/user/config/services", - "DEST": "/services", - "TYPE": "ro" - }, - { - "SOURCE": "/var/run/docker.sock", - "DEST": "/var/run/docker.sock", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/system/data/dns/hosts.local", - "DEST": "/etc/dns/hosts.local", - "TYPE": "ro" - } - ], - "PORTS": [ ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "ENVS": [ - { "NSENTER": "true" }, - { "PREROUTING": "true" }, - { "SOURCE_IFACE": "wg0" }, - { "TARGET": "smarthostloadbalancer" }, - { "NAME": "NAME", "VALUE": "wireguardproxy" }, - { "TYPE": "tcp" }, - { "SOURCE_PORT_1": "80" }, - { "SOURCE_PORT_2": "443" }, - { "TARGET_PORT_1": "80" }, - { "TARGET_PORT_2": "443" }, - { "COMMENT": "client" } - ], - "ENV_FILES": [ "/etc/user/config/user.json" ], - "EXTRA": "--privileged --rm", - "DEPEND": "null", - "START_ON_BOOT": "false", - "CMD": "null", - "PRE_START": "null", - "POST_START": "null" - } - ] -} + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UPDATE": "true", + "NAME": "wireguardfirewall", + "SCALE": "0", + "MEMORY": "64M", + "NETWORK": "host", + "VOLUMES": [ + { + "SOURCE": "/proc/", + "DEST": "/proc/", + "TYPE": "rw" + }, + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "NSENTER": "true" + }, + { + "PREROUTING": "true" + }, + { + "SOURCE_IFACE": "wg0" + }, + { + "TARGET": "smarthostloadbalancer" + }, + { + "NAME": "NAME", + "VALUE": "wireguardproxy" + }, + { + "TYPE": "tcp" + }, + { + "SOURCE_PORT_1": "80" + }, + { + "SOURCE_PORT_2": "443" + }, + { + "TARGET_PORT_1": "80" + }, + { + "TARGET_PORT_2": "443" + }, + { + "COMMENT": "client" + } + ], + "ENV_FILES": [ + "/etc/user/config/user.json" + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/firewall-vpn-smarthost-loadbalancer.json b/firewall-vpn-smarthost-loadbalancer.json index 827f666..1ff841b 100644 --- a/firewall-vpn-smarthost-loadbalancer.json +++ b/firewall-vpn-smarthost-loadbalancer.json @@ -1,59 +1,79 @@ { - "main": { - "SERVICE_NAME": "firewalls", - "DOMAIN": "null" - }, - "containers": [ - { - "IMAGE": "registry.format.hu/firewall", - "UPDATE": "true", - "NAME": "firewall", - "MEMORY": "64M", - "NETWORK": "host", - "SCALE": "0", - "VOLUMES": [ - { - "SOURCE": "/run/", - "DEST": "/run/", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/user/config/services", - "DEST": "/services", - "TYPE": "ro" - }, - { - "SOURCE": "/etc/system/data/dns/hosts.local", - "DEST": "/etc/dns/hosts.local", - "TYPE": "ro" - }, - { - "SOURCE": "/var/run/docker.sock", - "DEST": "/var/run/docker.sock", - "TYPE": "rw" - } - ], - "PORTS": [ ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "ENVS": [ - { "CHAIN": "DOCKER-USER" }, - { "SOURCE": "proxyvpnclient" }, - { "TARGET": "smarthostloadbalancer" }, - { "TYPE": "tcp" }, - { "TARGET_PORT_1": "80" }, - { "TARGET_PORT_2": "443" }, - { "COMMENT": "vpn access smarthost loadbalancer" } - ], - "EXTRA": "--privileged --rm", - "DEPEND": "null", - "START_ON_BOOT": "false", - "CMD": "null", - "PRE_START": "null", - "POST_START": "null" - } - ] -} + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UPDATE": "true", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "CHAIN": "DOCKER-USER" + }, + { + "SOURCE": "wireguardproxy" + }, + { + "TARGET": "smarthostloadbalancer" + }, + { + "TYPE": "tcp" + }, + { + "TARGET_PORT_1": "80" + }, + { + "TARGET_PORT_2": "443" + }, + { + "COMMENT": "vpn access smarthost loadbalancer" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/vpn-proxy.json b/vpn-proxy.json index 8355d70..2f7bbf6 100644 --- a/vpn-proxy.json +++ b/vpn-proxy.json @@ -1,39 +1,45 @@ { - "main": { - "SERVICE_NAME": "wireguard-client", - "DOMAIN": "null" - }, - "containers": [ - { - "IMAGE": "registry.format.hu/wireguard-proxy-client", - "UPDATE": "true", - "NAME": "wireguardproxy-client", - "MEMORY": "64M", - "SELECTOR": "proxyvpnclient", - "VOLUMES": [ - { - "SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf", - "DEST": "/etc/wireguard/wg0.conf", - "TYPE": "ro" - } - ], - "PORTS": [ ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "ENVS": "null", - "EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW", - "DEPEND": "null", - "START_ON_BOOT": "true", - "CMD": "null", - "PRE_START": "null", - "POST_START": [ "firewall-vpn-smarthost-loadbalancer", - "firewall-vpn-proxy-postrouting", - "firewall-vpn-proxy-prerouting" - ] - } - ] -} - + "main": { + "SERVICE_NAME": "wireguard-client", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/wireguard-proxy-client", + "UPDATE": "true", + "NAME": "wireguardproxy-client", + "MEMORY": "64M", + "SELECTOR": "wireguardproxy", + "VOLUMES": [ + { + "SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf", + "DEST": "/etc/wireguard/wg0.conf", + "TYPE": "ro" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": "null", + "EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW", + "DEPEND": "null", + "START_ON_BOOT": "true", + "CMD": "null", + "PRE_START": "null", + "POST_START": [ + "firewall-vpn-smarthost-loadbalancer", + "firewall-vpn-proxy-postrouting", + "firewall-vpn-proxy-prerouting" + ] + } + ] +} \ No newline at end of file