al2-wireguard: Add new container build

author: Mike Crute <mike@crute.us> 2019-12-10 22:00:09 +0000
committer: Mike Crute <mike@crute.us> 2019-12-10 22:07:05 +0000
commit: 6dbd14383a3a3c784cabf4efa2dd423dfc042926 (patch)
tree: 532ff71e6443dc6da55dd1b8dd83873e97c8419f /al2-wireguard
parent: cf6901023842219b9ee987becc8ced7c3d1f44cb (diff)
download: dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.tar.bz2
dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.tar.xz
dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.zip
3 files changed, 99 insertions, 0 deletions
diff --git a/al2-wireguard/Dockerfile b/al2-wireguard/Dockerfile
new file mode 100644
index 0000000..ca76f37
--- /dev/null
+++ b/al2-wireguard/Dockerfile
@@ -0,0 +1,56 @@
+FROM amazonlinux:2 AS builder
+LABEL maintainer="Mike Crute <mike@crute.us>"
+ARG VERSION
+ARG REGION
+RUN set -euxo pipefail; \
+    echo "${REGION}" > /etc/yum/vars/awsregion; \
+    amazon-linux-extras install -y kernel-ng; \
+    yum install -y \
+        libmnl-devel \
+        libmnl-static \
+        glibc-static \
+        elfutils-libelf-devel \
+        kernel-devel \
+        pkgconfig \
+        "@Development Tools" \
+    ; \
+    curl -Ls https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${VERSION}.tar.xz | tar -xJC /usr/src; \
+    cd /usr/src/WireGuard-${VERSION}/src; \
+    \
+    make module; \
+    make LDFLAGS="-static" tools
+FROM amazonlinux:2
+LABEL maintainer="Mike Crute <mike@crute.us>"
+ARG VERSION
+COPY --from=builder /usr/src/WireGuard-${VERSION}/ /tmp/WireGuard-${VERSION}/
+RUN set -euxo pipefail; \
+    yum install -y kmod; \
+    \
+    mkdir -p /opt/wireguard; \
+    cp /tmp/WireGuard-${VERSION}/src/wireguard.ko /opt/wireguard; \
+    \
+    cd /tmp/WireGuard-${VERSION}/src; \
+    \
+    install -v -d "/usr/bin"; \
+    install -v -d "/usr/share/man/man8"; \
+    install -v -m 0755 tools/wg "/usr/bin/wg"; \
+    install -v -m 0644 tools/man/wg.8 "/usr/share/man/man8/wg.8"; \
+    \
+    install -v -m 0700 -d "/etc/wireguard"; \
+    install -v -m 0755 tools/wg-quick/linux.bash "/usr/bin/wg-quick"; \
+    install -v -m 0644 tools/man/wg-quick.8 "/usr/share/man/man8/wg-quick.8"; \
+    \
+    yum clean all; \
+    rm -rf /tmp/WireGuard-${VERSION} /var/cache/yum
+ADD entrypoint.sh /
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "sleep", "infinity" ]
diff --git a/al2-wireguard/Makefile b/al2-wireguard/Makefile
new file mode 100644
index 0000000..35797dc
--- /dev/null
+++ b/al2-wireguard/Makefile
@@ -0,0 +1,25 @@
+WG_VERSION=5.12.42-1e9446c323
+FULL_VERSION="$(shell uname -r)-wg-$(WG_VERSION)"
+IMAGE=docker.crute.me/al2-wireguard:$(FULL_VERSION)
+LATEST=$(subst :$(FULL_VERSION),,$(IMAGE)):latest
+REGION="us-west-2"
+all:
+        docker pull amazonlinux:2
+        docker build \
+                --build-arg=VERSION=$(WG_VERSION) \
+                --build-arg=REGION=$(REGION) \
+                -t $(IMAGE) .
+all-no-cache:
+        docker pull amazonlinux:2
+        docker build \
+                --no-cache \
+                --build-arg=VERSION=$(WG_VERSION) \
+                --build-arg=REGION=$(REGION) \
+                -t $(IMAGE) .
+publish:
+        docker push $(IMAGE)
+        docker tag $(IMAGE) $(LATEST)
+        docker push $(LATEST)
diff --git a/al2-wireguard/entrypoint.sh b/al2-wireguard/entrypoint.sh
new file mode 100755
index 0000000..93f59de
--- /dev/null
+++ b/al2-wireguard/entrypoint.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# This needs the SYS_MODULES and NET_ADMIN capabilities
+#
+# /etc/wireguard should be mounted and include wg-quick configs
+#
+# /lib/modules/$(uname -r) should be mounted to same in container
+modprobe ip6_udp_tunnel
+modprobe udp_tunnel
+insmod /opt/wireguard/wireguard.ko
+for i in /etc/wireguard/*; do
+    wg-quick up "$(basename ${i/.conf/})"
+done
+exec "$@"
author	Mike Crute <mike@crute.us>	2019-12-10 22:00:09 +0000
committer	Mike Crute <mike@crute.us>	2019-12-10 22:07:05 +0000
commit	6dbd14383a3a3c784cabf4efa2dd423dfc042926 (patch)
tree	532ff71e6443dc6da55dd1b8dd83873e97c8419f /al2-wireguard
parent	cf6901023842219b9ee987becc8ced7c3d1f44cb (diff)
download	dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.tar.bz2 dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.tar.xz dockerfiles-6dbd14383a3a3c784cabf4efa2dd423dfc042926.zip

diff --git a/al2-wireguard/Dockerfile b/al2-wireguard/Dockerfile new file mode 100644 index 0000000..ca76f37 --- /dev/null +++ b/al2-wireguard/Dockerfile
@@ -0,0 +1,56 @@
	1	FROM amazonlinux:2 AS builder
	2	LABEL maintainer="Mike Crute <mike@crute.us>"
	3
	4	ARG VERSION
	5	ARG REGION
	6
	7	RUN set -euxo pipefail; \
	8	echo "${REGION}" > /etc/yum/vars/awsregion; \
	9	amazon-linux-extras install -y kernel-ng; \
	10	yum install -y \
	11	libmnl-devel \
	12	libmnl-static \
	13	glibc-static \
	14	elfutils-libelf-devel \
	15	kernel-devel \
	16	pkgconfig \
	17	"@Development Tools" \
	18	; \
	19	curl -Ls https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${VERSION}.tar.xz \| tar -xJC /usr/src; \
	20	cd /usr/src/WireGuard-${VERSION}/src; \
	21	\
	22	make module; \
	23	make LDFLAGS="-static" tools
	24
	25
	26	FROM amazonlinux:2
	27	LABEL maintainer="Mike Crute <mike@crute.us>"
	28
	29	ARG VERSION
	30
	31	COPY --from=builder /usr/src/WireGuard-${VERSION}/ /tmp/WireGuard-${VERSION}/
	32
	33	RUN set -euxo pipefail; \
	34	yum install -y kmod; \
	35	\
	36	mkdir -p /opt/wireguard; \
	37	cp /tmp/WireGuard-${VERSION}/src/wireguard.ko /opt/wireguard; \
	38	\
	39	cd /tmp/WireGuard-${VERSION}/src; \
	40	\
	41	install -v -d "/usr/bin"; \
	42	install -v -d "/usr/share/man/man8"; \
	43	install -v -m 0755 tools/wg "/usr/bin/wg"; \
	44	install -v -m 0644 tools/man/wg.8 "/usr/share/man/man8/wg.8"; \
	45	\
	46	install -v -m 0700 -d "/etc/wireguard"; \
	47	install -v -m 0755 tools/wg-quick/linux.bash "/usr/bin/wg-quick"; \
	48	install -v -m 0644 tools/man/wg-quick.8 "/usr/share/man/man8/wg-quick.8"; \
	49	\
	50	yum clean all; \
	51	rm -rf /tmp/WireGuard-${VERSION} /var/cache/yum
	52
	53	ADD entrypoint.sh /
	54
	55	ENTRYPOINT [ "/entrypoint.sh" ]
	56	CMD [ "sleep", "infinity" ]


diff --git a/al2-wireguard/Makefile b/al2-wireguard/Makefile new file mode 100644 index 0000000..35797dc --- /dev/null +++ b/al2-wireguard/Makefile
@@ -0,0 +1,25 @@
	1	WG_VERSION=5.12.42-1e9446c323
	2	FULL_VERSION="$(shell uname -r)-wg-$(WG_VERSION)"
	3	IMAGE=docker.crute.me/al2-wireguard:$(FULL_VERSION)
	4	LATEST=$(subst :$(FULL_VERSION),,$(IMAGE)):latest
	5	REGION="us-west-2"
	6
	7	all:
	8	docker pull amazonlinux:2
	9	docker build \
	10	--build-arg=VERSION=$(WG_VERSION) \
	11	--build-arg=REGION=$(REGION) \
	12	-t $(IMAGE) .
	13
	14	all-no-cache:
	15	docker pull amazonlinux:2
	16	docker build \
	17	--no-cache \
	18	--build-arg=VERSION=$(WG_VERSION) \
	19	--build-arg=REGION=$(REGION) \
	20	-t $(IMAGE) .
	21
	22	publish:
	23	docker push $(IMAGE)
	24	docker tag $(IMAGE) $(LATEST)
	25	docker push $(LATEST)


diff --git a/al2-wireguard/entrypoint.sh b/al2-wireguard/entrypoint.sh new file mode 100755 index 0000000..93f59de --- /dev/null +++ b/al2-wireguard/entrypoint.sh
@@ -0,0 +1,18 @@
	1	#!/bin/sh
	2
	3	# This needs the SYS_MODULES and NET_ADMIN capabilities
	4	#
	5	# /etc/wireguard should be mounted and include wg-quick configs
	6	#
	7	# /lib/modules/$(uname -r) should be mounted to same in container
	8
	9	modprobe ip6_udp_tunnel
	10	modprobe udp_tunnel
	11
	12	insmod /opt/wireguard/wireguard.ko
	13
	14	for i in /etc/wireguard/*; do
	15	wg-quick up "$(basename ${i/.conf/})"
	16	done
	17
	18	exec "$@"