Merge pull request #159 from linuxserver/focal

rebase to focal, add LOG_CONFS, remove add-peer

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-ubuntu:bionic
+FROM ghcr.io/linuxserver/baseimage-ubuntu:focal
 
 # set version label
 ARG BUILD_DATE

Dockerfile.aarch64

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-bionic
+FROM ghcr.io/linuxserver/baseimage-ubuntu:arm64v8-focal
 
 # set version label
 ARG BUILD_DATE

Dockerfile.armhf

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-bionic
+FROM ghcr.io/linuxserver/baseimage-ubuntu:arm32v7-focal
 
 # set version label
 ARG BUILD_DATE

README.md

@@ -147,6 +147,7 @@ services:
       - PEERDNS=auto #optional
       - INTERNAL_SUBNET=10.13.13.0 #optional
       - ALLOWEDIPS=0.0.0.0/0 #optional
+      - LOG_CONFS=true #optional
     volumes:
       - /path/to/appdata/config:/config
       - /lib/modules:/lib/modules
@@ -173,6 +174,7 @@ docker run -d \
   -e PEERDNS=auto `#optional` \
   -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
   -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
+  -e LOG_CONFS=true `#optional` \
   -p 51820:51820/udp \
   -v /path/to/appdata/config:/config \
   -v /lib/modules:/lib/modules \
@@ -197,6 +199,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e PEERDNS=auto` | DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward. |
 | `-e INTERNAL_SUBNET=10.13.13.0` | Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. |
 | `-e ALLOWEDIPS=0.0.0.0/0` | The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1. |
+| `-e LOG_CONFS=true` | Generated QR codes will be displayed in the docker log. Set to `false` to skip log output. |
 | `-v /config` | Contains all relevant configuration files. |
 | `-v /lib/modules` | Maps host's modules folder. |
 | `--sysctl=` | Required for client mode. |
@@ -310,6 +313,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **10.04.22:** - Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command.
 * **28.10.21:** - Add site-to-site vpn support.
 * **11.02.21:** - Fix bug related to changing internal subnet and named peer confs not updating.
 * **06.10.20:** - Disable CoreDNS in client mode, or if port 53 is already in use in server mode.

readme-vars.yml

@@ -48,6 +48,7 @@ opt_param_env_vars:
   - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
   - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
   - { env_var: "ALLOWEDIPS", env_value: "0.0.0.0/0", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1."}
+  - { env_var: "LOG_CONFS", env_value: "true", desc: "Generated QR codes will be displayed in the docker log. Set to `false` to skip log output."}
 
 optional_block_1: false
 optional_block_1_items: ""
@@ -120,6 +121,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "10.04.22:", desc: "Rebase to Ubuntu Focal. Add `LOG_CONFS` env var. Remove deprecated `add-peer` command." }
   - { date: "28.10.21:", desc: "Add site-to-site vpn support." }
   - { date: "11.02.21:", desc: "Fix bug related to changing internal subnet and named peer confs not updating." }
   - { date: "06.10.20:", desc: "Disable CoreDNS in client mode, or if port 53 is already in use in server mode." }

root/app/add-peer

@@ -1,47 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-echo "******* This script has been deprecated and will be removed in a future version. In order to add peers, change the PEERS env var and recreate your container. Existing peers will still use the same private and public keys. *******"
-
-if [ ! -f /config/wg0.conf ] || [ -z "$PEERS" ]; then
-  echo "Wireguard is not set up in server mode"
-  exit 0
-fi
-
-INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
-INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
-if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
-  SERVERURL=$(curl icanhazip.com)
-fi
-SERVERPORT=${SERVERPORT:-51820}
-if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
-  PEERDNS="${INTERFACE}.1"
-fi
-
-for i in {1..254}; do
-  if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then
-    echo "Peer $i exists"
-  else
-    echo "Adding new Peer $i"
-    mkdir -p /config/peer${i}
-    if [ ! -f /config/peer${i}/privatekey-peer${i} ]; then
-      umask 077
-      wg genkey | tee /config/peer${i}/privatekey-peer${i} | wg pubkey > /config/peer${i}/publickey-peer${i}
-    fi
-    eval "`printf %s`
-    cat <<DUDE > /config/peer${i}/peer${i}.conf
-`cat /config/templates/peer.conf`
-DUDE"
-    cat <<DUDE >> /config/wg0.conf
-[Peer]
-PublicKey = $(cat /config/peer${i}/publickey-peer${i})
-AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32
-
-DUDE
-    echo "PEER ${i} QR code:"
-    qrencode -t ansiutf8 < /config/peer${i}/peer${i}.conf
-    qrencode -o /config/peer${i}/peer${i}.png < /config/peer${i}/peer${i}.conf
-    chown -R abc:abc /config/peer${i}
-    s6-svc -t /var/run/s6/services/wireguard
-    break
-  fi
-done

root/etc/cont-init.d/30-module

@@ -10,7 +10,7 @@ if ip link add dev test type wireguard; then
   SKIP_COMPILE="true"
   ip link del dev test
 else
-  echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. ****"
+  echo "**** The wireguard module is not active, will attempt kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
 fi  
 
 # install headers if necessary
@@ -30,31 +30,31 @@ if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; the
     apt-get install -y \
       raspberrypi-kernel-headers
   elif uname -v | grep -q 'Ubuntu'; then
-    echo "**** Ubuntu kernel detected, but likely not Bionic. ****"
-    echo "**** Attempting to install kernel headers from Ubuntu Xenial repo ****"
+    echo "**** Ubuntu kernel detected, but likely not Focal. ****"
+    echo "**** Attempting to install kernel headers from Ubuntu Bionic repo ****"
     if uname -m | grep -q 'x86_64'; then
       echo -e \
-        "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \
-        > /etc/apt/sources.list.d/xenial-focal.list
+        "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ bionic main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted" \
+        > /etc/apt/sources.list.d/xenial-bionic.list
     else
       echo -e \
-      "deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted" \
-        > /etc/apt/sources.list.d/xenial-focal.list
+      "deb http://ports.ubuntu.com/ubuntu-ports/ bionic main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ bionic main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ bionic-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ bionic-updates main restricted" \
+        > /etc/apt/sources.list.d/xenial-bionic.list
     fi
     apt-get update
     if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
       apt-get install -y \
         linux-headers-$(uname -r)
     else
-      echo "**** No kernel headers found in the Ubuntu Xenial repo!! Trying Ubuntu Focal. ****"
-      sed -i 's/xenial/focal/g' /etc/apt/sources.list.d/xenial-focal.list
+      echo "**** No kernel headers found in the Ubuntu Bionic repo!! Trying Ubuntu Xenial. ****"
+      sed -i 's/bionic/xenial/g' /etc/apt/sources.list.d/xenial-bionic.list
       apt-get update
       if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then
         apt-get install -y \
           linux-headers-$(uname -r)
       else
         echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****"
-        rm -rf /etc/apt/sources.list.d/xenial-focal.list
+        rm -rf /etc/apt/sources.list.d/xenial-bionic.list
       fi
     fi
   elif uname -v | grep -q 'Debian'; then
@@ -146,7 +146,7 @@ DUDE
       sleep infinity
     fi
   else
-    echo "**** Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****"
+    echo "**** Kernel headers don't seem to be available in Ubuntu, Debian and Raspbian repos, or shared from the host; therefore can't compile the module. Sleeping now. . . ****"
     sleep infinity
   fi
 fi

root/etc/cont-init.d/40-confs

@@ -69,8 +69,12 @@ AllowedIPs = ${CLIENT_IP}/32
 
 DUDE
     fi
-    echo "PEER ${i} QR code:"
-    qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
+    if [ -z "${LOG_CONFS}" ] || [ "${LOG_CONFS}" = "true" ]; then
+      echo "PEER ${i} QR code:"
+      qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
+    else
+      echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
+    fi
     qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
   done
 }