safebox/wireguard-proxy-client
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update .drone.yml and JSON configuration files for service adjustments
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
gyurix
2025-03-05 21:58:15 +01:00
parent 025b8c1bb4
commit f44dd33f71
5 changed files with 309 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.drone.yml
View File

@@ -3,7 +3,7 @@ type: kubernetes
name: default
node_selector:
physical-node: dev2
physical-node: dev1
trigger:
branch:

149
firewall-vpn-proxy-postrouting.json
View File

@@ -1,65 +1,88 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "firewall",
"SCALE": "0",
"MEMORY": "64M",
"NETWORK": "host",
"VOLUMES": [
{
"SOURCE": "/proc/",
"DEST": "/proc/",
"TYPE": "rw"
},
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [ ],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
],
"ENVS": [
{ "NSENTER": "true" },
{ "POSTROUTING": "true" },
{ "NAME": "NAME", "VALUE": "wireguardproxy" },
{ "TARGET": "smarthostloadbalancer" },
{ "TYPE": "tcp" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "client" }
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "firewall",
"SCALE": "0",
"MEMORY": "64M",
"NETWORK": "host",
"VOLUMES": [
{
"SOURCE": "/proc/",
"DEST": "/proc/",
"TYPE": "rw"
},
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"NSENTER": "true"
},
{
"POSTROUTING": "true"
},
{
"NAME": "NAME",
"VALUE": "wireguardproxy"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "client"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}

165
firewall-vpn-proxy-prerouting.json
View File

@@ -1,69 +1,100 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "wireguardfirewall",
"SCALE": "0",
"MEMORY": "64M",
"NETWORK": "host",
"VOLUMES": [
{
"SOURCE": "/proc/",
"DEST": "/proc/",
"TYPE": "rw"
},
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [ ],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
],
"ENVS": [
{ "NSENTER": "true" },
{ "PREROUTING": "true" },
{ "SOURCE_IFACE": "wg0" },
{ "TARGET": "smarthostloadbalancer" },
{ "NAME": "NAME", "VALUE": "wireguardproxy" },
{ "TYPE": "tcp" },
{ "SOURCE_PORT_1": "80" },
{ "SOURCE_PORT_2": "443" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "client" }
],
"ENV_FILES": [ "/etc/user/config/user.json" ],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "wireguardfirewall",
"SCALE": "0",
"MEMORY": "64M",
"NETWORK": "host",
"VOLUMES": [
{
"SOURCE": "/proc/",
"DEST": "/proc/",
"TYPE": "rw"
},
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"NSENTER": "true"
},
{
"PREROUTING": "true"
},
{
"SOURCE_IFACE": "wg0"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"NAME": "NAME",
"VALUE": "wireguardproxy"
},
{
"TYPE": "tcp"
},
{
"SOURCE_PORT_1": "80"
},
{
"SOURCE_PORT_2": "443"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "client"
}
],
"ENV_FILES": [
"/etc/user/config/user.json"
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}

134
firewall-vpn-smarthost-loadbalancer.json
View File

@@ -1,59 +1,79 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "firewall",
"MEMORY": "64M",
"NETWORK": "host",
"SCALE": "0",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [ ],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
],
"ENVS": [
{ "CHAIN": "DOCKER-USER" },
{ "SOURCE": "proxyvpnclient" },
{ "TARGET": "smarthostloadbalancer" },
{ "TYPE": "tcp" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "vpn access smarthost loadbalancer" }
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"UPDATE": "true",
"NAME": "firewall",
"MEMORY": "64M",
"NETWORK": "host",
"SCALE": "0",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"CHAIN": "DOCKER-USER"
},
{
"SOURCE": "wireguardproxy"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "vpn access smarthost loadbalancer"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}

80
vpn-proxy.json
View File

@@ -1,39 +1,45 @@
{
"main": {
"SERVICE_NAME": "wireguard-client",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/wireguard-proxy-client",
"UPDATE": "true",
"NAME": "wireguardproxy-client",
"MEMORY": "64M",
"SELECTOR": "proxyvpnclient",
"VOLUMES": [
{
"SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf",
"DEST": "/etc/wireguard/wg0.conf",
"TYPE": "ro"
}
],
"PORTS": [ ],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
],
"ENVS": "null",
"EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
"DEPEND": "null",
"START_ON_BOOT": "true",
"CMD": "null",
"PRE_START": "null",
"POST_START": [ "firewall-vpn-smarthost-loadbalancer",
"firewall-vpn-proxy-postrouting",
"firewall-vpn-proxy-prerouting"
]
}
]
"main": {
"SERVICE_NAME": "wireguard-client",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/wireguard-proxy-client",
"UPDATE": "true",
"NAME": "wireguardproxy-client",
"MEMORY": "64M",
"SELECTOR": "wireguardproxy",
"VOLUMES": [
{
"SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf",
"DEST": "/etc/wireguard/wg0.conf",
"TYPE": "ro"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": "null",
"EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
"DEPEND": "null",
"START_ON_BOOT": "true",
"CMD": "null",
"PRE_START": "null",
"POST_START": [
"firewall-vpn-smarthost-loadbalancer",
"firewall-vpn-proxy-postrouting",
"firewall-vpn-proxy-prerouting"
]
}
]
}