openvpn

.drone.yml

@@ -6,7 +6,7 @@ steps:
   - name: build image only
     image: plugins/docker
     settings:
-      repo: eumau/opendkim
+      repo: eumau/openvpn
       auto_tag: true
       dry_run: true
     when:
@@ -16,7 +16,7 @@ steps:
   - name: build and publish image
     image: plugins/docker
     settings:
-      repo: eumau/opendkim
+      repo: eumau/openvpn
       auto_tag: true
       username:
         from_secret: dockerhub_username

Dockerfile

@@ -2,7 +2,7 @@ FROM debian:buster-slim
 ARG REMCO_VER=0.11.1
 RUN apt-get update \
   && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    opendkim opendkim-tools wget unzip \
+    openvpn \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
   && wget https://github.com/HeavyHorst/remco/releases/download/v${REMCO_VER}/remco_${REMCO_VER}_linux_amd64.zip \
@@ -10,6 +10,5 @@ RUN apt-get update \
   && rm remco_${REMCO_VER}_linux_amd64.zip \
   && mv remco_linux /bin/remco
 COPY config /etc/remco/config
-COPY opendkim_setup.tmpl /etc/remco/templates/opendkim_setup.tmpl
+COPY openvpn_setup.tmpl /etc/remco/templates/openvpn_setup.tmpl
-EXPOSE 8891
 ENTRYPOINT ["remco"]

config

@@ -3,18 +3,18 @@ log_format = "text"
 
 [[resource]]
 name = "opendkim"
-start_cmd = "/usr/local/sbin/opendkim_setup"
+start_cmd = "/usr/local/sbin/openvpn_setup"
 
 [resource.exec]
-command = "/usr/sbin/opendkim -f -x /etc/opendkim.conf"
+command = "/usr/sbin/openvpn --config /etc/openvpn.conf"
 
 [[resource.template]]
-src = "/etc/remco/templates/opendkim_setup.tmpl"
+src = "/etc/remco/templates/openvpn_setup.tmpl"
-dst = "/usr/local/sbin/opendkim_setup"
+dst = "/usr/local/sbin/openvpn_setup"
 mode = "0700"
 
 [resource.backend]
 [resource.backend.env]
-keys = ["/dkimkey"]
+keys = ["/openvpn"]
 watch = false
 onetime = true

opendkim_setup.tmpl

@@ -1,41 +0,0 @@
-#!/bin/bash
-
-# setup opendkim configuration and domains
-mkdir -p /etc/dkimkeys
-truncate -s0 /etc/dkimkeys/{keytable,signingtable,trustedhosts}
-
-cat - <<EOF > /etc/opendkim.conf
-KeyTable        file:/etc/dkimkeys/keytable
-SigningTable    refile:/etc/dkimkeys/signingtable 
-InternalHosts   refile:/etc/dkimkeys/trustedhosts
-Socket          inet:8891@0.0.0.0
-OversignHeaders	From
-TrustAnchorFile /usr/share/dns/root.key
-UserID          opendkim
-EOF
-
-cat - <<EOF > /etc/dkimkeys/trustedhosts
-0.0.0.0/0
-*
-EOF
-
-{% for domain in lsdir("/dkimkey") %}
-
-mkdir -p /etc/dkimkeys/{{ domain }}
-
-{% for selector in ls(printf ("/dkimkey/%s", domain)) %}
-
-echo '{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/dkimkeys/{{ domain }}/{{ selector }}.private' >> /etc/dkimkeys/keytable
-echo '*@{{ domain }} {{ selector }}._domainkey.{{ domain }}' >> /etc/dkimkeys/signingtable
-cat - <<EOKEY > /etc/dkimkeys/{{ domain }}/{{ selector }}.private
-{% for keyline in (replace(getv(printf("/dkimkey/%s/%s",domain,selector)),"\\n","!",-1)|split:"!") %}
-{{ keyline }}
-{% endfor %}
-EOKEY
-
-{% endfor %}
-
-chown -R opendkim:opendkim /etc/dkimkeys/{{ domain }}
-chmod -R u+rw,go-rw /etc/dkimkeys/{{ domain }}
-
-{% endfor %}

openvpn_setup.yml

@@ -0,0 +1,145 @@
+#!/bin/bash
+
+# setup openvpn configuration and secrets
+mkdir -p /etc/openvpn
+
+cat - <<EOF > /etc/openvpn.conf
+
+# client
+{% if getv("/openvpn/mode") %}
+{{ getv("/openvpn/mode") }}
+{% endif %}
+
+# dev tun
+{% if getv("/openvpn/dev") %}
+dev {{ getv("/openvpn/dev") }}
+{% endif %}
+
+# remote <host>
+{% if getv("/openvpn/remote") %}
+remote {{ getv("/openvpn/remote") }}
+{% endif %}
+
+# proto udp
+{% if getv("/openvpn/proto") %}
+proto {{ getv("/openvpn/proto") }}
+{% endif %}
+
+# nobind
+{% if getv("/openvpn/nobind") %}
+nobind
+{% endif %}
+
+# ns-cert-type server
+{% if getv("/openvpn/ns/cert/type") %}
+ns-cert-type {{ getv("/openvpn/ns/cert/type") }}
+{% endif %}
+
+# up /etc/openvpn/update-resolv-conf
+{% if getv("/openvpn/up") %}
+up {{ getv("/openvpn/up") }}
+{% endif %}
+
+# down /etc/openvpn/update-resolv-conf
+{% if getv("/openvpn/down") %}
+down {{ getv("/openvpn/down") }}
+{% endif %}
+
+# tls-auth file 1 # This file is secret
+{% if getv("/openvpn/ta") %}
+tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default(1) }}
+{% endif %}
+
+# ca <file>
+ca /etc/openvpn/ca
+
+# cert <file>
+cert /etc/openvpn/cert
+
+# key <file>
+key /etc/openvpn/key
+
+# port 1194
+{% if getv("/openvpn/port") %}
+port {{ getv("/openvpn/port") }}
+{% endif %}
+
+{% if getv("/openvpn/user") %}
+user {{ getv("/openvpn/user") }}
+{% else %}
+user nobody
+{% endif %}
+
+{% if getv("/openvpn/group") %}
+group {{ getv("/openvpn/group") }}
+{% else %}
+group nogroup
+{% endif %}
+
+# comp-lzo
+{% if getv("/openvpn/comp/lzo") %}
+comp-lzo
+{% endif %}
+
+# ping 15
+{% if getv("/openvpn/ping") %}
+ping {{ getv("/openvpn/ping") }}
+{% endif %}
+
+# ping-restart 45
+{% if getv("/openvpn/ping/restart") %}
+ping-restart {{ getv("/openvpn/ping/restart") }}
+{% endif %}
+
+# ping-timer-rem
+{% if getv("/openvpn/ping/timer/rem") %}
+ping-timer-rem
+{% endif %}
+
+# persist-tun
+{% if getv("/openvpn/persist/tun") %}
+persist-tun
+{% endif %}
+
+# persist-remote-ip
+{% if getv("/openvpn/persist/remote/ip") %}
+persist-remote-ip
+{% endif %}
+
+# persist-key
+{% if getv("/openvpn/persist/key") %}
+persist-key
+{% endif %}
+
+# verb 4
+{% if getv("/openvpn/verb") %}
+verb {{ getv("/openvpn/verb") }}
+{% endif %}
+
+EOF
+
+{% if getv("/openvpn/ta") %}
+cat - <<EOKEY > /etc/openvpn/ta
+{% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %}
+{{ keyline }}
+{% endfor %}
+EOKEY
+{% endif %}
+
+cat - <<EOKEY > /etc/openvpn/ca
+{% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %}
+{{ keyline }}
+{% endfor %}
+EOKEY
+
+cat - <<EOKEY > /etc/openvpn/cert
+{% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %}
+{{ keyline }}
+{% endfor %}
+EOKEY
+
+cat - <<EOKEY > /etc/openvpn/key
+{% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %}
+{{ keyline }}
+{% endfor %}
+EOKEY