mauro/docker-image-webdav
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

openvpn

Browse Source
This commit is contained in:
Mauro Torrez 2020-06-09 01:07:16 -03:00
parent cd3124179d
commit d2b4c8c23f
5 changed files with 154 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.drone.yml
View File

@ -6,7 +6,7 @@ steps:
- name: build image only
image: plugins/docker
settings:
repo: eumau/opendkim
repo: eumau/openvpn
auto_tag: true
dry_run: true
when:
@ -16,7 +16,7 @@ steps:
- name: build and publish image
image: plugins/docker
settings:
repo: eumau/opendkim
repo: eumau/openvpn
auto_tag: true
username:
from_secret: dockerhub_username

5
Dockerfile
View File

@ -2,7 +2,7 @@ FROM debian:buster-slim
ARG REMCO_VER=0.11.1
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y \
opendkim opendkim-tools wget unzip \
openvpn \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& wget https://github.com/HeavyHorst/remco/releases/download/v${REMCO_VER}/remco_${REMCO_VER}_linux_amd64.zip \
@ -10,6 +10,5 @@ RUN apt-get update \
&& rm remco_${REMCO_VER}_linux_amd64.zip \
&& mv remco_linux /bin/remco
COPY config /etc/remco/config
COPY opendkim_setup.tmpl /etc/remco/templates/opendkim_setup.tmpl
EXPOSE 8891
COPY openvpn_setup.tmpl /etc/remco/templates/openvpn_setup.tmpl
ENTRYPOINT ["remco"]

10
config
View File

@ -3,18 +3,18 @@ log_format = "text"
[[resource]]
name = "opendkim"
start_cmd = "/usr/local/sbin/opendkim_setup"
start_cmd = "/usr/local/sbin/openvpn_setup"
[resource.exec]
command = "/usr/sbin/opendkim -f -x /etc/opendkim.conf"
command = "/usr/sbin/openvpn --config /etc/openvpn.conf"
[[resource.template]]
src = "/etc/remco/templates/opendkim_setup.tmpl"
dst = "/usr/local/sbin/opendkim_setup"
src = "/etc/remco/templates/openvpn_setup.tmpl"
dst = "/usr/local/sbin/openvpn_setup"
mode = "0700"
[resource.backend]
[resource.backend.env]
keys = ["/dkimkey"]
keys = ["/openvpn"]
watch = false
onetime = true

41
opendkim_setup.tmpl
View File

@ -1,41 +0,0 @@
#!/bin/bash
# setup opendkim configuration and domains
mkdir -p /etc/dkimkeys
truncate -s0 /etc/dkimkeys/{keytable,signingtable,trustedhosts}
cat - <<EOF > /etc/opendkim.conf
KeyTable file:/etc/dkimkeys/keytable
SigningTable refile:/etc/dkimkeys/signingtable
InternalHosts refile:/etc/dkimkeys/trustedhosts
Socket inet:8891@0.0.0.0
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
UserID opendkim
EOF
cat - <<EOF > /etc/dkimkeys/trustedhosts
0.0.0.0/0
*
EOF
{% for domain in lsdir("/dkimkey") %}
mkdir -p /etc/dkimkeys/{{ domain }}
{% for selector in ls(printf ("/dkimkey/%s", domain)) %}
echo '{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/dkimkeys/{{ domain }}/{{ selector }}.private' >> /etc/dkimkeys/keytable
echo '*@{{ domain }} {{ selector }}._domainkey.{{ domain }}' >> /etc/dkimkeys/signingtable
cat - <<EOKEY > /etc/dkimkeys/{{ domain }}/{{ selector }}.private
{% for keyline in (replace(getv(printf("/dkimkey/%s/%s",domain,selector)),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
{% endfor %}
chown -R opendkim:opendkim /etc/dkimkeys/{{ domain }}
chmod -R u+rw,go-rw /etc/dkimkeys/{{ domain }}
{% endfor %}

145
openvpn_setup.yml Normal file
View File

@ -0,0 +1,145 @@
#!/bin/bash
# setup openvpn configuration and secrets
mkdir -p /etc/openvpn
cat - <<EOF > /etc/openvpn.conf
# client
{% if getv("/openvpn/mode") %}
{{ getv("/openvpn/mode") }}
{% endif %}
# dev tun
{% if getv("/openvpn/dev") %}
dev {{ getv("/openvpn/dev") }}
{% endif %}
# remote <host>
{% if getv("/openvpn/remote") %}
remote {{ getv("/openvpn/remote") }}
{% endif %}
# proto udp
{% if getv("/openvpn/proto") %}
proto {{ getv("/openvpn/proto") }}
{% endif %}
# nobind
{% if getv("/openvpn/nobind") %}
nobind
{% endif %}
# ns-cert-type server
{% if getv("/openvpn/ns/cert/type") %}
ns-cert-type {{ getv("/openvpn/ns/cert/type") }}
{% endif %}
# up /etc/openvpn/update-resolv-conf
{% if getv("/openvpn/up") %}
up {{ getv("/openvpn/up") }}
{% endif %}
# down /etc/openvpn/update-resolv-conf
{% if getv("/openvpn/down") %}
down {{ getv("/openvpn/down") }}
{% endif %}
# tls-auth file 1 # This file is secret
{% if getv("/openvpn/ta") %}
tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default(1) }}
{% endif %}
# ca <file>
ca /etc/openvpn/ca
# cert <file>
cert /etc/openvpn/cert
# key <file>
key /etc/openvpn/key
# port 1194
{% if getv("/openvpn/port") %}
port {{ getv("/openvpn/port") }}
{% endif %}
{% if getv("/openvpn/user") %}
user {{ getv("/openvpn/user") }}
{% else %}
user nobody
{% endif %}
{% if getv("/openvpn/group") %}
group {{ getv("/openvpn/group") }}
{% else %}
group nogroup
{% endif %}
# comp-lzo
{% if getv("/openvpn/comp/lzo") %}
comp-lzo
{% endif %}
# ping 15
{% if getv("/openvpn/ping") %}
ping {{ getv("/openvpn/ping") }}
{% endif %}
# ping-restart 45
{% if getv("/openvpn/ping/restart") %}
ping-restart {{ getv("/openvpn/ping/restart") }}
{% endif %}
# ping-timer-rem
{% if getv("/openvpn/ping/timer/rem") %}
ping-timer-rem
{% endif %}
# persist-tun
{% if getv("/openvpn/persist/tun") %}
persist-tun
{% endif %}
# persist-remote-ip
{% if getv("/openvpn/persist/remote/ip") %}
persist-remote-ip
{% endif %}
# persist-key
{% if getv("/openvpn/persist/key") %}
persist-key
{% endif %}
# verb 4
{% if getv("/openvpn/verb") %}
verb {{ getv("/openvpn/verb") }}
{% endif %}
EOF
{% if getv("/openvpn/ta") %}
cat - <<EOKEY > /etc/openvpn/ta
{% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
{% endif %}
cat - <<EOKEY > /etc/openvpn/ca
{% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
cat - <<EOKEY > /etc/openvpn/cert
{% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
cat - <<EOKEY > /etc/openvpn/key
{% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY