From 6d8e8cd5d975a75fdd5b63f4d8392eb7340ff808 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 08:18:03 +0200 Subject: [PATCH 01/49] Downgrade versions of openvpn and tunnelblick --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 5 ++--- helm/Chart.yaml | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 04295b8..df944c8 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.6 +ENV OPENVPN_VERSION=2.6.5 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 7aa8e5b..c05dfd2 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,7 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.6 -ENV TUNNELBLICK_VERSION=4.0.0beta08 -ENV EASYRSA_VERSION=3.1.5 +ENV OPENVPN_VERSION=2.6.5 +ENV TUNNELBLICK_VERSION=3.8.8d RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ diff --git a/helm/Chart.yaml b/helm/Chart.yaml index d97dd28..726b874 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: openvpn description: A Helm chart for deploying OpenVPN type: application -version: 1.0.5 -appVersion: "2.6.6" +version: 1.0.6 +appVersion: "2.6.5" sources: - https://git.badhouseplants.net/allanger/container-openvpn-xor -- 2.45.2 From b7280be38d9ef8d3ec9d9988d79d252ecbd61371 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 08:46:07 +0200 Subject: [PATCH 02/49] Upgrade Tunnelblick to v4.0.0 --- containerfiles/Containerfile-XOR | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index c05dfd2..e458dd9 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,6 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=3.8.8d +ENV TUNNELBLICK_VERSION=4.0.0beta06 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ -- 2.45.2 From 92ed817077251b180b7d16bba45a0284b5ee6fb5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 08:55:32 +0200 Subject: [PATCH 03/49] Upgrade Tunnelblick to v4.0.0beta08 --- containerfiles/Containerfile-XOR | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index e458dd9..c6c64a4 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,6 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=4.0.0beta06 +ENV TUNNELBLICK_VERSION=4.0.0beta08 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ -- 2.45.2 From 926692d0775bc1ee1a36ee1779fcf63e6952c633 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 09:22:18 +0200 Subject: [PATCH 04/49] Fix image tags --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index cec0565..3254ca6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,7 +20,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile-XOR - CUSTOM_TAG: v2.6.6-XOR-4.0.0beta08 + CUSTOM_TAG: v2.6.5-XOR-4.0.0beta08 commands: - build-container @@ -31,7 +31,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.6 + CUSTOM_TAG: v2.6.5 commands: - build-container -- 2.45.2 From 22338d31aa4933195023428822f2bc01d1ed09cd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Oct 2023 20:12:18 +0200 Subject: [PATCH 05/49] Add workdir to containers --- containerfiles/Containerfile | 1 + containerfiles/Containerfile-XOR | 1 + 2 files changed, 2 insertions(+) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index df944c8..bac9c74 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -63,4 +63,5 @@ COPY --chmod='755' ./bin /usr/local/bin # -- Add support for OTP authentication using a PAM module # -- I have no idea how it works yet # ----------------------------------------------------------- +WORKDIR /etc/openvpn COPY ./otp/openvpn /etc/pam.d/ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index c6c64a4..2d892f8 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -75,4 +75,5 @@ COPY --chmod='755' ./bin /usr/local/bin # -- Add support for OTP authentication using a PAM module # -- I have no idea how it works yet # ----------------------------------------------------------- +WORKDIR /etc/openvpn COPY ./otp/openvpn /etc/pam.d/ -- 2.45.2 From caba35b2ce20c81ce994cdbdeb998c9d03881d78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 07:51:38 +0200 Subject: [PATCH 06/49] Fix the chart and add basic tests --- helm/Chart.yaml | 4 +- helm/templates/deployment.yaml | 15 +- helm/templates/tests/test-connection.yaml | 197 +++++++++++++++++++++- helm/values.yaml | 27 ++- 4 files changed, 224 insertions(+), 19 deletions(-) diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 726b874..bb6862e 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: openvpn description: A Helm chart for deploying OpenVPN type: application -version: 1.0.6 -appVersion: "2.6.5" +version: 1.0.7 +appVersion: 2.6.5 sources: - https://git.badhouseplants.net/allanger/container-openvpn-xor diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index fc270c3..d3db544 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -39,7 +39,6 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -48,8 +47,10 @@ spec: - mountPath: /scripts name: pki-scripts env: - - name: OVPN_SERVER - value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" + - name: OVPN_SERVER + value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" + - name: OPENVPN + value: "/etc/openvpn" securityContext: capabilities: add: @@ -60,6 +61,7 @@ spec: # ---------------------------------------------------------------------- - name: 0-ovpn-genconfig image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - mountPath: "/etc/openvpn" name: pvc-openvpn @@ -67,7 +69,9 @@ spec: - name: OVPN_SERVER_URL value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - name: OVPN_DATA - value: "/etc/openvpn" + value: "/etc/openvpn" + - name: OPENVPN + value: "/etc/openvpn" command: - sh - -c @@ -76,6 +80,8 @@ spec: env: - name: OVPN_DATA value: /etc/openvpn + - name: OPENVPN + value: "/etc/openvpn" - name: EASYRSA_REQ_CN value: {{ .Values.easyrsa.cn }} - name: EASYRSA_REQ_COUNTRY @@ -104,6 +110,7 @@ spec: - mountPath: /scripts name: pki-scripts image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash - /scripts/init_pki.sh diff --git a/helm/templates/tests/test-connection.yaml b/helm/templates/tests/test-connection.yaml index e4d90ed..a419802 100644 --- a/helm/templates/tests/test-connection.yaml +++ b/helm/templates/tests/test-connection.yaml @@ -1,15 +1,200 @@ + +{{- $version := semver .Capabilities.KubeVersion.Version }} +{{- if .Values.tests.enabled }} +# --------------------------------------------------------------------- +# -- Test that CRDs are installed +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openvpn-chart.fullname" . }}-test-script + labels: + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "6" +data: + get_config.sh: |- + #!/bin/bash + kubectl rollout status deployment/{{ include "openvpn-chart.fullname" . }} + kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_genclientcert test nopass + kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_getclient test > /data/test.ovpn + test_connection.sh : |- + sed -i "s/127.0.0.1/{{ include "openvpn-chart.fullname" . }}/g" /data/test.ovpn + mkdir -p /dev/net + mknod /dev/net/tun c 10 200 + chmod 600 /dev/net/tun + openvpn --config /data/test.ovpn --daemon --log-append /tmp/ovpnlog + tail -n0 -f /tmp/ovpnlog | sed '/Initialization Sequence Completed/ q' + +--- +# --------------------------------------------------------------------- +# -- Prepare roles and bindings to access k8s resources from the test +# --------------------------------------------------------------------- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "openvpn-chart.fullname" . }}-test-role + labels: + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa + labels: + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +automountServiceAccountToken: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-rb + labels: + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "1" +subjects: +- kind: ServiceAccount + name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "openvpn-chart.fullname" . }}-test-role + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "openvpn-chart.fullname" . }}-test + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "7" + labels: + {{- include "openvpn-chart.labels" . | nindent 4 }} +spec: + storageClassName: {{ .Values.storage.class }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 512Mi + +--- apiVersion: v1 kind: Pod metadata: - name: "{{ include "openvpn-chart.fullname" . }}-test-connection" + name: {{ include "openvpn-chart.fullname" . }}-test labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} annotations: "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "7" spec: + serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa + automountServiceAccountToken: true + volumes: + - name: test-script + configMap: + name: {{ include "openvpn-chart.fullname" . }}-test-script + - name: data + persistentVolumeClaim: + claimName: {{ include "openvpn-chart.fullname" . }}-test containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "openvpn-chart.fullname" . }}:{{ .Values.service.port }}'] + - name: tester + image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }} + volumeMounts: + - name: test-script + readOnly: true + mountPath: /get_config.sh + subPath: get_config.sh + - name: data + readOnly: false + mountPath: /data + command: + - bash + args: + - -e + - /get_config.sh restartPolicy: Never + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "openvpn-chart.fullname" . }}-test-connection + labels: + {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + {{- if .Values.tests.cleanup }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- end }} + "helm.sh/hook-weight": "7" +spec: + serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa + automountServiceAccountToken: true + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "openvpn-chart.fullname" . }}-test + - name: test-script + configMap: + name: {{ include "openvpn-chart.fullname" . }}-test-script + containers: + - name: tester + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: data + readOnly: false + mountPath: /data + - name: test-script + readOnly: true + mountPath: /test_connection.sh + subPath: test_connection.sh + command: + - bash + args: + - -e + - /test_connection.sh + securityContext: + capabilities: + add: + - NET_ADMIN + + restartPolicy: Never + +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 9842ad6..5ceddaa 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,19 +1,27 @@ # Default values for openvpn-chart. image: - repository: git.badhouseplants.net/allanger/container-openvpn - pullPolicy: IfNotPresent + # repository: git.badhouseplants.net/allanger/container-openvpn + repository: openvpn + pullPolicy: Never # ------------------------------------------- # -- TODO: Switch to proper versions # ------------------------------------------- - tag: v2.6.6 + # tag: v2.6.6 + tag: latest # ----------------------------- # -- Open VPN configuration # ----------------------------- openvpn: - proto: udp + proto: tcp host: 127.0.0.1 port: 1194 +# --------------------------------------- +# -- Deploy OpenVPN admin +# -- https://github.com/flant/ovpn-admin +# --------------------------------------- +openvpn_admin: + enabled: true # ----------------------------- # -- Easy RSA configuration # ----------------------------- @@ -35,7 +43,7 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" storage: - class: microk8s-hostpath + class: local-path size: 1Gi serviceAccount: # Specifies whether a service account should be created @@ -60,8 +68,9 @@ securityContext: {} # runAsUser: 1000 service: - type: LoadBalancer + type: ClusterIP port: 1194 + protocol: TCP resources: {} @@ -74,7 +83,7 @@ resources: {} # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi +# memory: 128Mi autoscaling: enabled: false @@ -88,3 +97,7 @@ nodeSelector: {} tolerations: [] affinity: {} + +tests: + enabled: true + cleanup: true \ No newline at end of file -- 2.45.2 From e58669a0ee34daa03b33155a3a72d189c9d9b06d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:01:37 +0200 Subject: [PATCH 07/49] Set proper values insted of test ones --- helm/values.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/helm/values.yaml b/helm/values.yaml index 5ceddaa..b27638e 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,13 +1,11 @@ # Default values for openvpn-chart. image: - # repository: git.badhouseplants.net/allanger/container-openvpn - repository: openvpn - pullPolicy: Never + repository: git.badhouseplants.net/allanger/container-openvpn + pullPolicy: Always # ------------------------------------------- # -- TODO: Switch to proper versions # ------------------------------------------- - # tag: v2.6.6 - tag: latest + tag: v2.6.2-xor-4.0.0beta08 # ----------------------------- # -- Open VPN configuration @@ -99,5 +97,5 @@ tolerations: [] affinity: {} tests: - enabled: true + enabled: false cleanup: true \ No newline at end of file -- 2.45.2 From 51c13750138484f6f72e4da6bfc5bf932e5e5302 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:10:30 +0200 Subject: [PATCH 08/49] Remove the broken tag from values --- helm/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/values.yaml b/helm/values.yaml index b27638e..0798f1f 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -5,7 +5,7 @@ image: # ------------------------------------------- # -- TODO: Switch to proper versions # ------------------------------------------- - tag: v2.6.2-xor-4.0.0beta08 + # tag: "" # ----------------------------- # -- Open VPN configuration -- 2.45.2 From 61c8a596c4a963fa4755740650a03ef9bf71c208 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Nov 2023 07:23:29 +0100 Subject: [PATCH 09/49] Build OpenVPN 2.5.6 --- .drone.yml | 2 +- containerfiles/Containerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3254ca6..067e9c1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,7 +31,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.5 + CUSTOM_TAG: v2.6.6 commands: - build-container diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index bac9c74..4c5c3de 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.5 +ENV OPENVPN_VERSION=2.6.6 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -20,7 +20,7 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.5 +ENV OPENVPN_VERSION=2.6.6 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ -- 2.45.2 From 0110830c45acc5b78ea3632e6e0a9629f0abb451 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Nov 2023 07:27:26 +0100 Subject: [PATCH 10/49] Build OpenVPN 2.5.7 --- .drone.yml | 2 +- containerfiles/Containerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 067e9c1..36fae2e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,7 +31,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.6 + CUSTOM_TAG: v2.6.7 commands: - build-container diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 4c5c3de..652a919 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.6 +ENV OPENVPN_VERSION=2.6.7 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -20,7 +20,7 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.6 +ENV OPENVPN_VERSION=2.6.7 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ -- 2.45.2 From b48a954ab8719a0f868d4a838b878d7d5b19875b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Nov 2023 07:29:03 +0100 Subject: [PATCH 11/49] Build OpenVPN 2.6.8 --- .drone.yml | 2 +- containerfiles/Containerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 36fae2e..1a04823 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,7 +31,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.7 + CUSTOM_TAG: v2.6.8 commands: - build-container diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 652a919..2e4908d 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.7 +ENV OPENVPN_VERSION=2.6.8 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -20,7 +20,7 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.7 +ENV OPENVPN_VERSION=2.6.8 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ -- 2.45.2 From 2df2ec12e846fc6b63f1aae48b314f596100319d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 25 Dec 2023 19:31:23 +0100 Subject: [PATCH 12/49] chore: Keep versions up-to-date --- .drone.yml | 17 +- containerfiles/Containerfile-XOR | 4 +- helm/Chart.yaml | 22 --- helm/LICENSE | 17 -- helm/README.md | 9 - helm/templates/NOTES.txt | 1 - helm/templates/_helpers.tpl | 62 ------- helm/templates/deployment.yaml | 128 -------------- helm/templates/pki-generate-scripts.yaml | 30 ---- helm/templates/pvc.yaml | 13 -- helm/templates/service.yaml | 18 -- helm/templates/tests/test-connection.yaml | 200 ---------------------- helm/values.yaml | 101 ----------- 13 files changed, 3 insertions(+), 619 deletions(-) delete mode 100644 helm/Chart.yaml delete mode 100644 helm/LICENSE delete mode 100644 helm/README.md delete mode 100644 helm/templates/NOTES.txt delete mode 100644 helm/templates/_helpers.tpl delete mode 100644 helm/templates/deployment.yaml delete mode 100644 helm/templates/pki-generate-scripts.yaml delete mode 100644 helm/templates/pvc.yaml delete mode 100644 helm/templates/service.yaml delete mode 100644 helm/templates/tests/test-connection.yaml delete mode 100644 helm/values.yaml diff --git a/.drone.yml b/.drone.yml index 1a04823..64d2b37 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,7 +20,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile-XOR - CUSTOM_TAG: v2.6.5-XOR-4.0.0beta08 + CUSTOM_TAG: v2.6.5-XOR-4.0.0beta13 commands: - build-container @@ -34,18 +34,3 @@ steps: CUSTOM_TAG: v2.6.8 commands: - build-container - - - name: Publish the Helm chart - image: alpine/helm - depends_on: - - Build openvpn xor amd64 - - Build openvpn amd64 - environment: - GITEA_TOKEN: - from_secret: GITEA_TOKEN - commands: - - cd helm - - helm plugin install https://github.com/chartmuseum/helm-push - - helm package . -d chart-package - - helm repo add --username allanger --password $GITEA_TOKEN openvpn https://git.badhouseplants.net/api/packages/allanger/helm - - helm cm-push "./chart-package/$(ls chart-package)" openvpn diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 2d892f8..68422cf 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,6 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=4.0.0beta08 +ENV TUNNELBLICK_VERSION=4.0.0beta13 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -28,7 +28,7 @@ FROM ubuntu as builder # -- TODO: Define it only once # ------------------------------------------------------ ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=v4.0.0beta08 +ENV TUNNELBLICK_VERSION=v4.0.0beta13 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ diff --git a/helm/Chart.yaml b/helm/Chart.yaml deleted file mode 100644 index bb6862e..0000000 --- a/helm/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v2 -name: openvpn -description: A Helm chart for deploying OpenVPN -type: application -version: 1.0.7 -appVersion: 2.6.5 - -sources: - - https://git.badhouseplants.net/allanger/container-openvpn-xor - - https://github.com/kylemanna/docker-openvpn - - https://github.com/lawtancool/docker-openvpn-xor - -maintainers: - - name: allanger - email: allanger@zohomail.com - url: https://badhouseplants.net - -keywords: - - OpenVPN - - VPN - - xor diff --git a/helm/LICENSE b/helm/LICENSE deleted file mode 100644 index d5075a3..0000000 --- a/helm/LICENSE +++ /dev/null @@ -1,17 +0,0 @@ -Permission is hereby granted, without written agreement and without -license or royalty fees, to use, copy, modify, and distribute this -software and its documentation for any purpose, provided that the -above copyright notice and the following two paragraphs appear in -all copies of this software. - -IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR -DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES -ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN -IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGE. - -THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, -BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS -ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO -PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. diff --git a/helm/README.md b/helm/README.md deleted file mode 100644 index 4041aa1..0000000 --- a/helm/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# helm-openvpn - -A helm chart to deploy openvpn -## K8s reqs: ---allowed-unsafe-sysctls=net.ipv4.ip_forward -## How it works? - -1. It's generating the openvpn configuration if it's not generated yet. It's an `ininContainer` that really runs only once. - diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt deleted file mode 100644 index 7d790da..0000000 --- a/helm/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -1. Get the application URL by running these commands: diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl deleted file mode 100644 index e4d932c..0000000 --- a/helm/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "openvpn-chart.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openvpn-chart.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openvpn-chart.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "openvpn-chart.labels" -}} -helm.sh/chart: {{ include "openvpn-chart.chart" . }} -{{ include "openvpn-chart.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "openvpn-chart.selectorLabels" -}} -app.kubernetes.io/name: {{ include "openvpn-chart.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openvpn-chart.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openvpn-chart.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml deleted file mode 100644 index d3db544..0000000 --- a/helm/templates/deployment.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "openvpn-chart.fullname" . }} - labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "openvpn-chart.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: pvc-openvpn - persistentVolumeClaim: - claimName: {{ include "openvpn-chart.fullname" . }} - - name: pki-scripts - configMap: - name: {{ include "openvpn-chart.fullname" . }}-pki-scripts - securityContext: - sysctls: - - name: net.ipv4.ip_forward - value: "1" - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - mountPath: "/etc/openvpn" - name: pvc-openvpn - - mountPath: /scripts - name: pki-scripts - env: - - name: OVPN_SERVER - value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - - name: OPENVPN - value: "/etc/openvpn" - securityContext: - capabilities: - add: - - NET_ADMIN - initContainers: - # ---------------------------------------------------------------------- - # -- This init container is generating the basic configuration - # ---------------------------------------------------------------------- - - name: 0-ovpn-genconfig - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: "/etc/openvpn" - name: pvc-openvpn - env: - - name: OVPN_SERVER_URL - value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - - name: OVPN_DATA - value: "/etc/openvpn" - - name: OPENVPN - value: "/etc/openvpn" - command: - - sh - - -c - - 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi' - - name: 1-ovpn-initpki - env: - - name: OVPN_DATA - value: /etc/openvpn - - name: OPENVPN - value: "/etc/openvpn" - - name: EASYRSA_REQ_CN - value: {{ .Values.easyrsa.cn }} - - name: EASYRSA_REQ_COUNTRY - value: {{ .Values.easyrsa.country }} - - name: EASYRSA_REQ_PROVINCE - value: {{ .Values.easyrsa.province }} - - name: EASYRSA_REQ_CITY - value: {{ .Values.easyrsa.city }} - - name: EASYRSA_REQ_ORG - value: {{ .Values.easyrsa.org }} - - name: EASYRSA_REQ_EMAIL - value: {{ .Values.easyrsa.email }} - - name: EASYRSA_REQ_OU - value: {{ .Values.easyrsa.ou }} - - name: EASYRSA_ALGO - value: {{ .Values.easyrsa.algo }} - - name: EASYRSA_DIGEST - value: {{ .Values.easyrsa.digest }} - - name: EASYRSA_BATCH - value: "yes" - - name: OVPN_SERVER_URL - value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - volumeMounts: - - mountPath: "/etc/openvpn" - name: pvc-openvpn - - mountPath: /scripts - name: pki-scripts - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - /scripts/init_pki.sh - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/helm/templates/pki-generate-scripts.yaml b/helm/templates/pki-generate-scripts.yaml deleted file mode 100644 index d211fe1..0000000 --- a/helm/templates/pki-generate-scripts.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openvpn-chart.fullname" . }}-pki-scripts - labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} -data: - init_pki.sh: | - if [ ! -d /etc/openvpn/pki ]; then - source "$OPENVPN/ovpn_env.sh" - OVPN_DIR=/etc/openvpn - PKI_DIR=$OVPN_DIR/pki - cd $OVPN_DIR - export EASYRSA_BATCH=yes - unset EASYRSA_VARS_FILE - /usr/share/easy-rsa/easyrsa init-pki - /usr/share/easy-rsa/easyrsa build-ca nopass - /usr/share/easy-rsa/easyrsa build-server-full {{ .Values.openvpn.host }} nopass - /usr/share/easy-rsa/easyrsa gen-dh - cd $PKI_DIR - openvpn --genkey tls-crypt-v2-server private/{{ .Values.openvpn.host }}.pem - openvpn --genkey secret > ta.key - fi - gen_client.sh: | - source "$OPENVPN/ovpn_env.sh" - CLIENTNAME=$1 - PASSWORD=$2 - OVPN_DIR=/etc/openvpn - cd $OVPN_DIR - /usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml deleted file mode 100644 index 495cd06..0000000 --- a/helm/templates/pvc.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "openvpn-chart.fullname" . }} - labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} -spec: - storageClassName: {{ .Values.storage.class }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.size }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml deleted file mode 100644 index e84818f..0000000 --- a/helm/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openvpn-chart.fullname" . }} - labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - {{- if .Values.service.nodePort }} - nodePort: {{ int .Values.service.nodePort }} - {{- end}} - targetPort: {{ .Values.service.port | default 1194 }} - protocol: {{ .Values.service.protocol | default "UDP" | quote }} - name: openvpn - selector: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/tests/test-connection.yaml b/helm/templates/tests/test-connection.yaml deleted file mode 100644 index a419802..0000000 --- a/helm/templates/tests/test-connection.yaml +++ /dev/null @@ -1,200 +0,0 @@ - -{{- $version := semver .Capabilities.KubeVersion.Version }} -{{- if .Values.tests.enabled }} -# --------------------------------------------------------------------- -# -- Test that CRDs are installed ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "openvpn-chart.fullname" . }}-test-script - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "6" -data: - get_config.sh: |- - #!/bin/bash - kubectl rollout status deployment/{{ include "openvpn-chart.fullname" . }} - kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_genclientcert test nopass - kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_getclient test > /data/test.ovpn - test_connection.sh : |- - sed -i "s/127.0.0.1/{{ include "openvpn-chart.fullname" . }}/g" /data/test.ovpn - mkdir -p /dev/net - mknod /dev/net/tun c 10 200 - chmod 600 /dev/net/tun - openvpn --config /data/test.ovpn --daemon --log-append /tmp/ovpnlog - tail -n0 -f /tmp/ovpnlog | sed '/Initialization Sequence Completed/ q' - ---- -# --------------------------------------------------------------------- -# -- Prepare roles and bindings to access k8s resources from the test -# --------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "openvpn-chart.fullname" . }}-test-role - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "1" -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "1" -automountServiceAccountToken: true - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-rb - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "1" -subjects: -- kind: ServiceAccount - name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ include "openvpn-chart.fullname" . }}-test-role - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "openvpn-chart.fullname" . }}-test - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "7" - labels: - {{- include "openvpn-chart.labels" . | nindent 4 }} -spec: - storageClassName: {{ .Values.storage.class }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 512Mi - ---- -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "openvpn-chart.fullname" . }}-test - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "7" -spec: - serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa - automountServiceAccountToken: true - volumes: - - name: test-script - configMap: - name: {{ include "openvpn-chart.fullname" . }}-test-script - - name: data - persistentVolumeClaim: - claimName: {{ include "openvpn-chart.fullname" . }}-test - containers: - - name: tester - image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }} - volumeMounts: - - name: test-script - readOnly: true - mountPath: /get_config.sh - subPath: get_config.sh - - name: data - readOnly: false - mountPath: /data - command: - - bash - args: - - -e - - /get_config.sh - restartPolicy: Never - ---- -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "openvpn-chart.fullname" . }}-test-connection - labels: - {{- include "openvpn-chart.selectorLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - {{- if .Values.tests.cleanup }} - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- end }} - "helm.sh/hook-weight": "7" -spec: - serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa - automountServiceAccountToken: true - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "openvpn-chart.fullname" . }}-test - - name: test-script - configMap: - name: {{ include "openvpn-chart.fullname" . }}-test-script - containers: - - name: tester - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: data - readOnly: false - mountPath: /data - - name: test-script - readOnly: true - mountPath: /test_connection.sh - subPath: test_connection.sh - command: - - bash - args: - - -e - - /test_connection.sh - securityContext: - capabilities: - add: - - NET_ADMIN - - restartPolicy: Never - -{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml deleted file mode 100644 index 0798f1f..0000000 --- a/helm/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# Default values for openvpn-chart. -image: - repository: git.badhouseplants.net/allanger/container-openvpn - pullPolicy: Always - # ------------------------------------------- - # -- TODO: Switch to proper versions - # ------------------------------------------- - # tag: "" - -# ----------------------------- -# -- Open VPN configuration -# ----------------------------- -openvpn: - proto: tcp - host: 127.0.0.1 - port: 1194 -# --------------------------------------- -# -- Deploy OpenVPN admin -# -- https://github.com/flant/ovpn-admin -# --------------------------------------- -openvpn_admin: - enabled: true -# ----------------------------- -# -- Easy RSA configuration -# ----------------------------- -easyrsa: - cn: . # -- EASYRSA_REQ_CN - country: . # -- EASYRSA_REQ_COUNTRY - province: . # -- EASYRSA_REQ_PROVINCE - city: . # -- EASYRSA_REQ_CITY - org: . # -- EASYRSA_REQ_ORG - email: . # -- EASYRSA_REQ_EMAIL - ou: Community # -- EASYRSA_REQ_OU - algo: ec # -- EASYRSA_ALGO - digest: sha512 # -- EASYRSA_DIGEST - -replicaCount: 1 - - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" -storage: - class: local-path - size: 1Gi -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 1194 - protocol: TCP - - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m -# memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -tests: - enabled: false - cleanup: true \ No newline at end of file -- 2.45.2 From cdda2fb98339136e71e196dfacb888001fd3ad08 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 25 Dec 2023 19:32:06 +0100 Subject: [PATCH 13/49] Trigger build -- 2.45.2 From c3297b38e9abd525a4874e90d1f0109a8f1bc021 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 10:56:33 +0100 Subject: [PATCH 14/49] Update XORed vpn to 2.6.8 --- .drone.yml | 2 +- Containerfile | 79 -------------------------------- containerfiles/Containerfile-XOR | 4 +- 3 files changed, 3 insertions(+), 82 deletions(-) delete mode 100644 Containerfile diff --git a/.drone.yml b/.drone.yml index 64d2b37..2042194 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,7 +20,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile-XOR - CUSTOM_TAG: v2.6.5-XOR-4.0.0beta13 + CUSTOM_TAG: v2.6.8-XOR-4.0.0beta13 commands: - build-container diff --git a/Containerfile b/Containerfile deleted file mode 100644 index 8b8639e..0000000 --- a/Containerfile +++ /dev/null @@ -1,79 +0,0 @@ -FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=4.0.0beta08 -ENV EASYRSA_VERSION=3.1.5 -RUN apt update && apt install gnupg tar -y -RUN mkdir /output -# ------------------------------------------------------ -# -- Downlaod OpenVPN -# ------------------------------------------------------ -RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY -RUN gpg --import security-openvpn-net.asc -RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION -# ------------------------------------------------------ -# -- I should fix it later -# ------------------------------------------------------ -# RUN gpg --no-tty --verify /tmp/openvpn.asc -RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION -RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz -RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn -# ------------------------------------------------------ -# -- Download Tunnelblick -# ------------------------------------------------------ -RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ version }}.tar.gz" -d /tmp/tunnelblick.tar.gz -p $TUNNELBLICK_VERSION -RUN tar -xf /tmp/tunnelblick.tar.gz -C /tmp && rm -f /tmp/tunnelblick.tar.gz -RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick - -FROM ubuntu as builder -# ------------------------------------------------------ -# -- TODO: Define it only once -# ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.5 -ENV TUNNELBLICK_VERSION=v4.0.0beta08 -COPY --from=dudo /output /src -RUN apt-get update &&\ - apt-get install -y wget tar unzip build-essential \ - libssl-dev iproute2 liblz4-dev liblzo2-dev \ - libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \ - easy-rsa iptables pkg-config libcap-ng-dev -RUN cp /src/tunnelblick/third_party/sources/openvpn/openvpn-$OPENVPN_VERSION/patches/*.diff /src/openvpn -WORKDIR /src/openvpn -RUN for patch in $(find -type f | grep diff); do\ - patch -p1 < $patch;\ - done -RUN ./configure --disable-systemd --enable-async-push --enable-iproute2 -RUN make && make install -RUN mkdir /output -RUN cp $(which openvpn) /output/ - -# ------------------------------------------------------ -# -- Final container -# ------------------------------------------------------ -FROM ubuntu:22.04 -LABEL maintainer="allanger " -COPY --from=builder /output /src -# ------------------------------------------------------- -# -- Prepare system deps -# ------------------------------------------------------- -RUN apt update && apt install openvpn easy-rsa iptables -y && \ - mv /src/openvpn $(which openvpn) - -# Needed by scripts -ENV OPENVPN /etc/openvpn - -# Prevents refused client connection because of an expired CRL -ENV EASYRSA_CRL_DAYS 3650 - -VOLUME ["/etc/openvpn"] - -# Internally uses port 1194, remap if needed using `docker run -p 443:1194/tcp` -EXPOSE 1194 - -CMD ["ovpn_run"] - -COPY --chmod='755' ./bin /usr/local/bin -# ----------------------------------------------------------- -# -- Add support for OTP authentication using a PAM module -# -- I have no idea how it works yet -# ----------------------------------------------------------- -COPY ./otp/openvpn /etc/pam.d/ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 68422cf..db691c2 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.5 +ENV OPENVPN_VERSION=2.6.8 ENV TUNNELBLICK_VERSION=4.0.0beta13 RUN apt update && apt install gnupg tar -y RUN mkdir /output @@ -27,7 +27,7 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.5 +ENV OPENVPN_VERSION=2.6.8 ENV TUNNELBLICK_VERSION=v4.0.0beta13 COPY --from=dudo /output /src RUN apt-get update &&\ -- 2.45.2 From d8408f498e63d367b94921099686098b00d8f27e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 19 Feb 2024 14:46:12 +0100 Subject: [PATCH 15/49] Update OpenVPN and Tunnelblick versions --- containerfiles/Containerfile | 4 ++-- containerfiles/Containerfile-XOR | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 2e4908d..29e9632 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.8 +ENV OPENVPN_VERSION=2.6.9 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -20,7 +20,7 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.8 +ENV OPENVPN_VERSION=2.6.9 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index db691c2..b3ee6a1 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,6 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.8 -ENV TUNNELBLICK_VERSION=4.0.0beta13 +ENV OPENVPN_VERSION=2.6.9 +ENV TUNNELBLICK_VERSION=4.0.0beta15 RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -27,8 +27,8 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.8 -ENV TUNNELBLICK_VERSION=v4.0.0beta13 +ENV OPENVPN_VERSION=2.6.9 +ENV TUNNELBLICK_VERSION=v4.0.0beta15 COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ -- 2.45.2 From 88edadf5ebcf84e0ce89e7e5f098cb4d5cedc091 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 19 Feb 2024 15:15:59 +0100 Subject: [PATCH 16/49] Update the version in CI --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2042194..3a1915c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,7 +20,7 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile-XOR - CUSTOM_TAG: v2.6.8-XOR-4.0.0beta13 + CUSTOM_TAG: v2.6.9-XOR-4.0.0beta15 commands: - build-container @@ -31,6 +31,6 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.8 + CUSTOM_TAG: v2.6.9 commands: - build-container -- 2.45.2 From 0f4a57694bc74ca04264752ed2c4713484ba954c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:28:38 +0100 Subject: [PATCH 17/49] Try newer build strategy --- .drone.yml | 9 +++-- alpine/google-authenticator/APKBUILD | 52 ---------------------------- containerfiles/Containerfile | 12 +++---- containerfiles/Containerfile-XOR | 8 ++--- env/openvpn.env | 1 + env/openvpn_xor.env | 2 ++ otp/openvpn | 7 ---- 7 files changed, 19 insertions(+), 72 deletions(-) delete mode 100644 alpine/google-authenticator/APKBUILD create mode 100644 env/openvpn.env create mode 100644 env/openvpn_xor.env delete mode 100644 otp/openvpn diff --git a/.drone.yml b/.drone.yml index 3a1915c..abfe299 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,7 +14,7 @@ trigger: steps: - name: Build openvpn xor amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3 + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9fabf0ce6eab3a9a9da15b2791e8282afc05ee0b privileged: true environment: GITEA_TOKEN: @@ -22,15 +22,18 @@ steps: CONTAINERFILE: ./containerfiles/Containerfile-XOR CUSTOM_TAG: v2.6.9-XOR-4.0.0beta15 commands: + - source ./env/openvpn_xor.env + - export CUSTOM_TAG="v${OPENVPN_VERSION}-XOR-${TUNNELBLICK_VERSION}" - build-container - name: Build openvpn amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:555262114ea81f6f286010474527f419b56d33a3 + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9fabf0ce6eab3a9a9da15b2791e8282afc05ee0b privileged: true environment: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile - CUSTOM_TAG: v2.6.9 commands: + - source ./env/openvpn.env + - export CUSTOM_TAG="v${OPENVPN_VERSION}" - build-container diff --git a/alpine/google-authenticator/APKBUILD b/alpine/google-authenticator/APKBUILD deleted file mode 100644 index 712a57d..0000000 --- a/alpine/google-authenticator/APKBUILD +++ /dev/null @@ -1,52 +0,0 @@ -# Contributor: Fabio Napoleoni -# Maintainer: -pkgname=google-authenticator -pkgver=20160207 -pkgrel=1 -pkgdesc="Google Authenticator PAM module" -url="https://github.com/google/google-authenticator" -arch="all" -license="ASL 2.0" -depends= -depends_dev= -makedepends="$depends_dev autoconf automake libtool linux-pam-dev m4 openssl-dev" -install= -subpackages="$pkgname-doc" -source="https://github.com/google/google-authenticator/archive/c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" - -_builddir="$srcdir"/$pkgname-c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425/libpam - -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir" - ./bootstrap.sh || return 1 - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --libdir=/lib \ - --sysconfdir=/etc \ - --mandir=/usr/share/man \ - --infodir=/usr/share/info \ - || return 1 - - make || return 1 -} - -package() { - cd "$_builddir" - make DESTDIR="$pkgdir" install || return 1 -} - -md5sums="33d3cbd0488bcb4f50b34b5670deffae c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" -sha256sums="e32abe693e54195bdb6aca52783e6e1c239e67296876ac59211a59e4608338b8 c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" -sha512sums="b44a626e6cc5d8e27685f5d39b5d33f49fc7070331db7b458d3ee40723972821bb8ed5458f27a287dc664d162acf1f8f9a36ca3b1bf767f2bbf27d4f538e9872 c0404dcdbda9ab9e4f0b8451ecdd44eee8db2425.zip" diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 29e9632..e52d156 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -1,5 +1,5 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.9 +ARG OPENVPN_VERSION RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -7,20 +7,20 @@ RUN mkdir /output # ------------------------------------------------------ RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY RUN gpg --import security-openvpn-net.asc -RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p $OPENVPN_VERSION +RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p ${OPENVPN_VERSION} # ------------------------------------------------------ -# -- I should fix it later +# -- todo: I should fix it later # ------------------------------------------------------ # RUN gpg --no-tty --verify /tmp/openvpn.asc -RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p $OPENVPN_VERSION +RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p ${OPENVPN_VERSION} RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz -RUN mv /tmp/openvpn-$OPENVPN_VERSION /output/openvpn +RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.9 +ARG OPENVPN_VERSION COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index b3ee6a1..9f7a3f8 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -1,6 +1,6 @@ FROM ghcr.io/allanger/dumb-downloader as dudo -ENV OPENVPN_VERSION=2.6.9 -ENV TUNNELBLICK_VERSION=4.0.0beta15 +ARG OPENVPN_VERSION +ARG TUNNELBLICK_VERSION RUN apt update && apt install gnupg tar -y RUN mkdir /output # ------------------------------------------------------ @@ -27,8 +27,8 @@ FROM ubuntu as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ -ENV OPENVPN_VERSION=2.6.9 -ENV TUNNELBLICK_VERSION=v4.0.0beta15 +ARG OPENVPN_VERSION +ARG TUNNELBLICK_VERSION COPY --from=dudo /output /src RUN apt-get update &&\ apt-get install -y wget tar unzip build-essential \ diff --git a/env/openvpn.env b/env/openvpn.env new file mode 100644 index 0000000..e32b9f0 --- /dev/null +++ b/env/openvpn.env @@ -0,0 +1 @@ +export OPENVPN_VERSION=2.6.9 diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env new file mode 100644 index 0000000..850b01f --- /dev/null +++ b/env/openvpn_xor.env @@ -0,0 +1,2 @@ +export OPENVPN_VERSION=2.6.9 +export TUNNEBLICK_VERSION=4.0.0beta15 diff --git a/otp/openvpn b/otp/openvpn deleted file mode 100644 index 5c5c441..0000000 --- a/otp/openvpn +++ /dev/null @@ -1,7 +0,0 @@ -# Uses google authenticator library as PAM module using a single folder for all users tokens -# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users -# See https://github.com/google/google-authenticator-libpam#usersome-user -auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root - -# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so) -account sufficient pam_permit.so -- 2.45.2 From 2fb97bc8d9e385c0e01b67f5d6aa2684a69f2682 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:30:02 +0100 Subject: [PATCH 18/49] Debug --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index abfe299..9a0110e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,9 +20,9 @@ steps: GITEA_TOKEN: from_secret: GITEA_TOKEN CONTAINERFILE: ./containerfiles/Containerfile-XOR - CUSTOM_TAG: v2.6.9-XOR-4.0.0beta15 commands: - source ./env/openvpn_xor.env + - env - export CUSTOM_TAG="v${OPENVPN_VERSION}-XOR-${TUNNELBLICK_VERSION}" - build-container -- 2.45.2 From e1071ce9d8b96230d5062d6c6c5d83ed16a3f1c7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:32:03 +0100 Subject: [PATCH 19/49] Debug --- env/openvpn_xor.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index 850b01f..36a87ac 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,2 +1,2 @@ export OPENVPN_VERSION=2.6.9 -export TUNNEBLICK_VERSION=4.0.0beta15 +export TUNNELBLICK_VERSION=4.0.0beta15 -- 2.45.2 From 24fb1546b7722ff30d1454ae14fabfc5a1becdc5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:33:51 +0100 Subject: [PATCH 20/49] Debug --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9a0110e..9e650d7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,7 +23,7 @@ steps: commands: - source ./env/openvpn_xor.env - env - - export CUSTOM_TAG="v${OPENVPN_VERSION}-XOR-${TUNNELBLICK_VERSION}" + - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - build-container - name: Build openvpn amd64 @@ -35,5 +35,5 @@ steps: CONTAINERFILE: ./containerfiles/Containerfile commands: - source ./env/openvpn.env - - export CUSTOM_TAG="v${OPENVPN_VERSION}" + - export CUSTOM_TAG="v$OPENVPN_VERSION" - build-container -- 2.45.2 From c827972079c409b8e0ce3a93a8b1d5b299ce2b78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:40:29 +0100 Subject: [PATCH 21/49] Add build args support --- .drone.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9e650d7..02eb9c2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,7 +14,7 @@ trigger: steps: - name: Build openvpn xor amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9fabf0ce6eab3a9a9da15b2791e8282afc05ee0b + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:ff4a98f2acb557ad443f279627036bebf06bc4f1 privileged: true environment: GITEA_TOKEN: @@ -24,10 +24,11 @@ steps: - source ./env/openvpn_xor.env - env - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" + - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - build-container - name: Build openvpn amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9fabf0ce6eab3a9a9da15b2791e8282afc05ee0b + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:ff4a98f2acb557ad443f279627036bebf06bc4f1 privileged: true environment: GITEA_TOKEN: @@ -36,4 +37,5 @@ steps: commands: - source ./env/openvpn.env - export CUSTOM_TAG="v$OPENVPN_VERSION" + - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" - build-container -- 2.45.2 From 79bfbcc8bdfac0fa2ee41fe688e536cdfb6c4c1e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:42:40 +0100 Subject: [PATCH 22/49] Renove env debug --- .drone.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 02eb9c2..e1c4609 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,7 +22,6 @@ steps: CONTAINERFILE: ./containerfiles/Containerfile-XOR commands: - source ./env/openvpn_xor.env - - env - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - build-container -- 2.45.2 From cdb94b148a0766a3ff61fb3dbdc7dd7fbd295105 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Feb 2024 16:48:21 +0100 Subject: [PATCH 23/49] Remove OTP folder --- containerfiles/Containerfile | 1 - containerfiles/Containerfile-XOR | 1 - 2 files changed, 2 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index e52d156..f6e21c9 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -64,4 +64,3 @@ COPY --chmod='755' ./bin /usr/local/bin # -- I have no idea how it works yet # ----------------------------------------------------------- WORKDIR /etc/openvpn -COPY ./otp/openvpn /etc/pam.d/ diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 9f7a3f8..75cc83c 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -76,4 +76,3 @@ COPY --chmod='755' ./bin /usr/local/bin # -- I have no idea how it works yet # ----------------------------------------------------------- WORKDIR /etc/openvpn -COPY ./otp/openvpn /etc/pam.d/ -- 2.45.2 From 0cabb525d419b99f87e0ed4788e0a0c29b412edc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 10:25:05 +0100 Subject: [PATCH 24/49] Get OpenVPN version automatically --- .drone.yml | 2 ++ env/openvpn_xor.env | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index e1c4609..d8a57f8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,6 +22,8 @@ steps: CONTAINERFILE: ./containerfiles/Containerfile-XOR commands: - source ./env/openvpn_xor.env + - git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick + - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - build-container diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index 36a87ac..4f2016a 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,2 +1 @@ -export OPENVPN_VERSION=2.6.9 export TUNNELBLICK_VERSION=4.0.0beta15 -- 2.45.2 From 114050fa99982041cadbc55b8a64291c0adda6b6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 10:29:14 +0100 Subject: [PATCH 25/49] Get OpenVPN version automatically --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index d8a57f8..a401205 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,7 +23,7 @@ steps: commands: - source ./env/openvpn_xor.env - git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick - - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) + - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - build-container -- 2.45.2 From 5c3f73e8c4b6e25e260fb19474a4d3e6f3f6beeb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 11:28:57 +0100 Subject: [PATCH 26/49] Build newer versions --- env/openvpn.env | 2 +- env/openvpn_xor.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/env/openvpn.env b/env/openvpn.env index e32b9f0..693c85a 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1 +1 @@ -export OPENVPN_VERSION=2.6.9 +export OPENVPN_VERSION=2.6.10 diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index 4f2016a..eef217e 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1 +1 @@ -export TUNNELBLICK_VERSION=4.0.0beta15 +export TUNNELBLICK_VERSION=4.0.1 -- 2.45.2 From 42511439ceee58dc27da7c262cc57c5dce91f26a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 24 May 2024 16:28:59 +0200 Subject: [PATCH 27/49] Try buidling in Woodpecker CI --- .woodpecker.yaml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .woodpecker.yaml diff --git a/.woodpecker.yaml b/.woodpecker.yaml new file mode 100644 index 0000000..f48a23b --- /dev/null +++ b/.woodpecker.yaml @@ -0,0 +1,60 @@ +--- +when: + event: + - push + branch: + - main +steps: + build-xor: + name: Build openvpn xor amd64 + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3 + secrets: + - gitea_token + privileged: true + depends_on: [] + environment: + CONTAINERFILE: ./containerfiles/Containerfile-XOR + backend_options: + kubernetes: + resources: + requests: + memory: 500Mi + cpu: 200m + limits: + memory: 500Mi + cpu: 200m + securityContext: + privileged: true + commands: + - source ./env/openvpn_xor.env + - git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick + - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) + - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" + - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" + - build-container + + build: + name: Build openvpn amd64 + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3 + privileged: true + depends_on: [] + backend_options: + kubernetes: + resources: + requests: + memory: 500Mi + cpu: 200m + limits: + memory: 500Mi + cpu: 200m + securityContext: + privileged: true + secrets: + - gitea_token + environment: + CONTAINERFILE: ./containerfiles/Containerfile + commands: + - source ./env/openvpn.env + - export CUSTOM_TAG="v$OPENVPN_VERSION" + - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" + - build-container -- 2.45.2 From 383dd1b82dd51a70c0929454510ad47d0116b198 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 24 May 2024 16:45:13 +0200 Subject: [PATCH 28/49] Try buidling in Woodpecker CI in matrix --- .drone.yml | 42 ----------------------------------- .woodpecker.yaml | 46 +++++++++------------------------------ env/openvpn.env | 2 ++ env/openvpn_xor.env | 2 ++ scripts/build_test.sh | 1 + scripts/build_upstream.sh | 4 ++++ scripts/build_xor.sh | 6 +++++ 7 files changed, 25 insertions(+), 78 deletions(-) delete mode 100644 .drone.yml create mode 100755 scripts/build_test.sh create mode 100755 scripts/build_upstream.sh create mode 100755 scripts/build_xor.sh diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index a401205..0000000 --- a/.drone.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# ---------------------------------------------- -# -- Build an image and push it to the registry -# ---------------------------------------------- -kind: pipeline -type: docker -name: Build the builder - -trigger: - event: - - push - branch: - - main - -steps: - - name: Build openvpn xor amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:ff4a98f2acb557ad443f279627036bebf06bc4f1 - privileged: true - environment: - GITEA_TOKEN: - from_secret: GITEA_TOKEN - CONTAINERFILE: ./containerfiles/Containerfile-XOR - commands: - - source ./env/openvpn_xor.env - - git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick - - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) - - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - - build-container - - - name: Build openvpn amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:ff4a98f2acb557ad443f279627036bebf06bc4f1 - privileged: true - environment: - GITEA_TOKEN: - from_secret: GITEA_TOKEN - CONTAINERFILE: ./containerfiles/Containerfile - commands: - - source ./env/openvpn.env - - export CUSTOM_TAG="v$OPENVPN_VERSION" - - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" - - build-container diff --git a/.woodpecker.yaml b/.woodpecker.yaml index f48a23b..798776a 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -4,40 +4,20 @@ when: - push branch: - main + +matrix: + TARGET: + - openvpn_xor + - openvpn + steps: - build-xor: - name: Build openvpn xor amd64 + build-${TARGET}: + name: Build ${TARGET} image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3 secrets: - gitea_token privileged: true depends_on: [] - environment: - CONTAINERFILE: ./containerfiles/Containerfile-XOR - backend_options: - kubernetes: - resources: - requests: - memory: 500Mi - cpu: 200m - limits: - memory: 500Mi - cpu: 200m - securityContext: - privileged: true - commands: - - source ./env/openvpn_xor.env - - git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick - - export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) - - export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" - - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" - - build-container - - build: - name: Build openvpn amd64 - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3 - privileged: true - depends_on: [] backend_options: kubernetes: resources: @@ -49,12 +29,6 @@ steps: cpu: 200m securityContext: privileged: true - secrets: - - gitea_token - environment: - CONTAINERFILE: ./containerfiles/Containerfile commands: - - source ./env/openvpn.env - - export CUSTOM_TAG="v$OPENVPN_VERSION" - - export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" - - build-container + - source ./env/${TARGET}.env + - ./scripts/$SCRIPT diff --git a/env/openvpn.env b/env/openvpn.env index 693c85a..974c467 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1 +1,3 @@ export OPENVPN_VERSION=2.6.10 +export CONTAINERFILE=./containerfiles/Containerfile +export SCRIPT=build_upstream.sh \ No newline at end of file diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index eef217e..e5634d2 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1 +1,3 @@ export TUNNELBLICK_VERSION=4.0.1 +export CONTAINERFILE=./containerfiles/Containerfile-XOR +export SCRIPT=build_xor.sh \ No newline at end of file diff --git a/scripts/build_test.sh b/scripts/build_test.sh new file mode 100755 index 0000000..22a9efc --- /dev/null +++ b/scripts/build_test.sh @@ -0,0 +1 @@ +echo 1 \ No newline at end of file diff --git a/scripts/build_upstream.sh b/scripts/build_upstream.sh new file mode 100755 index 0000000..7f2de71 --- /dev/null +++ b/scripts/build_upstream.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +export CUSTOM_TAG="v$OPENVPN_VERSION" +export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" +build-container \ No newline at end of file diff --git a/scripts/build_xor.sh b/scripts/build_xor.sh new file mode 100755 index 0000000..22aeaa6 --- /dev/null +++ b/scripts/build_xor.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick +export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) +export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" +export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" +build-container \ No newline at end of file -- 2.45.2 From db6e07b5c5088aa346096e742bd91769adc1013e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 24 May 2024 16:47:14 +0200 Subject: [PATCH 29/49] Try using sh instead of bash --- scripts/build_test.sh | 1 - scripts/build_upstream.sh | 2 +- scripts/build_xor.sh | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) delete mode 100755 scripts/build_test.sh diff --git a/scripts/build_test.sh b/scripts/build_test.sh deleted file mode 100755 index 22a9efc..0000000 --- a/scripts/build_test.sh +++ /dev/null @@ -1 +0,0 @@ -echo 1 \ No newline at end of file diff --git a/scripts/build_upstream.sh b/scripts/build_upstream.sh index 7f2de71..20dfa55 100755 --- a/scripts/build_upstream.sh +++ b/scripts/build_upstream.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh export CUSTOM_TAG="v$OPENVPN_VERSION" export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION" build-container \ No newline at end of file diff --git a/scripts/build_xor.sh b/scripts/build_xor.sh index 22aeaa6..b81a65c 100755 --- a/scripts/build_xor.sh +++ b/scripts/build_xor.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" -- 2.45.2 From 36d4d424f8ba976be5373ff79072583a3be073f1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 31 May 2024 18:26:46 +0200 Subject: [PATCH 30/49] install glibc to the final container --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index f6e21c9..3a1b6f5 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -42,7 +42,7 @@ COPY --from=builder /output /src # ------------------------------------------------------- # -- Prepare system deps # ------------------------------------------------------- -RUN apt update && apt install openvpn easy-rsa iptables -y && \ +RUN apt update && apt install openvpn glibc easy-rsa iptables -y && \ mv /src/openvpn $(which openvpn) # Needed by scripts diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 75cc83c..6c7ff67 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -54,7 +54,7 @@ COPY --from=builder /output /src # ------------------------------------------------------- # -- Prepare system deps # ------------------------------------------------------- -RUN apt update && apt install openvpn easy-rsa iptables -y && \ +RUN apt update && apt install openvpn glibc easy-rsa iptables -y && \ mv /src/openvpn $(which openvpn) # Needed by scripts -- 2.45.2 From 18e09d9658f9785051f1077c9feaa2cc34d38287 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 5 Jun 2024 13:32:59 +0200 Subject: [PATCH 31/49] Do not install glibc --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 3a1b6f5..f6e21c9 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -42,7 +42,7 @@ COPY --from=builder /output /src # ------------------------------------------------------- # -- Prepare system deps # ------------------------------------------------------- -RUN apt update && apt install openvpn glibc easy-rsa iptables -y && \ +RUN apt update && apt install openvpn easy-rsa iptables -y && \ mv /src/openvpn $(which openvpn) # Needed by scripts diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 6c7ff67..75cc83c 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -54,7 +54,7 @@ COPY --from=builder /output /src # ------------------------------------------------------- # -- Prepare system deps # ------------------------------------------------------- -RUN apt update && apt install openvpn glibc easy-rsa iptables -y && \ +RUN apt update && apt install openvpn easy-rsa iptables -y && \ mv /src/openvpn $(which openvpn) # Needed by scripts -- 2.45.2 From c64873d9fc2abbbf5ed475255e0878236fc7f86d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 20 Jun 2024 16:03:42 +0200 Subject: [PATCH 32/49] Update vanilla openVPN to 2.6.11 --- env/openvpn.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/env/openvpn.env b/env/openvpn.env index 974c467..72be53b 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1,3 +1,3 @@ -export OPENVPN_VERSION=2.6.10 +export OPENVPN_VERSION=2.6.11 export CONTAINERFILE=./containerfiles/Containerfile -export SCRIPT=build_upstream.sh \ No newline at end of file +export SCRIPT=build_upstream.sh -- 2.45.2 From c5694a56726457a902157cf5ca1ceef49361cbac Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 13 Jul 2024 22:31:01 +0200 Subject: [PATCH 33/49] Update openvpn-xor --- env/openvpn_xor.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index e5634d2..35d2485 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,3 +1,3 @@ -export TUNNELBLICK_VERSION=4.0.1 +export TUNNELBLICK_VERSION=v6.0beta03 export CONTAINERFILE=./containerfiles/Containerfile-XOR -export SCRIPT=build_xor.sh \ No newline at end of file +export SCRIPT=build_xor.sh -- 2.45.2 From 0170a5dc762f2269e765ec4c9d2c2aec0aaa6eee Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 14 Jul 2024 11:01:23 +0200 Subject: [PATCH 34/49] Use the latest builder --- .woodpecker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 798776a..eaa2ac3 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -13,7 +13,7 @@ matrix: steps: build-${TARGET}: name: Build ${TARGET} - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3 + image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest secrets: - gitea_token privileged: true -- 2.45.2 From e231e219aa359fe339a1075a7999a1b2625353f9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 14 Jul 2024 12:50:30 +0200 Subject: [PATCH 35/49] Fix the xor build --- env/openvpn_xor.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index 35d2485..beee6cb 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,3 +1,3 @@ -export TUNNELBLICK_VERSION=v6.0beta03 +export TUNNELBLICK_VERSION=6.0beta03 export CONTAINERFILE=./containerfiles/Containerfile-XOR export SCRIPT=build_xor.sh -- 2.45.2 From 767cd2d512ecf816e68770881c8efd47b761686c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 14 Jul 2024 13:54:03 +0200 Subject: [PATCH 36/49] Use Ubuntu 24.04 --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index f6e21c9..07645f3 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -36,7 +36,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:22.04 +FROM ubuntu:24.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 75cc83c..b15c71d 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -48,7 +48,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:22.04 +FROM ubuntu:24.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- -- 2.45.2 From 70b79587f03fb5ab52599ae2daa95b4303a74c7c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:26:41 +0200 Subject: [PATCH 37/49] Move back to ubuntu 22.04 --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 07645f3..f6e21c9 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -36,7 +36,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:24.04 +FROM ubuntu:22.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index b15c71d..75cc83c 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -48,7 +48,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:24.04 +FROM ubuntu:22.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- -- 2.45.2 From 2a1b2fadce6740944333ac336ec41fad0b473021 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:28:12 +0200 Subject: [PATCH 38/49] Trigger build -- 2.45.2 From c01b61cb8dcf76bd487d099cc3f01346c9969768 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:28:49 +0200 Subject: [PATCH 39/49] Trigger build -- 2.45.2 From 4737de1394607b75faae237b5741e9ab8dd73bf2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:48:06 +0200 Subject: [PATCH 40/49] Fix the arch --- .woodpecker.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index eaa2ac3..b54882a 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -13,7 +13,7 @@ matrix: steps: build-${TARGET}: name: Build ${TARGET} - image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest + image: gitea.badhouseplants.net/badhouseplants/badhouseplants-builder:latest secrets: - gitea_token privileged: true @@ -29,6 +29,8 @@ steps: cpu: 200m securityContext: privileged: true + nodeSelector: + kubernetes.io/arch: "amd64" commands: - source ./env/${TARGET}.env - ./scripts/$SCRIPT -- 2.45.2 From e601741b2cecf315a7751c6f440b2c7691792b3f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:50:48 +0200 Subject: [PATCH 41/49] Fix the arch --- .woodpecker.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index b54882a..b3103ad 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -16,6 +16,8 @@ steps: image: gitea.badhouseplants.net/badhouseplants/badhouseplants-builder:latest secrets: - gitea_token + environment: + CONTAINER_REGISTRY: gitea.badhousepants.net privileged: true depends_on: [] backend_options: -- 2.45.2 From db02862770f65f11779e8b5880b8119eb23770e7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 21:52:18 +0200 Subject: [PATCH 42/49] Fix registry url --- .woodpecker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index b3103ad..14a1180 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -17,7 +17,7 @@ steps: secrets: - gitea_token environment: - CONTAINER_REGISTRY: gitea.badhousepants.net + CONTAINER_REGISTRY: gitea.badhouseplants.net privileged: true depends_on: [] backend_options: -- 2.45.2 From b3f437902f55a38de6e98cdbfbb1748fb2340c9c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 22:17:59 +0200 Subject: [PATCH 43/49] Try newer ubuntu --- containerfiles/Containerfile | 2 +- containerfiles/Containerfile-XOR | 4 ++-- scripts/build_xor.sh | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index f6e21c9..07645f3 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -36,7 +36,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:22.04 +FROM ubuntu:24.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- diff --git a/containerfiles/Containerfile-XOR b/containerfiles/Containerfile-XOR index 75cc83c..6bbf2ca 100644 --- a/containerfiles/Containerfile-XOR +++ b/containerfiles/Containerfile-XOR @@ -23,7 +23,7 @@ RUN dudo -l "https://github.com/Tunnelblick/Tunnelblick/archive/refs/tags/v{{ ve RUN tar -xf /tmp/tunnelblick.tar.gz -C /tmp && rm -f /tmp/tunnelblick.tar.gz RUN mv /tmp/Tunnelblick-$TUNNELBLICK_VERSION /output/tunnelblick -FROM ubuntu as builder +FROM ubuntu:24.04 as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ @@ -48,7 +48,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:22.04 +FROM ubuntu:24.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- diff --git a/scripts/build_xor.sh b/scripts/build_xor.sh index b81a65c..a152b0c 100755 --- a/scripts/build_xor.sh +++ b/scripts/build_xor.sh @@ -1,6 +1,7 @@ #!/usr/bin/env sh git clone https://github.com/Tunnelblick/Tunnelblick.git /tmp/tunnelblick +git -C /tmp/tunnelblick checkout $TUNNELBLICK_VERSION export OPENVPN_VERSION=$(ls /tmp/tunnelblick/third_party/sources/openvpn | sed 's/openvpn-//g' | sort -k1,1nr -k2,2n -k3,3n | head -n 1) export CUSTOM_TAG="v$OPENVPN_VERSION-XOR-$TUNNELBLICK_VERSION" export BUILD_ARGS="--build-arg OPENVPN_VERSION=$OPENVPN_VERSION --build-arg TUNNELBLICK_VERSION=$TUNNELBLICK_VERSION" -build-container \ No newline at end of file +build-container -- 2.45.2 From 877691e3082cdd47ca7a6a8d2ea50756d02c11c3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Aug 2024 22:36:44 +0200 Subject: [PATCH 44/49] Build older vpn 2.6.5 --- .woodpecker.yaml | 7 +++---- containerfiles/Containerfile | 4 ++-- env/openvpn.env | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 14a1180..7e037db 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -24,11 +24,10 @@ steps: kubernetes: resources: requests: - memory: 500Mi - cpu: 200m + memory: 1024Mi + cpu: 300m limits: - memory: 500Mi - cpu: 200m + memory: 1024Mi securityContext: privileged: true nodeSelector: diff --git a/containerfiles/Containerfile b/containerfiles/Containerfile index 07645f3..4b0336b 100644 --- a/containerfiles/Containerfile +++ b/containerfiles/Containerfile @@ -16,7 +16,7 @@ RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version RUN tar -xf /tmp/openvpn.tar.gz -C /tmp && rm -f /tmp/openvpn.tar.gz RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn -FROM ubuntu as builder +FROM ubuntu:22.04 as builder # ------------------------------------------------------ # -- TODO: Define it only once # ------------------------------------------------------ @@ -36,7 +36,7 @@ RUN cp $(which openvpn) /output/ # ------------------------------------------------------ # -- Final container # ------------------------------------------------------ -FROM ubuntu:24.04 +FROM ubuntu:22.04 LABEL maintainer="allanger " COPY --from=builder /output /src # ------------------------------------------------------- diff --git a/env/openvpn.env b/env/openvpn.env index 72be53b..400c5ee 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1,3 +1,3 @@ -export OPENVPN_VERSION=2.6.11 +export OPENVPN_VERSION=2.6.5 export CONTAINERFILE=./containerfiles/Containerfile export SCRIPT=build_upstream.sh -- 2.45.2 From ff531b8c3c2e94c62678cb374cf2b59fc3bcdd4f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Sep 2024 22:14:53 +0200 Subject: [PATCH 45/49] Try building on ARM --- .woodpecker.yaml | 2 +- env/openvpn.env | 2 +- env/openvpn_xor.env | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 7e037db..0fb96e8 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -31,7 +31,7 @@ steps: securityContext: privileged: true nodeSelector: - kubernetes.io/arch: "amd64" + kubernetes.io/arch: "arm64" commands: - source ./env/${TARGET}.env - ./scripts/$SCRIPT diff --git a/env/openvpn.env b/env/openvpn.env index 400c5ee..e3f0fbc 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1,3 +1,3 @@ -export OPENVPN_VERSION=2.6.5 +export OPENVPN_VERSION=2.6.5-arm export CONTAINERFILE=./containerfiles/Containerfile export SCRIPT=build_upstream.sh diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index beee6cb..55e8f26 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,3 +1,3 @@ -export TUNNELBLICK_VERSION=6.0beta03 +export TUNNELBLICK_VERSION=6.0beta03-arm export CONTAINERFILE=./containerfiles/Containerfile-XOR export SCRIPT=build_xor.sh -- 2.45.2 From ad8194eaa2d731ba66cbed34046d6e21c92f886c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Sep 2024 22:16:14 +0200 Subject: [PATCH 46/49] Try building on ARM --- .woodpecker.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 0fb96e8..919aef5 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -13,11 +13,11 @@ matrix: steps: build-${TARGET}: name: Build ${TARGET} - image: gitea.badhouseplants.net/badhouseplants/badhouseplants-builder:latest + image: zot.badhouseplants.net/badhouseplants/badhouseplants-builder:latest secrets: - - gitea_token + - registry_token environment: - CONTAINER_REGISTRY: gitea.badhouseplants.net + CONTAINER_REGISTRY: zot.badhouseplants.net privileged: true depends_on: [] backend_options: -- 2.45.2 From 0ac36c1569312c9410de4d24dc1190cba1aee002 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Sep 2024 22:17:21 +0200 Subject: [PATCH 47/49] Trigger build -- 2.45.2 From 67d37f5df553ad0b9ad6eb56b28bf0e734acf745 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 27 Sep 2024 23:43:38 +0200 Subject: [PATCH 48/49] Build AMD only --- .woodpecker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 919aef5..14350ae 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -31,7 +31,7 @@ steps: securityContext: privileged: true nodeSelector: - kubernetes.io/arch: "arm64" + kubernetes.io/arch: "amd64" commands: - source ./env/${TARGET}.env - ./scripts/$SCRIPT -- 2.45.2 From 5a2201317538b3a8c9412131615ed301fc559bd5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 27 Sep 2024 23:46:08 +0200 Subject: [PATCH 49/49] Build AMD only --- env/openvpn.env | 2 +- env/openvpn_xor.env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/env/openvpn.env b/env/openvpn.env index e3f0fbc..400c5ee 100644 --- a/env/openvpn.env +++ b/env/openvpn.env @@ -1,3 +1,3 @@ -export OPENVPN_VERSION=2.6.5-arm +export OPENVPN_VERSION=2.6.5 export CONTAINERFILE=./containerfiles/Containerfile export SCRIPT=build_upstream.sh diff --git a/env/openvpn_xor.env b/env/openvpn_xor.env index 55e8f26..beee6cb 100644 --- a/env/openvpn_xor.env +++ b/env/openvpn_xor.env @@ -1,3 +1,3 @@ -export TUNNELBLICK_VERSION=6.0beta03-arm +export TUNNELBLICK_VERSION=6.0beta03 export CONTAINERFILE=./containerfiles/Containerfile-XOR export SCRIPT=build_xor.sh -- 2.45.2