Build AMD only

.drone.yml

@@ -1,51 +0,0 @@
----
-# ----------------------------------------------
-# -- Build an image and push it to the registry
-# ----------------------------------------------
-kind: pipeline
-type: docker
-name: Build the builder
-
-trigger:
-  event:
-    - push
-  branch:
-    - main
-
-steps:
-  - name: Build openvpn xor amd64
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3
-    privileged: true
-    environment:
-      GITEA_TOKEN:
-        from_secret: GITEA_TOKEN
-      CONTAINERFILE: ./containerfiles/Containerfile-XOR
-      CUSTOM_TAG: v2.6.5-XOR-4.0.0beta08
-    commands:
-      - build-container
-
-  - name: Build openvpn amd64
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3
-    privileged: true
-    environment:
-      GITEA_TOKEN:
-        from_secret: GITEA_TOKEN
-      CONTAINERFILE: ./containerfiles/Containerfile
-      CUSTOM_TAG: v2.6.5
-    commands:
-      - build-container
-
-  - name: Publish the Helm chart
-    image: alpine/helm
-    depends_on:
-      - Build openvpn xor amd64
-      - Build openvpn amd64
-    environment:
-      GITEA_TOKEN:
-        from_secret: GITEA_TOKEN
-    commands:
-      - cd helm
-      - helm plugin install https://github.com/chartmuseum/helm-push
-      - helm package . -d chart-package
-      - helm repo add  --username allanger --password $GITEA_TOKEN openvpn https://git.badhouseplants.net/api/packages/allanger/helm
-      - helm cm-push "./chart-package/$(ls chart-package)" openvpn

.woodpecker.yaml

@@ -0,0 +1,37 @@
+---
+when:
+  event:
+    - push
+  branch:
+    - main
+
+matrix:
+  TARGET:
+    - openvpn_xor
+    - openvpn
+
+steps:
+  build-${TARGET}:
+    name: Build ${TARGET}
+    image: zot.badhouseplants.net/badhouseplants/badhouseplants-builder:latest
+    secrets:
+      - registry_token
+    environment:
+      CONTAINER_REGISTRY: zot.badhouseplants.net
+    privileged: true
+    depends_on: []
+    backend_options:
+      kubernetes:
+        resources:
+          requests:
+            memory: 1024Mi
+            cpu: 300m
+          limits:
+            memory: 1024Mi
+        securityContext:
+          privileged: true
+        nodeSelector:
+          kubernetes.io/arch: "amd64"
+    commands:
+      - source ./env/${TARGET}.env
+      - ./scripts/$SCRIPT

Containerfile

@@ -1,79 +0,0 @@
-FROM ghcr.io/allanger/dumb-downloader as dudo
-ENV OPENVPN_VERSION=2.6.5
-ENV TUNNELBLICK_VERSION=4.0.0beta08
-ENV EASYRSA_VERSION=3.1.5
-RUN apt update && apt install gnupg tar -y
-RUN mkdir /output
-# ------------------------------------------------------
-# -- Downlaod OpenVPN
-# ------------------------------------------------------
-RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY
-RUN gpg --import security-openvpn-net.asc
-RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION
-# ------------------------------------------------------
-# -- I should fix it later
-# ------------------------------------------------------
-# RUN gpg  --no-tty --verify /tmp/openvpn.asc
-RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION
-RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz
-RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn
-# ------------------------------------------------------
-# -- Download Tunnelblick
-# ------------------------------------------------------
-RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ version }}.tar.gz" -d /tmp/tunnelblick.tar.gz -p $TUNNELBLICK_VERSION
-RUN tar -xf /tmp/tunnelblick.tar.gz  -C /tmp && rm -f /tmp/tunnelblick.tar.gz
-RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick
-
-FROM ubuntu as builder
-# ------------------------------------------------------
-# -- TODO: Define it only once
-# ------------------------------------------------------
-ENV OPENVPN_VERSION=2.6.5
-ENV TUNNELBLICK_VERSION=v4.0.0beta08
-COPY --from=dudo /output /src
-RUN apt-get update &&\
-      apt-get install -y wget tar unzip build-essential \
-      libssl-dev iproute2 liblz4-dev liblzo2-dev \
-      libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \
-      easy-rsa iptables pkg-config libcap-ng-dev
-RUN cp /src/tunnelblick/third_party/sources/openvpn/openvpn-$OPENVPN_VERSION/patches/*.diff /src/openvpn
-WORKDIR /src/openvpn
-RUN for patch in $(find -type f | grep diff); do\
-        patch -p1 < $patch;\
-    done
-RUN ./configure --disable-systemd --enable-async-push --enable-iproute2
-RUN make && make install
-RUN mkdir /output
-RUN cp $(which openvpn) /output/
-
-# ------------------------------------------------------
-# -- Final container
-# ------------------------------------------------------
-FROM ubuntu:22.04
-LABEL maintainer="allanger <allanger@zohomail.com>"
-COPY --from=builder /output /src
-# -------------------------------------------------------
-# -- Prepare system deps
-# -------------------------------------------------------
-RUN apt update && apt install openvpn easy-rsa iptables -y && \
-  mv /src/openvpn $(which openvpn)
-
-# Needed by scripts
-ENV OPENVPN /etc/openvpn
-
-# Prevents refused client connection because of an expired CRL
-ENV EASYRSA_CRL_DAYS 3650
-
-VOLUME ["/etc/openvpn"]
-
-# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp`
-EXPOSE 1194
-
-CMD ["ovpn_run"]
-
-COPY --chmod='755' ./bin /usr/local/bin
-# -----------------------------------------------------------
-# -- Add support for OTP authentication using a PAM module
-# -- I have no idea how it works yet
-# -----------------------------------------------------------
-COPY ./otp/openvpn /etc/pam.d/

alpine/google-authenticator/APKBUILD

@@ -1,52 +0,0 @@
-# Contributor: Fabio Napoleoni <f.napoleoni@gmail.com>
-# Maintainer:
-pkgname=google-authenticator
-pkgver=20160207
-pkgrel=1
-pkgdesc="Google Authenticator PAM module"
-url="https://github.com/google/google-authenticator"
-arch="all"
-license="ASL 2.0"
-depends=
-depends_dev=
-makedepends="$depends_dev autoconf automake libtool linux-pam-dev m4 openssl-dev"
-install=
-subpackages="$pkgname-doc"
-source="https://github.com/google/google-authenticator/archive/c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip"
-
-_builddir="$srcdir"/$pkgname-c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425/libpam
-
-prepare() {
-	local i
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-			*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
-}
-
-build() {
-	cd "$_builddir"
-		./bootstrap.sh || return 1
-		./configure \
-			--build=$CBUILD \
-			--host=$CHOST \
-			--prefix=/usr \
-			--libdir=/lib \
-			--sysconfdir=/etc \
-			--mandir=/usr/share/man \
-			--infodir=/usr/share/info \
-			|| return 1
-
-		make || return 1
-}
-
-package() {
-	cd "$_builddir"
-	make DESTDIR="$pkgdir" install || return 1
-}
-
-md5sums="33d3cbd0488bcb4f50b34b5670deffae  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip"
-sha256sums="e32abe693e54195bdb6aca52783e6e1c239e67296876ac59211a59e4608338b8  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip"
-sha512sums="b44a626e6cc5d8e27685f5d39b5d33f49fc7070331db7b458d3ee40723972821bb8ed5458f27a287dc664d162acf1f8f9a36ca3b1bf767f2bbf27d4f538e9872  c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip"

containerfiles/Containerfile

@@ -1,5 +1,5 @@
 FROM ghcr.io/allanger/dumb-downloader as dudo
-ENV OPENVPN_VERSION=2.6.5
+ARG OPENVPN_VERSION
 RUN apt update && apt install gnupg tar -y
 RUN mkdir /output
 # ------------------------------------------------------
@@ -7,20 +7,20 @@ RUN mkdir /output
 # ------------------------------------------------------
 RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY
 RUN gpg --import security-openvpn-net.asc
-RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION
+RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p ${OPENVPN_VERSION}
 # ------------------------------------------------------
-# -- I should fix it later
+# -- todo: I should fix it later
 # ------------------------------------------------------
 # RUN gpg  --no-tty --verify /tmp/openvpn.asc
-RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION
+RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p ${OPENVPN_VERSION}
 RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz
-RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn
+RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn
 
-FROM ubuntu as builder
+FROM ubuntu:22.04 as builder
 # ------------------------------------------------------
 # -- TODO: Define it only once
 # ------------------------------------------------------
-ENV OPENVPN_VERSION=2.6.5
+ARG OPENVPN_VERSION
 COPY --from=dudo /output /src
 RUN apt-get update &&\
       apt-get install -y wget tar unzip build-essential \
@@ -63,4 +63,4 @@ COPY --chmod='755' ./bin /usr/local/bin
 # -- Add support for OTP authentication using a PAM module
 # -- I have no idea how it works yet
 # -----------------------------------------------------------
-COPY ./otp/openvpn /etc/pam.d/
+WORKDIR /etc/openvpn

containerfiles/Containerfile-XOR

@@ -1,6 +1,6 @@
 FROM ghcr.io/allanger/dumb-downloader as dudo
-ENV OPENVPN_VERSION=2.6.5
-ENV TUNNELBLICK_VERSION=4.0.0beta08
+ARG OPENVPN_VERSION
+ARG TUNNELBLICK_VERSION
 RUN apt update && apt install gnupg tar -y
 RUN mkdir /output
 # ------------------------------------------------------
@@ -23,12 +23,12 @@ RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ ve
 RUN tar -xf /tmp/tunnelblick.tar.gz  -C /tmp && rm -f /tmp/tunnelblick.tar.gz
 RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick
 
-FROM ubuntu as builder
+FROM ubuntu:24.04 as builder
 # ------------------------------------------------------
 # -- TODO: Define it only once
 # ------------------------------------------------------
-ENV OPENVPN_VERSION=2.6.5
-ENV TUNNELBLICK_VERSION=v4.0.0beta08
+ARG OPENVPN_VERSION
+ARG TUNNELBLICK_VERSION
 COPY --from=dudo /output /src
 RUN apt-get update &&\
       apt-get install -y wget tar unzip build-essential \
@@ -48,7 +48,7 @@ RUN cp $(which openvpn) /output/
 # ------------------------------------------------------
 # -- Final container
 # ------------------------------------------------------
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 LABEL maintainer="allanger <allanger@zohomail.com>"
 COPY --from=builder /output /src
 # -------------------------------------------------------
@@ -75,4 +75,4 @@ COPY --chmod='755' ./bin /usr/local/bin
 # -- Add support for OTP authentication using a PAM module
 # -- I have no idea how it works yet
 # -----------------------------------------------------------
-COPY ./otp/openvpn /etc/pam.d/
+WORKDIR /etc/openvpn

env/openvpn.env

@@ -0,0 +1,3 @@
+export OPENVPN_VERSION=2.6.5
+export CONTAINERFILE=./containerfiles/Containerfile
+export SCRIPT=build_upstream.sh

env/openvpn_xor.env

@@ -0,0 +1,3 @@
+export TUNNELBLICK_VERSION=6.0beta03
+export CONTAINERFILE=./containerfiles/Containerfile-XOR
+export SCRIPT=build_xor.sh

helm/Chart.yaml

@@ -1,22 +0,0 @@
----
-apiVersion: v2
-name: openvpn
-description: A Helm chart for deploying OpenVPN
-type: application
-version: 1.0.6
-appVersion: "2.6.5"
-
-sources:
-  - https://git.badhouseplants.net/allanger/container-openvpn-xor
-  - https://github.com/kylemanna/docker-openvpn
-  - https://github.com/lawtancool/docker-openvpn-xor
-
-maintainers:
-  - name: allanger
-    email: allanger@zohomail.com
-    url: https://badhouseplants.net
-
-keywords:
-  - OpenVPN
-  - VPN
-  - xor

helm/LICENSE

@@ -1,17 +0,0 @@
-Permission is hereby granted, without written agreement and without
-license or royalty fees, to use, copy, modify, and distribute this
-software and its documentation for any purpose, provided that the
-above copyright notice and the following two paragraphs appear in
-all copies of this software.
-
-IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
-DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
-ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
-IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGE.
-
-THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
-BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
-ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
-PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

helm/README.md

@@ -1,9 +0,0 @@
-# helm-openvpn
-
-A helm chart to deploy openvpn
-## K8s reqs:
---allowed-unsafe-sysctls=net.ipv4.ip_forward
-## How it works?
-
-1. It's generating the openvpn configuration if it's not generated yet. It's an `ininContainer` that really runs only once.
-

helm/templates/NOTES.txt

@@ -1 +0,0 @@
-1. Get the application URL by running these commands:

helm/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "openvpn-chart.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "openvpn-chart.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "openvpn-chart.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "openvpn-chart.labels" -}}
-helm.sh/chart: {{ include "openvpn-chart.chart" . }}
-{{ include "openvpn-chart.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "openvpn-chart.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "openvpn-chart.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "openvpn-chart.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "openvpn-chart.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

helm/templates/deployment.yaml

@@ -1,121 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "openvpn-chart.fullname" . }}
-  labels:
-    {{- include "openvpn-chart.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "openvpn-chart.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "openvpn-chart.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      volumes:
-        - name: pvc-openvpn
-          persistentVolumeClaim:
-            claimName: {{ include "openvpn-chart.fullname" . }}
-        - name: pki-scripts
-          configMap:
-            name: {{ include "openvpn-chart.fullname" . }}-pki-scripts
-      securityContext:
-          sysctls:
-            - name: net.ipv4.ip_forward
-              value: "1"
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: "/etc/openvpn"
-              name: pvc-openvpn
-            - mountPath: /scripts
-              name: pki-scripts
-          env:
-          - name: OVPN_SERVER
-            value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-      initContainers:
-        # ----------------------------------------------------------------------
-        # -- This init container is generating the basic configuration
-        # ----------------------------------------------------------------------
-        - name: 0-ovpn-genconfig
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          volumeMounts:
-            - mountPath: "/etc/openvpn"
-              name: pvc-openvpn
-          env:
-            - name: OVPN_SERVER_URL
-              value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
-            - name: OVPN_DATA
-              value: "/etc/openvpn" 
-          command: 
-            - sh
-            - -c 
-            - 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi'
-        - name: 1-ovpn-initpki
-          env:
-            - name: OVPN_DATA
-              value: /etc/openvpn
-            - name: EASYRSA_REQ_CN
-              value: {{ .Values.easyrsa.cn }}
-            - name: EASYRSA_REQ_COUNTRY
-              value: {{ .Values.easyrsa.country }}
-            - name: EASYRSA_REQ_PROVINCE
-              value: {{ .Values.easyrsa.province }}
-            - name: EASYRSA_REQ_CITY
-              value: {{ .Values.easyrsa.city }}
-            - name: EASYRSA_REQ_ORG
-              value: {{ .Values.easyrsa.org }}
-            - name: EASYRSA_REQ_EMAIL
-              value: {{ .Values.easyrsa.email }}
-            - name: EASYRSA_REQ_OU
-              value: {{ .Values.easyrsa.ou }}
-            - name: EASYRSA_ALGO
-              value: {{ .Values.easyrsa.algo }}
-            - name: EASYRSA_DIGEST
-              value: {{ .Values.easyrsa.digest }}
-            - name: EASYRSA_BATCH
-              value: "yes" 
-            - name: OVPN_SERVER_URL
-              value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
-          volumeMounts:
-            - mountPath: "/etc/openvpn"
-              name: pvc-openvpn
-            - mountPath: /scripts
-              name: pki-scripts
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          command: 
-            - bash
-            - /scripts/init_pki.sh
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

helm/templates/pki-generate-scripts.yaml

@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "openvpn-chart.fullname" . }}-pki-scripts
-  labels:
-    {{- include "openvpn-chart.labels" . | nindent 4 }}
-data:
-  init_pki.sh: |
-    if [ ! -d /etc/openvpn/pki ]; then
-      source "$OPENVPN/ovpn_env.sh"
-      OVPN_DIR=/etc/openvpn
-      PKI_DIR=$OVPN_DIR/pki
-      cd $OVPN_DIR
-      export EASYRSA_BATCH=yes
-      unset EASYRSA_VARS_FILE
-      /usr/share/easy-rsa/easyrsa init-pki
-      /usr/share/easy-rsa/easyrsa build-ca nopass
-      /usr/share/easy-rsa/easyrsa build-server-full {{ .Values.openvpn.host }} nopass
-      /usr/share/easy-rsa/easyrsa gen-dh
-      cd $PKI_DIR
-      openvpn --genkey tls-crypt-v2-server private/{{ .Values.openvpn.host }}.pem
-      openvpn --genkey secret > ta.key
-    fi
-  gen_client.sh: |
-    source "$OPENVPN/ovpn_env.sh"
-    CLIENTNAME=$1
-    PASSWORD=$2
-    OVPN_DIR=/etc/openvpn
-    cd $OVPN_DIR
-    /usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD

helm/templates/pvc.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ include "openvpn-chart.fullname" . }}
-  labels:
-    {{- include "openvpn-chart.labels" . | nindent 4 }}
-spec:
-  storageClassName: {{ .Values.storage.class }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.storage.size }}

helm/templates/service.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "openvpn-chart.fullname" . }}
-  labels:
-    {{- include "openvpn-chart.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      {{- if .Values.service.nodePort }}
-      nodePort: {{ int .Values.service.nodePort }}
-      {{- end}}
-      targetPort: {{ .Values.service.port | default 1194 }}
-      protocol: {{ .Values.service.protocol | default "UDP" | quote }}
-      name: openvpn
-  selector:
-    {{- include "openvpn-chart.selectorLabels" . | nindent 4 }}

helm/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "openvpn-chart.fullname" . }}-test-connection"
-  labels:
-    {{- include "openvpn-chart.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "openvpn-chart.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

helm/values.yaml

@@ -1,90 +0,0 @@
-# Default values for openvpn-chart.
-image:
-  repository: git.badhouseplants.net/allanger/container-openvpn
-  pullPolicy: IfNotPresent
-  # -------------------------------------------
-  # -- TODO: Switch to proper versions
-  # -------------------------------------------
-  tag: v2.6.6
-
-# ----------------------------- 
-# -- Open VPN configuration 
-# -----------------------------
-openvpn:
-  proto: udp
-  host: 127.0.0.1
-  port: 1194
-# -----------------------------
-# -- Easy RSA configuration
-# -----------------------------
-easyrsa: 
-  cn: . # -- EASYRSA_REQ_CN
-  country: . # -- EASYRSA_REQ_COUNTRY
-  province: . # -- EASYRSA_REQ_PROVINCE
-  city: . # -- EASYRSA_REQ_CITY
-  org: . # -- EASYRSA_REQ_ORG
-  email: . # -- EASYRSA_REQ_EMAIL
-  ou: Community # -- EASYRSA_REQ_OU
-  algo: ec # -- EASYRSA_ALGO
-  digest: sha512 # -- EASYRSA_DIGEST 
-
-replicaCount: 1
-
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-storage:
-  class: microk8s-hostpath
-  size: 1Gi
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-service:
-  type: LoadBalancer
-  port: 1194
-
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

otp/openvpn

@@ -1,7 +0,0 @@
-# Uses google authenticator library as PAM module using a single folder for all users tokens
-# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
-# See https://github.com/google/google-authenticator-libpam#usersome-user
-auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root
-
-# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so)
-account sufficient pam_permit.so

scripts/build_upstream.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+export CUSTOM_TAG="v$OPENVPN_VERSION"
+export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION"
+build-container

scripts/build_xor.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick
+git -C /tmp/tunnelblick checkout $TUNNELBLICK_VERSION
+export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort  -k1,1nr -k2,2n -k3,3n | head -n 1)
+export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION"
+export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION"
+build-container