1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00

add tinc-arm

This commit is contained in:
kev 2016-07-13 11:41:21 +08:00
parent 4efc99fae0
commit 56a3ce064a
14 changed files with 192 additions and 34 deletions

View File

@ -188,6 +188,7 @@ A collection of delicious docker recipes.
- [x] shadowvpn
- [x] strongswan :+1:
- [x] tinc :+1:
- [x] tinc-arm :+1:
## DNS

View File

@ -14,13 +14,14 @@ COPY peer.sh /usr/local/bin/peer.sh
VOLUME /etc/tinc
ENV NETNAME=netname \
KEYSIZE=4096 \
KEYSIZE=4096 \
VERBOSE=2
ENV IP_ADDR=1.2.3.4 \
ADDRESS=10.0.0.1 \
ENV IP_ADDR=1.2.3.4 \
ADDRESS=10.0.0.1 \
NETMASK=255.255.255.0 \
NETWORK=10.0.0.0/24
NETWORK=10.0.0.0/24 \
RUNMODE=server
EXPOSE 655/tcp 655/udp

28
tinc/arm/Dockerfile Normal file
View File

@ -0,0 +1,28 @@
#
# Dockerfile for tinc-arm
#
FROM easypi/alpine-arm
MAINTAINER EasyPi Software Foundation
RUN apk add --no-cache iptables tinc
COPY init.sh /init.sh
COPY docker-entrypoint.sh /entrypoint.sh
COPY peer.sh /usr/local/bin/peer.sh
VOLUME /etc/tinc
ENV NETNAME=netname \
KEYSIZE=4096 \
VERBOSE=2
ENV IP_ADDR=1.2.3.4 \
ADDRESS=10.0.0.1 \
NETMASK=255.255.255.0 \
NETWORK=10.0.0.0/24 \
RUNMODE=server
EXPOSE 655/tcp 655/udp
ENTRYPOINT ["/entrypoint.sh"]

View File

@ -0,0 +1,9 @@
tinc:
image: easypi/tinc-arm
volumes:
- ./tinc:/etc/tinc
environment:
- NETNAME=netname
net: host
privileged: yes
restart: unless-stopped

19
tinc/arm/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh -e
/init.sh
if ! [[ -c /dev/net/tun ]]
then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
fi
if [[ $RUNMODE = server ]]
then
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
fi
exec tincd --no-detach \
--net=${NETNAME} \
--debug=${VERBOSE} \
"$@"

45
tinc/arm/init.sh Executable file
View File

@ -0,0 +1,45 @@
#!/bin/sh -e
#
# initialize server profile
#
if [ -f /etc/tinc/${NETNAME}/hosts/server ]
then
echo 'Initialized!'
exit 0
else
echo 'Initializing...'
fi
mkdir -p /etc/tinc/${NETNAME}/hosts
cd /etc/tinc/${NETNAME}
cat > tinc.conf <<_EOF_
Name = server
Interface = tun0
_EOF_
cat > tinc-up <<_EOF_
#!/bin/sh
ip link set \$INTERFACE up
ip addr add ${ADDRESS} dev \$INTERFACE
ip route add ${NETWORK} dev \$INTERFACE
_EOF_
cat > tinc-down <<_EOF_
#!/bin/sh
ip route del ${NETWORK} dev \$INTERFACE
ip addr del ${ADDRESS} dev \$INTERFACE
ip link set \$INTERFACE down
_EOF_
cat > hosts/server <<_EOF_
Address = ${IP_ADDR}
Subnet = ${ADDRESS}
Subnet = 0.0.0.0/0
_EOF_
chmod +x tinc-up tinc-down
tincd -n${NETNAME} -K${KEYSIZE} < /dev/null

76
tinc/arm/peer.sh Executable file
View File

@ -0,0 +1,76 @@
#!/bin/sh -e
#
# generate peer profile
#
PEER_NAME=${1:?peer name is empty}
PEER_ADDR=${2:?peer addr is empty}
if [ -f /etc/tinc/${NETNAME}/hosts/${PEER_NAME} ]
then
echo 'Peer name was taken!'
exit 1
elif fgrep -qr ${PEER_ADDR} /etc/tinc/${NETNAME}/hosts/
then
echo 'Peer addr was taken!'
exit 2
else
echo 'Generating...'
fi
mkdir -p /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME}/hosts
cd /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME}
cp /etc/tinc/${NETNAME}/hosts/server hosts/server
cat > tinc.conf <<_EOF_
Name = ${PEER_NAME}
Interface = tun0
ConnectTo = server
_EOF_
cat > hosts/${PEER_NAME} <<_EOF_
Subnet = ${PEER_ADDR}
_EOF_
tincd -c. -K${KEYSIZE} < /dev/null
cp /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME}/hosts/${PEER_NAME} \
/etc/tinc/${NETNAME}/hosts/${PEER_NAME}
cat > tinc-up <<_EOF_
#!/bin/sh
ip link set \$INTERFACE up
ip addr add ${PEER_ADDR}/${NETMASK} dev \$INTERFACE
_EOF_
cat > tinc-down <<_EOF_
#!/bin/sh
ip addr del ${PEER_ADDR}/${NETMASK} dev \$INTERFACE
ip link set \$INTERFACE down
_EOF_
cat > hosts/server-up <<"_EOF_"
#!/bin/sh
ORIGINAL_GATEWAY=$(ip route show | grep ^default | cut -d ' ' -f 2-3)
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add 0.0.0.0/1 dev $INTERFACE
ip route add 128.0.0.0/1 dev $INTERFACE
_EOF_
cat > hosts/server-down <<"_EOF_"
#!/bin/sh
ORIGINAL_GATEWAY=$(ip route show | grep ^default | cut -d ' ' -f 2-3)
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE
_EOF_
chmod +x tinc-up tinc-down hosts/server-up hosts/server-down
cd /etc/tinc/${NETNAME}/peers
tar czf ${PEER_NAME}.tar.gz ${PEER_NAME}
rm -rf ${PEER_NAME}
echo "'${PEER_NAME}' => '${PWD}/${PEER_NAME}.tar.gz'"

View File

@ -1 +0,0 @@
Subnet = 10.0.0.2

View File

@ -1,7 +0,0 @@
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE

View File

@ -1,7 +0,0 @@
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add 0.0.0.0/1 dev $INTERFACE
ip route add 128.0.0.0/1 dev $INTERFACE

View File

@ -1,4 +0,0 @@
#!/bin/sh
ip addr del 10.0.0.2/24 dev $INTERFACE
ip link set $INTERFACE down

View File

@ -1,4 +0,0 @@
#!/bin/sh
ip link set $INTERFACE up
ip addr add 10.0.0.2/24 dev $INTERFACE

View File

@ -1,3 +0,0 @@
Name = alarmpi
Interface = tun0
ConnectTo = server

View File

@ -2,11 +2,16 @@
/init.sh
mkdir -p /dev/net
if ! [[ -c /dev/net/tun ]]
then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
fi
[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
if [[ $RUNMODE = server ]]
then
iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE
fi
exec tincd --no-detach \
--net=${NETNAME} \