diff options
Diffstat (limited to 'ci/docker')
| -rw-r--r-- | ci/docker/docker-compose.yml | 34 | ||||
| -rw-r--r-- | ci/docker/eduvpn-server.docker | 65 | ||||
| -rw-r--r-- | ci/docker/go-test.docker | 11 | ||||
| -rw-r--r-- | ci/docker/start.sh | 15 | ||||
| -rw-r--r-- | ci/docker/starteduvpn.sh | 17 |
5 files changed, 142 insertions, 0 deletions
diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml new file mode 100644 index 0000000..12ad767 --- /dev/null +++ b/ci/docker/docker-compose.yml @@ -0,0 +1,34 @@ +version: '3' + +networks: + eduvpn_network: + ipam: + driver: default + config: + - subnet: 172.20.0.0/24 + +services: + eduvpnserver: + build: + context: "." + dockerfile: 'ci/docker/eduvpn-server.docker' + tty: true + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + networks: + eduvpn_network: + ipv4_address: 172.20.0.5 + cap_add: # needed for wireguard + - NET_ADMIN + healthcheck: + test: ["CMD", "systemctl", "status", "wg-quick@wg0"] # Wait for wireguard to come online + interval: 5s + timeout: 10s + retries: 10 + gotest: + build: + context: "." + dockerfile: 'ci/docker/go-test.docker' + depends_on: + eduvpnserver: + condition: service_healthy diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker new file mode 100644 index 0000000..b1e2c70 --- /dev/null +++ b/ci/docker/eduvpn-server.docker @@ -0,0 +1,65 @@ +FROM fedora:36 + +RUN dnf -y install git + +WORKDIR /eduvpn + +RUN git clone https://github.com/eduvpn/documentation + +WORKDIR /eduvpn/documentation + +RUN git checkout v3 + +RUN echo -e '[eduVPN_v3-dev]\n\ +name=eduVPN 3.x Development Packages (Fedora $releasever)\n\ +baseurl=https://repo.tuxed.net/eduVPN/v3-dev/rpm/fedora-$releasever-$basearch\n\ +gpgcheck=1\n\ +gpgkey=https://repo.tuxed.net/fkooman+repo@tuxed.net.asc\n\ +enabled=1'\ +>> /etc/yum.repos.d/eduVPN_v3-dev.repo + +RUN cat /etc/yum.repos.d/eduVPN_v3-dev.repo + +RUN dnf -y install mod_ssl php-opcache httpd iptables-nft pwgen cronie \ + iptables-services php-fpm php-cli policycoreutils-python-utils chrony \ + ipcalc tmux wget iproute + +RUN dnf -y install vpn-server-node vpn-user-portal vpn-maint-scripts + +ARG WEB_FQDN=eduvpnserver + +RUN cp resources/ssl.fedora.conf /etc/httpd/conf.d/ssl.conf +RUN cp resources/localhost.fedora.conf /etc/httpd/conf.d/localhost.conf +RUN cp resources/vpn.example.fedora.conf "/etc/httpd/conf.d/${WEB_FQDN}.conf" + +RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/httpd/conf.d/${WEB_FQDN}.conf" + +RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/vpn-user-portal/config.php" + +RUN sed -i "s|10.42.42.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" +RUN sed -i "s|fd42::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" +RUN sed -i "s|10.43.43.0|$(ipcalc -4 -r 24 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" +RUN sed -i "s|fd43::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal/config.php" + +RUN cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key + +RUN openssl req \ + -nodes \ + -subj "/CN=${WEB_FQDN}" \ + -x509 \ + -sha256 \ + -newkey rsa:2048 \ + -keyout "/etc/pki/tls/private/${WEB_FQDN}.key" \ + -out "/etc/pki/tls/certs/${WEB_FQDN}.crt" \ + -days 90 + +WORKDIR /eduvpn/server +ADD ci/docker/starteduvpn.sh /eduvpn/server + +RUN chmod +x ./starteduvpn.sh + +RUN wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl3.py -O /bin/systemctl + +RUN chmod +x /bin/systemctl + +CMD ["./starteduvpn.sh"] diff --git a/ci/docker/go-test.docker b/ci/docker/go-test.docker new file mode 100644 index 0000000..d576dd7 --- /dev/null +++ b/ci/docker/go-test.docker @@ -0,0 +1,11 @@ +FROM golang:1.18 + +WORKDIR /eduvpn/go + +# pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change +COPY ./go.mod go.sum ./ +RUN go mod download && go mod verify + +COPY ./src ./src + +CMD ["go", "test", "github.com/jwijenbergh/eduvpn-common/src"] diff --git a/ci/docker/start.sh b/ci/docker/start.sh new file mode 100644 index 0000000..c1211b5 --- /dev/null +++ b/ci/docker/start.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +systemctl start php-fpm +systemctl start httpd +systemctl start crond + +vpn-daemon & +sleep 5 + +vpn-maint-apply-changes + +USER_NAME="docker" +USER_PASS="docker" + +sudo -u apache vpn-user-portal-account --add "${USER_NAME}" --password "${USER_PASS}" diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh new file mode 100644 index 0000000..191ef79 --- /dev/null +++ b/ci/docker/starteduvpn.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +systemctl start php-fpm +systemctl start httpd +systemctl start crond + +vpn-daemon & +sleep 5 + +vpn-maint-apply-changes + +USER_NAME="docker" +USER_PASS="docker" + +sudo -u apache vpn-user-portal-account --add "${USER_NAME}" --password "${USER_PASS}" + +sleep infinity |