From 52ee605ed16f424ceaa80143b070431e6a81d8af Mon Sep 17 00:00:00 2001 From: Lukas Prettenthaler Date: Sun, 12 Jun 2022 17:53:02 +0200 Subject: [PATCH] add entrypoint and define env variables to override local settings --- Dockerfile | 4 ++-- Dockerfile.bridge | 4 ++-- scripts/entrypoint-bridge.sh | 14 ++++++++++++++ scripts/entrypoint.sh | 37 ++++++++++++++++++++++++++++++------ 4 files changed, 49 insertions(+), 10 deletions(-) create mode 100755 scripts/entrypoint-bridge.sh diff --git a/Dockerfile b/Dockerfile index 2f09681..7e35e5f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ LABEL org.opencontainers.image.title="zerotier" \ org.opencontainers.image.licenses="MIT" \ org.opencontainers.image.source="https://github.com/zyclonite/zerotier-docker" -COPY --from=builder /src/zerotier-one /usr/sbin/ +COPY --from=builder /src/zerotier-one /src/scripts/entrypoint.sh /usr/sbin/ RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \ && mkdir -p /var/lib/zerotier-one \ @@ -36,6 +36,6 @@ RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \ EXPOSE 9993/udp -ENTRYPOINT ["zerotier-one"] +ENTRYPOINT ["entrypoint.sh"] CMD ["-U"] diff --git a/Dockerfile.bridge b/Dockerfile.bridge index 8cdf563..39a112d 100644 --- a/Dockerfile.bridge +++ b/Dockerfile.bridge @@ -8,10 +8,10 @@ RUN apk add --no-cache --purge --clean-protected iptables \ ENV LOG_PATH=/var/log/supervisor -COPY scripts /opt +COPY scripts/entrypoint-bridge.sh /usr/sbin/ EXPOSE 9993/udp -ENTRYPOINT ["/opt/entrypoint.sh"] +ENTRYPOINT ["entrypoint-bridge.sh"] CMD ["-U"] diff --git a/scripts/entrypoint-bridge.sh b/scripts/entrypoint-bridge.sh new file mode 100755 index 0000000..1d89214 --- /dev/null +++ b/scripts/entrypoint-bridge.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env sh +set -Eeo pipefail + +if [ "${1:0:1}" = '-' ]; then + set -- zerotier-one "$@" +fi + +PHY_IFACE=eth0 +ZT_IFACE="zt+" +iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE +iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT +iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT + +exec "$@" diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index ecd8889..df5bbf1 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -1,9 +1,34 @@ #!/usr/bin/env sh +set -Eeo pipefail -PHY_IFACE=eth0 -ZT_IFACE="zt+" -iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE -iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT -iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT +if [ "${1:0:1}" = '-' ]; then + set -- zerotier-one "$@" +fi -zerotier-one $@ \ No newline at end of file +DEFAULT_PRIMARY_PORT=9993 +DEFAULT_PORT_MAPPING_ENABLED=true +DEFAULT_ALLOW_TCP_FALLBACK_RELAY=true + +MANAGEMENT_NETWORKS="" +if [ ! -z "$ZT_ALLOW_MANAGEMENT_FROM" ]; then + for NETWORK in ${ZT_ALLOW_MANAGEMENT_FROM//,/$IFS}; do + if [ -n "$MANAGEMENT_NETWORKS" ]; then + MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS}," + fi + MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS}\"${NETWORK}\"" + done +fi + +if [ "$ZT_OVERRIDE_LOCAL_CONF" = 'true' ] || [ ! -f "/var/lib/zerotier-one/local.conf" ]; then + echo "{ + \"settings\": { + \"primaryPort\": ${ZT_PRIMARY_PORT:-$DEFAULT_PRIMARY_PORT}, + \"portMappingEnabled\": ${ZT_PORT_MAPPING_ENABLED:-$DEFAULT_PORT_MAPPING_ENABLED}, + \"softwareUpdate\": \"disable\", + \"allowManagementFrom\": [${MANAGEMENT_NETWORKS}], + \"allowTcpFallbackRelay\": ${ZT_ALLOW_TCP_FALLBACK_RELAY:-$DEFAULT_ALLOW_TCP_FALLBACK_RELAY} + } + }" > /var/lib/zerotier-one/local.conf +fi + +exec "$@"