Building docker images for signal service

This commit is contained in:
mlsmaycon 2021-05-11 12:38:41 +05:00
parent 8c1cf88e07
commit bbf57b064c
4 changed files with 77 additions and 30 deletions

View File

@ -30,10 +30,22 @@ jobs:
- -
name: Install modules name: Install modules
run: go mod tidy run: go mod tidy
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GITHUB_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- -
name: Run GoReleaser name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2 uses: goreleaser/goreleaser-action@v2
if: startsWith(github.ref, 'refs/tags/')
with: with:
version: latest version: latest
args: release --rm-dist args: release --rm-dist

View File

@ -28,3 +28,41 @@ nfpms:
scripts: scripts:
postinstall: "release_files/post_install.sh" postinstall: "release_files/post_install.sh"
dockers:
- image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
goarch: amd64
use_buildx: true
dockerfile: Dockerfile
build_flag_templates:
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=maintainer=wiretrustee@wiretrustee.com"
- image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
goarch: arm64
use_buildx: true
dockerfile: Dockerfile
build_flag_templates:
- "--platform=linux/arm64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=maintainer=wiretrustee@wiretrustee.com"
docker_manifests:
- name_template: ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}
image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
- name_template: ghcr.io/wiretrustee/wiretrustee:signal-latest
image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64

View File

@ -1,19 +1,5 @@
FROM docker.io/golang:1.16 AS build FROM gcr.io/distroless/base:debug
EXPOSE 10000
WORKDIR /src ENTRYPOINT [ "/go/bin/wiretrustee","signal" ]
CMD ["--log-level","DEBUG"]
COPY go.mod . COPY wiretrustee /go/bin/wiretrustee
COPY cmd .
COPY connection .
COPY iface .
COPY signal .
COPY util .
COPY main.go .
RUN go mod download
RUN go mod tidy
RUN go install .
FROM gcr.io/distroless/base
COPY --from=build /go/bin/wiretrustee /
ENTRYPOINT [ "/wiretrustee signal" ]

View File

@ -21,12 +21,12 @@ A WireGuard®-based mesh network that connects your devices into a single privat
For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server. For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server.
[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups. [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups.
### What Wiretrustee is not doing (yet): ### What Wiretrustee is not doing:
* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. However, the support for the key management feature is on our roadmap. * Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step.
* Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee * Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee
The peer management assignment is on our roadmap too. The peer address management assignment is on our roadmap.
### Installation ### Client Installation
1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases) 1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases)
2. Download the latest release: 2. Download the latest release:
```shell ```shell
@ -36,7 +36,8 @@ wget https://github.com/wiretrustee/wiretrustee/releases/download/v0.0.4/wiretru
```shell ```shell
sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb
``` ```
4. Initialize Wiretrustee: ### Client Configuration
1. Initialize Wiretrustee:
```shell ```shell
sudo wiretrustee init \ sudo wiretrustee init \
--stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \ --stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
@ -52,17 +53,27 @@ If for some reason, you already have a generated Wireguard key, you can specify
If not specified, then a new one will be generated, and its corresponding public key will be output to the log. If not specified, then a new one will be generated, and its corresponding public key will be output to the log.
A new config will be generated and stored under ```/etc/wiretrustee/config.json``` A new config will be generated and stored under ```/etc/wiretrustee/config.json```
5. Add a peer to connect to. 2. Add a peer to connect to.
``` ```shell
sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>' sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
``` ```
6. Restart Wiretrustee 3. Restart Wiretrustee to reload changes
```shell ```shell
sudo systemctl restart wiretrustee.service sudo systemctl restart wiretrustee.service
sudo systemctl status wiretrustee.service sudo systemctl status wiretrustee.service
``` ```
### Running the Signal service
We have packed the signal into docker images. You can pull the images from the Github registry and execute it with the following commands:
````shell
docker pull ghcr.io/wiretrustee/wiretrustee:signal-latest
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest
````
The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed:
````shell
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest --log-level DEBUG
````
### Roadmap ### Roadmap
* Android app * Android app
* Key and address management service with SSO * The peer address management assignment is on our roadmap.