Update image reference in vpn-proxy.json to use safebox/wireguard-proxy-client

Update .drone.yml and JSON configuration files for service adjustments
replaced safebox
2025-03-05 22:39:38 +01:00 · 2025-03-05 21:58:15 +01:00 · 2025-03-05 17:13:07 +01:00 · 2025-03-05 10:45:14 +00:00 · 2025-03-05 10:44:40 +00:00 · 2024-10-17 14:42:04 +02:00
6 changed files with 357 additions and 245 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,47 @@
 kind: pipeline
 type: kubernetes
 name: default
 node_selector:
  physical-node: dev1
 trigger:
  branch:
    - master
  event:
    - push
 workspace:
  path: /drone/src
 steps:
  - name: build multiarch from dev
    image: docker.io/owncloudci/drone-docker-buildx:4
    privileged: true
    settings:
      cache-from: [ "registry.dev.format.hu/wireguard-proxy-client" ]
      registry: registry.dev.format.hu
      repo: registry.dev.format.hu/wireguard-proxy-client
      tags: latest
      dockerfile: Dockerfile
      username:
        from_secret: dev-hu-registry-username
      password: 
        from_secret: dev-hu-registry-password
      platforms:
        - linux/amd64
        - linux/arm64
  - name: pull image to dockerhub
    image: docker.io/owncloudci/drone-docker-buildx:4
    privileged: true
    settings:
      cache-from: [ "safebox/wireguard-proxy-client" ]
      repo: safebox/wireguard-proxy-client
      tags: latest
      username:
        from_secret: dockerhub-username
      password: 
        from_secret: dockerhub-password
      platforms:
        - linux/amd64
        - linux/arm64
--- a/4
+++ b/4
@@ -1,10 +1,10 @@
 FROM alpine:latest
 RUN apk add --no-cache alpine-sdk rustup \
- && rustup-init -y --target x86_64-unknown-linux-musl --default-toolchain beta --profile minimal \
+ && rustup-init -y --default-toolchain beta --profile minimal \
 #&& curl https://sh.rustup.rs -sSf | sh -s -- -y  --default-host x86_64-unknown-linux-musl --profile minimal \
 && source ~/.cargo/env \
- && cargo install --target x86_64-unknown-linux-musl boringtun-cli
+ && cargo install boringtun-cli
 FROM alpine:latest
--- a/firewall-vpn-proxy-postrouting.json
+++ b/firewall-vpn-proxy-postrouting.json
@@ -1,70 +1,88 @@
 {
-	"main": {
+    "main": {
-		"SERVICE_NAME": "firewalls",
+        "SERVICE_NAME": "firewalls",
-		"DOMAIN": "null" 
+        "DOMAIN": "null"
-	},
+    },
-	"containers": [
+    "containers": [
-		{ 
+        {
-			"IMAGE": "registry.format.hu/firewall",
+            "IMAGE": "registry.format.hu/firewall",
-			"UPDATE": "true",
+            "UPDATE": "true",
-			"NAME": "firewall",
+            "NAME": "firewall",
-			"SCALE": "0",
+            "SCALE": "0",
-			"MEMORY": "64M",
+            "MEMORY": "64M",
-			"NETWORK": "host",
+            "NETWORK": "host",
-			"VOLUMES": [
+            "VOLUMES": [
-				{
+                {
-				"SOURCE": "/proc/",
+                    "SOURCE": "/proc/",
-				"DEST": "/proc/",
+                    "DEST": "/proc/",
-				"TYPE": "rw"
+                    "TYPE": "rw"
-				},
+                },
-				{
+                {
-				"SOURCE": "/run/",
+                    "SOURCE": "/run/",
-				"DEST": "/run/",
+                    "DEST": "/run/",
-				"TYPE": "rw"
+                    "TYPE": "rw"
-				},
+                },
-				{
+                {
-				"SOURCE": "/etc/user/config/services",
+                    "SOURCE": "/etc/user/config/services",
-				"DEST": "/services",
+                    "DEST": "/services",
-				"TYPE": "ro"
+                    "TYPE": "ro"
-				},
+                },
-				{
+                {
-                                 "SOURCE": "/var/run/docker.sock",
+                    "SOURCE": "/var/run/docker.sock",
-                                 "DEST": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
-                                 "TYPE": "rw"
+                    "TYPE": "rw"
-                                 },
+                },
-                                 {
+                {
-                                 "SOURCE": "/usr/bin/docker",
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
-                                 "DEST": "/usr/bin/docker",
+                    "DEST": "/etc/dns/hosts.local",
-                                 "TYPE": "ro"
+                    "TYPE": "ro"
-                                 },
+                }
-        			 {     
+            ],
-        			"SOURCE": "/etc/system/data/dns/hosts.local",
+            "PORTS": [],
-        			"DEST": "/etc/dns/hosts.local", 
+            "READYNESS": [
-        			"TYPE": "ro"
+                {
-        			 }
+                    "tcp": ""
-				],
+                },
-			"PORTS": [ ],
+                {
-			"READYNESS": [
+                    "HTTP": ""
-			        {"tcp": ""},
+                },
-			        {"HTTP": ""},
+                {
-				{"EXEC": "/ready.sh"}
+                    "EXEC": "/ready.sh"
-				],
+                }
-                        "ENVS": [
+            ],
-				{ "NSENTER": "true" },
+            "ENVS": [
-                                { "POSTROUTING": "true" },
+                {
-				{ "NAME": "NAME", "VALUE": "wireguardproxy" },
+                    "NSENTER": "true"
-                                { "TARGET": "smarthostloadbalancer" }, 
+                },
-				{ "TYPE": "tcp" },
+                {
-                                { "TARGET_PORT_1": "80" },
+                    "POSTROUTING": "true"
-                                { "TARGET_PORT_2": "443" },
+                },
-                                { "COMMENT": "client" }
+                {
-                                ], 
+                    "NAME": "NAME",
-			"EXTRA": "--privileged --rm",
+                    "VALUE": "wireguardproxy"
-			"DEPEND": "null",
+                },
-			"START_ON_BOOT": "false",
+                {
-			"CMD": "null",
+                    "TARGET": "smarthostloadbalancer"
-			"PRE_START": "null",
+                },
-			"POST_START": "null"
+                {
-		}
+                    "TYPE": "tcp"
-	]
+                },
-}
+                {
                    "TARGET_PORT_1": "80"
                },
                {
                    "TARGET_PORT_2": "443"
                },
                {
                    "COMMENT": "client"
                }
            ],
            "EXTRA": "--privileged --rm",
            "DEPEND": "null",
            "START_ON_BOOT": "false",
            "CMD": "null",
            "PRE_START": "null",
            "POST_START": "null"
        }
    ]
 }
--- a/firewall-vpn-proxy-prerouting.json
+++ b/firewall-vpn-proxy-prerouting.json
@@ -1,74 +1,100 @@
 {
-	"main": {
+    "main": {
-		"SERVICE_NAME": "firewalls",
+        "SERVICE_NAME": "firewalls",
-		"DOMAIN": "null" 
+        "DOMAIN": "null"
-	},
+    },
-	"containers": [
+    "containers": [
-		{ 
+        {
-			"IMAGE": "registry.format.hu/firewall",
+            "IMAGE": "registry.format.hu/firewall",
-			"UPDATE": "true",
+            "UPDATE": "true",
-			"NAME": "wireguardfirewall",
+            "NAME": "wireguardfirewall",
-			"SCALE": "0",
+            "SCALE": "0",
-			"MEMORY": "64M",
+            "MEMORY": "64M",
-			"NETWORK": "host",
+            "NETWORK": "host",
-			"VOLUMES": [
+            "VOLUMES": [
-				{
+                {
-				"SOURCE": "/proc/",
+                    "SOURCE": "/proc/",
-				"DEST": "/proc/",
+                    "DEST": "/proc/",
-				"TYPE": "rw"
+                    "TYPE": "rw"
-				},
+                },
-				{
+                {
-				"SOURCE": "/run/",
+                    "SOURCE": "/run/",
-				"DEST": "/run/",
+                    "DEST": "/run/",
-				"TYPE": "rw"
+                    "TYPE": "rw"
-				},
+                },
-				{
+                {
-				"SOURCE": "/etc/user/config/services",
+                    "SOURCE": "/etc/user/config/services",
-				"DEST": "/services",
+                    "DEST": "/services",
-				"TYPE": "ro"
+                    "TYPE": "ro"
-				},
+                },
-				{
+                {
-                                 "SOURCE": "/var/run/docker.sock",
+                    "SOURCE": "/var/run/docker.sock",
-                                 "DEST": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
-                                 "TYPE": "rw"
+                    "TYPE": "rw"
-                                 },
+                },
-                                 {
+                {
-                                 "SOURCE": "/usr/bin/docker",
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
-                                 "DEST": "/usr/bin/docker",
+                    "DEST": "/etc/dns/hosts.local",
-                                 "TYPE": "ro"
+                    "TYPE": "ro"
-                                 },
+                }
-        			 {     
+            ],
-        			"SOURCE": "/etc/system/data/dns/hosts.local",
+            "PORTS": [],
-        			"DEST": "/etc/dns/hosts.local", 
+            "READYNESS": [
-        			"TYPE": "ro"
+                {
-        			 }
+                    "tcp": ""
-				],
+                },
-			"PORTS": [ ],
+                {
-			"READYNESS": [
+                    "HTTP": ""
-			        {"tcp": ""},
+                },
-			        {"HTTP": ""},
+                {
-				{"EXEC": "/ready.sh"}
+                    "EXEC": "/ready.sh"
-				],
+                }
-                        "ENVS": [
+            ],
-				{ "NSENTER": "true" },
+            "ENVS": [
-                                { "PREROUTING": "true" },
+                {
-				{ "SOURCE_IFACE": "wg0" },
+                    "NSENTER": "true"
-                                { "TARGET": "smarthostloadbalancer" },
+                },
-				{ "NAME": "NAME", "VALUE": "wireguardproxy" },
+                {
-				{ "TYPE": "tcp" },
+                    "PREROUTING": "true"
-                                { "SOURCE_PORT_1": "80" },
+                },
-                                { "SOURCE_PORT_2": "443" },
+                {
-                                { "TARGET_PORT_1": "80" },
+                    "SOURCE_IFACE": "wg0"
-                                { "TARGET_PORT_2": "443" },
+                },
-                                { "COMMENT": "client" }
+                {
-                                ], 
+                    "TARGET": "smarthostloadbalancer"
-			"ENV_FILES": [ "/etc/user/config/user.json" ],
+                },
-			"EXTRA": "--privileged --rm",
+                {
-			"DEPEND": "null",
+                    "NAME": "NAME",
-			"START_ON_BOOT": "false",
+                    "VALUE": "wireguardproxy"
-			"CMD": "null",
+                },
-			"PRE_START": "null",
+                {
-			"POST_START": "null"
+                    "TYPE": "tcp"
-		}
+                },
-	]
+                {
-}
+                    "SOURCE_PORT_1": "80"
                },
                {
                    "SOURCE_PORT_2": "443"
                },
                {
                    "TARGET_PORT_1": "80"
                },
                {
                    "TARGET_PORT_2": "443"
                },
                {
                    "COMMENT": "client"
                }
            ],
            "ENV_FILES": [
                "/etc/user/config/user.json"
            ],
            "EXTRA": "--privileged --rm",
            "DEPEND": "null",
            "START_ON_BOOT": "false",
            "CMD": "null",
            "PRE_START": "null",
            "POST_START": "null"
        }
    ]
 }
--- a/firewall-vpn-smarthost-loadbalancer.json
+++ b/firewall-vpn-smarthost-loadbalancer.json
@@ -1,64 +1,79 @@
 {
-	"main": {
+    "main": {
-		"SERVICE_NAME": "firewalls",
+        "SERVICE_NAME": "firewalls",
-		"DOMAIN": "null" 
+        "DOMAIN": "null"
-	},
+    },
-	"containers": [
+    "containers": [
-		{ 
+        {
-			"IMAGE": "registry.format.hu/firewall",
+            "IMAGE": "registry.format.hu/firewall",
-			"UPDATE": "true",
+            "UPDATE": "true",
-			"NAME": "firewall",
+            "NAME": "firewall",
-			"MEMORY": "64M",
+            "MEMORY": "64M",
-			"NETWORK": "host",
+            "NETWORK": "host",
-			"SCALE": "0",
+            "SCALE": "0",
-			"VOLUMES": [
+            "VOLUMES": [
-				{
+                {
-				"SOURCE": "/run/",
+                    "SOURCE": "/run/",
-				"DEST": "/run/",
+                    "DEST": "/run/",
-				"TYPE": "rw"
+                    "TYPE": "rw"
-				},
+                },
-				{
+                {
-				"SOURCE": "/etc/user/config/services",
+                    "SOURCE": "/etc/user/config/services",
-				"DEST": "/services",
+                    "DEST": "/services",
-				"TYPE": "ro"
+                    "TYPE": "ro"
-				},
+                },
-				{
+                {
-                                "SOURCE": "/etc/system/data/dns/hosts.local", 
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
-                                "DEST": "/etc/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
-                                "TYPE": "ro"
+                    "TYPE": "ro"
-                                },
+                },
-				{
+                {
-                                 "SOURCE": "/var/run/docker.sock",
+                    "SOURCE": "/var/run/docker.sock",
-                                 "DEST": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
-                                 "TYPE": "rw"
+                    "TYPE": "rw"
-                                 },
+                }
-                                 {
+            ],
-                                 "SOURCE": "/usr/bin/docker",
+            "PORTS": [],
-                                 "DEST": "/usr/bin/docker",
+            "READYNESS": [
-                                 "TYPE": "ro"
+                {
-                                 }
+                    "tcp": ""
-				],
+                },
-			"PORTS": [ ],
+                {
-			"READYNESS": [
+                    "HTTP": ""
-			        {"tcp": ""},
+                },
-			        {"HTTP": ""},
+                {
-				{"EXEC": "/ready.sh"}
+                    "EXEC": "/ready.sh"
-				],
+                }
-                        "ENVS": [ 
+            ],
-               			{ "CHAIN": "DOCKER-USER" },
+            "ENVS": [
-                                { "SOURCE": "proxyvpnclient" },
+                {
-                                { "TARGET": "smarthostloadbalancer" },
+                    "CHAIN": "DOCKER-USER"
-                                { "TYPE": "tcp" },
+                },
-                                { "TARGET_PORT_1": "80" },
+                {
-                                { "TARGET_PORT_2": "443" },
+                    "SOURCE": "wireguardproxy"
-                                { "COMMENT": "vpn access smarthost loadbalancer" }
+                },
-                                ], 
+                {
-			"EXTRA": "--privileged --rm",
+                    "TARGET": "smarthostloadbalancer"
-			"DEPEND": "null",
+                },
-			"START_ON_BOOT": "false",
+                {
-			"CMD": "null",
+                    "TYPE": "tcp"
-			"PRE_START": "null",
+                },
-			"POST_START": "null"
+                {
-		}
+                    "TARGET_PORT_1": "80"
-	]
+                },
-}
+                {
                    "TARGET_PORT_2": "443"
                },
                {
                    "COMMENT": "vpn access smarthost loadbalancer"
                }
            ],
            "EXTRA": "--privileged --rm",
            "DEPEND": "null",
            "START_ON_BOOT": "false",
            "CMD": "null",
            "PRE_START": "null",
            "POST_START": "null"
        }
    ]
 }
--- a/vpn-proxy.json
+++ b/vpn-proxy.json
@@ -1,39 +1,45 @@
 {
-	"main": {
+    "main": {
-		"SERVICE_NAME": "wireguard-client",
+        "SERVICE_NAME": "wireguard-client",
-		"DOMAIN": "null" 
+        "DOMAIN": "null"
-	},
+    },
-	"containers": [
+    "containers": [
-		{ 
+        {
-			"IMAGE": "registry.format.hu/wireguard-client",
+            "IMAGE": "safebox/wireguard-proxy-client",
-			"UPDATE": "true",
+            "UPDATE": "true",
-			"NAME": "wireguardproxy-client",
+            "NAME": "wireguardproxy-client",
-			"MEMORY": "64M",
+            "MEMORY": "64M",
-			"SELECTOR": "proxyvpnclient",
+            "SELECTOR": "wireguardproxy",
-			"VOLUMES": [
+            "VOLUMES": [
-                                {   
+                {
-                                "SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf",
+                    "SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf",
-                                "DEST": "/etc/wireguard/wg0.conf",
+                    "DEST": "/etc/wireguard/wg0.conf",
-                                "TYPE": "ro"
+                    "TYPE": "ro"
-                                } 
+                }
-				],
+            ],
-			"PORTS": [ ],
+            "PORTS": [],
-			"READYNESS": [
+            "READYNESS": [
-			        {"tcp": ""},
+                {
-			        {"HTTP": ""},
+                    "tcp": ""
-				{"EXEC": "/ready.sh"}
+                },
-				],
+                {
-                        "ENVS":  "null",
+                    "HTTP": ""
-                        "EXTRA": "--privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
+                },
-                        "DEPEND": "null",
+                {
-                        "START_ON_BOOT": "true",
+                    "EXEC": "/ready.sh"
-                        "CMD": "null",			
+                }
-			"PRE_START": "null",
+            ],
-			"POST_START": [ "firewall-vpn-smarthost-loadbalancer",
+            "ENVS": "null",
-					"firewall-vpn-proxy-postrouting",
+            "EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
-					"firewall-vpn-proxy-prerouting"
+            "DEPEND": "null",
-					]
+            "START_ON_BOOT": "true",
-		}
+            "CMD": "null",
-	]
+            "PRE_START": "null",
-}
+            "POST_START": [
-
+                "firewall-vpn-smarthost-loadbalancer",
                "firewall-vpn-proxy-postrouting",
                "firewall-vpn-proxy-prerouting"
            ]
        }
    ]
 }
Author	SHA1	Message	Date
gyurix	70459a4533	Update image reference in vpn-proxy.json to use safebox/wireguard-proxy-client All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-05 22:39:38 +01:00
gyurix	f44dd33f71	Update .drone.yml and JSON configuration files for service adjustments All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-05 21:58:15 +01:00
gyurix	025b8c1bb4	replaced safebox All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-05 17:13:07 +01:00
Gyorgy Berenyi	dc73bffa54	Update .drone.yml All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-05 10:45:14 +00:00
Gyorgy Berenyi	d9f5e07a21	Add .drone.yml	2025-03-05 10:44:40 +00:00
Gyurix	0687287436	changed service file	2024-10-17 14:42:04 +02:00
Gyurix	2aafd3adb8	removed docker bin from firewall files	2024-10-13 15:03:35 +02:00
Gyurix	207311ddbe	prepared image to run under arm infra also	2024-09-10 13:56:07 +02:00