Update the whole project

bin/start_openvpn

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+if [ -z "$( ls -A '/opt/data/openvpn' )" ] || [ "${EASY_RSA_REGEN}" == "true" ]; then
+    rm -rf /opt/data/openvpn/*
+    # -- It should prepare certs with easy-rsa
+    /usr/share/easy-rsa/easyrsa init-pki
+    # -- Currently only no password
+    /usr/share/easy-rsa/easyrsa build-ca nopass
+    /usr/share/easy-rsa/easyrsa gen-dh
+    `unset EASYRSA_REQ_CN && /usr/share/easy-rsa/easyrsa build-server-full server nopass`
+    # -- Generate the CRL for client/server certificates revocation.
+    /usr/share/easy-rsa/easyrsa gen-crl
+    openvpn --genkey tls-crypt-v2-server "pki/private/${EASYRSA_REQ_CN}.pem"
+    openvpn --genkey secret > "ta.key"
+
+else
+   echo "Easy RSA config is already prepared, skipping"
+fi
+
+cp /opt/data/openvpn/ta.key /etc/openvpn/server
+openvpn --config /opt/config/server.conf

containerfiles/Containerfile

@@ -16,7 +16,7 @@ RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version
 RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz
 RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn
 
-FROM ubuntu as builder
+FROM ubuntu:24.04 as builder
 # ------------------------------------------------------
 # -- TODO: Define it only once
 # ------------------------------------------------------
@@ -31,36 +31,34 @@ WORKDIR /src/openvpn
 RUN ./configure --disable-systemd --enable-async-push --enable-iproute2
 RUN make && make install
 RUN mkdir /output
-RUN cp $(which openvpn) /output/
+RUN cp $(which openvpn) /output
+RUN cp /src/openvpn/sample/sample-config-files/server.conf /output
 
 # ------------------------------------------------------
 # -- Final container
 # ------------------------------------------------------
 FROM ubuntu:24.04
-LABEL maintainer="allanger <allanger@zohomail.com>"
-COPY --from=builder /output /src
+LABEL maintainer="allanger <allanger@badhouseplants.net>"
+VOLUME /opt/data/openvpn
+WORKDIR /opt/data/openvpn
+
+ENV EASYRSA_BATCH=yes
+ENV EASYRSA_REQ_CN=openvpn-server
+
+COPY --from=builder /output/openvpn /src/openvpn
+COPY --from=builder /output/server.conf /opt/config/server.conf
+
 # -------------------------------------------------------
 # -- Prepare system deps
+# -- It's also installing the openvpn package but 
+# -- it's required for getting dependencies, later
+# -- it's rewritten by the binary that from the builder
 # -------------------------------------------------------
-RUN apt update && apt install openvpn easy-rsa iptables -y && \
-  mv /src/openvpn $(which openvpn)
-
-# Needed by scripts
-ENV OPENVPN /etc/openvpn
-
-# Prevents refused client connection because of an expired CRL
-ENV EASYRSA_CRL_DAYS 3650
-
-VOLUME ["/etc/openvpn"]
-
-# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp`
-EXPOSE 1194
+RUN apt update &&\
+      apt upgrade -y && \
+      apt install openvpn easy-rsa -y && \
+      mv /src/openvpn $(which openvpn)
 
 CMD ["ovpn_run"]
 
-COPY --chmod='755' ./bin /usr/local/bin
-# -----------------------------------------------------------
-# -- Add support for OTP authentication using a PAM module
-# -- I have no idea how it works yet
-# -----------------------------------------------------------
-WORKDIR /etc/openvpn
+COPY --chmod='755' ./bin /usr/local/bin