convert to alpine

doctapeppa · Oct 23, 2017 · 88fce1f · 88fce1f
1 parent ff73ff1
commit 88fce1f
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 116 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,17 @@
-FROM debian:stretch
+FROM alpine
 MAINTAINER David Personette <[email protected]>
 
 # Install openvpn
-RUN export DEBIAN_FRONTEND='noninteractive' && \
-    apt-get update -qq && \
-    apt-get install -qqy --no-install-recommends iptables openvpn procps \
-                $(apt-get -s dist-upgrade|awk '/^Inst.*ecurity/ {print $2}') &&\
-    echo '#!/usr/bin/env bash' >/sbin/resolvconf && \
-    echo 'conf=/etc/resolv.conf' >>/sbin/resolvconf && \
-    echo '[[ -e $conf.orig ]] || cp -p $conf $conf.orig' >>/sbin/resolvconf && \
-    echo 'if [[ "${1:-""}" == "-a" ]]; then' >>/sbin/resolvconf && \
-    echo '    cat >${conf}' >>/sbin/resolvconf && \
-    echo 'elif [[ "${1:-""}" == "-d" ]]; then' >>/sbin/resolvconf && \
-    echo '    cat $conf.orig >$conf' >>/sbin/resolvconf && \
-    echo 'fi' >>/sbin/resolvconf && \
-    chmod +x /sbin/resolvconf && \
-    addgroup --system vpn && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/*
+RUN apk --no-cache --no-progress add bash curl ip6tables iptables openvpn \
+                shadow && \
+    addgroup -S vpn && \
+    rm -rf /tmp/*
+
 COPY openvpn.sh /usr/bin/
 
+HEALTHCHECK --interval=60s --timeout=15s --start-period=120s \
+             CMD curl -L 'https://api.ipify.org'
+
 VOLUME ["/vpn"]
 
 ENTRYPOINT ["openvpn.sh"]
diff --git a/Dockerfile.armhf b/Dockerfile.armhf
@@ -0,0 +1,18 @@
+FROM resin/armhf-alpine
+MAINTAINER David Personette <[email protected]>
+
+# Install openvpn
+RUN ["cross-build-start"]
+RUN apk --no-cache add bash curl ip6tables iptables openvpn shadow && \
+    addgroup -S vpn && \
+    rm -rf /tmp/*
+RUN ["cross-build-end"]
+
+COPY openvpn.sh /usr/bin/
+
+HEALTHCHECK --interval=60s --timeout=15s --start-period=120s \
+             CMD curl -L 'https://api.ipify.org'
+
+VOLUME ["/vpn"]
+
+ENTRYPOINT ["openvpn.sh"]
diff --git a/Dockerfile.armv7hf b/Dockerfile.armv7hf
diff --git a/Dockerfile.rpi b/Dockerfile.rpi
diff --git a/README.md b/README.md
@@ -116,8 +116,6 @@ the second container (that's what `--net=container:vpn` does).
         -r '<network>' CIDR network (IE 192.168.1.0/24)
                     required arg: '<network>'
                     <network> add a route to (allows replies once the VPN is up)
-        -t ''       Configure timezone
-                    optionalarg: '[timezone]' - zoneinfo timezone for container
         -v '<server;user;password[;port]>' Configure OpenVPN
                     required arg: '<server>;<user>;<password>'
                     <server> to connect to (multiple servers are separated by :)
@@ -134,7 +132,7 @@ ENVIRONMENT VARIABLES (only available with `docker run`)
  * `FIREWALL` - As above, setup firewall to disallow net access w/o the VPN
  * `ROUTE6` - As above, add a route to allow replies to your internal network
  * `ROUTE` - As above, add a route to allow replies to your private network
- * `TZ` - As above, set a zoneinfo timezone, IE `EST5EDT`
+ * `TZ` - Set a timezone, IE `EST5EDT`
  * `VPN` - As above, setup a VPN connection
  * `VPNPORT` - As above, setup port forwarding
  * `GROUPID` - Set the GID for the vpn
@@ -146,27 +144,11 @@ Any of the commands can be run at creation with `docker run` or later with
 
 ### Setting the Timezone
 
-    sudo cp /path/to/vpn.crt /some/path/vpn-ca.crt
-    sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \
-                -v /some/path:/vpn -d dperson/openvpn-client -t EST5EDT \
-                -v 'vpn.server.name;username;password'
-
-OR using `environment variables`
-
     sudo cp /path/to/vpn.crt /some/path/vpn-ca.crt
     sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \
                 -v /some/path:/vpn -e TZ=EST5EDT -d dperson/openvpn \
                 -v 'vpn.server.name;username;password'
 
-Will get you the same settings as:
-
-    sudo cp /path/to/vpn.crt /some/path/vpn-ca.crt
-    sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \
-                -v /some/path:/vpn -d dperson/openvpn-client \
-                -v 'vpn.server.name;username;password'
-    sudo docker exec -it vpn openvpn.sh -t EST5EDT ls -AlF /etc/localtime
-    sudo docker restart vpn
-
 ### VPN configuration
 
 In order to work you must provide VPN configuration and the certificate. You can

diff --git a/openvpn.sh b/openvpn.sh
@@ -41,8 +41,8 @@ dns() {
     sed -i '/resolv-*conf/d; /script-security/d' $conf
     echo "# This updates the resolvconf with dns settings" >>$conf
     echo "script-security 2" >>$conf
-    echo "up /etc/openvpn/update-resolv-conf" >>$conf
-    echo "down /etc/openvpn/update-resolv-conf" >>$conf
+    echo "up /etc/openvpn/up.sh" >>$conf
+    echo "down /etc/openvpn/down.sh" >>$conf
 }
 
 ### firewall: firewall all output not DNS/VPN that's not over the VPN connection
@@ -107,23 +107,6 @@ return_route() { local network="$1" gw=$(ip route | awk '/default/ {print $3}')
     [[ -e $route ]] && grep -q "^$network\$" $route || echo "$network" >>$route
 }
 
-### timezone: Set the timezone for the container
-# Arguments:
-#   timezone) for example EST5EDT
-# Return: the correct zoneinfo file will be symlinked into place
-timezone() { local timezone="${1:-EST5EDT}"
-    [[ -e /usr/share/zoneinfo/$timezone ]] || {
-        echo "ERROR: invalid timezone specified: $timezone" >&2
-        return
-    }
-
-    if [[ -w /etc/timezone && $(cat /etc/timezone) != $timezone ]]; then
-        echo "$timezone" >/etc/timezone
-        ln -sf /usr/share/zoneinfo/$timezone /etc/localtime
-        dpkg-reconfigure -f noninteractive tzdata >/dev/null 2>&1
-    fi
-}
-
 ### vpn: setup openvpn client
 # Arguments:
 #   server) VPN GW server
@@ -200,8 +183,6 @@ Options (fields in '[]' are optional, '<>' are required):
     -r '<network>' CIDR network (IE 192.168.1.0/24)
                 required arg: '<network>'
                 <network> add a route to (allows replies once the VPN is up)
-    -t ''       Configure timezone
-                optionalarg: '[timezone]' - zoneinfo timezone for container
     -v '<server;user;password[;port]>' Configure OpenVPN
                 required arg: '<server>;<user>;<password>'
                 <server> to connect to (multiple servers are separated by :)
@@ -225,7 +206,7 @@ route6="$dir/.firewall6"
 [[ -f $cert ]] || { [[ $(ls $dir/* | egrep '\.ce?rt$' 2>&- | wc -w) -eq 1 ]] &&
             cert=$(ls $dir/* | egrep '\.ce?rt$' 2>&-); }
 
-while getopts ":hc:df:p:R:r:t:v:" opt; do
+while getopts ":hc:df:p:R:r:v:" opt; do
     case "$opt" in
         h) usage ;;
         c) cert_auth "$OPTARG" ;;
@@ -234,8 +215,7 @@ while getopts ":hc:df:p:R:r:t:v:" opt; do
         p) vpnportforward "$OPTARG" ;;
         R) return_route6 "$OPTARG" ;;
         r) return_route "$OPTARG" ;;
-        t) timezone "$OPTARG" ;;
-        v) eval vpn $(sed 's/^\|$/"/g; s/;/" "/g' <<< $OPTARG) ;;
+        v) eval vpn $(sed 's/^/"/; s/$/"/; s/;/" "/g' <<< $OPTARG) ;;
         "?") echo "Unknown option: -$OPTARG"; usage 1 ;;
         ":") echo "No argument value for option: -$OPTARG"; usage 2 ;;
     esac
@@ -246,8 +226,7 @@ shift $(( OPTIND - 1 ))
 [[ "${FIREWALL:-""}" || -e $route ]] && firewall "${FIREWALL:-""}"
 [[ "${ROUTE6:-""}" ]] && return_route6 "$ROUTE6"
 [[ "${ROUTE:-""}" ]] && return_route "$ROUTE"
-[[ "${TZ:-""}" ]] && timezone "$TZ"
-[[ "${VPN:-""}" ]] && eval vpn $(sed 's/^\|$/"/g; s/;/" "/g' <<< $VPN)
+[[ "${VPN:-""}" ]] && eval vpn $(sed 's/^/"/; s/$/"/; s/;/" "/g' <<< $VPN)
 [[ "${DNS:-""}" ]] && dns
 [[ "${VPNPORT:-""}" ]] && vpnportforward "$VPNPORT"
 [[ "${GROUPID:-""}" =~ ^[0-9]+$ ]] && groupmod -g $GROUPID -o vpn