safebox/wireguard-proxy-client
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: safebox:3cc178f690f2103c99b96fb5901a241f3565ab27
Branches Tags
safebox:master
...
compare: safebox:master
Branches Tags
safebox:master

8 Commits
3cc178f690 ... master

Author SHA1 Message Date
gyurix
70459a4533 Update image reference in vpn-proxy.json to use safebox/wireguard-proxy-client
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-05 22:39:38 +01:00
gyurix
f44dd33f71 Update .drone.yml and JSON configuration files for service adjustments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-05 21:58:15 +01:00
gyurix
025b8c1bb4 replaced safebox
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-05 17:13:07 +01:00
Gyorgy Berenyi
dc73bffa54 Update .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-05 10:45:14 +00:00
Gyorgy Berenyi
d9f5e07a21 Add .drone.yml 2025-03-05 10:44:40 +00:00
Gyurix
0687287436 changed service file 2024-10-17 14:42:04 +02:00
Gyurix
2aafd3adb8 removed docker bin from firewall files 2024-10-13 15:03:35 +02:00
Gyurix
207311ddbe prepared image to run under arm infra also 2024-09-10 13:56:07 +02:00
6 changed files with 357 additions and 245 deletions
Expand all files Collapse all files

47
.drone.yml Normal file
View File

@@ -0,0 +1,47 @@
kind: pipeline
type: kubernetes
name: default
node_selector:
physical-node: dev1
trigger:
branch:
- master
event:
- push
workspace:
path: /drone/src
steps:
- name: build multiarch from dev
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
settings:
cache-from: [ "registry.dev.format.hu/wireguard-proxy-client" ]
registry: registry.dev.format.hu
repo: registry.dev.format.hu/wireguard-proxy-client
tags: latest
dockerfile: Dockerfile
username:
from_secret: dev-hu-registry-username
password:
from_secret: dev-hu-registry-password
platforms:
- linux/amd64
- linux/arm64
- name: pull image to dockerhub
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
settings:
cache-from: [ "safebox/wireguard-proxy-client" ]
repo: safebox/wireguard-proxy-client
tags: latest
username:
from_secret: dockerhub-username
password:
from_secret: dockerhub-password
platforms:
- linux/amd64
- linux/arm64

4
Dockerfile
View File

@@ -1,10 +1,10 @@
FROM alpine:latest
RUN apk add --no-cache alpine-sdk rustup \
&& rustup-init -y --target x86_64-unknown-linux-musl --default-toolchain beta --profile minimal \
&& rustup-init -y --default-toolchain beta --profile minimal \
#&& curl https://sh.rustup.rs -sSf | sh -s -- -y --default-host x86_64-unknown-linux-musl --profile minimal \
&& source ~/.cargo/env \
&& cargo install --target x86_64-unknown-linux-musl boringtun-cli
&& cargo install boringtun-cli
FROM alpine:latest

52
firewall-vpn-proxy-postrouting.json
View File

@@ -33,31 +33,49 @@
"TYPE": "rw"
},
{
"SOURCE": "/usr/bin/docker",
"DEST": "/usr/bin/docker",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [ ],
"PORTS": [],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{ "NSENTER": "true" },
{ "POSTROUTING": "true" },
{ "NAME": "NAME", "VALUE": "wireguardproxy" },
{ "TARGET": "smarthostloadbalancer" },
{ "TYPE": "tcp" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "client" }
{
"NSENTER": "true"
},
{
"POSTROUTING": "true"
},
{
"NAME": "NAME",
"VALUE": "wireguardproxy"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "client"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",

68
firewall-vpn-proxy-prerouting.json
View File

@@ -33,36 +33,62 @@
"TYPE": "rw"
},
{
"SOURCE": "/usr/bin/docker",
"DEST": "/usr/bin/docker",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
}
],
"PORTS": [ ],
"PORTS": [],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{ "NSENTER": "true" },
{ "PREROUTING": "true" },
{ "SOURCE_IFACE": "wg0" },
{ "TARGET": "smarthostloadbalancer" },
{ "NAME": "NAME", "VALUE": "wireguardproxy" },
{ "TYPE": "tcp" },
{ "SOURCE_PORT_1": "80" },
{ "SOURCE_PORT_2": "443" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "client" }
{
"NSENTER": "true"
},
{
"PREROUTING": "true"
},
{
"SOURCE_IFACE": "wg0"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"NAME": "NAME",
"VALUE": "wireguardproxy"
},
{
"TYPE": "tcp"
},
{
"SOURCE_PORT_1": "80"
},
{
"SOURCE_PORT_2": "443"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "client"
}
],
"ENV_FILES": [
"/etc/user/config/user.json"
],
"ENV_FILES": [ "/etc/user/config/user.json" ],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",

47
firewall-vpn-smarthost-loadbalancer.json
View File

@@ -31,27 +31,42 @@
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
},
{
"SOURCE": "/usr/bin/docker",
"DEST": "/usr/bin/docker",
"TYPE": "ro"
}
],
"PORTS": [ ],
"PORTS": [],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{ "CHAIN": "DOCKER-USER" },
{ "SOURCE": "proxyvpnclient" },
{ "TARGET": "smarthostloadbalancer" },
{ "TYPE": "tcp" },
{ "TARGET_PORT_1": "80" },
{ "TARGET_PORT_2": "443" },
{ "COMMENT": "vpn access smarthost loadbalancer" }
{
"CHAIN": "DOCKER-USER"
},
{
"SOURCE": "wireguardproxy"
},
{
"TARGET": "smarthostloadbalancer"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT_1": "80"
},
{
"TARGET_PORT_2": "443"
},
{
"COMMENT": "vpn access smarthost loadbalancer"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",

24
vpn-proxy.json
View File

@@ -5,11 +5,11 @@
},
"containers": [
{
"IMAGE": "registry.format.hu/wireguard-client",
"IMAGE": "safebox/wireguard-proxy-client",
"UPDATE": "true",
"NAME": "wireguardproxy-client",
"MEMORY": "64M",
"SELECTOR": "proxyvpnclient",
"SELECTOR": "wireguardproxy",
"VOLUMES": [
{
"SOURCE": "/etc/user/secret/vpn-proxy/wg0.conf",
@@ -17,23 +17,29 @@
"TYPE": "ro"
}
],
"PORTS": [ ],
"PORTS": [],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": "null",
"EXTRA": "--privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
"EXTRA": "--restart unless-stopped --privileged --cap-add=NET_ADMIN --device=/dev/net/tun --cap-add MKNOD --cap-add NET_RAW",
"DEPEND": "null",
"START_ON_BOOT": "true",
"CMD": "null",
"PRE_START": "null",
"POST_START": [ "firewall-vpn-smarthost-loadbalancer",
"POST_START": [
"firewall-vpn-smarthost-loadbalancer",
"firewall-vpn-proxy-postrouting",
"firewall-vpn-proxy-prerouting"
]
}
]
}