Compare commits
	
		
			33 Commits
		
	
	
		
			add-openvp
			...
			refactor-t
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| cb6e867483 | |||
| 767cd2d512 | |||
| e231e219aa | |||
| 0170a5dc76 | |||
| c5694a5672 | |||
| c64873d9fc | |||
| 18e09d9658 | |||
| 36d4d424f8 | |||
| db6e07b5c5 | |||
| 383dd1b82d | |||
| 42511439ce | |||
| 5c3f73e8c4 | |||
| 114050fa99 | |||
| 0cabb525d4 | |||
| cdb94b148a | |||
| 79bfbcc8bd | |||
| c827972079 | |||
| 24fb1546b7 | |||
| e1071ce9d8 | |||
| 2fb97bc8d9 | |||
| 0f4a57694b | |||
| 88edadf5eb | |||
| d8408f498e | |||
| c3297b38e9 | |||
| cdda2fb983 | |||
| 2df2ec12e8 | |||
|   | b48a954ab8 | ||
|   | 0110830c45 | ||
|   | 61c8a596c4 | ||
|   | 51c1375013 | ||
|   | e58669a0ee | ||
|   | caba35b2ce | ||
|   | 22338d31aa | 
							
								
								
									
										51
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										51
									
								
								.drone.yml
									
									
									
									
									
								
							| @@ -1,51 +0,0 @@ | ||||
| --- | ||||
| # ---------------------------------------------- | ||||
| # -- Build an image and push it to the registry | ||||
| # ---------------------------------------------- | ||||
| kind: pipeline | ||||
| type: docker | ||||
| name: Build the builder | ||||
|  | ||||
| trigger: | ||||
|   event: | ||||
|     - push | ||||
|   branch: | ||||
|     - main | ||||
|  | ||||
| steps: | ||||
|   - name: Build openvpn xor amd64 | ||||
|     image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3 | ||||
|     privileged: true | ||||
|     environment: | ||||
|       GITEA_TOKEN: | ||||
|         from_secret: GITEA_TOKEN | ||||
|       CONTAINERFILE: ./containerfiles/Containerfile-XOR | ||||
|       CUSTOM_TAG: v2.6.5-XOR-4.0.0beta08 | ||||
|     commands: | ||||
|       - build-container | ||||
|  | ||||
|   - name: Build openvpn amd64 | ||||
|     image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3 | ||||
|     privileged: true | ||||
|     environment: | ||||
|       GITEA_TOKEN: | ||||
|         from_secret: GITEA_TOKEN | ||||
|       CONTAINERFILE: ./containerfiles/Containerfile | ||||
|       CUSTOM_TAG: v2.6.5 | ||||
|     commands: | ||||
|       - build-container | ||||
|  | ||||
|   - name: Publish the Helm chart | ||||
|     image: alpine/helm | ||||
|     depends_on: | ||||
|       - Build openvpn xor amd64 | ||||
|       - Build openvpn amd64 | ||||
|     environment: | ||||
|       GITEA_TOKEN: | ||||
|         from_secret: GITEA_TOKEN | ||||
|     commands: | ||||
|       - cd helm | ||||
|       - helm plugin install https://github.com/chartmuseum/helm-push | ||||
|       - helm package . -d chart-package | ||||
|       - helm repo add  --username allanger --password $GITEA_TOKEN openvpn https://git.badhouseplants.net/api/packages/allanger/helm | ||||
|       - helm cm-push "./chart-package/$(ls chart-package)" openvpn | ||||
							
								
								
									
										34
									
								
								.woodpecker.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								.woodpecker.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| --- | ||||
| when: | ||||
|   event: | ||||
|     - push | ||||
|   branch: | ||||
|     - main | ||||
|  | ||||
| matrix: | ||||
|   TARGET: | ||||
|     - openvpn_xor | ||||
|     - openvpn | ||||
|  | ||||
| steps: | ||||
|   build-${TARGET}: | ||||
|     name: Build ${TARGET} | ||||
|     image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest | ||||
|     secrets: | ||||
|       - gitea_token | ||||
|     privileged: true | ||||
|     depends_on: [] | ||||
|     backend_options: | ||||
|       kubernetes: | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 500Mi | ||||
|             cpu: 200m | ||||
|           limits: | ||||
|             memory: 500Mi | ||||
|             cpu: 200m | ||||
|         securityContext: | ||||
|           privileged: true | ||||
|     commands: | ||||
|       - source ./env/${TARGET}.env | ||||
|       - ./scripts/$SCRIPT | ||||
| @@ -1,79 +0,0 @@ | ||||
| FROM ghcr.io/allanger/dumb-downloader as dudo | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ENV TUNNELBLICK_VERSION=4.0.0beta08 | ||||
| ENV EASYRSA_VERSION=3.1.5 | ||||
| RUN apt update && apt install gnupg tar -y | ||||
| RUN mkdir /output | ||||
| # ------------------------------------------------------ | ||||
| # -- Downlaod OpenVPN | ||||
| # ------------------------------------------------------ | ||||
| RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY | ||||
| RUN gpg --import security-openvpn-net.asc | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION | ||||
| # ------------------------------------------------------ | ||||
| # -- I should fix it later | ||||
| # ------------------------------------------------------ | ||||
| # RUN gpg  --no-tty --verify /tmp/openvpn.asc | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION | ||||
| RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz | ||||
| RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn | ||||
| # ------------------------------------------------------ | ||||
| # -- Download Tunnelblick | ||||
| # ------------------------------------------------------ | ||||
| RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ version }}.tar.gz" -d /tmp/tunnelblick.tar.gz -p $TUNNELBLICK_VERSION | ||||
| RUN tar -xf /tmp/tunnelblick.tar.gz  -C /tmp && rm -f /tmp/tunnelblick.tar.gz | ||||
| RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick | ||||
|  | ||||
| FROM ubuntu as builder | ||||
| # ------------------------------------------------------ | ||||
| # -- TODO: Define it only once | ||||
| # ------------------------------------------------------ | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ENV TUNNELBLICK_VERSION=v4.0.0beta08 | ||||
| COPY --from=dudo /output /src | ||||
| RUN apt-get update &&\ | ||||
|       apt-get install -y wget tar unzip build-essential \ | ||||
|       libssl-dev iproute2 liblz4-dev liblzo2-dev \ | ||||
|       libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \ | ||||
|       easy-rsa iptables pkg-config libcap-ng-dev | ||||
| RUN cp /src/tunnelblick/third_party/sources/openvpn/openvpn-$OPENVPN_VERSION/patches/*.diff /src/openvpn | ||||
| WORKDIR /src/openvpn | ||||
| RUN for patch in $(find -type f | grep diff); do\ | ||||
|         patch -p1 < $patch;\ | ||||
|     done | ||||
| RUN ./configure --disable-systemd --enable-async-push --enable-iproute2 | ||||
| RUN make && make install | ||||
| RUN mkdir /output | ||||
| RUN cp $(which openvpn) /output/ | ||||
|  | ||||
| # ------------------------------------------------------ | ||||
| # -- Final container | ||||
| # ------------------------------------------------------ | ||||
| FROM ubuntu:22.04 | ||||
| LABEL maintainer="allanger <allanger@zohomail.com>" | ||||
| COPY --from=builder /output /src | ||||
| # ------------------------------------------------------- | ||||
| # -- Prepare system deps | ||||
| # ------------------------------------------------------- | ||||
| RUN apt update && apt install openvpn easy-rsa iptables -y && \ | ||||
|   mv /src/openvpn $(which openvpn) | ||||
|  | ||||
| # Needed by scripts | ||||
| ENV OPENVPN /etc/openvpn | ||||
|  | ||||
| # Prevents refused client connection because of an expired CRL | ||||
| ENV EASYRSA_CRL_DAYS 3650 | ||||
|  | ||||
| VOLUME ["/etc/openvpn"] | ||||
|  | ||||
| # Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp` | ||||
| EXPOSE 1194 | ||||
|  | ||||
| CMD ["ovpn_run"] | ||||
|  | ||||
| COPY --chmod='755' ./bin /usr/local/bin | ||||
| # ----------------------------------------------------------- | ||||
| # -- Add support for OTP authentication using a PAM module | ||||
| # -- I have no idea how it works yet | ||||
| # ----------------------------------------------------------- | ||||
| COPY ./otp/openvpn /etc/pam.d/ | ||||
| @@ -1,52 +0,0 @@ | ||||
| # Contributor: Fabio Napoleoni <f.napoleoni@gmail.com> | ||||
| # Maintainer: | ||||
| pkgname=google-authenticator | ||||
| pkgver=20160207 | ||||
| pkgrel=1 | ||||
| pkgdesc="Google Authenticator PAM module" | ||||
| url="https://github.com/google/google-authenticator" | ||||
| arch="all" | ||||
| license="ASL 2.0" | ||||
| depends= | ||||
| depends_dev= | ||||
| makedepends="$depends_dev autoconf automake libtool linux-pam-dev m4 openssl-dev" | ||||
| install= | ||||
| subpackages="$pkgname-doc" | ||||
| source="https://github.com/google/google-authenticator/archive/c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" | ||||
|  | ||||
| _builddir="$srcdir"/$pkgname-c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425/libpam | ||||
|  | ||||
| prepare() { | ||||
| 	local i | ||||
| 	cd "$_builddir" | ||||
| 	for i in $source; do | ||||
| 		case $i in | ||||
| 			*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; | ||||
| 		esac | ||||
| 	done | ||||
| } | ||||
|  | ||||
| build() { | ||||
| 	cd "$_builddir" | ||||
| 		./bootstrap.sh || return 1 | ||||
| 		./configure \ | ||||
| 			--build=$CBUILD \ | ||||
| 			--host=$CHOST \ | ||||
| 			--prefix=/usr \ | ||||
| 			--libdir=/lib \ | ||||
| 			--sysconfdir=/etc \ | ||||
| 			--mandir=/usr/share/man \ | ||||
| 			--infodir=/usr/share/info \ | ||||
| 			|| return 1 | ||||
|  | ||||
| 		make || return 1 | ||||
| } | ||||
|  | ||||
| package() { | ||||
| 	cd "$_builddir" | ||||
| 	make DESTDIR="$pkgdir" install || return 1 | ||||
| } | ||||
|  | ||||
| md5sums="33d3cbd0488bcb4f50b34b5670deffae  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" | ||||
| sha256sums="e32abe693e54195bdb6aca52783e6e1c239e67296876ac59211a59e4608338b8  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" | ||||
| sha512sums="b44a626e6cc5d8e27685f5d39b5d33f49fc7070331db7b458d3ee40723972821bb8ed5458f27a287dc664d162acf1f8f9a36ca3b1bf767f2bbf27d4f538e9872  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" | ||||
							
								
								
									
										20
									
								
								bin/start_openvpn
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										20
									
								
								bin/start_openvpn
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| #!/usr/bin/env bash | ||||
| if [ -z "$( ls -A '/opt/data/openvpn' )" ] || [ "${EASY_RSA_REGEN}" == "true" ]; then | ||||
|     rm -rf /opt/data/openvpn/* | ||||
|     # -- It should prepare certs with easy-rsa | ||||
|     /usr/share/easy-rsa/easyrsa init-pki | ||||
|     # -- Currently only no password | ||||
|     /usr/share/easy-rsa/easyrsa build-ca nopass | ||||
|     /usr/share/easy-rsa/easyrsa gen-dh | ||||
|     `unset EASYRSA_REQ_CN && /usr/share/easy-rsa/easyrsa build-server-full server nopass` | ||||
|     # -- Generate the CRL for client/server certificates revocation. | ||||
|     /usr/share/easy-rsa/easyrsa gen-crl | ||||
|     openvpn --genkey tls-crypt-v2-server "pki/private/${EASYRSA_REQ_CN}.pem" | ||||
|     openvpn --genkey secret > "ta.key" | ||||
|  | ||||
| else | ||||
|    echo "Easy RSA config is already prepared, skipping" | ||||
| fi | ||||
|  | ||||
| cp /opt/data/openvpn/ta.key /etc/openvpn/server | ||||
| openvpn --config /opt/config/server.conf | ||||
| @@ -1,5 +1,5 @@ | ||||
| FROM ghcr.io/allanger/dumb-downloader as dudo | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ARG OPENVPN_VERSION | ||||
| RUN apt update && apt install gnupg tar -y | ||||
| RUN mkdir /output | ||||
| # ------------------------------------------------------ | ||||
| @@ -7,20 +7,20 @@ RUN mkdir /output | ||||
| # ------------------------------------------------------ | ||||
| RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY | ||||
| RUN gpg --import security-openvpn-net.asc | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p ${OPENVPN_VERSION} | ||||
| # ------------------------------------------------------ | ||||
| # -- I should fix it later | ||||
| # -- todo: I should fix it later | ||||
| # ------------------------------------------------------ | ||||
| # RUN gpg  --no-tty --verify /tmp/openvpn.asc | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION | ||||
| RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p ${OPENVPN_VERSION} | ||||
| RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz | ||||
| RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn | ||||
| RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn | ||||
|  | ||||
| FROM ubuntu as builder | ||||
| FROM ubuntu:24.04 as builder | ||||
| # ------------------------------------------------------ | ||||
| # -- TODO: Define it only once | ||||
| # ------------------------------------------------------ | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ARG OPENVPN_VERSION | ||||
| COPY --from=dudo /output /src | ||||
| RUN apt-get update &&\ | ||||
|       apt-get install -y wget tar unzip build-essential \ | ||||
| @@ -31,36 +31,34 @@ WORKDIR /src/openvpn | ||||
| RUN ./configure --disable-systemd --enable-async-push --enable-iproute2 | ||||
| RUN make && make install | ||||
| RUN mkdir /output | ||||
| RUN cp $(which openvpn) /output/ | ||||
| RUN cp $(which openvpn) /output | ||||
| RUN cp /src/openvpn/sample/sample-config-files/server.conf /output | ||||
|  | ||||
| # ------------------------------------------------------ | ||||
| # -- Final container | ||||
| # ------------------------------------------------------ | ||||
| FROM ubuntu:22.04 | ||||
| LABEL maintainer="allanger <allanger@zohomail.com>" | ||||
| COPY --from=builder /output /src | ||||
| FROM ubuntu:24.04 | ||||
| LABEL maintainer="allanger <allanger@badhouseplants.net>" | ||||
| VOLUME /opt/data/openvpn | ||||
| WORKDIR /opt/data/openvpn | ||||
|  | ||||
| ENV EASYRSA_BATCH=yes | ||||
| ENV EASYRSA_REQ_CN=openvpn-server | ||||
|  | ||||
| COPY --from=builder /output/openvpn /src/openvpn | ||||
| COPY --from=builder /output/server.conf /opt/config/server.conf | ||||
|  | ||||
| # ------------------------------------------------------- | ||||
| # -- Prepare system deps | ||||
| # -- It's also installing the openvpn package but  | ||||
| # -- it's required for getting dependencies, later | ||||
| # -- it's rewritten by the binary that from the builder | ||||
| # ------------------------------------------------------- | ||||
| RUN apt update && apt install openvpn easy-rsa iptables -y && \ | ||||
|   mv /src/openvpn $(which openvpn) | ||||
|  | ||||
| # Needed by scripts | ||||
| ENV OPENVPN /etc/openvpn | ||||
|  | ||||
| # Prevents refused client connection because of an expired CRL | ||||
| ENV EASYRSA_CRL_DAYS 3650 | ||||
|  | ||||
| VOLUME ["/etc/openvpn"] | ||||
|  | ||||
| # Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp` | ||||
| EXPOSE 1194 | ||||
| RUN apt update &&\ | ||||
|       apt upgrade -y && \ | ||||
|       apt install openvpn easy-rsa -y && \ | ||||
|       mv /src/openvpn $(which openvpn) | ||||
|  | ||||
| CMD ["ovpn_run"] | ||||
|  | ||||
| COPY --chmod='755' ./bin /usr/local/bin | ||||
| # ----------------------------------------------------------- | ||||
| # -- Add support for OTP authentication using a PAM module | ||||
| # -- I have no idea how it works yet | ||||
| # ----------------------------------------------------------- | ||||
| COPY ./otp/openvpn /etc/pam.d/ | ||||
| COPY --chmod='755' ./bin /usr/local/bin | ||||
| @@ -1,6 +1,6 @@ | ||||
| FROM ghcr.io/allanger/dumb-downloader as dudo | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ENV TUNNELBLICK_VERSION=4.0.0beta08 | ||||
| ARG OPENVPN_VERSION | ||||
| ARG TUNNELBLICK_VERSION | ||||
| RUN apt update && apt install gnupg tar -y | ||||
| RUN mkdir /output | ||||
| # ------------------------------------------------------ | ||||
| @@ -27,8 +27,8 @@ FROM ubuntu as builder | ||||
| # ------------------------------------------------------ | ||||
| # -- TODO: Define it only once | ||||
| # ------------------------------------------------------ | ||||
| ENV OPENVPN_VERSION=2.6.5 | ||||
| ENV TUNNELBLICK_VERSION=v4.0.0beta08 | ||||
| ARG OPENVPN_VERSION | ||||
| ARG TUNNELBLICK_VERSION | ||||
| COPY --from=dudo /output /src | ||||
| RUN apt-get update &&\ | ||||
|       apt-get install -y wget tar unzip build-essential \ | ||||
| @@ -48,7 +48,7 @@ RUN cp $(which openvpn) /output/ | ||||
| # ------------------------------------------------------ | ||||
| # -- Final container | ||||
| # ------------------------------------------------------ | ||||
| FROM ubuntu:22.04 | ||||
| FROM ubuntu:24.04 | ||||
| LABEL maintainer="allanger <allanger@zohomail.com>" | ||||
| COPY --from=builder /output /src | ||||
| # ------------------------------------------------------- | ||||
| @@ -75,4 +75,4 @@ COPY --chmod='755' ./bin /usr/local/bin | ||||
| # -- Add support for OTP authentication using a PAM module | ||||
| # -- I have no idea how it works yet | ||||
| # ----------------------------------------------------------- | ||||
| COPY ./otp/openvpn /etc/pam.d/ | ||||
| WORKDIR /etc/openvpn | ||||
|   | ||||
							
								
								
									
										3
									
								
								env/openvpn.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								env/openvpn.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| export OPENVPN_VERSION=2.6.11 | ||||
| export CONTAINERFILE=./containerfiles/Containerfile | ||||
| export SCRIPT=build_upstream.sh | ||||
							
								
								
									
										3
									
								
								env/openvpn_xor.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								env/openvpn_xor.env
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| export TUNNELBLICK_VERSION=6.0beta03 | ||||
| export CONTAINERFILE=./containerfiles/Containerfile-XOR | ||||
| export SCRIPT=build_xor.sh | ||||
| @@ -1,22 +0,0 @@ | ||||
| --- | ||||
| apiVersion: v2 | ||||
| name: openvpn | ||||
| description: A Helm chart for deploying OpenVPN | ||||
| type: application | ||||
| version: 1.0.6 | ||||
| appVersion: "2.6.5" | ||||
|  | ||||
| sources: | ||||
|   - https://git.badhouseplants.net/allanger/container-openvpn-xor | ||||
|   - https://github.com/kylemanna/docker-openvpn | ||||
|   - https://github.com/lawtancool/docker-openvpn-xor | ||||
|  | ||||
| maintainers: | ||||
|   - name: allanger | ||||
|     email: allanger@zohomail.com | ||||
|     url: https://badhouseplants.net | ||||
|  | ||||
| keywords: | ||||
|   - OpenVPN | ||||
|   - VPN | ||||
|   - xor | ||||
							
								
								
									
										17
									
								
								helm/LICENSE
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								helm/LICENSE
									
									
									
									
									
								
							| @@ -1,17 +0,0 @@ | ||||
| Permission is hereby granted, without written agreement and without | ||||
| license or royalty fees, to use, copy, modify, and distribute this | ||||
| software and its documentation for any purpose, provided that the | ||||
| above copyright notice and the following two paragraphs appear in | ||||
| all copies of this software. | ||||
|  | ||||
| IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR | ||||
| DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES | ||||
| ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN | ||||
| IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH | ||||
| DAMAGE. | ||||
|  | ||||
| THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, | ||||
| BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND | ||||
| FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS | ||||
| ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO | ||||
| PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. | ||||
| @@ -1,9 +0,0 @@ | ||||
| # helm-openvpn | ||||
|  | ||||
| A helm chart to deploy openvpn | ||||
| ## K8s reqs: | ||||
| --allowed-unsafe-sysctls=net.ipv4.ip_forward | ||||
| ## How it works? | ||||
|  | ||||
| 1. It's generating the openvpn configuration if it's not generated yet. It's an `ininContainer` that really runs only once. | ||||
|  | ||||
| @@ -1 +0,0 @@ | ||||
| 1. Get the application URL by running these commands: | ||||
| @@ -1,62 +0,0 @@ | ||||
| {{/* | ||||
| Expand the name of the chart. | ||||
| */}} | ||||
| {{- define "openvpn-chart.name" -}} | ||||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create a default fully qualified app name. | ||||
| We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||||
| If release name contains chart name it will be used as a full name. | ||||
| */}} | ||||
| {{- define "openvpn-chart.fullname" -}} | ||||
| {{- if .Values.fullnameOverride }} | ||||
| {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- $name := default .Chart.Name .Values.nameOverride }} | ||||
| {{- if contains $name .Release.Name }} | ||||
| {{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create chart name and version as used by the chart label. | ||||
| */}} | ||||
| {{- define "openvpn-chart.chart" -}} | ||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Common labels | ||||
| */}} | ||||
| {{- define "openvpn-chart.labels" -}} | ||||
| helm.sh/chart: {{ include "openvpn-chart.chart" . }} | ||||
| {{ include "openvpn-chart.selectorLabels" . }} | ||||
| {{- if .Chart.AppVersion }} | ||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||
| {{- end }} | ||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Selector labels | ||||
| */}} | ||||
| {{- define "openvpn-chart.selectorLabels" -}} | ||||
| app.kubernetes.io/name: {{ include "openvpn-chart.name" . }} | ||||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create the name of the service account to use | ||||
| */}} | ||||
| {{- define "openvpn-chart.serviceAccountName" -}} | ||||
| {{- if .Values.serviceAccount.create }} | ||||
| {{- default (include "openvpn-chart.fullname" .) .Values.serviceAccount.name }} | ||||
| {{- else }} | ||||
| {{- default "default" .Values.serviceAccount.name }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| @@ -1,121 +0,0 @@ | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: {{ include "openvpn-chart.fullname" . }} | ||||
|   labels: | ||||
|     {{- include "openvpn-chart.labels" . | nindent 4 }} | ||||
| spec: | ||||
|   {{- if not .Values.autoscaling.enabled }} | ||||
|   replicas: {{ .Values.replicaCount }} | ||||
|   {{- end }} | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       {{- include "openvpn-chart.selectorLabels" . | nindent 6 }} | ||||
|   template: | ||||
|     metadata: | ||||
|       {{- with .Values.podAnnotations }} | ||||
|       annotations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       labels: | ||||
|         {{- include "openvpn-chart.selectorLabels" . | nindent 8 }} | ||||
|     spec: | ||||
|       {{- with .Values.imagePullSecrets }} | ||||
|       imagePullSecrets: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       volumes: | ||||
|         - name: pvc-openvpn | ||||
|           persistentVolumeClaim: | ||||
|             claimName: {{ include "openvpn-chart.fullname" . }} | ||||
|         - name: pki-scripts | ||||
|           configMap: | ||||
|             name: {{ include "openvpn-chart.fullname" . }}-pki-scripts | ||||
|       securityContext: | ||||
|           sysctls: | ||||
|             - name: net.ipv4.ip_forward | ||||
|               value: "1" | ||||
|       containers: | ||||
|         - name: {{ .Chart.Name }} | ||||
|           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" | ||||
|           imagePullPolicy: {{ .Values.image.pullPolicy }} | ||||
|  | ||||
|           resources: | ||||
|             {{- toYaml .Values.resources | nindent 12 }} | ||||
|           volumeMounts: | ||||
|             - mountPath: "/etc/openvpn" | ||||
|               name: pvc-openvpn | ||||
|             - mountPath: /scripts | ||||
|               name: pki-scripts | ||||
|           env: | ||||
|           - name: OVPN_SERVER | ||||
|             value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               add: | ||||
|                 - NET_ADMIN | ||||
|       initContainers: | ||||
|         # ---------------------------------------------------------------------- | ||||
|         # -- This init container is generating the basic configuration | ||||
|         # ---------------------------------------------------------------------- | ||||
|         - name: 0-ovpn-genconfig | ||||
|           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" | ||||
|           volumeMounts: | ||||
|             - mountPath: "/etc/openvpn" | ||||
|               name: pvc-openvpn | ||||
|           env: | ||||
|             - name: OVPN_SERVER_URL | ||||
|               value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" | ||||
|             - name: OVPN_DATA | ||||
|               value: "/etc/openvpn"  | ||||
|           command:  | ||||
|             - sh | ||||
|             - -c  | ||||
|             - 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi' | ||||
|         - name: 1-ovpn-initpki | ||||
|           env: | ||||
|             - name: OVPN_DATA | ||||
|               value: /etc/openvpn | ||||
|             - name: EASYRSA_REQ_CN | ||||
|               value: {{ .Values.easyrsa.cn }} | ||||
|             - name: EASYRSA_REQ_COUNTRY | ||||
|               value: {{ .Values.easyrsa.country }} | ||||
|             - name: EASYRSA_REQ_PROVINCE | ||||
|               value: {{ .Values.easyrsa.province }} | ||||
|             - name: EASYRSA_REQ_CITY | ||||
|               value: {{ .Values.easyrsa.city }} | ||||
|             - name: EASYRSA_REQ_ORG | ||||
|               value: {{ .Values.easyrsa.org }} | ||||
|             - name: EASYRSA_REQ_EMAIL | ||||
|               value: {{ .Values.easyrsa.email }} | ||||
|             - name: EASYRSA_REQ_OU | ||||
|               value: {{ .Values.easyrsa.ou }} | ||||
|             - name: EASYRSA_ALGO | ||||
|               value: {{ .Values.easyrsa.algo }} | ||||
|             - name: EASYRSA_DIGEST | ||||
|               value: {{ .Values.easyrsa.digest }} | ||||
|             - name: EASYRSA_BATCH | ||||
|               value: "yes"  | ||||
|             - name: OVPN_SERVER_URL | ||||
|               value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" | ||||
|           volumeMounts: | ||||
|             - mountPath: "/etc/openvpn" | ||||
|               name: pvc-openvpn | ||||
|             - mountPath: /scripts | ||||
|               name: pki-scripts | ||||
|           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" | ||||
|           command:  | ||||
|             - bash | ||||
|             - /scripts/init_pki.sh | ||||
|       {{- with .Values.nodeSelector }} | ||||
|       nodeSelector: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.affinity }} | ||||
|       affinity: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
|       {{- with .Values.tolerations }} | ||||
|       tolerations: | ||||
|         {{- toYaml . | nindent 8 }} | ||||
|       {{- end }} | ||||
| @@ -1,30 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: {{ include "openvpn-chart.fullname" . }}-pki-scripts | ||||
|   labels: | ||||
|     {{- include "openvpn-chart.labels" . | nindent 4 }} | ||||
| data: | ||||
|   init_pki.sh: | | ||||
|     if [ ! -d /etc/openvpn/pki ]; then | ||||
|       source "$OPENVPN/ovpn_env.sh" | ||||
|       OVPN_DIR=/etc/openvpn | ||||
|       PKI_DIR=$OVPN_DIR/pki | ||||
|       cd $OVPN_DIR | ||||
|       export EASYRSA_BATCH=yes | ||||
|       unset EASYRSA_VARS_FILE | ||||
|       /usr/share/easy-rsa/easyrsa init-pki | ||||
|       /usr/share/easy-rsa/easyrsa build-ca nopass | ||||
|       /usr/share/easy-rsa/easyrsa build-server-full {{ .Values.openvpn.host }} nopass | ||||
|       /usr/share/easy-rsa/easyrsa gen-dh | ||||
|       cd $PKI_DIR | ||||
|       openvpn --genkey tls-crypt-v2-server private/{{ .Values.openvpn.host }}.pem | ||||
|       openvpn --genkey secret > ta.key | ||||
|     fi | ||||
|   gen_client.sh: | | ||||
|     source "$OPENVPN/ovpn_env.sh" | ||||
|     CLIENTNAME=$1 | ||||
|     PASSWORD=$2 | ||||
|     OVPN_DIR=/etc/openvpn | ||||
|     cd $OVPN_DIR | ||||
|     /usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD | ||||
| @@ -1,13 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: {{ include "openvpn-chart.fullname" . }} | ||||
|   labels: | ||||
|     {{- include "openvpn-chart.labels" . | nindent 4 }} | ||||
| spec: | ||||
|   storageClassName: {{ .Values.storage.class }} | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: {{ .Values.storage.size }} | ||||
| @@ -1,18 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: {{ include "openvpn-chart.fullname" . }} | ||||
|   labels: | ||||
|     {{- include "openvpn-chart.labels" . | nindent 4 }} | ||||
| spec: | ||||
|   type: {{ .Values.service.type }} | ||||
|   ports: | ||||
|     - port: {{ .Values.service.port }} | ||||
|       {{- if .Values.service.nodePort }} | ||||
|       nodePort: {{ int .Values.service.nodePort }} | ||||
|       {{- end}} | ||||
|       targetPort: {{ .Values.service.port | default 1194 }} | ||||
|       protocol: {{ .Values.service.protocol | default "UDP" | quote }} | ||||
|       name: openvpn | ||||
|   selector: | ||||
|     {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} | ||||
| @@ -1,15 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Pod | ||||
| metadata: | ||||
|   name: "{{ include "openvpn-chart.fullname" . }}-test-connection" | ||||
|   labels: | ||||
|     {{- include "openvpn-chart.labels" . | nindent 4 }} | ||||
|   annotations: | ||||
|     "helm.sh/hook": test | ||||
| spec: | ||||
|   containers: | ||||
|     - name: wget | ||||
|       image: busybox | ||||
|       command: ['wget'] | ||||
|       args: ['{{ include "openvpn-chart.fullname" . }}:{{ .Values.service.port }}'] | ||||
|   restartPolicy: Never | ||||
| @@ -1,90 +0,0 @@ | ||||
| # Default values for openvpn-chart. | ||||
| image: | ||||
|   repository: git.badhouseplants.net/allanger/container-openvpn | ||||
|   pullPolicy: IfNotPresent | ||||
|   # ------------------------------------------- | ||||
|   # -- TODO: Switch to proper versions | ||||
|   # ------------------------------------------- | ||||
|   tag: v2.6.6 | ||||
|  | ||||
| # -----------------------------  | ||||
| # -- Open VPN configuration  | ||||
| # ----------------------------- | ||||
| openvpn: | ||||
|   proto: udp | ||||
|   host: 127.0.0.1 | ||||
|   port: 1194 | ||||
| # ----------------------------- | ||||
| # -- Easy RSA configuration | ||||
| # ----------------------------- | ||||
| easyrsa:  | ||||
|   cn: . # -- EASYRSA_REQ_CN | ||||
|   country: . # -- EASYRSA_REQ_COUNTRY | ||||
|   province: . # -- EASYRSA_REQ_PROVINCE | ||||
|   city: . # -- EASYRSA_REQ_CITY | ||||
|   org: . # -- EASYRSA_REQ_ORG | ||||
|   email: . # -- EASYRSA_REQ_EMAIL | ||||
|   ou: Community # -- EASYRSA_REQ_OU | ||||
|   algo: ec # -- EASYRSA_ALGO | ||||
|   digest: sha512 # -- EASYRSA_DIGEST  | ||||
|  | ||||
| replicaCount: 1 | ||||
|  | ||||
|  | ||||
| imagePullSecrets: [] | ||||
| nameOverride: "" | ||||
| fullnameOverride: "" | ||||
| storage: | ||||
|   class: microk8s-hostpath | ||||
|   size: 1Gi | ||||
| serviceAccount: | ||||
|   # Specifies whether a service account should be created | ||||
|   create: true | ||||
|   # Annotations to add to the service account | ||||
|   annotations: {} | ||||
|   # The name of the service account to use. | ||||
|   # If not set and create is true, a name is generated using the fullname template | ||||
|   name: "" | ||||
|  | ||||
| podAnnotations: {} | ||||
|  | ||||
| podSecurityContext: {} | ||||
|   # fsGroup: 2000 | ||||
|  | ||||
| securityContext: {} | ||||
|   # capabilities: | ||||
|   #   drop: | ||||
|   #   - ALL | ||||
|   # readOnlyRootFilesystem: true | ||||
|   # runAsNonRoot: true | ||||
|   # runAsUser: 1000 | ||||
|  | ||||
| service: | ||||
|   type: LoadBalancer | ||||
|   port: 1194 | ||||
|  | ||||
|  | ||||
| resources: {} | ||||
|   # We usually recommend not to specify default resources and to leave this as a conscious | ||||
|   # choice for the user. This also increases chances charts run on environments with little | ||||
|   # resources, such as Minikube. If you do want to specify resources, uncomment the following | ||||
|   # lines, adjust them as necessary, and remove the curly braces after 'resources:'. | ||||
|   # limits: | ||||
|   #   cpu: 100m | ||||
|   #   memory: 128Mi | ||||
|   # requests: | ||||
|   #   cpu: 100m | ||||
|   #   memory: 128Mi | ||||
|  | ||||
| autoscaling: | ||||
|   enabled: false | ||||
|   minReplicas: 1 | ||||
|   maxReplicas: 100 | ||||
|   targetCPUUtilizationPercentage: 80 | ||||
|   # targetMemoryUtilizationPercentage: 80 | ||||
|  | ||||
| nodeSelector: {} | ||||
|  | ||||
| tolerations: [] | ||||
|  | ||||
| affinity: {} | ||||
| @@ -1,7 +0,0 @@ | ||||
| # Uses google authenticator library as PAM module using a single folder for all users tokens | ||||
| # User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users | ||||
| # See https://github.com/google/google-authenticator-libpam#usersome-user | ||||
| auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root | ||||
|  | ||||
| # Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so) | ||||
| account sufficient pam_permit.so | ||||
							
								
								
									
										4
									
								
								scripts/build_upstream.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										4
									
								
								scripts/build_upstream.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| #!/usr/bin/env sh | ||||
| export CUSTOM_TAG="v$OPENVPN_VERSION" | ||||
| export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" | ||||
| build-container | ||||
							
								
								
									
										6
									
								
								scripts/build_xor.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										6
									
								
								scripts/build_xor.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| #!/usr/bin/env sh | ||||
| git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick | ||||
| export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort  -k1,1nr -k2,2n -k3,3n | head -n 1) | ||||
| export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" | ||||
| export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" | ||||
| build-container | ||||
		Reference in New Issue
	
	Block a user