From 477cafe1e579d05d5eaf24cf8e880e6efc10bf6c Mon Sep 17 00:00:00 2001 From: aptalca Date: Fri, 19 Jun 2020 18:15:48 -0400 Subject: [PATCH 1/8] compile wireguard tools/module, make it optional --- Dockerfile | 24 +++++- Dockerfile.aarch64 | 26 ++++-- Dockerfile.armhf | 26 ++++-- Jenkinsfile | 2 +- README.md | 1 + jenkins-vars.yml | 2 +- readme-vars.yml | 1 + root/etc/cont-init.d/30-config | 148 ++++++++++++++++++++------------- 8 files changed, 155 insertions(+), 75 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ca96618..6b99a574 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,22 +14,35 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ apt-get install resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ @@ -40,6 +53,9 @@ RUN \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ + apt-get -y purge \ + git && \ + apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 9aa7a40c..88173884 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -14,32 +14,48 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ apt-get install resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ curl -o \ /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ tar xf \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ + apt-get -y purge \ + git && \ + apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a09dc5a6..ce76e7a9 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -14,32 +14,48 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ apt-get install resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ curl -o \ /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ tar xf \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ + apt-get -y purge \ + git && \ + apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ diff --git a/Jenkinsfile b/Jenkinsfile index b2372316..46ba20d9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -103,7 +103,7 @@ pipeline { steps{ script{ env.EXT_RELEASE = sh( - script: ''' curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}' ''', + script: ''' curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name ''', returnStdout: true).trim() env.RELEASE_LINK = 'custom_command' } diff --git a/README.md b/README.md index 06d7bd1a..1d111f18 100644 --- a/README.md +++ b/README.md @@ -268,6 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages, make module install optional. * **29.05.20:** - Add support for 64bit raspbian. * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index b6111099..1b241b7f 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -3,7 +3,7 @@ # jenkins variables project_name: docker-wireguard external_type: na -custom_version_command: "curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}'" +custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name" release_type: stable release_tag: latest ls_branch: master diff --git a/readme-vars.yml b/readme-vars.yml index c46194bc..9abb9306 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -85,6 +85,7 @@ app_setup_block: | # changelog changelogs: + - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages, make module install optional." } - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 86430af9..293a790b 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -2,83 +2,113 @@ mkdir -p /config/{templates,coredns} -# install headers and wireguard -apt-get update -if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard -elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then - echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers" - curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - - echo -e \ - "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ - > /etc/apt/sources.list.d/raspbian.list - apt-get update - apt-get install -y \ - raspberrypi-kernel-headers \ - wireguard -elif uname -v | grep -q 'Ubuntu'; then - echo "Attempting to install kernel headers from Ubuntu Xenial repo" - echo -e \ - "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ - > /etc/apt/sources.list.d/xenial.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard +# check for wireguard module +if grep -q wireguard /proc/modules; then + echo "It seems the wireguard module is already loaded, let's test to make sure it works." + /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh + wg-quick up demo + if wg show | grep -q demo; then + echo "The module is working properly, skipping kernel header install and module compilation." + SKIP_COMPILE="true" else - echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard + echo "The module is not functional, will attempt kernel header install and module compilation." fi -elif uname -v | grep -q 'Debian'; then - echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" - curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - - echo -e \ - "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ - > /etc/apt/sources.list.d/debian.list + wg-quick down demo + rm -f /etc/wireguard/demo.conf +else + echo "The wireguard module is not loaded, will attempt kernel header install and module compilation." +fi + +# install headers if necessary +if [ "$SKIP_COMPILE" != "true" ]; then + echo "Attempting kernel header install" apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "Backported kernel detected" - apt-get install -y -t buster-backports \ - linux-headers-$(uname -r) + apt-get install -y \ + linux-headers-$(uname -r) + elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then + echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers" + curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - + echo -e \ + "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ + > /etc/apt/sources.list.d/raspbian.list + apt-get update + apt-get install -y \ + raspberrypi-kernel-headers + elif uname -v | grep -q 'Ubuntu'; then + echo "Attempting to install kernel headers from Ubuntu Xenial repo" + echo -e \ + "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ + > /etc/apt/sources.list.d/xenial.list + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then apt-get install -y \ - wireguard + linux-headers-$(uname -r) else - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work" fi - else - echo "Attempting to install kernel headers from the Debian Stretch repo" - curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list + elif uname -v | grep -q 'Debian'; then + echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" + curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - + echo -e \ + "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ + > /etc/apt/sources.list.d/debian.list apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then if uname -r | grep -qs "bpo"; then echo "Backported kernel detected" - apt-get install -y -t stretch-backports \ + apt-get install -y -t buster-backports \ linux-headers-$(uname -r) - apt-get install -y \ - wireguard else apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + linux-headers-$(uname -r) fi else - echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard + echo "Attempting to install kernel headers from the Debian Stretch repo" + curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - + sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then + if uname -r | grep -qs "bpo"; then + echo "Backported kernel detected" + apt-get install -y -t stretch-backports \ + linux-headers-$(uname -r) + else + apt-get install -y \ + linux-headers-$(uname -r) + fi + else + echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" + fi fi + else + echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work" + fi +fi + +if [ "$SKIP_COMPILE" != "true" ]; then + if [ -e /lib/modules/$(uname -r)/build ]; then + echo "Kernel headers seem to be present, attempting to build the wireguard module. . ." + cd /app + make -C wireguard-linux-compat/src -j$(nproc) + make -C wireguard-linux-compat/src install + echo "Let's test our new module." + /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh + wg-quick up demo + if wg show | grep -q demo; then + echo "The module is working properly, moving forward with setup." + else + echo "The module is not working, review the logs. Sleeping now. . ." + wg-quick down demo + rm -f /etc/wireguard/demo.conf + sleep infinity + fi + wg-quick down demo + rm -f /etc/wireguard/demo.conf + else + echo "Kernel headers don't seem to be available, can't compile the module. Sleeping now. . ." + sleep infinity fi -else - echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard fi # prepare symlinks From 7e88a943105b30d40dadd2add16410e87115223d Mon Sep 17 00:00:00 2001 From: aptalca Date: Fri, 19 Jun 2020 19:31:21 -0400 Subject: [PATCH 2/8] add dkms --- Dockerfile | 7 +++---- Dockerfile.aarch64 | 7 +++---- Dockerfile.armhf | 7 +++---- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6b99a574..c43105f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,9 @@ RUN \ qrencode && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ @@ -53,9 +55,6 @@ RUN \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ - apt-get -y purge \ - git && \ - apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 88173884..b3b7de23 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -30,7 +30,9 @@ RUN \ qrencode && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ @@ -53,9 +55,6 @@ RUN \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ - apt-get -y purge \ - git && \ - apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index ce76e7a9..49ac1b4f 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -30,7 +30,9 @@ RUN \ qrencode && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ echo "**** install wireguard-tools ****" && \ if [ -z ${WIREGUARD_RELEASE+x} ]; then \ WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ @@ -53,9 +55,6 @@ RUN \ /tmp/coredns.tar.gz -C \ /app && \ echo "**** clean up ****" && \ - apt-get -y purge \ - git && \ - apt-get -y autoremove && \ rm -rf \ /tmp/* \ /var/lib/apt/lists/* \ From bc276ccd2880b3b764957f7102b40ea28dc8e6e0 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sat, 20 Jun 2020 15:53:50 -0400 Subject: [PATCH 3/8] update readme, improve verbosity in logs --- README.md | 6 +++--- readme-vars.yml | 6 +++--- root/etc/cont-init.d/30-config | 38 +++++++++++++++++----------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 1d111f18..2b63df07 100644 --- a/README.md +++ b/README.md @@ -168,11 +168,11 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel   ## Application Setup -This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). +This image is designed for Ubuntu and Debian based systems mainly. During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). -With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). +With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). This can be run as a server or a client, based on the parameters used. @@ -268,7 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages, make module install optional. +* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Imrpove verbosity in logs. * **29.05.20:** - Add support for 64bit raspbian. * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. diff --git a/readme-vars.yml b/readme-vars.yml index 9abb9306..8df5e21a 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -54,11 +54,11 @@ optional_block_1_items: "" # application setup block app_setup_block_enabled: true app_setup_block: | - This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). + This image is designed for Ubuntu and Debian based systems mainly. During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). - With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). + With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). This can be run as a server or a client, based on the parameters used. @@ -85,7 +85,7 @@ app_setup_block: | # changelog changelogs: - - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages, make module install optional." } + - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Imrpove verbosity in logs." } - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 293a790b..7e3236d9 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -4,30 +4,30 @@ mkdir -p /config/{templates,coredns} # check for wireguard module if grep -q wireguard /proc/modules; then - echo "It seems the wireguard module is already loaded, let's test to make sure it works." + echo "**** It seems the wireguard module is already loaded, let's test to make sure it works. ****" /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh wg-quick up demo if wg show | grep -q demo; then - echo "The module is working properly, skipping kernel header install and module compilation." + echo "**** The module is working properly, skipping kernel header install and module compilation. ****" SKIP_COMPILE="true" else - echo "The module is not functional, will attempt kernel header install and module compilation." + echo "**** The module is not functional, will attempt kernel header install and module compilation. ****" fi wg-quick down demo rm -f /etc/wireguard/demo.conf else - echo "The wireguard module is not loaded, will attempt kernel header install and module compilation." + echo "**** The wireguard module is not loaded, will attempt kernel header install and module compilation. ****" fi # install headers if necessary if [ "$SKIP_COMPILE" != "true" ]; then - echo "Attempting kernel header install" + echo "**** Attempting kernel header install ****" apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then apt-get install -y \ linux-headers-$(uname -r) elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then - echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers" + echo "**** Raspbian kernel naming convention detected, attempting to install raspbian kernel headers ****" curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - echo -e \ "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ @@ -36,7 +36,7 @@ if [ "$SKIP_COMPILE" != "true" ]; then apt-get install -y \ raspberrypi-kernel-headers elif uname -v | grep -q 'Ubuntu'; then - echo "Attempting to install kernel headers from Ubuntu Xenial repo" + echo "**** Attempting to install kernel headers from Ubuntu Xenial repo ****" echo -e \ "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ > /etc/apt/sources.list.d/xenial.list @@ -45,10 +45,10 @@ if [ "$SKIP_COMPILE" != "true" ]; then apt-get install -y \ linux-headers-$(uname -r) else - echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work" + echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" fi elif uname -v | grep -q 'Debian'; then - echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" + echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****" curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - echo -e \ "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ @@ -56,7 +56,7 @@ if [ "$SKIP_COMPILE" != "true" ]; then apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then if uname -r | grep -qs "bpo"; then - echo "Backported kernel detected" + echo "**** Backported kernel detected ****" apt-get install -y -t buster-backports \ linux-headers-$(uname -r) else @@ -64,13 +64,13 @@ if [ "$SKIP_COMPILE" != "true" ]; then linux-headers-$(uname -r) fi else - echo "Attempting to install kernel headers from the Debian Stretch repo" + echo "**** Attempting to install kernel headers from the Debian Stretch repo ****" curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then if uname -r | grep -qs "bpo"; then - echo "Backported kernel detected" + echo "**** Backported kernel detected ****" apt-get install -y -t stretch-backports \ linux-headers-$(uname -r) else @@ -78,35 +78,35 @@ if [ "$SKIP_COMPILE" != "true" ]; then linux-headers-$(uname -r) fi else - echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" + echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****" fi fi else - echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work" + echo "**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****" fi fi if [ "$SKIP_COMPILE" != "true" ]; then if [ -e /lib/modules/$(uname -r)/build ]; then - echo "Kernel headers seem to be present, attempting to build the wireguard module. . ." + echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****" cd /app make -C wireguard-linux-compat/src -j$(nproc) make -C wireguard-linux-compat/src install - echo "Let's test our new module." + echo "**** Let's test our new module. ****" /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh wg-quick up demo if wg show | grep -q demo; then - echo "The module is working properly, moving forward with setup." + echo "**** The module is working properly, moving forward with setup. ****" else - echo "The module is not working, review the logs. Sleeping now. . ." wg-quick down demo rm -f /etc/wireguard/demo.conf + echo "**** The module is not working, review the logs. Sleeping now. . . ****" sleep infinity fi wg-quick down demo rm -f /etc/wireguard/demo.conf else - echo "Kernel headers don't seem to be available, can't compile the module. Sleeping now. . ." + echo "**** Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****" sleep infinity fi fi From ce02c7945f86725d1c1a9f8f1153890b712dab75 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sun, 21 Jun 2020 12:47:38 -0400 Subject: [PATCH 4/8] fix typos --- Dockerfile.aarch64 | 2 +- Dockerfile.armhf | 2 +- README.md | 4 ++-- readme-vars.yml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index b3b7de23..89ebff46 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -50,7 +50,7 @@ RUN \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ curl -o \ /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm64.tgz" && \ tar xf \ /tmp/coredns.tar.gz -C \ /app && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 49ac1b4f..e7177f21 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -50,7 +50,7 @@ RUN \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ curl -o \ /tmp/coredns.tar.gz -L \ - "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" && \ + "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_arm.tgz" && \ tar xf \ /tmp/coredns.tar.gz -C \ /app && \ diff --git a/README.md b/README.md index 2b63df07..39980e16 100644 --- a/README.md +++ b/README.md @@ -168,7 +168,7 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel   ## Application Setup -This image is designed for Ubuntu and Debian based systems mainly. During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. +This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). @@ -268,7 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Imrpove verbosity in logs. +* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs. * **29.05.20:** - Add support for 64bit raspbian. * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. diff --git a/readme-vars.yml b/readme-vars.yml index 8df5e21a..f3ae4b9a 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -54,7 +54,7 @@ optional_block_1_items: "" # application setup block app_setup_block_enabled: true app_setup_block: | - This image is designed for Ubuntu and Debian based systems mainly. During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. + This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). @@ -85,7 +85,7 @@ app_setup_block: | # changelog changelogs: - - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Imrpove verbosity in logs." } + - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." } - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } From ea3d6fcd32ae28f7fdc3df303bdb025bff943a96 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sun, 21 Jun 2020 20:51:41 -0400 Subject: [PATCH 5/8] Add support for Focal kernels --- README.md | 2 +- readme-vars.yml | 2 +- root/etc/cont-init.d/30-config | 25 +++++++++++++++++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 39980e16..29519c0b 100644 --- a/README.md +++ b/README.md @@ -268,7 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **19.06.20:** - Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs. +* **19.06.20:** - Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs. * **29.05.20:** - Add support for 64bit raspbian. * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. diff --git a/readme-vars.yml b/readme-vars.yml index f3ae4b9a..f9966e53 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -85,7 +85,7 @@ app_setup_block: | # changelog changelogs: - - { date: "19.06.20:", desc: "Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." } + - { date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." } - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 7e3236d9..81dbd848 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -36,16 +36,32 @@ if [ "$SKIP_COMPILE" != "true" ]; then apt-get install -y \ raspberrypi-kernel-headers elif uname -v | grep -q 'Ubuntu'; then + echo "**** Ubuntu kernel detected, but likely not Bionic. ****" echo "**** Attempting to install kernel headers from Ubuntu Xenial repo ****" - echo -e \ - "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ - > /etc/apt/sources.list.d/xenial.list + if uname -m | grep -q 'x86_64'; then + echo -e \ + "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ + > /etc/apt/sources.list.d/xenial-focal.list + else + echo -e \ + "deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted" \ + > /etc/apt/sources.list.d/xenial-focal.list + fi apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then apt-get install -y \ linux-headers-$(uname -r) else - echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" + echo "**** No kernel headers found in the Ubuntu Xenial repo!! Trying Ubuntu Focal. ****" + sed -i 's/xenial/focal/g' /etc/apt/sources.list.d/xenial-focal.list + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then + apt-get install -y \ + linux-headers-$(uname -r) + else + echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" + rm -rf /etc/apt/sources.list.d/xenial-focal.list + fi fi elif uname -v | grep -q 'Debian'; then echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****" @@ -79,6 +95,7 @@ if [ "$SKIP_COMPILE" != "true" ]; then fi else echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****" + rm -rf /etc/apt/sources.list.d/debian.list fi fi else From 98516feb83b79ac5821a26bb9eed02fb6531f24c Mon Sep 17 00:00:00 2001 From: aptalca Date: Mon, 22 Jun 2020 10:54:50 -0400 Subject: [PATCH 6/8] Generate signing key --- root/etc/cont-init.d/30-config | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 81dbd848..58eafdc3 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -106,7 +106,30 @@ fi if [ "$SKIP_COMPILE" != "true" ]; then if [ -e /lib/modules/$(uname -r)/build ]; then echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****" + if [ ! -f /lib/modules/$(uname -r)/build/certs/signing_key.pem ]; then + cd /lib/modules/$(uname -r)/build/certs + cat <> x509.genkey +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = myexts + +[ req_distinguished_name ] +CN = Modules + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +DUDE + echo "**** Generating signing key ****" + openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem + fi cd /app + echo "**** Building the module ****" make -C wireguard-linux-compat/src -j$(nproc) make -C wireguard-linux-compat/src install echo "**** Let's test our new module. ****" From a96f5bab3aa5d1003099d1bda2de915a080284f5 Mon Sep 17 00:00:00 2001 From: aptalca Date: Mon, 22 Jun 2020 12:45:34 -0400 Subject: [PATCH 7/8] skip header install if already present --- root/etc/cont-init.d/30-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 58eafdc3..6d62490c 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -20,7 +20,7 @@ else fi # install headers if necessary -if [ "$SKIP_COMPILE" != "true" ]; then +if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; then echo "**** Attempting kernel header install ****" apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then From 304d3413f244abe9bb3a4c98087dda159e6d9968 Mon Sep 17 00:00:00 2001 From: aptalca Date: Mon, 22 Jun 2020 13:04:15 -0400 Subject: [PATCH 8/8] improve log styling --- root/etc/cont-init.d/30-config | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 6d62490c..318ad0fe 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -205,48 +205,48 @@ DUDE } if [ -n "$PEERS" ]; then - echo "Server mode is selected" + echo "**** Server mode is selected ****" if ! [[ "$PEERS" =~ ^[0-9]+$ ]]; then - echo "PEERS is not set to an integer, setting it to 1" + echo "**** PEERS is not set to an integer, setting it to 1 ****" PEERS="1" fi if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then SERVERURL=$(curl icanhazip.com) - echo "SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL" + echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****" else - echo "External server address is set to $SERVERURL" + echo "**** External server address is set to $SERVERURL ****" fi SERVERPORT=${SERVERPORT:-51820} - echo "External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container" + echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****" INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} - echo "Internal subnet is set to $INTERNAL_SUBNET" + echo "**** Internal subnet is set to $INTERNAL_SUBNET ****" INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then PEERDNS="${INTERFACE}.1" - echo "PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS." + echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****" else - echo "Peer DNS servers will be set to $PEERDNS" + echo "**** Peer DNS servers will be set to $PEERDNS ****" fi if [ ! -f /config/wg0.conf ]; then - echo "No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs" + echo "**** No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs ****" generate_confs save_vars else - echo "Server mode is selected" + echo "**** Server mode is selected ****" [[ -f /config/.donoteditthisfile ]] && \ . /config/.donoteditthisfile if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ]; then - echo "Server related environment variables changed, regenerating 1 server and $PEERS peer/client confs" + echo "**** Server related environment variables changed, regenerating 1 server and $PEERS peer/client confs ****" generate_confs save_vars else - echo "No changes to parameters. Existing configs are used." + echo "**** No changes to parameters. Existing configs are used. ****" fi fi else - echo "Client mode selected." + echo "**** Client mode selected." if [ ! -f /config/wg0.conf ]; then - echo "No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container." + echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****" sleep infinity fi fi