diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2024-11-21 15:52:07 +0100 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2024-11-21 15:52:07 +0100 |
| commit | 72edbfe5d2d51b7dbaaa6ac6fe96cfbd43b60069 (patch) | |
| tree | 739b96fa5d01aab5b5fc61426aaf7f503b512531 | |
| parent | 09e8aaddfcb5d2463279e58c3c6c320d1cb2fb46 (diff) | |
Remove old Docker CI
| -rwxr-xr-x | ci/docker/createcert.sh | 17 | ||||
| -rw-r--r-- | ci/docker/eduvpnserver.docker | 76 | ||||
| -rw-r--r-- | ci/docker/gotest.docker | 60 | ||||
| -rwxr-xr-x | ci/docker/healthcheck.sh | 5 | ||||
| -rwxr-xr-x | ci/docker/replaceexpiry.sh | 7 | ||||
| -rwxr-xr-x | ci/docker/starteduvpn.sh | 62 | ||||
| -rwxr-xr-x | ci/startcompose.sh | 32 |
7 files changed, 0 insertions, 259 deletions
diff --git a/ci/docker/createcert.sh b/ci/docker/createcert.sh deleted file mode 100755 index 1d55e6f..0000000 --- a/ci/docker/createcert.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash -# Get absolute path to current directory this script is in -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - -WEB_FQDN="eduvpnserver" - -# Create self signed cert and key -openssl req \ - -nodes \ - -subj "/CN=${WEB_FQDN}" \ - -x509 \ - -sha256 \ - -newkey rsa:2048 \ - -keyout "${SCRIPT_DIR}/selfsigned/${WEB_FQDN}.key" \ - -out "${SCRIPT_DIR}/selfsigned/${WEB_FQDN}.crt" \ - -addext "subjectAltName = DNS:${WEB_FQDN}" \ - -days 90 diff --git a/ci/docker/eduvpnserver.docker b/ci/docker/eduvpnserver.docker deleted file mode 100644 index 2e942db..0000000 --- a/ci/docker/eduvpnserver.docker +++ /dev/null @@ -1,76 +0,0 @@ -FROM docker.io/library/fedora:40 - -# This dockerfile was adapted from https://codeberg.og/eduvpn/deploy/src/branch/v3/deploy_fedora.sh -# DO NOT USE THIS IN PRODUCTION, ONLY FOR TESTING - -# Install git to clone the documentation repo -RUN dnf -y install git - -WORKDIR /eduvpn - -# Clone the deploy -RUN git clone https://codeberg.org/eduvpn/deploy - -WORKDIR /eduvpn/deploy - -# Checkout v3 branch -RUN git checkout v3 - -# import PGP key -RUN rpm --import resources/repo+v3@eduvpn.org.asc - -# configure repository -RUN echo -e '[eduVPN_v3]\n\ -name=eduVPN 3.x Packages (Fedora $releasever)\n\ -baseurl=https://repo.eduvpn.org/v3/rpm/fedora-$releasever-$basearch\n\ -gpgcheck=1\n\ -gpgkey=https://repo.tuxed.net/fkooman+repo@tuxed.net.asc\n\ -enabled=1'\ ->> /etc/yum.repos.d/eduVPN_v3.repo - -# Install dependencies -RUN dnf -y install mod_ssl php-opcache httpd iptables-nft pwgen cronie \ - iptables-services php-fpm php-cli policycoreutils-python-utils chrony \ - ipcalc tmux wget iproute - -# Install vpn packages -RUN dnf -y install vpn-server-node vpn-user-portal vpn-maint-scripts - -# Set webserver name -ARG WEB_FQDN=eduvpnserver - -# Copy and apply configurations -RUN cp resources/ssl.fedora.conf /etc/httpd/conf.d/ssl.conf -RUN cp resources/localhost.fedora.conf /etc/httpd/conf.d/localhost.conf -RUN cp resources/vpn.example.fedora.conf "/etc/httpd/conf.d/${WEB_FQDN}.conf" - -# Otherwise we get: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.6. Set the 'ServerName' directive globally to suppress this message -RUN echo "ServerName 127.0.0.1" >> /etc/httpd/conf/httpd.conf - -RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/httpd/conf.d/${WEB_FQDN}.conf" -RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/vpn-user-portal/config.php" - -# Update ip ranges -RUN sed -i "s|10.42.42.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" -RUN sed -i "s|fd42::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" -RUN sed -i "s|10.43.43.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" -RUN sed -i "s|fd43::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" - -# Update secrets -RUN cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key - -# Copy self signed cert and key -COPY ./ci/docker/selfsigned/${WEB_FQDN}.key /etc/pki/tls/private/${WEB_FQDN}.key -COPY ./ci/docker/selfsigned/${WEB_FQDN}.crt /etc/pki/tls/certs/${WEB_FQDN}.crt - -# Add the start script and expiry script -WORKDIR /eduvpn/server -ADD ci/docker/starteduvpn.sh /eduvpn/server -ADD ci/docker/replaceexpiry.sh /eduvpn/server -ADD ci/docker/healthcheck.sh /eduvpn/server - -RUN chmod +x ./starteduvpn.sh -RUN chmod +x ./replaceexpiry.sh -RUN chmod +x ./healthcheck.sh - -CMD ["./starteduvpn.sh"] diff --git a/ci/docker/gotest.docker b/ci/docker/gotest.docker deleted file mode 100644 index 53d0da5..0000000 --- a/ci/docker/gotest.docker +++ /dev/null @@ -1,60 +0,0 @@ -FROM docker.io/library/debian:bookworm - -# This docker image is for testing the go code with go test and the needed dependencies for selenium - -WORKDIR /eduvpn - -# Dependencies -RUN apt-get update -RUN apt-get -y install firefox-esr python3-selenium python3-build python3-pip python3.11-venv firefox-esr wget xvfb - -# Install go from go.dev -# Get -RUN wget https://go.dev/dl/go1.22.5.linux-amd64.tar.gz -O go.tar.gz - -# Verify hash -RUN echo "904b924d435eaea086515bc63235b192ea441bd8c9b198c507e85009e6e4c7f0 go.tar.gz" | sha256sum --check - -# Untar -RUN tar -C /usr/local -xzf go.tar.gz - -# Update PATH -ENV PATH="/usr/local/go/bin:$PATH" - -# Install geckodriver and add to path -WORKDIR /eduvpn/vendor -RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.34.0/geckodriver-v0.34.0-linux64.tar.gz -RUN tar xzvf geckodriver-v0.34.0-linux64.tar.gz -ENV PATH="/eduvpn/vendor:$PATH" - -# Update certificates -COPY ./ci/docker/selfsigned/eduvpnserver.crt /usr/local/share/ca-certificates/eduvpnserver.crt -RUN update-ca-certificates - -# Run tests as a new user for pip -RUN useradd --create-home test -USER test - -WORKDIR /home/test - -# Copy sources with correct permissions -COPY --chown=test:test . ./ - -# Vendor go dependencies -RUN go mod vendor - -# Clean because there might be previous builds copied over -RUN make clean - -# Build go -RUN make build - -# Make python lib -RUN make -C wrappers/python - -# Install python lib -# who cares if we break the system here :^) -RUN pip3 install --break-system-packages wrappers/python/dist/*.whl - -# Run the tests -CMD ["make", "test"] diff --git a/ci/docker/healthcheck.sh b/ci/docker/healthcheck.sh deleted file mode 100755 index a6bbc0d..0000000 --- a/ci/docker/healthcheck.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -# Check if wg show has any output -output_wg="$(wg show)" -[[ -n $output_wg ]] diff --git a/ci/docker/replaceexpiry.sh b/ci/docker/replaceexpiry.sh deleted file mode 100755 index b029863..0000000 --- a/ci/docker/replaceexpiry.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -# If no custom expiry set, do nothing -[ -z "${OAUTH_EXPIRED_TTL}" ] && exit - -# Replace oauth expiry -sed -i "s/return \[/return \[\n'Api' => [\n'tokenExpiry' => 'PT${OAUTH_EXPIRED_TTL}S',\n],/g" "$1" diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh deleted file mode 100755 index fab2d2d..0000000 --- a/ci/docker/starteduvpn.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env bash - -# Check if credentials are set -# If not fail with exit code 1 -if [[ -z "${PORTAL_USER}" ]]; then - printf "Error: No portal username set, set the PORTAL_USER env var\n" - exit 1 -fi - -if [[ -z "${PORTAL_PASS}" ]]; then - printf "Error: No portal username set, set the PORTAL_PASS env var\n" - exit 1 -fi - -# Replace expiry -./replaceexpiry.sh /etc/vpn-user-portal/config.php - -# Start the preliminary services -mkdir /run/php-fpm -php-fpm --nodaemonize & -crond & -httpd -DFOREGROUND & - -# Start the daemon in the background and get the PID -vpn-daemon & -pid_daemon=$! - -# Wait a bit -sleep 5 - -# Snippet from vpn-maint-apply-changes -# Enable & Start WireGuard -rm -rf /etc/wireguard/* -if ! /usr/libexec/vpn-server-node/server-config; then - exit 1 -fi -for F in /etc/wireguard/*.conf -do - case ${F} in - *.conf) - CONFIG_NAME=$(basename "${F}" .conf) - wg-quick up "${CONFIG_NAME}" - ;; - esac -done -# sync with vpn-daemon, no need to wait for the cron, but *ONLY* do this when -# this is a machine with vpn-user-portal installed -if [ -d /etc/vpn-user-portal ]; then - if [ -f /etc/redhat-release ]; then - sudo -u apache /usr/libexec/vpn-user-portal/daemon-sync - fi - if [ -f /etc/debian_version ]; then - sudo -u www-data /usr/libexec/vpn-user-portal/daemon-sync - fi -fi - - -# Add the user with the env variables -sudo -u apache vpn-user-portal-account --add "${PORTAL_USER}" --password "${PORTAL_PASS}" - -# Wait for the daemon to finish -wait $pid_daemon diff --git a/ci/startcompose.sh b/ci/startcompose.sh deleted file mode 100755 index 5b44c2d..0000000 --- a/ci/startcompose.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash - -if [[ -z "${PORTAL_USER}" ]]; then - printf "Error: No portal username set, set the PORTAL_USER env var\n" - exit 1 -fi - -if [[ -z "${PORTAL_PASS}" ]]; then - printf "Error: No portal username set, set the PORTAL_PASS env var\n" - exit 1 -fi - -# Get absolute path to current directory this script is in -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - -pushd "$SCRIPT_DIR"/.. || exit 1 - -# Create self-signed certificate -mkdir -p ci/docker/selfsigned -./ci/docker/createcert.sh - - -# Up the containers and abort on exit. Also rebuild the necessary steps if there are changes -# You can pass EDUVPN_PODCOMP=1 to use podman-compose instead of docker-compose -compose_cmd="docker-compose" -if [ "$EDUVPN_PODCOMP" ]; then - compose_cmd="podman-compose" -fi - -"$compose_cmd" up --build --force-recreate --abort-on-container-exit - -popd || exit 1 |