diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index d5ae6896..803bd2c7 100755 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -24,7 +24,7 @@ ## Readme If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit. -Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-wireguard/edit/master/readme-vars.yml). +Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-wireguard/edit/legacy/readme-vars.yml). These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play. Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io/images/docker-wireguard) @@ -105,17 +105,17 @@ docker build \ -t linuxserver/wireguard:latest . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. ## Update the changelog -If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-wireguard/tree/master/root), add an entry to the changelog +If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-wireguard/tree/legacy/root), add an entry to the changelog ```yml changelogs: diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml index 59a10f56..aa983eae 100644 --- a/.github/ISSUE_TEMPLATE/issue.bug.yml +++ b/.github/ISSUE_TEMPLATE/issue.bug.yml @@ -4,74 +4,11 @@ description: Create a report to help us improve title: "[BUG] " labels: [Bug] body: - - type: checkboxes + - type: markdown attributes: - label: Is there an existing issue for this? - description: Please search to see if an issue already exists for the bug you encountered. - options: - - label: I have searched the existing issues - required: true - - type: textarea - attributes: - label: Current Behavior - description: Tell us what happens instead of the expected behavior. - validations: - required: true - - type: textarea - attributes: - label: Expected Behavior - description: Tell us what should happen. - validations: - required: false - - type: textarea - attributes: - label: Steps To Reproduce - description: Steps to reproduce the behavior. - placeholder: | - 1. In this environment... - 2. With this config... - 3. Run '...' - 4. See error... - validations: - required: true - - type: textarea - attributes: - label: Environment - description: | - examples: - - **OS**: Ubuntu 20.04 - - **How docker service was installed**: distro's packagemanager value: | - - OS: - - How docker service was installed: - render: markdown - validations: - required: false - - type: dropdown - attributes: - label: CPU architecture - options: - - x86-64 - - arm64 - - armhf - validations: - required: true - - type: textarea - attributes: - label: Docker creation - description: | - Command used to create docker container - Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container - render: bash - validations: - required: true - - type: textarea - attributes: - description: | - Provide a full docker log, output of "docker logs linuxserver.io" - label: Container logs - placeholder: | - Output of `docker logs linuxserver.io` - render: bash - validations: - required: true +# DEPRECATION NOTICE +This image is deprecated. We will not offer support for this image and it will not be updated. + + +Please switch to the Alpine-based latest tag diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml index 099dcdb5..213b62f9 100644 --- a/.github/ISSUE_TEMPLATE/issue.feature.yml +++ b/.github/ISSUE_TEMPLATE/issue.feature.yml @@ -4,28 +4,11 @@ description: Suggest an idea for this project title: "[FEAT] <title>" labels: [enhancement] body: - - type: checkboxes - attributes: - label: Is this a new feature request? - description: Please search to see if a feature request already exists. - options: - - label: I have searched the existing issues - required: true - - type: textarea - attributes: - label: Wanted change - description: Tell us what you want to happen. - validations: - required: true - - type: textarea - attributes: - label: Reason for change - description: Justify your request, why do you want it, what is the benefit. - validations: - required: true - - type: textarea - attributes: - label: Proposed code change - description: Do you have a potential code change in mind? - validations: - required: false + - type: markdown + attributes: + value: | +# DEPRECATION NOTICE +This image is deprecated. We will not offer support for this image and it will not be updated. + + +Please switch to the Alpine-based latest tag diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ce5860d1..1b9ab140 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,3 +1,8 @@ +# DEPRECATION NOTICE +This image is deprecated. We will not offer support for this image and it will not be updated. + + +Please switch to the Alpine-based latest tag <!--- Provide a general summary of your changes in the Title above --> [linuxserverurl]: https://linuxserver.io @@ -21,7 +26,7 @@ ------------------------------ - - [ ] I have read the [contributing](https://github.com/linuxserver/docker-wireguard/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications + - [ ] I have read the [contributing](https://github.com/linuxserver/docker-wireguard/blob/legacy/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications ------------------------------ diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml deleted file mode 100755 index 87243e2c..00000000 --- a/.github/workflows/call_issue_pr_tracker.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Issue & PR Tracker - -on: - issues: - types: [opened,reopened,labeled,unlabeled] - pull_request_target: - types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] - -jobs: - manage-project: - permissions: - issues: write - uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 - secrets: inherit diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml deleted file mode 100755 index 091b04a7..00000000 --- a/.github/workflows/call_issues_cron.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Mark stale issues and pull requests -on: - schedule: - - cron: '20 0 * * *' - workflow_dispatch: - -jobs: - stale: - permissions: - issues: write - pull-requests: write - uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1 - secrets: inherit diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml deleted file mode 100755 index c5eb5ca2..00000000 --- a/.github/workflows/external_trigger.yml +++ /dev/null @@ -1,96 +0,0 @@ -name: External Trigger Main - -on: - workflow_dispatch: - -jobs: - external-trigger-master: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.1.0 - - - name: External Trigger - if: github.ref == 'refs/heads/master' - run: | - if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER }}" ]; then - echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" - exit 0 - fi - echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****" - echo "**** Retrieving external version ****" - EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name) - if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then - echo "**** Can't retrieve external version, exiting ****" - FAILURE_REASON="Can't retrieve external version for wireguard branch master" - GHA_TRIGGER_URL="https://github.com/linuxserver/docker-wireguard/actions/runs/${{ github.run_id }}" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, - "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} - exit 1 - fi - EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') - echo "**** External version: ${EXT_RELEASE} ****" - echo "**** Retrieving last pushed version ****" - image="linuxserver/wireguard" - tag="latest" - token=$(curl -sX GET \ - "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fwireguard%3Apull" \ - | jq -r '.token') - multidigest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${tag}" \ - | jq -r 'first(.manifests[].digest)') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ - | jq -r '.config.digest') - image_info=$(curl -sL \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/blobs/${digest}") - if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then - image_info=$(echo $image_info | jq -r '.config') - else - image_info=$(echo $image_info | jq -r '.container_config') - fi - IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}') - IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}') - if [ -z "${IMAGE_VERSION}" ]; then - echo "**** Can't retrieve last pushed version, exiting ****" - FAILURE_REASON="Can't retrieve last pushed version for wireguard tag latest" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680, - "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} - exit 1 - fi - echo "**** Last pushed version: ${IMAGE_VERSION} ****" - if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then - echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" - exit 0 - elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" - exit 0 - else - echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=false \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" - echo "**** Notifying Discord ****" - TRIGGER_REASON="A version change was detected for wireguard tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} - fi diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml deleted file mode 100755 index b677c14b..00000000 --- a/.github/workflows/external_trigger_scheduler.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: External Trigger Scheduler - -on: - schedule: - - cron: '25 * * * *' - workflow_dispatch: - -jobs: - external-trigger-scheduler: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.1.0 - with: - fetch-depth: '0' - - - name: External Trigger Scheduler - run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) - do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) - if [ "$br" == "$ls_branch" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" - if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." - curl -iX POST \ - -H "Authorization: token ${{ secrets.CR_PAT }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"ref\":\"refs/heads/${br}\"}" \ - https://api.github.com/repos/linuxserver/docker-wireguard/actions/workflows/external_trigger.yml/dispatches - else - echo "**** Workflow doesn't exist; skipping trigger. ****" - fi - else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" - fi - done diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index f3cc4efe..e7bed958 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -9,5 +9,5 @@ jobs: - uses: actions/first-interaction@v1 with: issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.' - pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-wireguard/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!' + pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-wireguard/blob/legacy/.github/PULL_REQUEST_TEMPLATE.md)!' repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml deleted file mode 100755 index 410a286d..00000000 --- a/.github/workflows/package_trigger.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Package Trigger Main - -on: - workflow_dispatch: - -jobs: - package-trigger-master: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.1.0 - - - name: Package Trigger - if: github.ref == 'refs/heads/master' - run: | - if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER }}" ]; then - echo "**** Github secret PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER is set; skipping trigger. ****" - exit 0 - fi - if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then - echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" - exit 0 - fi - echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_WIREGUARD_MASTER\". ****" - response=$(curl -iX POST \ - https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/buildWithParameters?PACKAGE_CHECK=true \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") - echo "**** Jenkins job queue url: ${response%$'\r'} ****" - echo "**** Sleeping 10 seconds until job starts ****" - sleep 10 - buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') - buildurl="${buildurl%$'\r'}" - echo "**** Jenkins job build url: ${buildurl} ****" - echo "**** Attempting to change the Jenkins job description ****" - curl -iX POST \ - "${buildurl}submitDescription" \ - --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ - --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ - --data-urlencode "Submit=Submit" diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml deleted file mode 100755 index e9c4f2e0..00000000 --- a/.github/workflows/package_trigger_scheduler.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Package Trigger Scheduler - -on: - schedule: - - cron: '9 11 * * 4' - workflow_dispatch: - -jobs: - package-trigger-scheduler: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.1.0 - with: - fetch-depth: '0' - - - name: Package Trigger Scheduler - run: | - echo "**** Branches found: ****" - git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq - for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) - do - br=$(echo "$br" | sed 's|origin/||g') - echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) - if [ "${br}" == "${ls_branch}" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" - if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-wireguard/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then - echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" - triggered_branches="${triggered_branches}${br} " - curl -iX POST \ - -H "Authorization: token ${{ secrets.CR_PAT }}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d "{\"ref\":\"refs/heads/${br}\"}" \ - https://api.github.com/repos/linuxserver/docker-wireguard/actions/workflows/package_trigger.yml/dispatches - sleep 30 - else - echo "**** Workflow doesn't exist; skipping trigger. ****" - fi - else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" - fi - done - echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" - echo "**** Notifying Discord ****" - curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, - "description": "**Package Check Build(s) Triggered for wireguard** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-wireguard/activity/"' \n"}], - "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 1447bc55..02e1bdb9 100755 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -5,6 +5,8 @@ on: - '**/run' - '**/finish' - '**/check' + - 'root/migrations/*' + jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index 373922b4..e0305575 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,6 +45,8 @@ RUN \ sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ make -C src -j$(nproc) && \ make -C src install && \ + rm -rf /etc/wireguard && \ + ln -s /config/wg_confs /etc/wireguard && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 629b2aab..d3fe0059 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -45,6 +45,8 @@ RUN \ sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ make -C src -j$(nproc) && \ make -C src install && \ + rm -rf /etc/wireguard && \ + ln -s /config/wg_confs /etc/wireguard && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf deleted file mode 100644 index abe3a0e0..00000000 --- a/Dockerfile.armhf +++ /dev/null @@ -1,67 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-jammy - -# set version label -ARG BUILD_DATE -ARG VERSION -ARG WIREGUARD_RELEASE -LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" -LABEL maintainer="aptalca" - -ENV DEBIAN_FRONTEND="noninteractive" - -RUN \ - echo "**** install dependencies ****" && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - bc \ - build-essential \ - dkms \ - git \ - gnupg \ - ifupdown \ - iproute2 \ - iptables \ - iputils-ping \ - libc6 \ - libelf-dev \ - net-tools \ - openresolv \ - perl \ - pkg-config \ - qrencode && \ - update-alternatives --set iptables /usr/sbin/iptables-legacy && \ - echo "**** install wireguard-tools ****" && \ - if [ -z ${WIREGUARD_RELEASE+x} ]; then \ - WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ - | jq -r .[0].name); \ - fi && \ - cd /app && \ - git clone https://git.zx2c4.com/wireguard-linux-compat && \ - git clone https://git.zx2c4.com/wireguard-tools && \ - cd wireguard-tools && \ - git checkout "${WIREGUARD_RELEASE}" && \ - sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' src/wg-quick/linux.bash && \ - make -C src -j$(nproc) && \ - make -C src install && \ - echo "**** install CoreDNS ****" && \ - COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ - curl -o \ - /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ - tar xf \ - /tmp/coredns.tar.gz -C \ - /app && \ - echo "**** clean up ****" && \ - rm -rf \ - /tmp/* \ - /var/lib/apt/lists/* \ - /var/tmp/* - -# add local files -COPY /root / - -# ports and volumes -EXPOSE 51820/udp diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 2f0deb4d..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,982 +0,0 @@ -pipeline { - agent { - label 'X86-64-MULTI' - } - options { - buildDiscarder(logRotator(numToKeepStr: '10', daysToKeepStr: '60')) - parallelsAlwaysFailFast() - } - // Input to determine if this is a package check - parameters { - string(defaultValue: 'false', description: 'package check run', name: 'PACKAGE_CHECK') - } - // Configuration for the variables used for this specific repo - environment { - BUILDS_DISCORD=credentials('build_webhook_url') - GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab') - GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0') - GITLAB_NAMESPACE=credentials('gitlab-namespace-id') - SCARF_TOKEN=credentials('scarf_api_key') - CONTAINER_NAME = 'wireguard' - BUILD_VERSION_ARG = 'WIREGUARD_VERSION' - LS_USER = 'linuxserver' - LS_REPO = 'docker-wireguard' - DOCKERHUB_IMAGE = 'linuxserver/wireguard' - DEV_DOCKERHUB_IMAGE = 'lsiodev/wireguard' - PR_DOCKERHUB_IMAGE = 'lspipepr/wireguard' - DIST_IMAGE = 'ubuntu' - MULTIARCH='true' - CI='false' - CI_WEB='false' - CI_PORT='8080' - CI_SSL='false' - CI_DELAY='120' - CI_DOCKERENV='TZ=US/Pacific' - CI_AUTH='user:password' - CI_WEBPATH='' - } - stages { - // Setup all the basic environment variables needed for the build - stage("Set ENV Variables base"){ - steps{ - script{ - env.EXIT_STATUS = '' - env.LS_RELEASE = sh( - script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', - returnStdout: true).trim() - env.LS_RELEASE_NOTES = sh( - script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', - returnStdout: true).trim() - env.GITHUB_DATE = sh( - script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''', - returnStdout: true).trim() - env.COMMIT_SHA = sh( - script: '''git rev-parse HEAD''', - returnStdout: true).trim() - env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT - env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' - env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt' - } - script{ - env.LS_RELEASE_NUMBER = sh( - script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''', - returnStdout: true).trim() - } - script{ - env.LS_TAG_NUMBER = sh( - script: '''#! /bin/bash - tagsha=$(git rev-list -n 1 ${LS_RELEASE} 2>/dev/null) - if [ "${tagsha}" == "${COMMIT_SHA}" ]; then - echo ${LS_RELEASE_NUMBER} - elif [ -z "${GIT_COMMIT}" ]; then - echo ${LS_RELEASE_NUMBER} - else - echo $((${LS_RELEASE_NUMBER} + 1)) - fi''', - returnStdout: true).trim() - } - } - } - /* ####################### - Package Version Tagging - ####################### */ - // Grab the current package versions in Git to determine package tag - stage("Set Package tag"){ - steps{ - script{ - env.PACKAGE_TAG = sh( - script: '''#!/bin/bash - if [ -e package_versions.txt ] ; then - cat package_versions.txt | md5sum | cut -c1-8 - else - echo none - fi''', - returnStdout: true).trim() - } - } - } - /* ######################## - External Release Tagging - ######################## */ - // If this is a custom command to determine version use that command - stage("Set tag custom bash"){ - steps{ - script{ - env.EXT_RELEASE = sh( - script: ''' curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name ''', - returnStdout: true).trim() - env.RELEASE_LINK = 'custom_command' - } - } - } - // Sanitize the release tag and strip illegal docker or github characters - stage("Sanitize tag"){ - steps{ - script{ - env.EXT_RELEASE_CLEAN = sh( - script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''', - returnStdout: true).trim() - - def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/ - if (semver.find()) { - env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}" - } else { - semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)(?:\.(\d+))?(.*)/ - if (semver.find()) { - if (semver[0][3]) { - env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${semver[0][3]}" - } else if (!semver[0][3] && !semver[0][4]) { - env.SEMVER = "${semver[0][1]}.${semver[0][2]}.${(new Date()).format('YYYYMMdd')}" - } - } - } - - if (env.SEMVER != null) { - if (BRANCH_NAME != "master" && BRANCH_NAME != "main") { - env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}" - } - println("SEMVER: ${env.SEMVER}") - } else { - println("No SEMVER detected") - } - - } - } - } - // If this is a master build use live docker endpoints - stage("Set ENV live build"){ - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - } - steps { - script{ - env.IMAGE = env.DOCKERHUB_IMAGE - env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/' + env.CONTAINER_NAME - env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME - env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME - if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - } - env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.META_TAG = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN - } - } - } - // If this is a dev build use dev docker endpoints - stage("Set ENV dev build"){ - when { - not {branch "master"} - environment name: 'CHANGE_ID', value: '' - } - steps { - script{ - env.IMAGE = env.DEV_DOCKERHUB_IMAGE - env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lsiodev-' + env.CONTAINER_NAME - env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME - env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME - if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - } - env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN - env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DEV_DOCKERHUB_IMAGE + '/tags/' - } - } - } - // If this is a pull request build use dev docker endpoints - stage("Set ENV PR build"){ - when { - not {environment name: 'CHANGE_ID', value: ''} - } - steps { - script{ - env.IMAGE = env.PR_DOCKERHUB_IMAGE - env.GITHUBIMAGE = 'ghcr.io/' + env.LS_USER + '/lspipepr-' + env.CONTAINER_NAME - env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME - env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME - if (env.MULTIARCH == 'true') { - env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - } else { - env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - } - env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST - env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN - env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST - env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/' - } - } - } - // Run ShellCheck - stage('ShellCheck') { - when { - environment name: 'CI', value: 'true' - } - steps { - withCredentials([ - string(credentialsId: 'ci-tests-s3-key-id', variable: 'S3_KEY'), - string(credentialsId: 'ci-tests-s3-secret-access-key', variable: 'S3_SECRET') - ]) { - script{ - env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml' - } - sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' - sh '''#! /bin/bash - docker run --rm \ - -v ${WORKSPACE}:/mnt \ - -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ - -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ - ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ - apk add --no-cache py3-pip && \ - pip install s3cmd && \ - s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :''' - } - } - } - // Use helper containers to render templated files - stage('Update-Templates') { - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - expression { - env.CONTAINER_NAME != null - } - } - steps { - sh '''#! /bin/bash - set -e - TEMPDIR=$(mktemp -d) - docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - # Stage 1 - Jenkinsfile update - if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then - mkdir -p ${TEMPDIR}/repo - git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} - cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/ - git add Jenkinsfile - git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all - echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Updating Jenkinsfile" - rm -Rf ${TEMPDIR} - exit 0 - else - echo "Jenkinsfile is up to date." - fi - # Stage 2 - Delete old templates - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml" - for i in ${OLD_TEMPLATES}; do - if [[ -f "${i}" ]]; then - TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" - fi - done - if [[ -n "${TEMPLATES_TO_DELETE}" ]]; then - mkdir -p ${TEMPDIR}/repo - git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} - cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master - for i in ${TEMPLATES_TO_DELETE}; do - git rm "${i}" - done - git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all - echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old and deprecated templates" - rm -Rf ${TEMPDIR} - exit 0 - else - echo "No templates to delete" - fi - # Stage 3 - Update templates - CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) - cd ${TEMPDIR}/docker-${CONTAINER_NAME} - NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8) - if [[ "${CURRENTHASH}" != "${NEWHASH}" ]] || ! grep -q '.jenkins-external' "${WORKSPACE}/.gitignore" 2>/dev/null; then - mkdir -p ${TEMPDIR}/repo - git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO} - cd ${TEMPDIR}/repo/${LS_REPO} - git checkout -f master - cd ${TEMPDIR}/docker-${CONTAINER_NAME} - mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows - mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE - cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || : - cd ${TEMPDIR}/repo/${LS_REPO}/ - if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then - echo ".jenkins-external" >> .gitignore - git add .gitignore - fi - git add ${TEMPLATED_FILES} - git commit -m 'Bot Updating Templated Files' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all - echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - else - echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - fi - mkdir -p ${TEMPDIR}/gitbook - git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/ - cd ${TEMPDIR}/gitbook/docker-documentation/ - git add images/docker-${CONTAINER_NAME}.md - git commit -m 'Bot Updating Documentation' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all - fi - mkdir -p ${TEMPDIR}/unraid - git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates - git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates - if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then - sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml - fi - if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then - cd ${TEMPDIR}/unraid/templates/ - if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then - echo "Image is on the ignore list, marking Unraid template as deprecated" - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ - git add -u unraid/${CONTAINER_NAME}.xml - git mv unraid/${CONTAINER_NAME}.xml unraid/deprecated/${CONTAINER_NAME}.xml || : - git commit -m 'Bot Moving Deprecated Unraid Template' || : - else - cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/ - git add unraid/${CONTAINER_NAME}.xml - git commit -m 'Bot Updating Unraid Template' - fi - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all - fi - rm -Rf ${TEMPDIR}''' - script{ - env.FILES_UPDATED = sh( - script: '''cat /tmp/${COMMIT_SHA}-${BUILD_NUMBER}''', - returnStdout: true).trim() - } - } - } - // Exit the build if the Templated files were just updated - stage('Template-exit') { - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - environment name: 'FILES_UPDATED', value: 'true' - expression { - env.CONTAINER_NAME != null - } - } - steps { - script{ - env.EXIT_STATUS = 'ABORTED' - } - } - } - /* ####################### - GitLab Mirroring - ####################### */ - // Ping into Gitlab to mirror this repo and have a registry endpoint - stage("GitLab Mirror"){ - when { - environment name: 'EXIT_STATUS', value: '' - } - steps{ - sh '''curl -H "Content-Type: application/json" -H "Private-Token: ${GITLAB_TOKEN}" -X POST https://gitlab.com/api/v4/projects \ - -d '{"namespace_id":'${GITLAB_NAMESPACE}',\ - "name":"'${LS_REPO}'", - "mirror":true,\ - "import_url":"https://github.com/linuxserver/'${LS_REPO}'.git",\ - "issues_access_level":"disabled",\ - "merge_requests_access_level":"disabled",\ - "repository_access_level":"enabled",\ - "visibility":"public"}' ''' - } - } - /* ####################### - Scarf.sh package registry - ####################### */ - // Add package to Scarf.sh and set permissions - stage("Scarf.sh package registry"){ - when { - branch "master" - environment name: 'EXIT_STATUS', value: '' - } - steps{ - sh '''#! /bin/bash - set -e - PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/wireguard") | .uuid') - if [ -z "${PACKAGE_UUID}" ]; then - echo "Adding package to Scarf.sh" - curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \ - -H "Authorization: Bearer ${SCARF_TOKEN}" \ - -H "Content-Type: application/json" \ - -d '{"name":"linuxserver/wireguard",\ - "shortDescription":"example description",\ - "libraryType":"docker",\ - "website":"https://github.com/linuxserver/docker-wireguard",\ - "backendUrl":"https://ghcr.io/linuxserver/wireguard",\ - "publicUrl":"https://lscr.io/linuxserver/wireguard"}' || : - else - echo "Package already exists on Scarf.sh" - fi - ''' - } - } - /* ############### - Build Container - ############### */ - // Build Docker container for push to LS Repo - stage('Build-Single') { - when { - expression { - env.MULTIARCH == 'false' || params.PACKAGE_CHECK == 'true' - } - environment name: 'EXIT_STATUS', value: '' - } - steps { - echo "Running on node: ${NODE_NAME}" - sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile" - sh "docker buildx build \ - --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ - --label \"org.opencontainers.image.authors=linuxserver.io\" \ - --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-wireguard/packages\" \ - --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-wireguard\" \ - --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-wireguard\" \ - --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ - --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.vendor=linuxserver.io\" \ - --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ - --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.title=Wireguard\" \ - --label \"org.opencontainers.image.description=[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.\" \ - --no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - } - } - // Build MultiArch Docker containers for push to LS Repo - stage('Build-Multi') { - when { - allOf { - environment name: 'MULTIARCH', value: 'true' - expression { params.PACKAGE_CHECK == 'false' } - } - environment name: 'EXIT_STATUS', value: '' - } - parallel { - stage('Build X86') { - steps { - echo "Running on node: ${NODE_NAME}" - sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile" - sh "docker buildx build \ - --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ - --label \"org.opencontainers.image.authors=linuxserver.io\" \ - --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-wireguard/packages\" \ - --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-wireguard\" \ - --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-wireguard\" \ - --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ - --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.vendor=linuxserver.io\" \ - --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ - --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.title=Wireguard\" \ - --label \"org.opencontainers.image.description=[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.\" \ - --no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - } - } - stage('Build ARMHF') { - agent { - label 'ARMHF' - } - steps { - echo "Running on node: ${NODE_NAME}" - echo 'Logging into Github' - sh '''#! /bin/bash - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - ''' - sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf" - sh "docker buildx build \ - --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ - --label \"org.opencontainers.image.authors=linuxserver.io\" \ - --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-wireguard/packages\" \ - --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-wireguard\" \ - --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-wireguard\" \ - --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ - --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.vendor=linuxserver.io\" \ - --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ - --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.title=Wireguard\" \ - --label \"org.opencontainers.image.description=[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.\" \ - --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { - sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}" - } - sh '''docker rmi \ - ${IMAGE}:arm32v7-${META_TAG} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :''' - } - } - stage('Build ARM64') { - agent { - label 'ARM64' - } - steps { - echo "Running on node: ${NODE_NAME}" - echo 'Logging into Github' - sh '''#! /bin/bash - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - ''' - sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.aarch64" - sh "docker buildx build \ - --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \ - --label \"org.opencontainers.image.authors=linuxserver.io\" \ - --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-wireguard/packages\" \ - --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-wireguard\" \ - --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-wireguard\" \ - --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \ - --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.vendor=linuxserver.io\" \ - --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \ - --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \ - --label \"org.opencontainers.image.title=Wireguard\" \ - --label \"org.opencontainers.image.description=[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.\" \ - --no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \ - --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ." - sh "docker tag ${IMAGE}:arm64v8-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - retry(5) { - sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}" - } - sh '''docker rmi \ - ${IMAGE}:arm64v8-${META_TAG} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :''' - } - } - } - } - // Take the image we just built and dump package versions for comparison - stage('Update-packages') { - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - environment name: 'EXIT_STATUS', value: '' - } - steps { - sh '''#! /bin/bash - set -e - TEMPDIR=$(mktemp -d) - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then - LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG} - else - LOCAL_CONTAINER=${IMAGE}:${META_TAG} - fi - touch ${TEMPDIR}/package_versions.txt - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock:ro \ - -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ - ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt - NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) - echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" - if [ "${NEW_PACKAGE_TAG}" != "${PACKAGE_TAG}" ]; then - git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/${LS_REPO} - git --git-dir ${TEMPDIR}/${LS_REPO}/.git checkout -f master - cp ${TEMPDIR}/package_versions.txt ${TEMPDIR}/${LS_REPO}/ - cd ${TEMPDIR}/${LS_REPO}/ - wait - git add package_versions.txt - git commit -m 'Bot Updating Package Versions' - git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all - echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER} - echo "Package tag updated, stopping build process" - else - echo "false" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER} - echo "Package tag is same as previous continue with build process" - fi - rm -Rf ${TEMPDIR}''' - script{ - env.PACKAGE_UPDATED = sh( - script: '''cat /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER}''', - returnStdout: true).trim() - } - } - } - // Exit the build if the package file was just updated - stage('PACKAGE-exit') { - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - environment name: 'PACKAGE_UPDATED', value: 'true' - environment name: 'EXIT_STATUS', value: '' - } - steps { - sh '''#! /bin/bash - echo "Packages were updated. Cleaning up the image and exiting." - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then - docker rmi ${IMAGE}:amd64-${META_TAG} - else - docker rmi ${IMAGE}:${META_TAG} - fi''' - script{ - env.EXIT_STATUS = 'ABORTED' - } - } - } - // Exit the build if this is just a package check and there are no changes to push - stage('PACKAGECHECK-exit') { - when { - branch "master" - environment name: 'CHANGE_ID', value: '' - environment name: 'PACKAGE_UPDATED', value: 'false' - environment name: 'EXIT_STATUS', value: '' - expression { - params.PACKAGE_CHECK == 'true' - } - } - steps { - sh '''#! /bin/bash - echo "There are no package updates. Cleaning up the image and exiting." - if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then - docker rmi ${IMAGE}:amd64-${META_TAG} - else - docker rmi ${IMAGE}:${META_TAG} - fi''' - script{ - env.EXIT_STATUS = 'ABORTED' - } - } - } - /* ####### - Testing - ####### */ - // Run Container tests - stage('Test') { - when { - environment name: 'CI', value: 'true' - environment name: 'EXIT_STATUS', value: '' - } - steps { - withCredentials([ - string(credentialsId: 'ci-tests-s3-key-id', variable: 'S3_KEY'), - string(credentialsId: 'ci-tests-s3-secret-access-key ', variable: 'S3_SECRET') - ]) { - script{ - env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' - } - sh '''#! /bin/bash - set -e - docker pull ghcr.io/linuxserver/ci:latest - if [ "${MULTIARCH}" == "true" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} - fi - docker run --rm \ - --shm-size=1gb \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -e IMAGE=\"${IMAGE}\" \ - -e DELAY_START=\"${CI_DELAY}\" \ - -e TAGS=\"${CI_TAGS}\" \ - -e META_TAG=\"${META_TAG}\" \ - -e PORT=\"${CI_PORT}\" \ - -e SSL=\"${CI_SSL}\" \ - -e BASE=\"${DIST_IMAGE}\" \ - -e SECRET_KEY=\"${S3_SECRET}\" \ - -e ACCESS_KEY=\"${S3_KEY}\" \ - -e DOCKER_ENV=\"${CI_DOCKERENV}\" \ - -e WEB_SCREENSHOT=\"${CI_WEB}\" \ - -e WEB_AUTH=\"${CI_AUTH}\" \ - -e WEB_PATH=\"${CI_WEBPATH}\" \ - -e DO_REGION="ams3" \ - -e DO_BUCKET="lsio-ci" \ - -t ghcr.io/linuxserver/ci:latest \ - python3 test_build.py''' - } - } - } - /* ################## - Release Logic - ################## */ - // If this is an amd64 only image only push a single image - stage('Docker-Push-Single') { - when { - environment name: 'MULTIARCH', value: 'false' - environment name: 'EXIT_STATUS', value: '' - } - steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry(5) { - sh '''#! /bin/bash - set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - for PUSHIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker tag ${IMAGE}:${META_TAG} ${PUSHIMAGE}:${META_TAG} - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:latest - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${PUSHIMAGE}:${META_TAG} ${PUSHIMAGE}:${SEMVER} - fi - docker push ${PUSHIMAGE}:latest - docker push ${PUSHIMAGE}:${META_TAG} - docker push ${PUSHIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${PUSHIMAGE}:${SEMVER} - fi - done - ''' - } - sh '''#! /bin/bash - for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker rmi \ - ${DELETEIMAGE}:${META_TAG} \ - ${DELETEIMAGE}:${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:latest || : - if [ -n "${SEMVER}" ]; then - docker rmi ${DELETEIMAGE}:${SEMVER} || : - fi - done - ''' - } - } - } - // If this is a multi arch release push all images and define the manifest - stage('Docker-Push-Multi') { - when { - environment name: 'MULTIARCH', value: 'true' - environment name: 'EXIT_STATUS', value: '' - } - steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ], - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: 'Quay.io-Robot', - usernameVariable: 'QUAYUSER', - passwordVariable: 'QUAYPASS' - ] - ]) { - retry(5) { - sh '''#! /bin/bash - set -e - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin - echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin - echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin - if [ "${CI}" == "false" ]; then - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG} - docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} - docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG} - fi - for MANIFESTIMAGE in "${IMAGE}" "${GITLABIMAGE}" "${GITHUBIMAGE}" "${QUAYIMAGE}"; do - docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} - docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER} - docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER} - docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - docker push ${MANIFESTIMAGE}:amd64-${META_TAG} - docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} - docker push ${MANIFESTIMAGE}:amd64-latest - docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG} - docker push ${MANIFESTIMAGE}:arm32v7-latest - docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} - docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker push ${MANIFESTIMAGE}:arm64v8-latest - docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker push ${MANIFESTIMAGE}:amd64-${SEMVER} - docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER} - docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER} - fi - docker manifest push --purge ${MANIFESTIMAGE}:latest || : - docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8 - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || : - docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8 - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || : - docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm - docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8 - fi - docker manifest push --purge ${MANIFESTIMAGE}:latest - docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} - docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} - if [ -n "${SEMVER}" ]; then - docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} - fi - done - ''' - } - sh '''#! /bin/bash - for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do - docker rmi \ - ${DELETEIMAGE}:amd64-${META_TAG} \ - ${DELETEIMAGE}:amd64-latest \ - ${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:arm32v7-${META_TAG} \ - ${DELETEIMAGE}:arm32v7-latest \ - ${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \ - ${DELETEIMAGE}:arm64v8-${META_TAG} \ - ${DELETEIMAGE}:arm64v8-latest \ - ${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || : - if [ -n "${SEMVER}" ]; then - docker rmi \ - ${DELETEIMAGE}:amd64-${SEMVER} \ - ${DELETEIMAGE}:arm32v7-${SEMVER} \ - ${DELETEIMAGE}:arm64v8-${SEMVER} || : - fi - done - docker rmi \ - ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \ - ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || : - ''' - } - } - } - // If this is a public release tag it in the LS Github - stage('Github-Tag-Push-Release') { - when { - branch "master" - expression { - env.LS_RELEASE != env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER - } - environment name: 'CHANGE_ID', value: '' - environment name: 'EXIT_STATUS', value: '' - } - steps { - echo "Pushing New tag for current commit ${META_TAG}" - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \ - -d '{"tag":"'${META_TAG}'",\ - "object": "'${COMMIT_SHA}'",\ - "message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\ - "type": "commit",\ - "tagger": {"name": "LinuxServer Jenkins","email": "jenkins@linuxserver.io","date": "'${GITHUB_DATE}'"}}' ''' - echo "Pushing New release for Tag" - sh '''#! /bin/bash - echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json - echo '{"tag_name":"'${META_TAG}'",\ - "target_commitish": "master",\ - "name": "'${META_TAG}'",\ - "body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n\\n**Remote Changes:**\\n\\n' > start - printf '","draft": false,"prerelease": false}' >> releasebody.json - paste -d'\\0' start releasebody.json > releasebody.json.done - curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done''' - } - } - // Use helper container to sync the current README on master to the dockerhub endpoint - stage('Sync-README') { - when { - environment name: 'CHANGE_ID', value: '' - environment name: 'EXIT_STATUS', value: '' - } - steps { - withCredentials([ - [ - $class: 'UsernamePasswordMultiBinding', - credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207', - usernameVariable: 'DOCKERUSER', - passwordVariable: 'DOCKERPASS' - ] - ]) { - sh '''#! /bin/bash - set -e - TEMPDIR=$(mktemp -d) - docker pull ghcr.io/linuxserver/jenkins-builder:latest - docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest - docker pull ghcr.io/linuxserver/readme-sync - docker run --rm=true \ - -e DOCKERHUB_USERNAME=$DOCKERUSER \ - -e DOCKERHUB_PASSWORD=$DOCKERPASS \ - -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \ - -e DOCKER_REPOSITORY=${IMAGE} \ - -e GIT_BRANCH=master \ - -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \ - ghcr.io/linuxserver/readme-sync bash -c 'node sync' - rm -Rf ${TEMPDIR} ''' - } - } - } - // If this is a Pull request send the CI link as a comment on it - stage('Pull Request Comment') { - when { - not {environment name: 'CHANGE_ID', value: ''} - environment name: 'CI', value: 'true' - environment name: 'EXIT_STATUS', value: '' - } - steps { - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \ - -d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' ''' - } - } - } - /* ###################### - Send status to Discord - ###################### */ - post { - always { - script{ - if (env.EXIT_STATUS == "ABORTED"){ - sh 'echo "build aborted"' - } - else if (currentBuild.currentResult == "SUCCESS"){ - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 1681177,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - else { - sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/jenkins-avatar.png","embeds": [{"color": 16711680,\ - "description": "**Build:** '${BUILD_NUMBER}'\\n**CI Results:** '${CI_URL}'\\n**ShellCheck Results:** '${SHELLCHECK_URL}'\\n**Status:** failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\ - "username": "Jenkins"}' ${BUILDS_DISCORD} ''' - } - } - } - cleanup { - cleanWs() - } - } -} diff --git a/README.md b/README.md index 8b8f39e7..3c746af6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ -<!-- DO NOT EDIT THIS FILE MANUALLY --> -<!-- Please read the https://github.com/linuxserver/docker-wireguard/blob/master/.github/CONTRIBUTING.md --> - +<!-- DO NOT EDIT THIS FILE MANUALLY --> +<!-- Please read https://github.com/linuxserver/docker-wireguard/blob/legacy/.github/CONTRIBUTING.md --> [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io) [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!") @@ -27,9 +26,14 @@ Find us at: * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories. * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget +# DEPRECATION NOTICE +This image is deprecated. We will not offer support for this image and it will not be updated. + + +Please switch to the Alpine-based latest tag # [linuxserver/wireguard](https://github.com/linuxserver/docker-wireguard) -[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fwireguard?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fwireguard) +[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fwireguard?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh) [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-wireguard) [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-wireguard/releases) [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-wireguard/packages) @@ -37,7 +41,7 @@ Find us at: [![Quay.io](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/wireguard) [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard) [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard) -[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-wireguard%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/) +[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-wireguard%2Fjob%2Flegacy%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/legacy/) [WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry. @@ -45,9 +49,9 @@ Find us at: ## Supported Architectures -We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). +We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/). -Simply pulling `lscr.io/linuxserver/wireguard:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. +Simply pulling `lscr.io/linuxserver/wireguard:legacy` should retrieve the correct image for your arch, but you can also pull specific arch images via tags. The architectures supported by this image are: @@ -55,7 +59,7 @@ The architectures supported by this image are: | :----: | :----: | ---- | | x86-64 | ✅ | amd64-\<version tag\> | | arm64 | ✅ | arm64v8-\<version tag\> | -| armhf | ✅ | arm32v7-\<version tag\> | +| armhf | ❌ | | ## Version Tags @@ -63,8 +67,9 @@ This image provides various versions that are available via tags. Please read th | Tag | Available | Description | | :----: | :----: |--- | -| latest | ✅ | Stable releases with support for compiling Wireguard modules | -| alpine | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules | +| latest | ✅ | Stable releases based on Alpine *without* support for compiling Wireguard modules. | +| legacy | ✅ | Stable releases with support for compiling Wireguard modules for older kernels. | + ## Application Setup During container start, it will first check if the wireguard module is already installed and loaded. Kernels newer than 5.6 generally have the wireguard module built-in (along with some older custom kernels). However, the module may not be enabled. Make sure it is enabled prior to starting the container. @@ -87,11 +92,13 @@ To add more peers/clients later on, you increment the `PEERS` environment variab To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` or `docker exec -it wireguard /app/show-peer myPC myPhone myTablet` (Keep in mind that the QR codes are also stored as PNGs in the config folder). -The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg0.conf` and restarting the container. +The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg_confs/wg0.conf` and restarting the container. + +The container managed server conf is hardcoded to `wg0.conf`. However, the users can add additional tunnel config files with `.conf` extensions into `/config/wg_confs/` and the container will attempt to start them all in alphabetical order. If any one of the tunnels fail, they will all be stopped and the default route will be deleted, requiring user intervention to fix the invalid conf and a container restart. ## Client Mode -Do not set the `PEERS` environment variable. Drop your client conf into the config folder as `/config/wg0.conf` and start the container. +Do not set the `PEERS` environment variable. Drop your client conf(s) into the config folder as `/config/wg_confs/<tunnel name>.conf` and start the container. If there are multiple tunnel configs, the container will attempt to start them all in alphabetical order. If any one of the tunnels fail, they will all be stopped and the default route will be deleted, requiring user intervention to fix the invalid conf and a container restart. If you get IPv6 related errors in the log and connection cannot be established, edit the `AllowedIPs` line in your peer/client wg0.conf to include only `0.0.0.0/0` and not `::/0`; and restart the container. @@ -115,7 +122,7 @@ When routing via Wireguard from another container using the `service` option in Address = 9.8.7.6/32 DNS = 8.8.8.8 PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT - PreDown = HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT + PreDown = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT ``` ## Site-to-site VPN @@ -134,16 +141,18 @@ Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's pee ## Usage -Here are some example snippets to help you get started creating a container. +To help you get started creating a container from this image you can either use docker-compose or the docker cli. + +>[!NOTE] +>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided. ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose)) ```yaml --- -version: "2.1" services: wireguard: - image: lscr.io/linuxserver/wireguard:latest + image: lscr.io/linuxserver/wireguard:legacy container_name: wireguard cap_add: - NET_ADMIN @@ -193,17 +202,16 @@ docker run -d \ -v /lib/modules:/lib/modules `#optional` \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart unless-stopped \ - lscr.io/linuxserver/wireguard:latest - + lscr.io/linuxserver/wireguard:legacy ``` ## Parameters -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. +Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. | Parameter | Function | | :----: | --- | -| `-p 51820/udp` | wireguard port | +| `-p 51820:51820/udp` | wireguard port | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | @@ -218,6 +226,8 @@ Container images are configured using parameters passed at runtime (such as thos | `-v /config` | Contains all relevant configuration files. | | `-v /lib/modules` | Maps host's modules folder. Only required if compiling wireguard modules. | | `--sysctl=` | Required for client mode. | +| `--cap-add=NET_ADMIN` | Neccessary for Wireguard to create its VPN interface. | +| `--cap-add=SYS_MODULE` | Neccessary for loading Wireguard kernel module if it's not already loaded. | ### Portainer notice @@ -230,10 +240,10 @@ You can set any environment variable from a file by using a special prepend `FIL As an example: ```bash --e FILE__PASSWORD=/run/secrets/mysecretpassword +-e FILE__MYVAR=/run/secrets/mysecretvariable ``` -Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file. +Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file. ## Umask for running applications @@ -242,15 +252,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu ## User / Group Identifiers -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. +When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: +In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below: ```bash - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) +id your_user +``` + +Example output: + +```text +uid=1000(your_user) gid=1000(your_user) groups=1000(your_user) ``` ## Docker Mods @@ -261,53 +276,101 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to ## Support Info -* Shell access whilst the container is running: `docker exec -it wireguard /bin/bash` -* To monitor the logs of the container in realtime: `docker logs -f wireguard` -* container version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard` -* image version number - * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:latest` +* Shell access whilst the container is running: + + ```bash + docker exec -it wireguard /bin/bash + ``` + +* To monitor the logs of the container in realtime: + + ```bash + docker logs -f wireguard + ``` + +* Container version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard + ``` + +* Image version number: + + ```bash + docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:legacy + ``` ## Updating Info -Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. +Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image. Below are the instructions for updating containers: ### Via Docker Compose -* Update all images: `docker-compose pull` - * or update a single image: `docker-compose pull wireguard` -* Let compose update all containers as necessary: `docker-compose up -d` - * or update a single container: `docker-compose up -d wireguard` -* You can also remove the old dangling images: `docker image prune` +* Update images: + * All images: + + ```bash + docker-compose pull + ``` + + * Single image: + + ```bash + docker-compose pull wireguard + ``` + +* Update containers: + * All containers: + + ```bash + docker-compose up -d + ``` + + * Single container: + + ```bash + docker-compose up -d wireguard + ``` + +* You can also remove the old dangling images: + + ```bash + docker image prune + ``` ### Via Docker Run -* Update the image: `docker pull lscr.io/linuxserver/wireguard:latest` -* Stop the running container: `docker stop wireguard` -* Delete the container: `docker rm wireguard` -* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) -* You can also remove the old dangling images: `docker image prune` +* Update the image: -### Via Watchtower auto-updater (only use if you don't remember the original parameters) + ```bash + docker pull lscr.io/linuxserver/wireguard:legacy + ``` -* Pull the latest image at its tag and replace it with the same env variables in one run: +* Stop the running container: - ```bash - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - containrrr/watchtower \ - --run-once wireguard - ``` + ```bash + docker stop wireguard + ``` -* You can also remove the old dangling images: `docker image prune` +* Delete the container: + + ```bash + docker rm wireguard + ``` + +* Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved) +* You can also remove the old dangling images: -**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose). + ```bash + docker image prune + ``` ### Image Update Notifications - Diun (Docker Image Update Notifier) -* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. +>[!TIP] +>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported. ## Building locally @@ -319,19 +382,23 @@ cd docker-wireguard docker build \ --no-cache \ --pull \ - -t lscr.io/linuxserver/wireguard:latest . + -t lscr.io/linuxserver/wireguard:legacy . ``` -The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static` +The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` ```bash -docker run --rm --privileged multiarch/qemu-user-static:register --reset +docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset ``` Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. ## Versions +* **01.01.24:** - Deprecate legacy branch. +* **03.10.23:** - **Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`. +* **24.06.23:** - Deprecate armhf as per [https://www.linuxserver.io/armhf](https://www.linuxserver.io/armhf). +* **26.04.23:** - Rework branches, swap alpine & ubuntu builds. * **28.01.23:** - Patch wg-quick to suppress false positive sysctl warning. * **10.01.23:** - Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used. * **26.10.22:** - Better handle unsupported peer names. Improve logging. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index 1b241b7f..e97412e9 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -4,9 +4,10 @@ project_name: docker-wireguard external_type: na custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name" -release_type: stable -release_tag: latest -ls_branch: master +release_type: prerelease +release_tag: legacy +ls_branch: legacy +build_armhf: false repo_vars: - CONTAINER_NAME = 'wireguard' - BUILD_VERSION_ARG = 'WIREGUARD_VERSION' @@ -26,4 +27,4 @@ repo_vars: - CI_AUTH='user:password' - CI_WEBPATH='' sponsor_links: - - { name: "WireGuard", url: "https://www.wireguard.com/donations/" } \ No newline at end of file + - { name: "WireGuard", url: "https://www.wireguard.com/donations/" } diff --git a/package_versions.txt b/package_versions.txt index 70c29fad..37fd91d3 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,350 +1,389 @@ -NAME VERSION TYPE -adduser 3.118ubuntu5 deb -apt 2.4.8 deb -apt-utils 2.4.8 deb -base-files 12ubuntu4.3 deb -base-passwd 3.5.52build1 deb -bash 5.1-6ubuntu1 deb -bc 1.07.1-3build1 deb -binutils 2.38-4ubuntu2.1 deb -binutils-common 2.38-4ubuntu2.1 deb -binutils-x86-64-linux-gnu 2.38-4ubuntu2.1 deb -bsdutils 1:2.37.2-4ubuntu3 deb -build-essential 12.9ubuntu3 deb -bzip2 1.0.8-5build1 deb -ca-certificates 20211016ubuntu0.22.04.1 deb -cloud.google.com/go/compute/metadata v0.2.3 go-module -coreutils 8.32-4.1ubuntu1 deb -cpp 4:11.2.0-1ubuntu1 deb -cpp-11 11.3.0-1ubuntu1~22.04 deb -cpp-12 12.1.0-2ubuntu1~22.04 deb -curl 7.81.0-1ubuntu1.10 deb -dash 0.5.11+git20210903+057cd650a4ed-3build1 deb -dctrl-tools 2.24-3build2 deb -debconf 1.5.79ubuntu1 deb -debianutils 5.5-1ubuntu2 deb -diffutils 1:3.8-0ubuntu2 deb -dirmngr 2.2.27-3ubuntu2.1 deb -distro-info-data 0.52ubuntu0.3 deb -dkms 2.8.7-2ubuntu2.1 deb -dpkg 1.21.1ubuntu2.1 deb -dpkg-dev 1.21.1ubuntu2.1 deb -e2fsprogs 1.46.5-2ubuntu1.1 deb -findutils 4.8.0-1ubuntu3 deb -g++ 4:11.2.0-1ubuntu1 deb -g++-11 11.3.0-1ubuntu1~22.04 deb -gcc 4:11.2.0-1ubuntu1 deb -gcc-11 11.3.0-1ubuntu1~22.04 deb -gcc-11-base 11.3.0-1ubuntu1~22.04 deb -gcc-12 12.1.0-2ubuntu1~22.04 deb -gcc-12-base 12.1.0-2ubuntu1~22.04 deb -git 1:2.34.1-1ubuntu1.8 deb -git-man 1:2.34.1-1ubuntu1.8 deb -github.com/Azure/azure-sdk-for-go v68.0.0+incompatible go-module -github.com/Azure/go-autorest/autorest v0.11.28 go-module -github.com/Azure/go-autorest/autorest/adal v0.9.18 go-module -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 go-module -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 go-module -github.com/Azure/go-autorest/autorest/date v0.3.0 go-module -github.com/Azure/go-autorest/autorest/to v0.2.0 go-module -github.com/Azure/go-autorest/logger v0.2.1 go-module -github.com/Azure/go-autorest/tracing v0.6.0 go-module -github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 go-module -github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.42.0-rc.1 go-module -github.com/DataDog/datadog-go v4.8.2+incompatible go-module -github.com/DataDog/datadog-go/v5 v5.0.2 go-module -github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork go-module -github.com/DataDog/sketches-go v1.2.1 go-module -github.com/antonmedv/expr v1.12.0 go-module -github.com/apparentlymart/go-cidr v1.1.0 go-module -github.com/aws/aws-sdk-go v1.44.194 go-module -github.com/beorn7/perks v1.0.1 go-module -github.com/cespare/xxhash/v2 v2.1.2 go-module -github.com/coredns/caddy v1.1.1 go-module -github.com/coredns/coredns v0.0.0-20230206182419-055b2c31a9cf go-module -github.com/coreos/go-semver v0.3.0 go-module -github.com/coreos/go-systemd/v22 v22.3.2 go-module -github.com/davecgh/go-spew v1.1.1 go-module -github.com/dgraph-io/ristretto v0.1.0 go-module -github.com/dimchansky/utfbom v1.1.1 go-module -github.com/dnstap/golang-dnstap v0.4.0 go-module -github.com/dustin/go-humanize v1.0.0 go-module -github.com/emicklei/go-restful/v3 v3.9.0 go-module -github.com/farsightsec/golang-framestream v0.3.0 go-module -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module -github.com/go-logr/logr v1.2.3 go-module -github.com/go-openapi/jsonpointer v0.19.5 go-module -github.com/go-openapi/jsonreference v0.20.0 go-module -github.com/go-openapi/swag v0.19.14 go-module -github.com/gogo/protobuf v1.3.2 go-module -github.com/golang-jwt/jwt/v4 v4.2.0 go-module -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b go-module -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module -github.com/golang/protobuf v1.5.2 go-module -github.com/google/gnostic v0.5.7-v3refs go-module -github.com/google/go-cmp v0.5.9 go-module -github.com/google/gofuzz v1.2.0 go-module -github.com/google/uuid v1.3.0 go-module -github.com/googleapis/enterprise-certificate-proxy v0.2.1 go-module -github.com/googleapis/gax-go/v2 v2.7.0 go-module -github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module -github.com/imdario/mergo v0.3.12 go-module -github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module -github.com/jmespath/go-jmespath v0.4.0 go-module -github.com/josharian/intern v1.0.0 go-module -github.com/json-iterator/go v1.1.12 go-module -github.com/mailru/easyjson v0.7.7 go-module -github.com/matttproud/golang_protobuf_extensions v1.0.4 go-module -github.com/miekg/dns v1.1.50 go-module -github.com/mitchellh/go-homedir v1.1.0 go-module -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module -github.com/modern-go/reflect2 v1.0.2 go-module -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module -github.com/opentracing/opentracing-go v1.2.0 go-module -github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 go-module -github.com/openzipkin/zipkin-go v0.4.1 go-module -github.com/oschwald/geoip2-golang v1.8.0 go-module -github.com/oschwald/maxminddb-golang v1.10.0 go-module -github.com/philhofer/fwd v1.1.1 go-module -github.com/pkg/errors v0.9.1 go-module -github.com/prometheus/client_golang v1.14.0 go-module -github.com/prometheus/client_model v0.3.0 go-module -github.com/prometheus/common v0.39.0 go-module -github.com/prometheus/procfs v0.8.0 go-module -github.com/secure-systems-lab/go-securesystemslib v0.4.0 go-module -github.com/spf13/pflag v1.0.5 go-module -github.com/tinylib/msgp v1.1.6 go-module -gnupg 2.2.27-3ubuntu2.1 deb -gnupg-l10n 2.2.27-3ubuntu2.1 deb -gnupg-utils 2.2.27-3ubuntu2.1 deb -go.etcd.io/etcd/api/v3 v3.5.7 go-module -go.etcd.io/etcd/client/pkg/v3 v3.5.7 go-module -go.etcd.io/etcd/client/v3 v3.5.7 go-module -go.opencensus.io v0.24.0 go-module -go.uber.org/atomic v1.9.0 go-module -go.uber.org/multierr v1.6.0 go-module -go.uber.org/zap v1.17.0 go-module -golang.org/x/crypto v0.0.0-20221010152910-d6f0a8c073c2 go-module -golang.org/x/net v0.4.0 go-module -golang.org/x/oauth2 v0.3.0 go-module -golang.org/x/sys v0.4.0 go-module -golang.org/x/term v0.3.0 go-module -golang.org/x/text v0.5.0 go-module -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 go-module -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 go-module -google.golang.org/api v0.109.0 go-module -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef go-module -google.golang.org/grpc v1.52.3 go-module -google.golang.org/protobuf v1.28.1 go-module -gopkg.in/DataDog/dd-trace-go.v1 v1.47.0 go-module -gopkg.in/inf.v0 v0.9.1 go-module -gopkg.in/yaml.v2 v2.4.0 go-module -gopkg.in/yaml.v3 v3.0.1 go-module -gpg 2.2.27-3ubuntu2.1 deb -gpg-agent 2.2.27-3ubuntu2.1 deb -gpg-wks-client 2.2.27-3ubuntu2.1 deb -gpg-wks-server 2.2.27-3ubuntu2.1 deb -gpgconf 2.2.27-3ubuntu2.1 deb -gpgsm 2.2.27-3ubuntu2.1 deb -gpgv 2.2.27-3ubuntu2.1 deb -grep 3.7-1build1 deb -gzip 1.10-4ubuntu4.1 deb -hostname 3.23ubuntu2 deb -ifupdown 0.8.36+nmu1ubuntu3 deb -init-system-helpers 1.62 deb -iproute2 5.15.0-1ubuntu2 deb -iptables 1.8.7-1ubuntu5 deb -iputils-ping 3:20211215-1 deb -jq 1.6-2.1ubuntu3 deb -k8s.io/api v0.26.1 go-module -k8s.io/apimachinery v0.26.1 go-module -k8s.io/client-go v0.26.1 go-module -k8s.io/klog/v2 v2.90.0 go-module -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 go-module -k8s.io/utils v0.0.0-20221107191617-1a15be271d1d go-module -kmod 29-1ubuntu1 deb -libacl1 2.3.1-1 deb -libapt-pkg6.0 2.4.8 deb -libasan6 11.3.0-1ubuntu1~22.04 deb -libasan8 12.1.0-2ubuntu1~22.04 deb -libassuan0 2.5.5-1build1 deb -libatomic1 12.1.0-2ubuntu1~22.04 deb -libattr1 1:2.5.1-1build1 deb -libaudit-common 1:3.0.7-1build1 deb -libaudit1 1:3.0.7-1build1 deb -libbinutils 2.38-4ubuntu2.1 deb -libblkid1 2.37.2-4ubuntu3 deb -libbpf0 1:0.5.0-1ubuntu22.04.1 deb -libbrotli1 1.0.9-2build6 deb -libbsd0 0.11.5-1 deb -libbz2-1.0 1.0.8-5build1 deb -libc-bin 2.35-0ubuntu3.1 deb -libc-dev-bin 2.35-0ubuntu3.1 deb -libc6 2.35-0ubuntu3.1 deb -libc6-dev 2.35-0ubuntu3.1 deb -libcap-ng0 0.7.9-2.2build3 deb -libcap2 1:2.44-1build3 deb -libcap2-bin 1:2.44-1build3 deb -libcc1-0 12.1.0-2ubuntu1~22.04 deb -libcom-err2 1.46.5-2ubuntu1.1 deb -libcrypt-dev 1:4.4.27-1 deb -libcrypt1 1:4.4.27-1 deb -libctf-nobfd0 2.38-4ubuntu2.1 deb -libctf0 2.38-4ubuntu2.1 deb -libcurl3-gnutls 7.81.0-1ubuntu1.10 deb -libcurl4 7.81.0-1ubuntu1.10 deb -libdb5.3 5.3.28+dfsg1-0.8ubuntu3 deb -libdebconfclient0 0.261ubuntu1 deb -libdpkg-perl 1.21.1ubuntu2.1 deb -libelf-dev 0.186-1build1 deb -libelf1 0.186-1build1 deb -liberror-perl 0.17029-1 deb -libexpat1 2.4.7-1ubuntu0.2 deb -libext2fs2 1.46.5-2ubuntu1.1 deb -libffi8 3.4.2-4 deb -libgcc-11-dev 11.3.0-1ubuntu1~22.04 deb -libgcc-12-dev 12.1.0-2ubuntu1~22.04 deb -libgcc-s1 12.1.0-2ubuntu1~22.04 deb -libgcrypt20 1.9.4-3ubuntu3 deb -libgdbm-compat4 1.23-1 deb -libgdbm6 1.23-1 deb -libglib2.0-0 2.72.4-0ubuntu1 deb -libgmp10 2:6.2.1+dfsg-3ubuntu1 deb -libgnutls30 3.7.3-4ubuntu1.2 deb -libgomp1 12.1.0-2ubuntu1~22.04 deb -libgpg-error0 1.43-3 deb -libgssapi-krb5-2 1.19.2-2ubuntu0.1 deb -libhogweed6 3.7.3-1build2 deb -libidn2-0 2.3.2-2build1 deb -libip4tc2 1.8.7-1ubuntu5 deb -libip6tc2 1.8.7-1ubuntu5 deb -libisl23 0.24-2build1 deb -libitm1 12.1.0-2ubuntu1~22.04 deb -libjq1 1.6-2.1ubuntu3 deb -libk5crypto3 1.19.2-2ubuntu0.1 deb -libkeyutils1 1.6.1-2ubuntu3 deb -libkmod2 29-1ubuntu1 deb -libkrb5-3 1.19.2-2ubuntu0.1 deb -libkrb5support0 1.19.2-2ubuntu0.1 deb -libksba8 1.6.0-2ubuntu0.2 deb -libldap-2.5-0 2.5.14+dfsg-0ubuntu0.22.04.2 deb -libldap-common 2.5.14+dfsg-0ubuntu0.22.04.2 deb -liblsan0 12.1.0-2ubuntu1~22.04 deb -liblz4-1 1.9.3-2build2 deb -liblzma5 5.2.5-2ubuntu1 deb -libmd0 1.0.4-1build1 deb -libmnl0 1.0.4-3build2 deb -libmount1 2.37.2-4ubuntu3 deb -libmpc3 1.2.1-2build1 deb -libmpdec3 2.5.1-2build2 deb -libmpfr6 4.1.0-3build3 deb -libncurses6 6.3-2 deb -libncursesw6 6.3-2 deb -libnetfilter-conntrack3 1.0.9-1 deb -libnettle8 3.7.3-1build2 deb -libnfnetlink0 1.0.1-3build3 deb -libnftnl11 1.2.1-1build1 deb -libnghttp2-14 1.43.0-1build3 deb -libnpth0 1.6-3build2 deb -libnsl-dev 1.3.0-2build2 deb -libnsl2 1.3.0-2build2 deb -libonig5 6.9.7.1-2build1 deb -libp11-kit0 0.24.0-6build1 deb -libpam-modules 1.4.0-11ubuntu2.3 deb -libpam-modules-bin 1.4.0-11ubuntu2.3 deb -libpam-runtime 1.4.0-11ubuntu2.3 deb -libpam0g 1.4.0-11ubuntu2.3 deb -libpcre2-8-0 10.39-3ubuntu0.1 deb -libpcre3 2:8.39-13ubuntu0.22.04.1 deb -libperl5.34 5.34.0-3ubuntu1.1 deb -libpng16-16 1.6.37-3build5 deb -libprocps8 2:3.3.17-6ubuntu2 deb -libpsl5 0.21.0-1.2build2 deb -libpython3-stdlib 3.10.6-1~22.04 deb -libpython3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb -libpython3.10-stdlib 3.10.6-1~22.04.2ubuntu1 deb -libqrencode4 4.1.1-1 deb -libquadmath0 12.1.0-2ubuntu1~22.04 deb -libreadline8 8.1.2-1 deb -librtmp1 2.4+20151223.gitfa8646d.1-2build4 deb -libsasl2-2 2.1.27+dfsg2-3ubuntu1.2 deb -libsasl2-modules 2.1.27+dfsg2-3ubuntu1.2 deb -libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1.2 deb -libseccomp2 2.5.3-2ubuntu2 deb -libselinux1 3.3-1build2 deb -libsemanage-common 3.3-1build2 deb -libsemanage2 3.3-1build2 deb -libsepol2 3.3-1build1 deb -libsmartcols1 2.37.2-4ubuntu3 deb -libsqlite3-0 3.37.2-2ubuntu0.1 deb -libss2 1.46.5-2ubuntu1.1 deb -libssh-4 0.9.6-2build1 deb -libssl3 3.0.2-0ubuntu1.8 deb -libstdc++-11-dev 11.3.0-1ubuntu1~22.04 deb -libstdc++6 12.1.0-2ubuntu1~22.04 deb -libsystemd0 249.11-0ubuntu3.9 deb -libtasn1-6 4.18.0-4build1 deb -libtinfo6 6.3-2 deb -libtirpc-common 1.3.2-2ubuntu0.1 deb -libtirpc-dev 1.3.2-2ubuntu0.1 deb -libtirpc3 1.3.2-2ubuntu0.1 deb -libtsan0 11.3.0-1ubuntu1~22.04 deb -libtsan2 12.1.0-2ubuntu1~22.04 deb -libubsan1 12.1.0-2ubuntu1~22.04 deb -libudev1 249.11-0ubuntu3.9 deb -libunistring2 1.0-1 deb -libuuid1 2.37.2-4ubuntu3 deb -libxtables12 1.8.7-1ubuntu5 deb -libxxhash0 0.8.1-1 deb -libzstd1 1.4.8+dfsg-3build1 deb -linux-libc-dev 5.15.0-70.77 deb -locales 2.35-0ubuntu3.1 deb -login 1:4.8.1-2ubuntu2.1 deb -logsave 1.46.5-2ubuntu1.1 deb -lsb-base 11.1.0ubuntu4 deb -lsb-release 11.1.0ubuntu4 deb -lto-disabled-list 24 deb -make 4.3-4.1build1 deb -mawk 1.3.4.20200120-3 deb -media-types 7.0.0 deb -mount 2.37.2-4ubuntu3 deb -ncurses-base 6.3-2 deb -ncurses-bin 6.3-2 deb -net-tools 1.60+git20181103.0eebece-1ubuntu5 deb -netbase 6.3 deb -netcat 1.218-4ubuntu1 deb -netcat-openbsd 1.218-4ubuntu1 deb -openresolv 3.12.0-2 deb -openssl 3.0.2-0ubuntu1.8 deb -passwd 1:4.8.1-2ubuntu2.1 deb -patch 2.7.6-7build2 deb -perl 5.34.0-3ubuntu1.1 deb -perl-base 5.34.0-3ubuntu1.1 deb -perl-modules-5.34 5.34.0-3ubuntu1.1 deb -pinentry-curses 1.1.1-1build2 deb -pkg-config 0.29.2-1ubuntu3 deb -procps 2:3.3.17-6ubuntu2 deb -publicsuffix 20211207.1025-1 deb -python 3.10.6 binary -python3 3.10.6-1~22.04 deb -python3-minimal 3.10.6-1~22.04 deb -python3.10 3.10.6-1~22.04.2ubuntu1 deb -python3.10-minimal 3.10.6-1~22.04.2ubuntu1 deb -qrencode 4.1.1-1 deb -readline-common 8.1.2-1 deb -rpcsvc-proto 1.4.2-0ubuntu6 deb -sed 4.8-1ubuntu2 deb -sensible-utils 0.0.17 deb -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 go-module -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 go-module -sigs.k8s.io/yaml v1.3.0 go-module -sysvinit-utils 3.01-1ubuntu1 deb -tar 1.34+dfsg-1ubuntu0.1.22.04.1 deb -tzdata 2023c-0ubuntu0.22.04.0 deb -ubuntu-keyring 2021.03.26 deb -usrmerge 25ubuntu2 deb -util-linux 2.37.2-4ubuntu3 deb -xz-utils 5.2.5-2ubuntu1 deb -zlib1g 1:1.2.11.dfsg-2ubuntu9.2 deb -zlib1g-dev 1:1.2.11.dfsg-2ubuntu9.2 deb +NAME VERSION TYPE +adduser 3.118ubuntu5 deb +apt 2.4.13 deb +apt-utils 2.4.13 deb +base-files 12ubuntu4.7 deb +base-passwd 3.5.52build1 deb +bash 5.1-6ubuntu1.1 deb +bc 1.07.1-3build1 deb +binutils 2.38-4ubuntu2.6 deb +binutils-common 2.38-4ubuntu2.6 deb +binutils-x86-64-linux-gnu 2.38-4ubuntu2.6 deb +bsdutils 1:2.37.2-4ubuntu3.4 deb +build-essential 12.9ubuntu3 deb +bzip2 1.0.8-5build1 deb +ca-certificates 20240203~22.04.1 deb +catatonit 0.1.7-1 deb +cloud.google.com/go/auth v0.10.2 go-module +cloud.google.com/go/auth/oauth2adapt v0.2.5 go-module +cloud.google.com/go/compute/metadata v0.5.2 go-module +coreutils 8.32-4.1ubuntu1.2 deb +cpp 4:11.2.0-1ubuntu1 deb +cpp-11 11.4.0-1ubuntu1~22.04 deb +cpp-12 12.3.0-1ubuntu1~22.04 deb +cron 3.0pl1-137ubuntu3 deb +curl 7.81.0-1ubuntu1.20 deb +dash 0.5.11+git20210903+057cd650a4ed-3build1 deb +dctrl-tools 2.24-3build2 deb +debconf 1.5.79ubuntu1 deb +debianutils 5.5-1ubuntu2 deb +diffutils 1:3.8-0ubuntu2 deb +dirmngr 2.2.27-3ubuntu2.1 deb +distro-info-data 0.52ubuntu0.8 deb +dkms 2.8.7-2ubuntu2.2 deb +dpkg 1.21.1ubuntu2.3 deb +dpkg-dev 1.21.1ubuntu2.3 deb +e2fsprogs 1.46.5-2ubuntu1.2 deb +findutils 4.8.0-1ubuntu3 deb +g++ 4:11.2.0-1ubuntu1 deb +g++-11 11.4.0-1ubuntu1~22.04 deb +gcc 4:11.2.0-1ubuntu1 deb +gcc-11 11.4.0-1ubuntu1~22.04 deb +gcc-11-base 11.4.0-1ubuntu1~22.04 deb +gcc-12 12.3.0-1ubuntu1~22.04 deb +gcc-12-base 12.3.0-1ubuntu1~22.04 deb +git 1:2.34.1-1ubuntu1.11 deb +git-man 1:2.34.1-1ubuntu1.11 deb +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible go-module +github.com/Azure/go-autorest/autorest v0.11.29 go-module +github.com/Azure/go-autorest/autorest/adal v0.9.22 go-module +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 go-module +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 go-module +github.com/Azure/go-autorest/autorest/date v0.3.0 go-module +github.com/Azure/go-autorest/autorest/to v0.2.0 go-module +github.com/Azure/go-autorest/logger v0.2.1 go-module +github.com/Azure/go-autorest/tracing v0.6.0 go-module +github.com/DataDog/appsec-internal-go v1.8.0 go-module +github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 go-module +github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.57.0 go-module +github.com/DataDog/datadog-go/v5 v5.3.0 go-module +github.com/DataDog/go-libddwaf/v3 v3.4.0 go-module +github.com/DataDog/go-tuf v1.1.0-0.5.2 go-module +github.com/DataDog/sketches-go v1.4.5 go-module +github.com/apparentlymart/go-cidr v1.1.0 go-module +github.com/aws/aws-sdk-go v1.55.5 go-module +github.com/aws/aws-sdk-go-v2 v1.32.5 go-module +github.com/aws/aws-sdk-go-v2/config v1.28.5 go-module +github.com/aws/aws-sdk-go-v2/credentials v1.17.46 go-module +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 go-module +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 go-module +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 go-module +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 go-module +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 go-module +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 go-module +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.5 go-module +github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 go-module +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 go-module +github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 go-module +github.com/aws/smithy-go v1.22.1 go-module +github.com/beorn7/perks v1.0.1 go-module +github.com/cespare/xxhash/v2 v2.3.0 go-module +github.com/coredns/caddy v1.1.2-0.20241029205200-8de985351a98 go-module +github.com/coredns/coredns v0.0.0-20241121192733-51e11f166ef6 go-module +github.com/coreos/go-semver v0.3.0 go-module +github.com/coreos/go-systemd/v22 v22.3.2 go-module +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc go-module +github.com/dimchansky/utfbom v1.1.1 go-module +github.com/dnstap/golang-dnstap v0.4.0 go-module +github.com/dustin/go-humanize v1.0.1 go-module +github.com/eapache/queue/v2 v2.0.0-20230407133247-75960ed334e4 go-module +github.com/emicklei/go-restful/v3 v3.11.0 go-module +github.com/expr-lang/expr v1.16.9 go-module +github.com/farsightsec/golang-framestream v0.3.0 go-module +github.com/felixge/httpsnoop v1.0.4 go-module +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 go-module +github.com/fxamacker/cbor/v2 v2.7.0 go-module +github.com/go-logr/logr v1.4.2 go-module +github.com/go-logr/stdr v1.2.2 go-module +github.com/go-openapi/jsonpointer v0.19.6 go-module +github.com/go-openapi/jsonreference v0.20.2 go-module +github.com/go-openapi/swag v0.22.4 go-module +github.com/gogo/protobuf v1.3.2 go-module +github.com/golang-jwt/jwt/v4 v4.5.1 go-module +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da go-module +github.com/golang/protobuf v1.5.4 go-module +github.com/google/gnostic-models v0.6.8 go-module +github.com/google/go-cmp v0.6.0 go-module +github.com/google/gofuzz v1.2.0 go-module +github.com/google/s2a-go v0.1.8 go-module +github.com/google/uuid v1.6.0 go-module +github.com/googleapis/enterprise-certificate-proxy v0.3.4 go-module +github.com/googleapis/gax-go/v2 v2.14.0 go-module +github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 go-module +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 go-module +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 go-module +github.com/hashicorp/go-sockaddr v1.0.2 go-module +github.com/imdario/mergo v0.3.12 go-module +github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 go-module +github.com/jmespath/go-jmespath v0.4.0 go-module +github.com/josharian/intern v1.0.0 go-module +github.com/json-iterator/go v1.1.12 go-module +github.com/klauspost/compress v1.17.9 go-module +github.com/mailru/easyjson v0.7.7 go-module +github.com/matttproud/golang_protobuf_extensions v1.0.4 go-module +github.com/miekg/dns v1.1.62 go-module +github.com/mitchellh/go-homedir v1.1.0 go-module +github.com/mitchellh/mapstructure v1.5.0 go-module +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd go-module +github.com/modern-go/reflect2 v1.0.2 go-module +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go-module +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 go-module +github.com/opentracing/opentracing-go v1.2.0 go-module +github.com/openzipkin-contrib/zipkin-go-opentracing v0.5.0 go-module +github.com/openzipkin/zipkin-go v0.4.3 go-module +github.com/oschwald/geoip2-golang v1.11.0 go-module +github.com/oschwald/maxminddb-golang v1.13.0 go-module +github.com/outcaste-io/ristretto v0.2.3 go-module +github.com/philhofer/fwd v1.1.3-0.20240612014219-fbbf4953d986 go-module +github.com/pkg/errors v0.9.1 go-module +github.com/prometheus/client_golang v1.20.5 go-module +github.com/prometheus/client_model v0.6.1 go-module +github.com/prometheus/common v0.60.1 go-module +github.com/prometheus/procfs v0.15.1 go-module +github.com/quic-go/quic-go v0.48.1 go-module +github.com/ryanuber/go-glob v1.0.0 go-module +github.com/secure-systems-lab/go-securesystemslib v0.7.0 go-module +github.com/spf13/pflag v1.0.5 go-module +github.com/tinylib/msgp v1.2.1 go-module +github.com/x448/float16 v0.8.4 go-module +gnupg 2.2.27-3ubuntu2.1 deb +gnupg-l10n 2.2.27-3ubuntu2.1 deb +gnupg-utils 2.2.27-3ubuntu2.1 deb +go.etcd.io/etcd/api/v3 v3.5.17 go-module +go.etcd.io/etcd/client/pkg/v3 v3.5.17 go-module +go.etcd.io/etcd/client/v3 v3.5.17 go-module +go.opencensus.io v0.24.0 go-module +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 go-module +go.opentelemetry.io/otel v1.29.0 go-module +go.opentelemetry.io/otel/metric v1.29.0 go-module +go.opentelemetry.io/otel/trace v1.29.0 go-module +go.uber.org/atomic v1.11.0 go-module +go.uber.org/automaxprocs v1.6.0 go-module +go.uber.org/multierr v1.6.0 go-module +go.uber.org/zap v1.17.0 go-module +golang.org/x/crypto v0.29.0 go-module +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 go-module +golang.org/x/mod v0.18.0 go-module +golang.org/x/net v0.31.0 go-module +golang.org/x/oauth2 v0.24.0 go-module +golang.org/x/sys v0.27.0 go-module +golang.org/x/term v0.26.0 go-module +golang.org/x/text v0.20.0 go-module +golang.org/x/time v0.8.0 go-module +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 go-module +google.golang.org/api v0.206.0 go-module +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 go-module +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 go-module +google.golang.org/grpc v1.68.0 go-module +google.golang.org/protobuf v1.35.2 go-module +gopkg.in/DataDog/dd-trace-go.v1 v1.69.1 go-module +gopkg.in/inf.v0 v0.9.1 go-module +gopkg.in/yaml.v2 v2.4.0 go-module +gopkg.in/yaml.v3 v3.0.1 go-module +gpg 2.2.27-3ubuntu2.1 deb +gpg-agent 2.2.27-3ubuntu2.1 deb +gpg-wks-client 2.2.27-3ubuntu2.1 deb +gpg-wks-server 2.2.27-3ubuntu2.1 deb +gpgconf 2.2.27-3ubuntu2.1 deb +gpgsm 2.2.27-3ubuntu2.1 deb +gpgv 2.2.27-3ubuntu2.1 deb +grep 3.7-1build1 deb +gzip 1.10-4ubuntu4.1 deb +hostname 3.23ubuntu2 deb +ifupdown 0.8.36+nmu1ubuntu3.1 deb +init-system-helpers 1.62 deb +iproute2 5.15.0-1ubuntu2 deb +iptables 1.8.7-1ubuntu5.2 deb +iputils-ping 3:20211215-1 deb +jq 1.6-2.1ubuntu3 deb +k8s.io/api v0.31.2 go-module +k8s.io/apimachinery v0.31.2 go-module +k8s.io/client-go v0.31.2 go-module +k8s.io/klog/v2 v2.130.1 go-module +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 go-module +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 go-module +kmod 29-1ubuntu1 deb +libacl1 2.3.1-1 deb +libapt-pkg6.0 2.4.13 deb +libasan6 11.4.0-1ubuntu1~22.04 deb +libasan8 12.3.0-1ubuntu1~22.04 deb +libassuan0 2.5.5-1build1 deb +libatomic1 12.3.0-1ubuntu1~22.04 deb +libattr1 1:2.5.1-1build1 deb +libaudit-common 1:3.0.7-1build1 deb +libaudit1 1:3.0.7-1build1 deb +libbinutils 2.38-4ubuntu2.6 deb +libblkid1 2.37.2-4ubuntu3.4 deb +libbpf0 1:0.5.0-1ubuntu22.04.1 deb +libbrotli1 1.0.9-2build6 deb +libbsd0 0.11.5-1 deb +libbz2-1.0 1.0.8-5build1 deb +libc-bin 2.35-0ubuntu3.8 deb +libc-dev-bin 2.35-0ubuntu3.8 deb +libc6 2.35-0ubuntu3.8 deb +libc6-dev 2.35-0ubuntu3.8 deb +libcap-ng0 0.7.9-2.2build3 deb +libcap2 1:2.44-1ubuntu0.22.04.1 deb +libcap2-bin 1:2.44-1ubuntu0.22.04.1 deb +libcc1-0 12.3.0-1ubuntu1~22.04 deb +libcom-err2 1.46.5-2ubuntu1.2 deb +libcrypt-dev 1:4.4.27-1 deb +libcrypt1 1:4.4.27-1 deb +libctf-nobfd0 2.38-4ubuntu2.6 deb +libctf0 2.38-4ubuntu2.6 deb +libcurl3-gnutls 7.81.0-1ubuntu1.20 deb +libcurl4 7.81.0-1ubuntu1.20 deb +libdb5.3 5.3.28+dfsg1-0.8ubuntu3 deb +libdebconfclient0 0.261ubuntu1 deb +libdpkg-perl 1.21.1ubuntu2.3 deb +libelf-dev 0.186-1build1 deb +libelf1 0.186-1build1 deb +liberror-perl 0.17029-1 deb +libexpat1 2.4.7-1ubuntu0.5 deb +libext2fs2 1.46.5-2ubuntu1.2 deb +libffi8 3.4.2-4 deb +libgcc-11-dev 11.4.0-1ubuntu1~22.04 deb +libgcc-12-dev 12.3.0-1ubuntu1~22.04 deb +libgcc-s1 12.3.0-1ubuntu1~22.04 deb +libgcrypt20 1.9.4-3ubuntu3 deb +libgdbm-compat4 1.23-1 deb +libgdbm6 1.23-1 deb +libglib2.0-0 2.72.4-0ubuntu2.4 deb +libgmp10 2:6.2.1+dfsg-3ubuntu1 deb +libgnutls30 3.7.3-4ubuntu1.5 deb +libgomp1 12.3.0-1ubuntu1~22.04 deb +libgpg-error0 1.43-3 deb +libgssapi-krb5-2 1.19.2-2ubuntu0.4 deb +libhogweed6 3.7.3-1build2 deb +libidn2-0 2.3.2-2build1 deb +libip4tc2 1.8.7-1ubuntu5.2 deb +libip6tc2 1.8.7-1ubuntu5.2 deb +libisl23 0.24-2build1 deb +libitm1 12.3.0-1ubuntu1~22.04 deb +libjq1 1.6-2.1ubuntu3 deb +libk5crypto3 1.19.2-2ubuntu0.4 deb +libkeyutils1 1.6.1-2ubuntu3 deb +libkmod2 29-1ubuntu1 deb +libkrb5-3 1.19.2-2ubuntu0.4 deb +libkrb5support0 1.19.2-2ubuntu0.4 deb +libksba8 1.6.0-2ubuntu0.2 deb +libldap-2.5-0 2.5.18+dfsg-0ubuntu0.22.04.2 deb +libldap-common 2.5.18+dfsg-0ubuntu0.22.04.2 deb +liblsan0 12.3.0-1ubuntu1~22.04 deb +liblz4-1 1.9.3-2build2 deb +liblzma5 5.2.5-2ubuntu1 deb +libmd0 1.0.4-1build1 deb +libmnl0 1.0.4-3build2 deb +libmount1 2.37.2-4ubuntu3.4 deb +libmpc3 1.2.1-2build1 deb +libmpdec3 2.5.1-2build2 deb +libmpfr6 4.1.0-3build3 deb +libncurses6 6.3-2ubuntu0.1 deb +libncursesw6 6.3-2ubuntu0.1 deb +libnetfilter-conntrack3 1.0.9-1 deb +libnettle8 3.7.3-1build2 deb +libnfnetlink0 1.0.1-3build3 deb +libnftnl11 1.2.1-1build1 deb +libnghttp2-14 1.43.0-1ubuntu0.2 deb +libnpth0 1.6-3build2 deb +libnsl-dev 1.3.0-2build2 deb +libnsl2 1.3.0-2build2 deb +libonig5 6.9.7.1-2build1 deb +libp11-kit0 0.24.0-6build1 deb +libpam-modules 1.4.0-11ubuntu2.4 deb +libpam-modules-bin 1.4.0-11ubuntu2.4 deb +libpam-runtime 1.4.0-11ubuntu2.4 deb +libpam0g 1.4.0-11ubuntu2.4 deb +libpcre2-8-0 10.39-3ubuntu0.1 deb +libpcre3 2:8.39-13ubuntu0.22.04.1 deb +libperl5.34 5.34.0-3ubuntu1.3 deb +libpng16-16 1.6.37-3build5 deb +libprocps8 2:3.3.17-6ubuntu2.1 deb +libpsl5 0.21.0-1.2build2 deb +libpython3-stdlib 3.10.6-1~22.04.1 deb +libpython3.10-minimal 3.10.12-1~22.04.7 deb +libpython3.10-stdlib 3.10.12-1~22.04.7 deb +libqrencode4 4.1.1-1 deb +libquadmath0 12.3.0-1ubuntu1~22.04 deb +libreadline8 8.1.2-1 deb +librtmp1 2.4+20151223.gitfa8646d.1-2build4 deb +libsasl2-2 2.1.27+dfsg2-3ubuntu1.2 deb +libsasl2-modules 2.1.27+dfsg2-3ubuntu1.2 deb +libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1.2 deb +libseccomp2 2.5.3-2ubuntu2 deb +libselinux1 3.3-1build2 deb +libsemanage-common 3.3-1build2 deb +libsemanage2 3.3-1build2 deb +libsepol2 3.3-1build1 deb +libsmartcols1 2.37.2-4ubuntu3.4 deb +libsqlite3-0 3.37.2-2ubuntu0.3 deb +libss2 1.46.5-2ubuntu1.2 deb +libssh-4 0.9.6-2ubuntu0.22.04.3 deb +libssl3 3.0.2-0ubuntu1.18 deb +libstdc++-11-dev 11.4.0-1ubuntu1~22.04 deb +libstdc++6 12.3.0-1ubuntu1~22.04 deb +libsystemd0 249.11-0ubuntu3.12 deb +libtasn1-6 4.18.0-4build1 deb +libtinfo6 6.3-2ubuntu0.1 deb +libtirpc-common 1.3.2-2ubuntu0.1 deb +libtirpc-dev 1.3.2-2ubuntu0.1 deb +libtirpc3 1.3.2-2ubuntu0.1 deb +libtsan0 11.4.0-1ubuntu1~22.04 deb +libtsan2 12.3.0-1ubuntu1~22.04 deb +libubsan1 12.3.0-1ubuntu1~22.04 deb +libudev1 249.11-0ubuntu3.12 deb +libunistring2 1.0-1 deb +libuuid1 2.37.2-4ubuntu3.4 deb +libxtables12 1.8.7-1ubuntu5.2 deb +libxxhash0 0.8.1-1 deb +libzstd1 1.4.8+dfsg-3build1 deb +linux-libc-dev 5.15.0-130.140 deb +locales 2.35-0ubuntu3.8 deb +login 1:4.8.1-2ubuntu2.2 deb +logsave 1.46.5-2ubuntu1.2 deb +lsb-base 11.1.0ubuntu4 deb +lsb-release 11.1.0ubuntu4 deb +lto-disabled-list 24 deb +make 4.3-4.1build1 deb +mawk 1.3.4.20200120-3 deb +media-types 7.0.0 deb +mount 2.37.2-4ubuntu3.4 deb +ncurses-base 6.3-2ubuntu0.1 deb +ncurses-bin 6.3-2ubuntu0.1 deb +net-tools 1.60+git20181103.0eebece-1ubuntu5 deb +netbase 6.3 deb +netcat 1.218-4ubuntu1 deb +netcat-openbsd 1.218-4ubuntu1 deb +openresolv 3.12.0-2 deb +openssl 3.0.2-0ubuntu1.18 deb +passwd 1:4.8.1-2ubuntu2.2 deb +patch 2.7.6-7build2 deb +perl 5.34.0-3ubuntu1.3 deb +perl-base 5.34.0-3ubuntu1.3 deb +perl-modules-5.34 5.34.0-3ubuntu1.3 deb +pinentry-curses 1.1.1-1build2 deb +pkg-config 0.29.2-1ubuntu3 deb +procps 2:3.3.17-6ubuntu2.1 deb +publicsuffix 20211207.1025-1 deb +python3 3.10.6-1~22.04.1 deb +python3-minimal 3.10.6-1~22.04.1 deb +python3.10 3.10.12-1~22.04.7 deb +python3.10-minimal 3.10.12-1~22.04.7 deb +qrencode 4.1.1-1 deb +readline-common 8.1.2-1 deb +rpcsvc-proto 1.4.2-0ubuntu6 deb +sed 4.8-1ubuntu2 deb +sensible-utils 0.0.17 deb +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd go-module +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 go-module +sigs.k8s.io/yaml v1.4.0 go-module +stdlib go1.23.3 go-module +sysvinit-utils 3.01-1ubuntu1 deb +tar 1.34+dfsg-1ubuntu0.1.22.04.2 deb +tzdata 2024a-0ubuntu0.22.04.1 deb +ubuntu-keyring 2021.03.26 deb +usrmerge 25ubuntu2 deb +util-linux 2.37.2-4ubuntu3.4 deb +xz-utils 5.2.5-2ubuntu1 deb +zlib1g 1:1.2.11.dfsg-2ubuntu9.2 deb +zlib1g-dev 1:1.2.11.dfsg-2ubuntu9.2 deb diff --git a/readme-vars.yml b/readme-vars.yml index ccfe2ba6..25436cbc 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -6,56 +6,51 @@ project_url: "https://www.wireguard.com/" project_logo: "https://www.wireguard.com/img/wireguard.svg" project_blurb: "[WireGuard®]({{ project_url }}) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry." project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}" - +project_deprecation_status: true +project_deprecation_message: "Please switch to the Alpine-based latest tag" # supported architectures available_architectures: - - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} - - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} - - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"} - + - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"} + - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} # development version development_versions: true development_versions_items: - - { tag: "latest", desc: "Stable releases with support for compiling Wireguard modules" } - - { tag: "alpine", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules" } - + - {tag: "latest", desc: "Stable releases based on Alpine *without* support for compiling Wireguard modules."} + - {tag: "legacy", desc: "Stable releases with support for compiling Wireguard modules for older kernels."} # container parameters common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" param_usage_include_vols: true param_volumes: - - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." } + - {vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files."} opt_param_usage_include_vols: true opt_param_volumes: - - { vol_path: "/lib/modules", vol_host_path: "/lib/modules", desc: "Maps host's modules folder. Only required if compiling wireguard modules." } + - {vol_path: "/lib/modules", vol_host_path: "/lib/modules", desc: "Maps host's modules folder. Only required if compiling wireguard modules."} param_usage_include_ports: true param_ports: - - { external_port: "51820", internal_port: "51820/udp", port_desc: "wireguard port" } + - {external_port: "51820", internal_port: "51820/udp", port_desc: "wireguard port"} param_usage_include_env: true param_env_vars: - - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} + - {env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} cap_add_param: true cap_add_param_vars: - - { cap_add_var: "NET_ADMIN" } - - { cap_add_var: "SYS_MODULE" } + - {cap_add_var: "NET_ADMIN", desc: "Neccessary for Wireguard to create its VPN interface."} + - {cap_add_var: "SYS_MODULE", desc: "Neccessary for loading Wireguard kernel module if it's not already loaded."} custom_params: - - { name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true" } - + - {name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true"} # optional container parameters opt_param_usage_include_env: true opt_param_env_vars: - - { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"} - - { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."} - - { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only)"} - - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."} - - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."} - - { env_var: "ALLOWEDIPS", env_value: "0.0.0.0/0", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1."} - - { env_var: "PERSISTENTKEEPALIVE_PEERS", env_value: "", desc: "Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode."} - - { env_var: "LOG_CONFS", env_value: "true", desc: "Generated QR codes will be displayed in the docker log. Set to `false` to skip log output."} - + - {env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"} + - {env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."} + - {env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only)"} + - {env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."} + - {env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."} + - {env_var: "ALLOWEDIPS", env_value: "0.0.0.0/0", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1."} + - {env_var: "PERSISTENTKEEPALIVE_PEERS", env_value: "", desc: "Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode."} + - {env_var: "LOG_CONFS", env_value: "true", desc: "Generated QR codes will be displayed in the docker log. Set to `false` to skip log output."} optional_block_1: false optional_block_1_items: "" - # application setup block app_setup_block_enabled: true app_setup_block: | @@ -79,11 +74,13 @@ app_setup_block: | To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` or `docker exec -it wireguard /app/show-peer myPC myPhone myTablet` (Keep in mind that the QR codes are also stored as PNGs in the config folder). - The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg0.conf` and restarting the container. + The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg_confs/wg0.conf` and restarting the container. + + The container managed server conf is hardcoded to `wg0.conf`. However, the users can add additional tunnel config files with `.conf` extensions into `/config/wg_confs/` and the container will attempt to start them all in alphabetical order. If any one of the tunnels fail, they will all be stopped and the default route will be deleted, requiring user intervention to fix the invalid conf and a container restart. ## Client Mode - Do not set the `PEERS` environment variable. Drop your client conf into the config folder as `/config/wg0.conf` and start the container. + Do not set the `PEERS` environment variable. Drop your client conf(s) into the config folder as `/config/wg_confs/<tunnel name>.conf` and start the container. If there are multiple tunnel configs, the container will attempt to start them all in alphabetical order. If any one of the tunnels fail, they will all be stopped and the default route will be deleted, requiring user intervention to fix the invalid conf and a container restart. If you get IPv6 related errors in the log and connection cannot be established, edit the `AllowedIPs` line in your peer/client wg0.conf to include only `0.0.0.0/0` and not `::/0`; and restart the container. @@ -107,7 +104,7 @@ app_setup_block: | Address = 9.8.7.6/32 DNS = 8.8.8.8 PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT - PreDown = HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT + PreDown = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT ``` ## Site-to-site VPN @@ -117,41 +114,91 @@ app_setup_block: | Site-to-site VPN in server mode requires customizing the `AllowedIPs` statement for a specific peer in `wg0.conf`. Since `wg0.conf` is autogenerated when server vars are changed, it is not recommended to edit it manually. In order to customize the `AllowedIPs` statement for a specific peer in `wg0.conf`, you can set an env var `SERVER_ALLOWEDIPS_PEER_<peer name or number>` to the additional subnets you'd like to add, comma separated and excluding the peer IP (ie. `"192.168.1.0/24,192.168.2.0/24"`). Replace `<peer name or number>` with either the name or number of a peer (whichever is used in the `PEERS` var). - + For instance `SERVER_ALLOWEDIPS_PEER_laptop="192.168.1.0/24,192.168.2.0/24"` will result in the wg0.conf entry `AllowedIPs = 10.13.13.2,192.168.1.0/24,192.168.2.0/24` for the peer named `laptop`. - + Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary. Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access. - - +# init diagram +init_diagram: | + "wireguard:legacy": { + docker-mods + base { + fix-attr +\nlegacy cont-init + } + docker-mods -> base + legacy-services + custom services + init-services -> legacy-services + init-services -> custom services + custom services -> legacy-services + legacy-services -> ci-service-check + init-migrations -> init-adduser + init-os-end -> init-config + init-config -> init-config-end + init-wireguard-confs -> init-config-end + init-os-end -> init-crontab-config + init-mods-end -> init-custom-files + init-config-end -> init-deprecate + base -> init-envfile + base -> init-migrations + base -> init-mods + init-config-end -> init-mods + init-mods -> init-mods-end + init-mods-package-install -> init-mods-end + init-mods -> init-mods-package-install + base -> init-os-end + init-adduser -> init-os-end + init-envfile -> init-os-end + init-migrations -> init-os-end + init-custom-files -> init-services + init-deprecate -> init-services + init-mods-end -> init-services + init-wireguard-module -> init-wireguard-confs + init-config -> init-wireguard-module + init-services -> svc-coredns + svc-coredns -> legacy-services + init-services -> svc-cron + svc-cron -> legacy-services + svc-coredns -> svc-wireguard + svc-wireguard -> legacy-services + } + Base Images: { + "baseimage-ubuntu:jammy" + } + "wireguard:legacy" <- Base Images # changelog changelogs: - - { date: "28.01.23:", desc: "Patch wg-quick to suppress false positive sysctl warning." } - - { date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used." } - - { date: "26.10.22:", desc: "Better handle unsupported peer names. Improve logging." } - - { date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services." } - - { date: "09.10.22:", desc: "Switch back to iptables-legacy due to issues on some hosts." } - - { date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3." } - - { date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present." } - - { date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes." } - - { date: "10.04.22:", desc: "Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command." } - - { date: "28.10.21:", desc: "Add site-to-site vpn support." } - - { date: "11.02.21:", desc: "Fix bug related to changing internal subnet and named peer confs not updating." } - - { date: "06.10.20:", desc: "Disable CoreDNS in client mode, or if port 53 is already in use in server mode." } - - { date: "04.10.20:", desc: "Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable. Also, add peer name/id to each one of the peer sections in wg0.conf. Important: Existing users need to delete `/config/templates/peer.conf` and restart" } - - { date: "27.09.20:", desc: "Cleaning service binding example to have accurate PreDown script." } - - { date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs." } - - { date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)." } - - { date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)." } - - { date: "05.07.20:", desc: "Add Debian updates and security repos for headers." } - - { date: "25.06.20:", desc: "Simplify module tests, prevent iptables issues from resulting in false negatives." } - - { date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." } - - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } - - { date: "13.04.20:", desc: "Fix bug that forced conf recreation on every start." } - - { date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)." } - - { date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs." } - - { date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers." } - - { date: "31.03.20:", desc: "Initial Release." } + - {date: "01.01.24:", desc: "Deprecate legacy branch."} + - {date: "03.10.23:", desc: "**Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`."} + - {date: "24.06.23:", desc: "Deprecate armhf as per [https://www.linuxserver.io/armhf](https://www.linuxserver.io/armhf)."} + - {date: "26.04.23:", desc: "Rework branches, swap alpine & ubuntu builds."} + - {date: "28.01.23:", desc: "Patch wg-quick to suppress false positive sysctl warning."} + - {date: "10.01.23:", desc: "Add new var to add `PersistentKeepalive` to server config for select peers to survive server IP changes when domain name is used."} + - {date: "26.10.22:", desc: "Better handle unsupported peer names. Improve logging."} + - {date: "12.10.22:", desc: "Add Alpine branch. Optimize wg and coredns services."} + - {date: "09.10.22:", desc: "Switch back to iptables-legacy due to issues on some hosts."} + - {date: "04.10.22:", desc: "Rebase to Jammy. Upgrade to s6v3."} + - {date: "16.05.22:", desc: "Improve NAT handling in server mode when multiple ethernet devices are present."} + - {date: "23.04.22:", desc: "Add pre-shared key support. Automatically added to all new peer confs generated, existing ones are left without to ensure no breaking changes."} + - {date: "10.04.22:", desc: "Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command."} + - {date: "28.10.21:", desc: "Add site-to-site vpn support."} + - {date: "11.02.21:", desc: "Fix bug related to changing internal subnet and named peer confs not updating."} + - {date: "06.10.20:", desc: "Disable CoreDNS in client mode, or if port 53 is already in use in server mode."} + - {date: "04.10.20:", desc: "Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable. Also, add peer name/id to each one of the peer sections in wg0.conf. Important: Existing users need to delete `/config/templates/peer.conf` and restart"} + - {date: "27.09.20:", desc: "Cleaning service binding example to have accurate PreDown script."} + - {date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs."} + - {date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)."} + - {date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)."} + - {date: "05.07.20:", desc: "Add Debian updates and security repos for headers."} + - {date: "25.06.20:", desc: "Simplify module tests, prevent iptables issues from resulting in false negatives."} + - {date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs."} + - {date: "29.05.20:", desc: "Add support for 64bit raspbian."} + - {date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)."} + - {date: "20.04.20:", desc: "Fix typo in client mode conf existence check."} + - {date: "13.04.20:", desc: "Fix bug that forced conf recreation on every start."} + - {date: "08.04.20:", desc: "Add arm32/64 builds and enable multi-arch (rpi4 with ubuntu and raspbian buster tested). Add CoreDNS for `PEERDNS=auto` setting. Update the `add-peer`/`show-peer` scripts to utilize the templates and the `INTERNAL_SUBNET` var (previously missed, oops)."} + - {date: "05.04.20:", desc: "Add `INTERNAL_SUBNET` variable to prevent subnet clashes. Add templates for server and peer confs."} + - {date: "01.04.20:", desc: "Add `show-peer` script and include info on host installed headers."} + - {date: "31.03.20:", desc: "Initial Release."} diff --git a/root/app/show-peer b/root/app/show-peer index a4523f9e..fc5e12d2 100755 --- a/root/app/show-peer +++ b/root/app/show-peer @@ -1,6 +1,7 @@ #!/usr/bin/with-contenv bash +# shellcheck shell=bash -if [ ! $# -gt 0 ]; then +if [[ ! $# -gt 0 ]]; then echo "You need to specify which peers to show" exit 0 fi @@ -12,10 +13,10 @@ for i in "$@"; do PEER_ID="peer_${i//[^[:alnum:]_-]/}" fi - if grep -q "# ${PEER_ID}" /config/wg0.conf; then + if grep -q "# ${PEER_ID}" /config/wg_confs/wg0.conf; then echo "PEER ${i} QR code:" qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf else echo "PEER ${i} is not active" fi -done \ No newline at end of file +done diff --git a/root/defaults/Corefile b/root/defaults/Corefile index ded974e1..12da8187 100644 --- a/root/defaults/Corefile +++ b/root/defaults/Corefile @@ -2,4 +2,4 @@ loop health forward . /etc/resolv.conf -} \ No newline at end of file +} diff --git a/root/defaults/peer.conf b/root/defaults/peer.conf index cd6e3aec..d987dba9 100644 --- a/root/defaults/peer.conf +++ b/root/defaults/peer.conf @@ -8,4 +8,4 @@ DNS = ${PEERDNS} PublicKey = $(cat /config/server/publickey-server) PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID}) Endpoint = ${SERVERURL}:${SERVERPORT} -AllowedIPs = ${ALLOWEDIPS} \ No newline at end of file +AllowedIPs = ${ALLOWEDIPS} diff --git a/root/etc/s6-overlay/s6-rc.d/init-deprecate/dependencies.d/init-config-end b/root/etc/s6-overlay/s6-rc.d/init-deprecate/dependencies.d/init-config-end new file mode 100644 index 00000000..e69de29b diff --git a/root/etc/s6-overlay/s6-rc.d/init-deprecate/run b/root/etc/s6-overlay/s6-rc.d/init-deprecate/run new file mode 100755 index 00000000..e556f9af --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-deprecate/run @@ -0,0 +1,17 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +echo ' +╔════════════════════════════════════════════════════╗ +╠════════════════════════════════════════════════════╣ +║ ║ +║ This image is deprecated. ║ +║ We will not offer support for this image ║ +║ and it will not be updated. ║ +║ ║ +╠════════════════════════════════════════════════════╣ +╚════════════════════════════════════════════════════╝ + +Please switch to the Alpine-based latest tag + +══════════════════════════════════════════════════════' diff --git a/root/etc/s6-overlay/s6-rc.d/init-deprecate/type b/root/etc/s6-overlay/s6-rc.d/init-deprecate/type new file mode 100644 index 00000000..bdd22a18 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-deprecate/type @@ -0,0 +1 @@ +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-deprecate/up b/root/etc/s6-overlay/s6-rc.d/init-deprecate/up new file mode 100644 index 00000000..2c81bf33 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-deprecate/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-deprecate/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-services/dependencies.d/init-deprecate b/root/etc/s6-overlay/s6-rc.d/init-services/dependencies.d/init-deprecate new file mode 100644 index 00000000..e69de29b diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run index 610712ee..2687b2b4 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run @@ -2,10 +2,15 @@ # shellcheck shell=bash # shellcheck disable=SC2016,SC1091,SC2183 -# prepare symlinks -rm -rf /etc/wireguard -mkdir -p /etc/wireguard -ln -s /config/wg0.conf /etc/wireguard/wg0.conf +mkdir -p /config/wg_confs + +# migration to subfolder for wg confs +if [[ -z "$(ls -A /config/wg_confs)" ]] && [[ -f /config/wg0.conf ]]; then + echo "**** Performing migration to new folder structure for confs. Please see the image changelog 2023-10-03 entry for more details. ****" + cp /config/wg0.conf /config/wg_confs/wg0.conf + rm -rf /config/wg0.conf || : +fi + # prepare templates if [[ ! -f /config/templates/server.conf ]]; then cp /defaults/server.conf /config/templates/server.conf @@ -25,7 +30,7 @@ generate_confs () { wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server fi eval "$(printf %s) - cat <<DUDE > /config/wg0.conf + cat <<DUDE > /config/wg_confs/wg0.conf $(cat /config/templates/server.conf) DUDE" @@ -65,7 +70,7 @@ DUDE" $(cat /config/templates/peer.conf) DUDE" # add peer info to server conf with presharedkey - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf [Peer] # ${PEER_ID} PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}") @@ -79,7 +84,7 @@ DUDE $(sed '/PresharedKey/d' "/config/templates/peer.conf") DUDE" # add peer info to server conf without presharedkey - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf [Peer] # ${PEER_ID} PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}") @@ -89,22 +94,22 @@ DUDE # add peer's allowedips to server conf if [[ -n "${!SERVER_ALLOWEDIPS}" ]]; then echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}" - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS} DUDE else - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf AllowedIPs = ${CLIENT_IP}/32 DUDE fi # add PersistentKeepalive if the peer is specified if [[ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ]] && ([[ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ]] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf PersistentKeepalive = 25 DUDE else - cat <<DUDE >> /config/wg0.conf + cat <<DUDE >> /config/wg_confs/wg0.conf DUDE fi @@ -161,7 +166,7 @@ if [[ -n "$PEERS" ]]; then else echo "**** Peer DNS servers will be set to $PEERDNS ****" fi - if [[ ! -f /config/wg0.conf ]]; then + if [[ ! -f /config/wg_confs/wg0.conf ]]; then echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****" generate_confs save_vars @@ -180,10 +185,7 @@ if [[ -n "$PEERS" ]]; then fi else echo "**** Client mode selected. ****" - if [[ ! -f /config/wg0.conf ]]; then - echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****" - sleep infinity - fi + USE_COREDNS="${USE_COREDNS,,}" printf %s "${USE_COREDNS:-false}" > /run/s6/container_environment/USE_COREDNS fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/type b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/type index 3d92b15f..bdd22a18 100644 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/type +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/type @@ -1 +1 @@ -oneshot \ No newline at end of file +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/up b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/up index 0f3fa819..892cce9e 100644 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/up +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/up @@ -1 +1 @@ -/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run \ No newline at end of file +/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run index 97bfcb3d..fcfe7132 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run @@ -1,4 +1,5 @@ #!/usr/bin/with-contenv bash +# shellcheck shell=bash mkdir -p /config/{templates,coredns} diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/type b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/type index 3d92b15f..bdd22a18 100644 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/type +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/type @@ -1 +1 @@ -oneshot \ No newline at end of file +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/up b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/up index 86cfd762..b197ae8e 100644 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/up +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/up @@ -1 +1 @@ -/etc/s6-overlay/s6-rc.d/init-wireguard-module/run \ No newline at end of file +/etc/s6-overlay/s6-rc.d/init-wireguard-module/run diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/notification-fd b/root/etc/s6-overlay/s6-rc.d/svc-coredns/notification-fd index e440e5c8..00750edc 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/notification-fd +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/notification-fd @@ -1 +1 @@ -3 \ No newline at end of file +3 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run index d1276534..3a6e381a 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/run @@ -1,4 +1,5 @@ #!/usr/bin/with-contenv bash +# shellcheck shell=bash if netstat -apn | grep -q ":53 "; then USE_COREDNS="false" diff --git a/root/etc/s6-overlay/s6-rc.d/svc-coredns/type b/root/etc/s6-overlay/s6-rc.d/svc-coredns/type index 1780f9f4..5883cff0 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-coredns/type +++ b/root/etc/s6-overlay/s6-rc.d/svc-coredns/type @@ -1 +1 @@ -longrun \ No newline at end of file +longrun diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down index 1bf02103..5ef932fc 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/down @@ -1 +1 @@ -/etc/s6-overlay/s6-rc.d/svc-wireguard/finish \ No newline at end of file +/etc/s6-overlay/s6-rc.d/svc-wireguard/finish diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish index 3403cb90..6b568c92 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish @@ -1,3 +1,12 @@ #!/usr/bin/with-contenv bash +# shellcheck shell=bash -wg-quick down wg0 +if [[ -f "/app/activeconfs" ]]; then + . /app/activeconfs + for tunnel in $(printf '%s\n' "${WG_CONFS[@]}" | tac | tr '\n' ' '; echo); do + echo "**** Disabling tunnel ${tunnel} ****" + wg-quick down "${tunnel}" || : + done + echo "**** All tunnels are down ****" + rm -rf /app/activeconfs +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run index 8f4e38ae..87b477e2 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run @@ -1,3 +1,46 @@ #!/usr/bin/with-contenv bash +# shellcheck shell=bash -wg-quick up wg0 +unset WG_CONFS +rm -rf /app/activeconfs +# Enumerate interfaces +for wgconf in $(ls /config/wg_confs/*.conf); do + if grep -q "\[Interface\]" "${wgconf}"; then + echo "**** Found WG conf ${wgconf}, adding to list ****" + WG_CONFS+=("${wgconf}") + else + echo "**** Found WG conf ${wgconf}, but it doesn't seem to be valid, skipping. ****" + fi +done + +if [[ -z "${WG_CONFS}" ]]; then + echo "**** No valid tunnel config found. Please create a valid config and restart the container ****" + ip route del default + exit 0 +fi + +unset FAILED +for tunnel in ${WG_CONFS[@]}; do + echo "**** Activating tunnel ${tunnel} ****" + if ! wg-quick up "${tunnel}"; then + FAILED="${tunnel}" + break + fi +done + +if [[ -z "${FAILED}" ]]; then + declare -p WG_CONFS > /app/activeconfs + echo "**** All tunnels are now active ****" +else + echo "**** Tunnel ${FAILED} failed, will stop all others! ****" + for tunnel in ${WG_CONFS[@]}; do + if [[ "${tunnel}" = "${FAILED}" ]]; then + break + else + echo "**** Disabling tunnel ${tunnel} ****" + wg-quick down "${tunnel}" || : + fi + done + ip route del default + echo "**** All tunnels are now down. Please fix the tunnel config ${FAILED} and restart the container ****" +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type index 3d92b15f..bdd22a18 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/type @@ -1 +1 @@ -oneshot \ No newline at end of file +oneshot diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up index 5689d7d7..47b67d6b 100644 --- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up +++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/up @@ -1 +1 @@ -/etc/s6-overlay/s6-rc.d/svc-wireguard/run \ No newline at end of file +/etc/s6-overlay/s6-rc.d/svc-wireguard/run diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-deprecate b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-deprecate new file mode 100644 index 00000000..e69de29b