mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-01 04:23:44 +01:00
Building docker images for signal service
This commit is contained in:
parent
8c1cf88e07
commit
bbf57b064c
14
.github/workflows/release.yml
vendored
14
.github/workflows/release.yml
vendored
@ -30,10 +30,22 @@ jobs:
|
|||||||
-
|
-
|
||||||
name: Install modules
|
name: Install modules
|
||||||
run: go mod tidy
|
run: go mod tidy
|
||||||
|
-
|
||||||
|
name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
-
|
||||||
|
name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
-
|
||||||
|
name: Login to GitHub Packages Docker Registry
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
-
|
-
|
||||||
name: Run GoReleaser
|
name: Run GoReleaser
|
||||||
uses: goreleaser/goreleaser-action@v2
|
uses: goreleaser/goreleaser-action@v2
|
||||||
if: startsWith(github.ref, 'refs/tags/')
|
|
||||||
with:
|
with:
|
||||||
version: latest
|
version: latest
|
||||||
args: release --rm-dist
|
args: release --rm-dist
|
||||||
|
@ -28,3 +28,41 @@ nfpms:
|
|||||||
|
|
||||||
scripts:
|
scripts:
|
||||||
postinstall: "release_files/post_install.sh"
|
postinstall: "release_files/post_install.sh"
|
||||||
|
dockers:
|
||||||
|
- image_templates:
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
|
||||||
|
goarch: amd64
|
||||||
|
use_buildx: true
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
build_flag_templates:
|
||||||
|
- "--platform=linux/amd64"
|
||||||
|
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||||
|
- "--label=org.opencontainers.image.title={{.ProjectName}}"
|
||||||
|
- "--label=org.opencontainers.image.version={{.Version}}"
|
||||||
|
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
|
||||||
|
- "--label=org.opencontainers.image.version={{.Version}}"
|
||||||
|
- "--label=maintainer=wiretrustee@wiretrustee.com"
|
||||||
|
- image_templates:
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
|
||||||
|
goarch: arm64
|
||||||
|
use_buildx: true
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
build_flag_templates:
|
||||||
|
- "--platform=linux/arm64"
|
||||||
|
- "--label=org.opencontainers.image.created={{.Date}}"
|
||||||
|
- "--label=org.opencontainers.image.title={{.ProjectName}}"
|
||||||
|
- "--label=org.opencontainers.image.version={{.Version}}"
|
||||||
|
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
|
||||||
|
- "--label=org.opencontainers.image.version={{.Version}}"
|
||||||
|
- "--label=maintainer=wiretrustee@wiretrustee.com"
|
||||||
|
|
||||||
|
docker_manifests:
|
||||||
|
- name_template: ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}
|
||||||
|
image_templates:
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
|
||||||
|
|
||||||
|
- name_template: ghcr.io/wiretrustee/wiretrustee:signal-latest
|
||||||
|
image_templates:
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
|
||||||
|
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
|
24
Dockerfile
24
Dockerfile
@ -1,19 +1,5 @@
|
|||||||
FROM docker.io/golang:1.16 AS build
|
FROM gcr.io/distroless/base:debug
|
||||||
|
EXPOSE 10000
|
||||||
WORKDIR /src
|
ENTRYPOINT [ "/go/bin/wiretrustee","signal" ]
|
||||||
|
CMD ["--log-level","DEBUG"]
|
||||||
COPY go.mod .
|
COPY wiretrustee /go/bin/wiretrustee
|
||||||
COPY cmd .
|
|
||||||
COPY connection .
|
|
||||||
COPY iface .
|
|
||||||
COPY signal .
|
|
||||||
COPY util .
|
|
||||||
COPY main.go .
|
|
||||||
|
|
||||||
RUN go mod download
|
|
||||||
RUN go mod tidy
|
|
||||||
RUN go install .
|
|
||||||
|
|
||||||
FROM gcr.io/distroless/base
|
|
||||||
COPY --from=build /go/bin/wiretrustee /
|
|
||||||
ENTRYPOINT [ "/wiretrustee signal" ]
|
|
31
README.md
31
README.md
@ -21,12 +21,12 @@ A WireGuard®-based mesh network that connects your devices into a single privat
|
|||||||
For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server.
|
For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server.
|
||||||
[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups.
|
[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups.
|
||||||
|
|
||||||
### What Wiretrustee is not doing (yet):
|
### What Wiretrustee is not doing:
|
||||||
* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. However, the support for the key management feature is on our roadmap.
|
* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step.
|
||||||
* Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee
|
* Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee
|
||||||
The peer management assignment is on our roadmap too.
|
The peer address management assignment is on our roadmap.
|
||||||
|
|
||||||
### Installation
|
### Client Installation
|
||||||
1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases)
|
1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases)
|
||||||
2. Download the latest release:
|
2. Download the latest release:
|
||||||
```shell
|
```shell
|
||||||
@ -36,7 +36,8 @@ wget https://github.com/wiretrustee/wiretrustee/releases/download/v0.0.4/wiretru
|
|||||||
```shell
|
```shell
|
||||||
sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb
|
sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb
|
||||||
```
|
```
|
||||||
4. Initialize Wiretrustee:
|
### Client Configuration
|
||||||
|
1. Initialize Wiretrustee:
|
||||||
```shell
|
```shell
|
||||||
sudo wiretrustee init \
|
sudo wiretrustee init \
|
||||||
--stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
|
--stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
|
||||||
@ -52,17 +53,27 @@ If for some reason, you already have a generated Wireguard key, you can specify
|
|||||||
If not specified, then a new one will be generated, and its corresponding public key will be output to the log.
|
If not specified, then a new one will be generated, and its corresponding public key will be output to the log.
|
||||||
A new config will be generated and stored under ```/etc/wiretrustee/config.json```
|
A new config will be generated and stored under ```/etc/wiretrustee/config.json```
|
||||||
|
|
||||||
5. Add a peer to connect to.
|
2. Add a peer to connect to.
|
||||||
```
|
```shell
|
||||||
sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
|
sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
|
||||||
```
|
```
|
||||||
|
|
||||||
6. Restart Wiretrustee
|
3. Restart Wiretrustee to reload changes
|
||||||
```shell
|
```shell
|
||||||
sudo systemctl restart wiretrustee.service
|
sudo systemctl restart wiretrustee.service
|
||||||
sudo systemctl status wiretrustee.service
|
sudo systemctl status wiretrustee.service
|
||||||
```
|
```
|
||||||
|
### Running the Signal service
|
||||||
|
We have packed the signal into docker images. You can pull the images from the Github registry and execute it with the following commands:
|
||||||
|
````shell
|
||||||
|
docker pull ghcr.io/wiretrustee/wiretrustee:signal-latest
|
||||||
|
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest
|
||||||
|
````
|
||||||
|
The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed:
|
||||||
|
````shell
|
||||||
|
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest --log-level DEBUG
|
||||||
|
````
|
||||||
### Roadmap
|
### Roadmap
|
||||||
* Android app
|
* Android app
|
||||||
* Key and address management service with SSO
|
* The peer address management assignment is on our roadmap.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user