Merge pull request #5 from linuxserver/scripts

Multi-arch, add coredns, update scripts for templates

Author: aptalca

Dockerfile

@@ -29,6 +29,15 @@ RUN \
  echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
  echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
  apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
  echo "**** clean up ****" && \
  rm -rf \
 	/tmp/* \

Dockerfile.aarch64

@@ -0,0 +1,51 @@
+FROM lsiobase/ubuntu:arm64v8-bionic
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG WIREGUARD_RELEASE
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+ENV DEBIAN_FRONTEND="noninteractive"
+
+RUN \
+ echo "**** install dependencies ****" && \
+ apt-get update && \
+ apt-get install -y \
+	curl \
+	dkms \
+	gnupg \ 
+	ifupdown \
+	iproute2 \
+	iptables \
+	iputils-ping \
+	libc6 \
+	perl \
+	qrencode && \
+ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
+ echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
+ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
+ apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
+ echo "**** clean up ****" && \
+ rm -rf \
+	/tmp/* \
+	/var/lib/apt/lists/* \
+	/var/tmp/*
+
+# add local files
+COPY /root /
+
+# ports and volumes
+EXPOSE 51820/udp

Dockerfile.armhf

@@ -0,0 +1,51 @@
+FROM lsiobase/ubuntu:arm32v7-bionic
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG WIREGUARD_RELEASE
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+ENV DEBIAN_FRONTEND="noninteractive"
+
+RUN \
+ echo "**** install dependencies ****" && \
+ apt-get update && \
+ apt-get install -y \
+	curl \
+	dkms \
+	gnupg \ 
+	ifupdown \
+	iproute2 \
+	iptables \
+	iputils-ping \
+	libc6 \
+	perl \
+	qrencode && \
+ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
+ echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
+ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
+ apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
+ echo "**** clean up ****" && \
+ rm -rf \
+	/tmp/* \
+	/var/lib/apt/lists/* \
+	/var/tmp/*
+
+# add local files
+COPY /root /
+
+# ports and volumes
+EXPOSE 51820/udp

Jenkinsfile

@@ -24,7 +24,7 @@ pipeline {
     DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
     PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
     DIST_IMAGE = 'ubuntu'
-    MULTIARCH='false'
+    MULTIARCH='true'
     CI='false'
     CI_WEB='false'
     CI_PORT='8080'

README.md

@@ -51,6 +51,8 @@ The architectures supported by this image are:
 | Architecture | Tag |
 | :----: | --- |
 | x86-64 | amd64-latest |
+| arm64 | arm64v8-latest |
+| armhf | arm32v7-latest |
 
 
 ## Usage
@@ -70,7 +72,7 @@ docker create \
   -e SERVERURL=wireguard.domain.com `#optional` \
   -e SERVERPORT=51820 `#optional` \
   -e PEERS=1 `#optional` \
-  -e PEERDNS=8.8.8.8 `#optional` \
+  -e PEERDNS=auto `#optional` \
   -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
   -p 51820:51820/udp \
   -v /path/to/appdata/config:/config \
@@ -102,7 +104,7 @@ services:
       - SERVERURL=wireguard.domain.com #optional
       - SERVERPORT=51820 #optional
       - PEERS=1 #optional
-      - PEERDNS=8.8.8.8 #optional
+      - PEERDNS=auto #optional
       - INTERNAL_SUBNET=10.13.13.0 #optional
     volumes:
       - /path/to/appdata/config:/config
@@ -127,7 +129,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e SERVERURL=wireguard.domain.com` | External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically |
 | `-e SERVERPORT=51820` | External port for docker host. Used in server mode. |
 | `-e PEERS=1` | Number of peers to create confs for. Required for server mode. |
-| `-e PEERDNS=8.8.8.8` | DNS server set in peer/client configs. Used in server mode. |
+| `-e PEERDNS=auto` | DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward. |
 | `-e INTERNAL_SUBNET=10.13.13.0` | Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. |
 | `-v /config` | Contains all relevant configuration files. |
 | `-v /lib/modules` | Maps host's modules folder. |
@@ -162,10 +164,12 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel
  
 ## Application Setup
 
-This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
 
 If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
+With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+
 This can be run as a server or a client, based on the parameters used. 
 
 ## Server Mode
@@ -253,6 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops).
 * **05.04.20:** - Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs.
 * **01.04.20:** - Add `show-peer` script and include info on host installed headers.
 * **31.03.20:** - Initial Release.

jenkins-vars.yml

@@ -16,7 +16,7 @@ repo_vars:
   - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
   - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
   - DIST_IMAGE = 'ubuntu'
-  - MULTIARCH='false'
+  - MULTIARCH='true'
   - CI='false'
   - CI_WEB='false'
   - CI_PORT='8080'

readme-vars.yml

@@ -10,6 +10,8 @@ project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_
 # supported architectures
 available_architectures:
   - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
+  - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
+  - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"}
 
 # development version
 development_versions: false
@@ -43,7 +45,7 @@ opt_param_env_vars:
   - { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"}
   - { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."}
   - { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode."}
-  - { env_var: "PEERDNS", env_value: "8.8.8.8", desc: "DNS server set in peer/client configs. Used in server mode."}
+  - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
   - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
 
 optional_block_1: false
@@ -52,10 +54,12 @@ optional_block_1_items: ""
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
-  This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+  This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
 
   If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
+  With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+
   This can be run as a server or a client, based on the parameters used. 
 
   ## Server Mode
@@ -74,6 +78,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." }
   - { date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs." }
   - { date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers." }
   - { date: "31.03.20:", desc: "Initial Release." }

root/app/add-peer

@@ -1,12 +1,22 @@
 #!/usr/bin/with-contenv bash
 
-if [ ! -f /config/wg0.conf ] || [ -z "$PEERS" ] || [ -z "$SERVERURL" ]; then
+if [ ! -f /config/wg0.conf ] || [ -z "$PEERS" ]; then
   echo "Wireguard is not set up in server mode"
   exit 0
 fi
 
+INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
+INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
+if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
+  SERVERURL=$(curl icanhazip.com)
+fi
+SERVERPORT=${SERVERPORT:-51820}
+if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
+  PEERDNS="${INTERFACE}.1"
+fi
+
 for i in {1..254}; do
-  if grep -q "AllowedIPs = 10.13.13.$(( $i + 1 ))/32" /config/wg0.conf; then
+  if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then
     echo "Peer $i exists"
   else
     echo "Adding new Peer $i"
@@ -15,24 +25,14 @@ for i in {1..254}; do
       umask 077
       wg genkey | tee /config/peer${i}/privatekey-peer${i} | wg pubkey > /config/peer${i}/publickey-peer${i}
     fi
-    SERVERPORT=${SERVERPORT:-51820}
-    PEERDNS=${PEERDNS:-8.8.8.8}
+    eval "`printf %s`
     cat <<DUDE > /config/peer${i}/peer${i}.conf
-[Interface]
-Address = 10.13.13.$(( $i + 1 ))
-PrivateKey = $(cat /config/peer${i}/privatekey-peer${i})
-ListenPort = 51820
-DNS = ${PEERDNS}
-
-[Peer]
-PublicKey = $(cat /config/server/publickey-server)
-Endpoint = ${SERVERURL}:${SERVERPORT}
-AllowedIPs = 0.0.0.0/0, ::/0
-DUDE
+`cat /config/templates/peer.conf`
+DUDE"
     cat <<DUDE >> /config/wg0.conf
 [Peer]
 PublicKey = $(cat /config/peer${i}/publickey-peer${i})
-AllowedIPs = 10.13.13.$(( $i + 1 ))/32
+AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32
 
 DUDE
     echo "PEER ${i} QR code:"

root/app/show-peer

@@ -5,8 +5,11 @@ if [ ! $# -gt 0 ]; then
   exit 0
 fi
 
+INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
+INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
+
 for i in "$@"; do
-  if grep -q "AllowedIPs = 10.13.13.$(( $i + 1 ))/32" /config/wg0.conf; then
+  if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then
     echo "PEER $i QR code:"
     qrencode -t ansiutf8 < /config/peer${i}/peer${i}.conf
   else

root/defaults/Corefile

@@ -0,0 +1,3 @@
+. {
+    forward . 127.0.0.11
+}