diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e9b30a94..95a6426e6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,10 +30,22 @@ jobs: - name: Install modules run: go mod tidy + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to GitHub Packages Docker Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GITHUB_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 - if: startsWith(github.ref, 'refs/tags/') with: version: latest args: release --rm-dist diff --git a/.goreleaser.yaml b/.goreleaser.yaml index eda89aa62..e59cf0f91 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -28,3 +28,41 @@ nfpms: scripts: postinstall: "release_files/post_install.sh" +dockers: + - image_templates: + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 + goarch: amd64 + use_buildx: true + dockerfile: Dockerfile + build_flag_templates: + - "--platform=linux/amd64" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.title={{.ProjectName}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=maintainer=wiretrustee@wiretrustee.com" + - image_templates: + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 + goarch: arm64 + use_buildx: true + dockerfile: Dockerfile + build_flag_templates: + - "--platform=linux/arm64" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.title={{.ProjectName}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=maintainer=wiretrustee@wiretrustee.com" + +docker_manifests: + - name_template: ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }} + image_templates: + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 + + - name_template: ghcr.io/wiretrustee/wiretrustee:signal-latest + image_templates: + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8 + - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 17b53d375..4c39a6f67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,5 @@ -FROM docker.io/golang:1.16 AS build - -WORKDIR /src - -COPY go.mod . -COPY cmd . -COPY connection . -COPY iface . -COPY signal . -COPY util . -COPY main.go . - -RUN go mod download -RUN go mod tidy -RUN go install . - -FROM gcr.io/distroless/base -COPY --from=build /go/bin/wiretrustee / -ENTRYPOINT [ "/wiretrustee signal" ] +FROM gcr.io/distroless/base:debug +EXPOSE 10000 +ENTRYPOINT [ "/go/bin/wiretrustee","signal" ] +CMD ["--log-level","DEBUG"] +COPY wiretrustee /go/bin/wiretrustee \ No newline at end of file diff --git a/README.md b/README.md index 828cd86ac..473a625ca 100644 --- a/README.md +++ b/README.md @@ -21,12 +21,12 @@ A WireGuard®-based mesh network that connects your devices into a single privat For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server. [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups. -### What Wiretrustee is not doing (yet): -* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. However, the support for the key management feature is on our roadmap. +### What Wiretrustee is not doing: +* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. * Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee - The peer management assignment is on our roadmap too. + The peer address management assignment is on our roadmap. -### Installation +### Client Installation 1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases) 2. Download the latest release: ```shell @@ -36,7 +36,8 @@ wget https://github.com/wiretrustee/wiretrustee/releases/download/v0.0.4/wiretru ```shell sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb ``` -4. Initialize Wiretrustee: +### Client Configuration +1. Initialize Wiretrustee: ```shell sudo wiretrustee init \ --stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \ @@ -52,17 +53,27 @@ If for some reason, you already have a generated Wireguard key, you can specify If not specified, then a new one will be generated, and its corresponding public key will be output to the log. A new config will be generated and stored under ```/etc/wiretrustee/config.json``` -5. Add a peer to connect to. -``` +2. Add a peer to connect to. +```shell sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '' ``` -6. Restart Wiretrustee +3. Restart Wiretrustee to reload changes ```shell sudo systemctl restart wiretrustee.service sudo systemctl status wiretrustee.service ``` - +### Running the Signal service +We have packed the signal into docker images. You can pull the images from the Github registry and execute it with the following commands: +````shell +docker pull ghcr.io/wiretrustee/wiretrustee:signal-latest +docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest +```` +The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed: +````shell +docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest --log-level DEBUG +```` ### Roadmap * Android app -* Key and address management service with SSO \ No newline at end of file +* The peer address management assignment is on our roadmap. + \ No newline at end of file