diff --git a/README.md b/README.md index 9132dce..e138dc2 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,7 @@ A collection of delicious docker recipes. - [x] shadowvpn - [x] strongswan :+1: - [x] tinc :+1: +- [x] tinc-arm :+1: ## DNS diff --git a/tinc/Dockerfile b/tinc/Dockerfile index f011875..e521c50 100644 --- a/tinc/Dockerfile +++ b/tinc/Dockerfile @@ -14,13 +14,14 @@ COPY peer.sh /usr/local/bin/peer.sh VOLUME /etc/tinc ENV NETNAME=netname \ - KEYSIZE=4096 \ + KEYSIZE=4096 \ VERBOSE=2 -ENV IP_ADDR=1.2.3.4 \ - ADDRESS=10.0.0.1 \ +ENV IP_ADDR=1.2.3.4 \ + ADDRESS=10.0.0.1 \ NETMASK=255.255.255.0 \ - NETWORK=10.0.0.0/24 + NETWORK=10.0.0.0/24 \ + RUNMODE=server EXPOSE 655/tcp 655/udp diff --git a/tinc/arm/Dockerfile b/tinc/arm/Dockerfile new file mode 100644 index 0000000..04544ce --- /dev/null +++ b/tinc/arm/Dockerfile @@ -0,0 +1,28 @@ +# +# Dockerfile for tinc-arm +# + +FROM easypi/alpine-arm +MAINTAINER EasyPi Software Foundation + +RUN apk add --no-cache iptables tinc + +COPY init.sh /init.sh +COPY docker-entrypoint.sh /entrypoint.sh +COPY peer.sh /usr/local/bin/peer.sh + +VOLUME /etc/tinc + +ENV NETNAME=netname \ + KEYSIZE=4096 \ + VERBOSE=2 + +ENV IP_ADDR=1.2.3.4 \ + ADDRESS=10.0.0.1 \ + NETMASK=255.255.255.0 \ + NETWORK=10.0.0.0/24 \ + RUNMODE=server + +EXPOSE 655/tcp 655/udp + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/tinc/arm/docker-compose.yml b/tinc/arm/docker-compose.yml new file mode 100644 index 0000000..062ebc4 --- /dev/null +++ b/tinc/arm/docker-compose.yml @@ -0,0 +1,9 @@ +tinc: + image: easypi/tinc-arm + volumes: + - ./tinc:/etc/tinc + environment: + - NETNAME=netname + net: host + privileged: yes + restart: unless-stopped diff --git a/tinc/arm/docker-entrypoint.sh b/tinc/arm/docker-entrypoint.sh new file mode 100755 index 0000000..2b10e95 --- /dev/null +++ b/tinc/arm/docker-entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/sh -e + +/init.sh + +if ! [[ -c /dev/net/tun ]] +then + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 +fi + +if [[ $RUNMODE = server ]] +then + iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE +fi + +exec tincd --no-detach \ + --net=${NETNAME} \ + --debug=${VERBOSE} \ + "$@" diff --git a/tinc/arm/init.sh b/tinc/arm/init.sh new file mode 100755 index 0000000..79b2494 --- /dev/null +++ b/tinc/arm/init.sh @@ -0,0 +1,45 @@ +#!/bin/sh -e +# +# initialize server profile +# + +if [ -f /etc/tinc/${NETNAME}/hosts/server ] +then + echo 'Initialized!' + exit 0 +else + echo 'Initializing...' +fi + +mkdir -p /etc/tinc/${NETNAME}/hosts + +cd /etc/tinc/${NETNAME} + +cat > tinc.conf <<_EOF_ +Name = server +Interface = tun0 +_EOF_ + +cat > tinc-up <<_EOF_ +#!/bin/sh +ip link set \$INTERFACE up +ip addr add ${ADDRESS} dev \$INTERFACE +ip route add ${NETWORK} dev \$INTERFACE +_EOF_ + +cat > tinc-down <<_EOF_ +#!/bin/sh +ip route del ${NETWORK} dev \$INTERFACE +ip addr del ${ADDRESS} dev \$INTERFACE +ip link set \$INTERFACE down +_EOF_ + +cat > hosts/server <<_EOF_ +Address = ${IP_ADDR} +Subnet = ${ADDRESS} +Subnet = 0.0.0.0/0 +_EOF_ + +chmod +x tinc-up tinc-down + +tincd -n${NETNAME} -K${KEYSIZE} < /dev/null diff --git a/tinc/arm/peer.sh b/tinc/arm/peer.sh new file mode 100755 index 0000000..1deb899 --- /dev/null +++ b/tinc/arm/peer.sh @@ -0,0 +1,76 @@ +#!/bin/sh -e +# +# generate peer profile +# + +PEER_NAME=${1:?peer name is empty} +PEER_ADDR=${2:?peer addr is empty} + +if [ -f /etc/tinc/${NETNAME}/hosts/${PEER_NAME} ] +then + echo 'Peer name was taken!' + exit 1 +elif fgrep -qr ${PEER_ADDR} /etc/tinc/${NETNAME}/hosts/ +then + echo 'Peer addr was taken!' + exit 2 +else + echo 'Generating...' +fi + +mkdir -p /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME}/hosts + +cd /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME} + +cp /etc/tinc/${NETNAME}/hosts/server hosts/server + +cat > tinc.conf <<_EOF_ +Name = ${PEER_NAME} +Interface = tun0 +ConnectTo = server +_EOF_ + +cat > hosts/${PEER_NAME} <<_EOF_ +Subnet = ${PEER_ADDR} +_EOF_ + +tincd -c. -K${KEYSIZE} < /dev/null + +cp /etc/tinc/${NETNAME}/peers/${PEER_NAME}/tinc/${NETNAME}/hosts/${PEER_NAME} \ + /etc/tinc/${NETNAME}/hosts/${PEER_NAME} + +cat > tinc-up <<_EOF_ +#!/bin/sh +ip link set \$INTERFACE up +ip addr add ${PEER_ADDR}/${NETMASK} dev \$INTERFACE +_EOF_ + +cat > tinc-down <<_EOF_ +#!/bin/sh +ip addr del ${PEER_ADDR}/${NETMASK} dev \$INTERFACE +ip link set \$INTERFACE down +_EOF_ + +cat > hosts/server-up <<"_EOF_" +#!/bin/sh +ORIGINAL_GATEWAY=$(ip route show | grep ^default | cut -d ' ' -f 2-3) +ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route add 0.0.0.0/1 dev $INTERFACE +ip route add 128.0.0.0/1 dev $INTERFACE +_EOF_ + +cat > hosts/server-down <<"_EOF_" +#!/bin/sh +ORIGINAL_GATEWAY=$(ip route show | grep ^default | cut -d ' ' -f 2-3) +ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY +ip route del 0.0.0.0/1 dev $INTERFACE +ip route del 128.0.0.0/1 dev $INTERFACE +_EOF_ + +chmod +x tinc-up tinc-down hosts/server-up hosts/server-down + +cd /etc/tinc/${NETNAME}/peers +tar czf ${PEER_NAME}.tar.gz ${PEER_NAME} +rm -rf ${PEER_NAME} + +echo "'${PEER_NAME}' => '${PWD}/${PEER_NAME}.tar.gz'" diff --git a/tinc/arm/tinc/netname/hosts/alarmpi b/tinc/arm/tinc/netname/hosts/alarmpi deleted file mode 100644 index c8f3fe5..0000000 --- a/tinc/arm/tinc/netname/hosts/alarmpi +++ /dev/null @@ -1 +0,0 @@ -Subnet = 10.0.0.2 diff --git a/tinc/arm/tinc/netname/hosts/server-down b/tinc/arm/tinc/netname/hosts/server-down deleted file mode 100755 index 38ec206..0000000 --- a/tinc/arm/tinc/netname/hosts/server-down +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` - -ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY -ip route del 0.0.0.0/1 dev $INTERFACE -ip route del 128.0.0.0/1 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/hosts/server-up b/tinc/arm/tinc/netname/hosts/server-up deleted file mode 100755 index 73a415e..0000000 --- a/tinc/arm/tinc/netname/hosts/server-up +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-3` - -ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY -ip route add 0.0.0.0/1 dev $INTERFACE -ip route add 128.0.0.0/1 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/tinc-down b/tinc/arm/tinc/netname/tinc-down deleted file mode 100755 index 1a5c18c..0000000 --- a/tinc/arm/tinc/netname/tinc-down +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -ip addr del 10.0.0.2/24 dev $INTERFACE -ip link set $INTERFACE down diff --git a/tinc/arm/tinc/netname/tinc-up b/tinc/arm/tinc/netname/tinc-up deleted file mode 100755 index dfcb6f0..0000000 --- a/tinc/arm/tinc/netname/tinc-up +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -ip link set $INTERFACE up -ip addr add 10.0.0.2/24 dev $INTERFACE diff --git a/tinc/arm/tinc/netname/tinc.conf b/tinc/arm/tinc/netname/tinc.conf deleted file mode 100644 index 4b8c365..0000000 --- a/tinc/arm/tinc/netname/tinc.conf +++ /dev/null @@ -1,3 +0,0 @@ -Name = alarmpi -Interface = tun0 -ConnectTo = server diff --git a/tinc/docker-entrypoint.sh b/tinc/docker-entrypoint.sh index 9714803..2b10e95 100755 --- a/tinc/docker-entrypoint.sh +++ b/tinc/docker-entrypoint.sh @@ -2,11 +2,16 @@ /init.sh -mkdir -p /dev/net +if ! [[ -c /dev/net/tun ]] +then + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 +fi -[ -e /dev/net/tun ] || mknod /dev/net/tun c 10 200 - -iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE +if [[ $RUNMODE = server ]] +then + iptables -t nat -A POSTROUTING -s ${NETWORK} -o eth0 -j MASQUERADE +fi exec tincd --no-detach \ --net=${NETNAME} \