multi-arch, add coredns

Author: aptalca

Dockerfile

@@ -29,6 +29,15 @@ RUN \
  echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
  echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
  apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
  echo "**** clean up ****" && \
  rm -rf \
 	/tmp/* \

Dockerfile.aarch64

@@ -0,0 +1,51 @@
+FROM lsiobase/ubuntu:arm64v8-bionic
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG WIREGUARD_RELEASE
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+ENV DEBIAN_FRONTEND="noninteractive"
+
+RUN \
+ echo "**** install dependencies ****" && \
+ apt-get update && \
+ apt-get install -y \
+	curl \
+	dkms \
+	gnupg \ 
+	ifupdown \
+	iproute2 \
+	iptables \
+	iputils-ping \
+	libc6 \
+	perl \
+	qrencode && \
+ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
+ echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
+ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
+ apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
+ echo "**** clean up ****" && \
+ rm -rf \
+	/tmp/* \
+	/var/lib/apt/lists/* \
+	/var/tmp/*
+
+# add local files
+COPY /root /
+
+# ports and volumes
+EXPOSE 51820/udp

Dockerfile.armhf

@@ -0,0 +1,51 @@
+FROM lsiobase/ubuntu:arm32v7-bionic
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG WIREGUARD_RELEASE
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+ENV DEBIAN_FRONTEND="noninteractive"
+
+RUN \
+ echo "**** install dependencies ****" && \
+ apt-get update && \
+ apt-get install -y \
+	curl \
+	dkms \
+	gnupg \ 
+	ifupdown \
+	iproute2 \
+	iptables \
+	iputils-ping \
+	libc6 \
+	perl \
+	qrencode && \
+ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \
+ echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \
+ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
+ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
+ apt-get install resolvconf && \
+ echo "**** install CoreDNS ****" && \
+ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \
+	| awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \
+ curl -o \
+	/tmp/coredns.tar.gz -L \
+	"https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \
+ tar xf \
+	/tmp/coredns.tar.gz -C \
+	/app && \
+ echo "**** clean up ****" && \
+ rm -rf \
+	/tmp/* \
+	/var/lib/apt/lists/* \
+	/var/tmp/*
+
+# add local files
+COPY /root /
+
+# ports and volumes
+EXPOSE 51820/udp

Jenkinsfile

@@ -24,7 +24,7 @@ pipeline {
     DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
     PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
     DIST_IMAGE = 'ubuntu'
-    MULTIARCH='false'
+    MULTIARCH='true'
     CI='false'
     CI_WEB='false'
     CI_PORT='8080'

README.md

@@ -51,6 +51,8 @@ The architectures supported by this image are:
 | Architecture | Tag |
 | :----: | --- |
 | x86-64 | amd64-latest |
+| arm64 | arm64v8-latest |
+| armhf | arm32v7-latest |
 
 
 ## Usage
@@ -162,10 +164,12 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel
  
 ## Application Setup
 
-This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
 
 If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
+With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+
 This can be run as a server or a client, based on the parameters used. 
 
 ## Server Mode
@@ -253,7 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
-* **08.04.20:** - Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops).
+* **08.04.20:** - Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops).
 * **05.04.20:** - Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs.
 * **01.04.20:** - Add `show-peer` script and include info on host installed headers.
 * **31.03.20:** - Initial Release.

jenkins-vars.yml

@@ -16,7 +16,7 @@ repo_vars:
   - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard'
   - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard'
   - DIST_IMAGE = 'ubuntu'
-  - MULTIARCH='false'
+  - MULTIARCH='true'
   - CI='false'
   - CI_WEB='false'
   - CI_PORT='8080'

readme-vars.yml

@@ -10,6 +10,8 @@ project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_
 # supported architectures
 available_architectures:
   - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
+  - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
+  - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"}
 
 # development version
 development_versions: false
@@ -43,7 +45,7 @@ opt_param_env_vars:
   - { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"}
   - { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."}
   - { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode."}
-  - { env_var: "PEERDNS", env_value: "8.8.8.8", desc: "DNS server set in peer/client configs. Used in server mode."}
+  - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
   - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
 
 optional_block_1: false
@@ -52,10 +54,12 @@ optional_block_1_items: ""
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
-  This image is designed for Ubuntu and Debian x86_64 systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
+  This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream).
 
   If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv).
 
+  With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees).
+
   This can be run as a server or a client, based on the parameters used. 
 
   ## Server Mode
@@ -74,7 +78,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
-  - { date: "08.04.20:", desc: "Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." }
+  - { date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." }
   - { date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs." }
   - { date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers." }
   - { date: "31.03.20:", desc: "Initial Release." }

root/app/add-peer

@@ -11,7 +11,9 @@ if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
   SERVERURL=$(curl icanhazip.com)
 fi
 SERVERPORT=${SERVERPORT:-51820}
-PEERDNS=${PEERDNS:-8.8.8.8}
+if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
+  PEERDNS="${INTERFACE}.1"
+fi
 
 for i in {1..254}; do
   if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then

root/defaults/Corefile

@@ -0,0 +1,3 @@
+. {
+    forward . 127.0.0.11
+}

root/etc/cont-init.d/30-config

@@ -1,14 +1,25 @@
 #!/usr/bin/with-contenv bash
 
-mkdir -p /config/templates
+mkdir -p /config/{templates,coredns}
 
 # install headers and wireguard
 apt-get update
 if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
   apt-get install -y \
     linux-headers-$(uname -r) \
     wireguard
+elif uname -r | grep -q 'v7l+'; then
+  echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers"
+  curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add -
+  echo -e \
+    "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \
+    > /etc/apt/sources.list.d/raspbian.list
+  apt-get update
+  apt-get install -y \
+    raspberrypi-kernel-headers \
+    wireguard
 elif uname -v | grep -q 'Ubuntu'; then
+  echo "Attempting to install kernel headers from Ubuntu Xenial repo"
   curl -s http://archive.ubuntu.com/ubuntu/dists/xenial/Release.gpg | apt-key add -
   echo -e \
     "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \
@@ -19,11 +30,12 @@ elif uname -v | grep -q 'Ubuntu'; then
       linux-headers-$(uname -r) \
       wireguard
   else
-    echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work"
+    echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work"
     apt-get install -y \
       wireguard
   fi
 elif uname -v | grep -q 'Debian'; then
+  echo "Debian host detected, attempting to install kernel headers from Debian Buster repo"
   curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add -
   echo -e \
     "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free" \
@@ -34,6 +46,7 @@ elif uname -v | grep -q 'Debian'; then
       linux-headers-$(uname -r) \
       wireguard
   else
+    echo "Attempting to install kernel headers from the Debian Stretch repo"
     curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add -
     sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list
     apt-get update
@@ -42,13 +55,13 @@ elif uname -v | grep -q 'Debian'; then
         linux-headers-$(uname -r) \
         wireguard
     else
-      echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work"
+      echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work"
       apt-get install -y \
         wireguard
     fi
   fi
 else
-  echo "No kernel headers found!! Will try the headers from the wireguard ppa, may or may not work"
+  echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work"
   apt-get install -y \
     wireguard
 fi
@@ -120,11 +133,15 @@ if [ -n "$PEERS" ]; then
   fi
   SERVERPORT=${SERVERPORT:-51820}
   echo "External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container"
-  PEERDNS=${PEERDNS:-8.8.8.8}
-  echo "DNS server is set to $PEERDNS"
   INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
   echo "Internal subnet is set to $INTERNAL_SUBNET"
   INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
+  if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
+    PEERDNS="${INTERFACE}.1"
+    echo "PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS."
+  else
+    echo "Peer DNS servers will be set to $PEERDNS"
+  fi
   if [ ! -f /config/wg0.conf ]; then
     echo "No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs"
     generate_confs
@@ -149,6 +166,10 @@ else
   fi
 fi
 
+# set up CoreDNS
+[[ ! -f /config/coredns/Corefile ]] && \
+  cp /defaults/Corefile /config/coredns/Corefile
+
 # permissions
 chown -R abc:abc \
 	/config