extern/zerotier-docker
1
0
Fork 1
mirror of https://github.com/zyclonite/zerotier-docker.git synced 2024-12-12 17:30:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

add entrypoint and define env variables to override local settings

Browse Source
This commit is contained in:
Lukas Prettenthaler 2022-06-12 17:53:02 +02:00
parent e2a1c86072
commit 52ee605ed1
No known key found for this signature in database
GPG Key ID: 58E5A82932BCE65D
4 changed files with 49 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -26,7 +26,7 @@ LABEL org.opencontainers.image.title="zerotier" \
org.opencontainers.image.licenses="MIT" \ org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.source="https://github.com/zyclonite/zerotier-docker" org.opencontainers.image.source="https://github.com/zyclonite/zerotier-docker"
COPY --from=builder /src/zerotier-one /usr/sbin/ COPY --from=builder /src/zerotier-one /src/scripts/entrypoint.sh /usr/sbin/
RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \ RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \
&& mkdir -p /var/lib/zerotier-one \ && mkdir -p /var/lib/zerotier-one \
@ -36,6 +36,6 @@ RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \
EXPOSE 9993/udp EXPOSE 9993/udp
ENTRYPOINT ["zerotier-one"] ENTRYPOINT ["entrypoint.sh"]
CMD ["-U"] CMD ["-U"]

4
Dockerfile.bridge
View File

@ -8,10 +8,10 @@ RUN apk add --no-cache --purge --clean-protected iptables \
ENV LOG_PATH=/var/log/supervisor ENV LOG_PATH=/var/log/supervisor
COPY scripts /opt COPY scripts/entrypoint-bridge.sh /usr/sbin/
EXPOSE 9993/udp EXPOSE 9993/udp
ENTRYPOINT ["/opt/entrypoint.sh"] ENTRYPOINT ["entrypoint-bridge.sh"]
CMD ["-U"] CMD ["-U"]

14
scripts/entrypoint-bridge.sh Executable file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env sh
set -Eeo pipefail
if [ "${1:0:1}" = '-' ]; then
set -- zerotier-one "$@"
fi
PHY_IFACE=eth0
ZT_IFACE="zt+"
iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
exec "$@"

37
scripts/entrypoint.sh
View File

@ -1,9 +1,34 @@
#!/usr/bin/env sh #!/usr/bin/env sh
set -Eeo pipefail
PHY_IFACE=eth0 if [ "${1:0:1}" = '-' ]; then
ZT_IFACE="zt+" set -- zerotier-one "$@"
iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE fi
iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
zerotier-one $@ DEFAULT_PRIMARY_PORT=9993
DEFAULT_PORT_MAPPING_ENABLED=true
DEFAULT_ALLOW_TCP_FALLBACK_RELAY=true
MANAGEMENT_NETWORKS=""
if [ ! -z "$ZT_ALLOW_MANAGEMENT_FROM" ]; then
for NETWORK in ${ZT_ALLOW_MANAGEMENT_FROM//,/$IFS}; do
if [ -n "$MANAGEMENT_NETWORKS" ]; then
MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS},"
fi
MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS}\"${NETWORK}\""
done
fi
if [ "$ZT_OVERRIDE_LOCAL_CONF" = 'true' ] || [ ! -f "/var/lib/zerotier-one/local.conf" ]; then
echo "{
\"settings\": {
\"primaryPort\": ${ZT_PRIMARY_PORT:-$DEFAULT_PRIMARY_PORT},
\"portMappingEnabled\": ${ZT_PORT_MAPPING_ENABLED:-$DEFAULT_PORT_MAPPING_ENABLED},
\"softwareUpdate\": \"disable\",
\"allowManagementFrom\": [${MANAGEMENT_NETWORKS}],
\"allowTcpFallbackRelay\": ${ZT_ALLOW_TCP_FALLBACK_RELAY:-$DEFAULT_ALLOW_TCP_FALLBACK_RELAY}
}
}" > /var/lib/zerotier-one/local.conf
fi
exec "$@"