From d2b4c8c23fe63fa7c1d141214b97bd66dc07e681 Mon Sep 17 00:00:00 2001 From: Mauro Torrez Date: Tue, 9 Jun 2020 01:07:16 -0300 Subject: [PATCH] openvpn --- .drone.yml | 4 +- Dockerfile | 5 +- config | 10 +-- opendkim_setup.tmpl | 41 ------------- openvpn_setup.yml | 145 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 154 insertions(+), 51 deletions(-) delete mode 100644 opendkim_setup.tmpl create mode 100644 openvpn_setup.yml diff --git a/.drone.yml b/.drone.yml index 875ea75..22779d1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -6,7 +6,7 @@ steps: - name: build image only image: plugins/docker settings: - repo: eumau/opendkim + repo: eumau/openvpn auto_tag: true dry_run: true when: @@ -16,7 +16,7 @@ steps: - name: build and publish image image: plugins/docker settings: - repo: eumau/opendkim + repo: eumau/openvpn auto_tag: true username: from_secret: dockerhub_username diff --git a/Dockerfile b/Dockerfile index e9602bf..ef1ff17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim ARG REMCO_VER=0.11.1 RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ - opendkim opendkim-tools wget unzip \ + openvpn \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && wget https://github.com/HeavyHorst/remco/releases/download/v${REMCO_VER}/remco_${REMCO_VER}_linux_amd64.zip \ @@ -10,6 +10,5 @@ RUN apt-get update \ && rm remco_${REMCO_VER}_linux_amd64.zip \ && mv remco_linux /bin/remco COPY config /etc/remco/config -COPY opendkim_setup.tmpl /etc/remco/templates/opendkim_setup.tmpl -EXPOSE 8891 +COPY openvpn_setup.tmpl /etc/remco/templates/openvpn_setup.tmpl ENTRYPOINT ["remco"] diff --git a/config b/config index 08462fb..1e83b08 100644 --- a/config +++ b/config @@ -3,18 +3,18 @@ log_format = "text" [[resource]] name = "opendkim" -start_cmd = "/usr/local/sbin/opendkim_setup" +start_cmd = "/usr/local/sbin/openvpn_setup" [resource.exec] -command = "/usr/sbin/opendkim -f -x /etc/opendkim.conf" +command = "/usr/sbin/openvpn --config /etc/openvpn.conf" [[resource.template]] -src = "/etc/remco/templates/opendkim_setup.tmpl" -dst = "/usr/local/sbin/opendkim_setup" +src = "/etc/remco/templates/openvpn_setup.tmpl" +dst = "/usr/local/sbin/openvpn_setup" mode = "0700" [resource.backend] [resource.backend.env] -keys = ["/dkimkey"] +keys = ["/openvpn"] watch = false onetime = true diff --git a/opendkim_setup.tmpl b/opendkim_setup.tmpl deleted file mode 100644 index 1ffc173..0000000 --- a/opendkim_setup.tmpl +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# setup opendkim configuration and domains -mkdir -p /etc/dkimkeys -truncate -s0 /etc/dkimkeys/{keytable,signingtable,trustedhosts} - -cat - < /etc/opendkim.conf -KeyTable file:/etc/dkimkeys/keytable -SigningTable refile:/etc/dkimkeys/signingtable -InternalHosts refile:/etc/dkimkeys/trustedhosts -Socket inet:8891@0.0.0.0 -OversignHeaders From -TrustAnchorFile /usr/share/dns/root.key -UserID opendkim -EOF - -cat - < /etc/dkimkeys/trustedhosts -0.0.0.0/0 -* -EOF - -{% for domain in lsdir("/dkimkey") %} - -mkdir -p /etc/dkimkeys/{{ domain }} - -{% for selector in ls(printf ("/dkimkey/%s", domain)) %} - -echo '{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/dkimkeys/{{ domain }}/{{ selector }}.private' >> /etc/dkimkeys/keytable -echo '*@{{ domain }} {{ selector }}._domainkey.{{ domain }}' >> /etc/dkimkeys/signingtable -cat - < /etc/dkimkeys/{{ domain }}/{{ selector }}.private -{% for keyline in (replace(getv(printf("/dkimkey/%s/%s",domain,selector)),"\\n","!",-1)|split:"!") %} -{{ keyline }} -{% endfor %} -EOKEY - -{% endfor %} - -chown -R opendkim:opendkim /etc/dkimkeys/{{ domain }} -chmod -R u+rw,go-rw /etc/dkimkeys/{{ domain }} - -{% endfor %} diff --git a/openvpn_setup.yml b/openvpn_setup.yml new file mode 100644 index 0000000..8fc13d1 --- /dev/null +++ b/openvpn_setup.yml @@ -0,0 +1,145 @@ +#!/bin/bash + +# setup openvpn configuration and secrets +mkdir -p /etc/openvpn + +cat - < /etc/openvpn.conf + +# client +{% if getv("/openvpn/mode") %} +{{ getv("/openvpn/mode") }} +{% endif %} + +# dev tun +{% if getv("/openvpn/dev") %} +dev {{ getv("/openvpn/dev") }} +{% endif %} + +# remote +{% if getv("/openvpn/remote") %} +remote {{ getv("/openvpn/remote") }} +{% endif %} + +# proto udp +{% if getv("/openvpn/proto") %} +proto {{ getv("/openvpn/proto") }} +{% endif %} + +# nobind +{% if getv("/openvpn/nobind") %} +nobind +{% endif %} + +# ns-cert-type server +{% if getv("/openvpn/ns/cert/type") %} +ns-cert-type {{ getv("/openvpn/ns/cert/type") }} +{% endif %} + +# up /etc/openvpn/update-resolv-conf +{% if getv("/openvpn/up") %} +up {{ getv("/openvpn/up") }} +{% endif %} + +# down /etc/openvpn/update-resolv-conf +{% if getv("/openvpn/down") %} +down {{ getv("/openvpn/down") }} +{% endif %} + +# tls-auth file 1 # This file is secret +{% if getv("/openvpn/ta") %} +tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default(1) }} +{% endif %} + +# ca +ca /etc/openvpn/ca + +# cert +cert /etc/openvpn/cert + +# key +key /etc/openvpn/key + +# port 1194 +{% if getv("/openvpn/port") %} +port {{ getv("/openvpn/port") }} +{% endif %} + +{% if getv("/openvpn/user") %} +user {{ getv("/openvpn/user") }} +{% else %} +user nobody +{% endif %} + +{% if getv("/openvpn/group") %} +group {{ getv("/openvpn/group") }} +{% else %} +group nogroup +{% endif %} + +# comp-lzo +{% if getv("/openvpn/comp/lzo") %} +comp-lzo +{% endif %} + +# ping 15 +{% if getv("/openvpn/ping") %} +ping {{ getv("/openvpn/ping") }} +{% endif %} + +# ping-restart 45 +{% if getv("/openvpn/ping/restart") %} +ping-restart {{ getv("/openvpn/ping/restart") }} +{% endif %} + +# ping-timer-rem +{% if getv("/openvpn/ping/timer/rem") %} +ping-timer-rem +{% endif %} + +# persist-tun +{% if getv("/openvpn/persist/tun") %} +persist-tun +{% endif %} + +# persist-remote-ip +{% if getv("/openvpn/persist/remote/ip") %} +persist-remote-ip +{% endif %} + +# persist-key +{% if getv("/openvpn/persist/key") %} +persist-key +{% endif %} + +# verb 4 +{% if getv("/openvpn/verb") %} +verb {{ getv("/openvpn/verb") }} +{% endif %} + +EOF + +{% if getv("/openvpn/ta") %} +cat - < /etc/openvpn/ta +{% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %} +{{ keyline }} +{% endfor %} +EOKEY +{% endif %} + +cat - < /etc/openvpn/ca +{% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %} +{{ keyline }} +{% endfor %} +EOKEY + +cat - < /etc/openvpn/cert +{% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %} +{{ keyline }} +{% endfor %} +EOKEY + +cat - < /etc/openvpn/key +{% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %} +{{ keyline }} +{% endfor %} +EOKEY