add entrypoint and define env variables to override local settings

2024-12-12 09:20:55 +01:00 · 2022-06-12 17:53:02 +02:00 · 2022-06-12 17:53:02 +02:00 · 52ee605ed1
commit 52ee605ed1
parent e2a1c86072
4 changed files with 49 additions and 10 deletions
--- a/4
+++ b/4
@ -26,7 +26,7 @@ LABEL org.opencontainers.image.title="zerotier" \
      org.opencontainers.image.licenses="MIT" \
      org.opencontainers.image.source="https://github.com/zyclonite/zerotier-docker"

-COPY --from=builder /src/zerotier-one /usr/sbin/
+COPY --from=builder /src/zerotier-one /src/scripts/entrypoint.sh /usr/sbin/

 RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \
  && mkdir -p /var/lib/zerotier-one \
@ -36,6 +36,6 @@ RUN apk add --no-cache --purge --clean-protected libc6-compat libstdc++ \

 EXPOSE 9993/udp

-ENTRYPOINT ["zerotier-one"]
+ENTRYPOINT ["entrypoint.sh"]

 CMD ["-U"]
--- a/Dockerfile.bridge
+++ b/Dockerfile.bridge
@ -8,10 +8,10 @@ RUN apk add --no-cache --purge --clean-protected iptables \

 ENV LOG_PATH=/var/log/supervisor

-COPY scripts /opt
+COPY scripts/entrypoint-bridge.sh /usr/sbin/

 EXPOSE 9993/udp

-ENTRYPOINT ["/opt/entrypoint.sh"]
+ENTRYPOINT ["entrypoint-bridge.sh"]

 CMD ["-U"]
--- a/scripts/entrypoint-bridge.sh
+++ b/scripts/entrypoint-bridge.sh
@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+set -Eeo pipefail
+
+if [ "${1:0:1}" = '-' ]; then
+	set -- zerotier-one "$@"
+fi
+
+PHY_IFACE=eth0
+ZT_IFACE="zt+"
+iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
+iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
+
+exec "$@"
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@ -1,9 +1,34 @@
 #!/usr/bin/env sh
+set -Eeo pipefail

-PHY_IFACE=eth0
-ZT_IFACE="zt+"
-iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
-iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
+if [ "${1:0:1}" = '-' ]; then
+	set -- zerotier-one "$@"
+fi

-zerotier-one $@
+DEFAULT_PRIMARY_PORT=9993
+DEFAULT_PORT_MAPPING_ENABLED=true
+DEFAULT_ALLOW_TCP_FALLBACK_RELAY=true
+
+MANAGEMENT_NETWORKS=""
+if [ ! -z "$ZT_ALLOW_MANAGEMENT_FROM" ]; then
+  for NETWORK in ${ZT_ALLOW_MANAGEMENT_FROM//,/$IFS}; do
+    if [ -n "$MANAGEMENT_NETWORKS" ]; then
+      MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS},"
+    fi
+    MANAGEMENT_NETWORKS="${MANAGEMENT_NETWORKS}\"${NETWORK}\""
+  done
+fi
+
+if [ "$ZT_OVERRIDE_LOCAL_CONF" = 'true' ] || [ ! -f "/var/lib/zerotier-one/local.conf" ]; then
+  echo "{
+    \"settings\": {
+        \"primaryPort\": ${ZT_PRIMARY_PORT:-$DEFAULT_PRIMARY_PORT},
+        \"portMappingEnabled\": ${ZT_PORT_MAPPING_ENABLED:-$DEFAULT_PORT_MAPPING_ENABLED},
+        \"softwareUpdate\": \"disable\",
+        \"allowManagementFrom\": [${MANAGEMENT_NETWORKS}],
+        \"allowTcpFallbackRelay\": ${ZT_ALLOW_TCP_FALLBACK_RELAY:-$DEFAULT_ALLOW_TCP_FALLBACK_RELAY}
+    }
+  }" > /var/lib/zerotier-one/local.conf
+fi
+
+exec "$@"