Commit Graph

111 Commits

Author SHA1 Message Date
e1e2c27461 Merge pull request #3 from zyclonite/main
bringing this repo up to date
2023-11-05 17:32:46 +11:00
6dcb6a75d0 upgrade to 1.12.2 2023-09-14 13:26:33 -06:00
2e6bcb559f Merge pull request #24 from sinamics/patch-1
Release 1.12.1
1.12.1
2023-08-26 04:33:15 -07:00
bd65ec3868 update commit hash 2023-08-26 13:27:19 +02:00
c54e8dc4ba Update Dockerfile 2023-08-26 08:52:37 +02:00
e3c5953a16 upgrade to 1.12.0 1.12.0 2023-08-24 09:13:46 +02:00
efc6029f18 upgrade to 1.10.6 1.10.6 2023-03-23 20:34:47 +01:00
8dc3a0a48d upgrade to 1.10.5 1.10.5 2023-03-22 10:14:23 -06:00
6945be0e2f upgrade to 1.10.3 1.10.3 2023-02-16 08:53:14 +01:00
141c5e3897 Update Dockerfile 1.10.2 2022-11-01 21:26:02 +01:00
d45adf395d upgrade to 1.10.2 2022-11-01 14:24:38 -06:00
1741721037 Merge pull request #19 from Granga/patch-1
Fix a small typo.
2022-10-19 02:12:15 +02:00
4efd643813 Fix a small typo. 2022-10-18 23:21:59 +02:00
2686599248 upgrade gh actions 2022-10-17 10:47:45 -06:00
5548308e01 Merge pull request #16 from Paraphraser/20220803-entrypoint-router-main
unexpected script termination - entrypoint-router.sh
1.10.1
2022-08-03 11:58:05 +02:00
4d0f21c52b unexpected script termination - entrypoint-router.sh
Resolves issue raised in #15 where `entrypoint-router.sh` exits after
telling the pipe listener process to go away, with the result that the
temporary pipe file does not get cleaned up on a container restart.

> The temporary pipe file is not persisted so it will always get cleaned
 up when the container is terminated or recreated.

The pipe listener process exits automatically without needing any signal
from `entrypoint-router.sh` so the script lines doing that are removed.

Instead of creating the pipe file using `mktemp` with a random suffix,
the hard-coded name "/tmp/zerotier-ipc-log" will be used. The pipe file
is:

* still in `/tmp` so it is not persisted and will get cleaned up when
 the container is terminated.

* always initalised empty each time the script runs (important if the
 container restarts).

Fixes: #15

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-08-03 12:45:22 +10:00
4b546307ca Merge pull request #13 from bfg100k/master
Fixed firewall rules for inbound/outbound scenarios
2022-07-31 10:39:36 +02:00
a130232f3e fixed inbound / outbound drop rule order 2022-07-30 14:05:09 +10:00
4b154771fd Fixed firewall rules for inbound/outbound scenarios 2022-07-29 18:07:34 +10:00
6157fcb49b fix builds 2022-07-28 14:48:15 +02:00
030632aada Merge pull request #12 from Paraphraser/20220718-router-master
20220718 router master
2022-07-28 14:46:59 +02:00
09df8bf66e support three routing modes as proposed by @bfg100k
Adds `ZEROTIER_ONE_GATEWAY_MODE` variable. Supported values are
`inbound` (forward traffic from ZeroTier cloud to local interfaces),
`outbound` (forward traffic from local interfaces to ZeroTier cloud)
and `both` (bi-directional). Defaults to `inbound`.

Also checks for `net.ipv4.ip_forward=1`. If not enabled, falls back
to standard client mode.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-27 21:58:39 +10:00
1ae368044b refactor documentation to separate zerotier-router into separate readme
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:13:36 +10:00
41d4501593 Improve entrypoint-router.sh:
- Remove redundant echo statements
- Improve comments
- Rename `PIPE` to `TAIL_PIPE` to clarify purpose
- Remove traps used during testing and consolidate on INT TERM and HUP
 (TERM being the usual case)
- Normal exit when ZeroTier aborts or exits just calls termination
handler
- Termination handler unconditionally removes iptables rules but
conditionally clobbers processes.
- All logging includes date.

Tested combination of waiting on ZeroTier + TERM trap correctly
handling:

1. Docker commands to restart, terminate, recreate, stack down, etc.
2. A reboot while the container is running (assuming restart unless
stopped).
3. External action clobbering the ZeroTier daemon.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:09:06 +10:00
9b98b470f8 Change ZEROTIER_ONE_NETWORK_ID to ZEROTIER_ONE_NETWORK_IDS so more
than one network can be specified as defaults.

First cut at improved launch/tear-down so iptables entries do not get
duplicated, especially if the zerotier daemon quits because networking
has not come up properly after a reboot.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-22 13:50:28 +10:00
7f6239fae4 update documentation to describe router-mode environment variables
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:44:28 +10:00
226cf83004 add example docker-compose service definition for router
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:42:58 +10:00
f28b665afd Extend router launch script:
1. Support `ZEROTIER_ONE_USE_IPTABLES_NFT` environment variable. If
omitted or has any value other than `true`, `iptables` is used
(maintains backwards compatibility). If `true`, substitutes
`iptables-nft`. This definitely seems to be necessary on Raspberry Pi
running Bullseye.
2. Support `ZEROTIER_ONE_LOCAL_PHYS` environment variable. Defaults to
`eth0` if omitted (maintains backwards compatibility). Allows for
overriding to `wlan0` (eg Raspberry Pi Zero 2W), or both `eth0 wlan0` to
support multiple subnets or failover modes, or similar situations (eg
extra network interface cards).
3. Support `ZEROTIER_ONE_NETWORK_ID` as an alternative to the `join`
command. Means container will always fail safe if its persistent storage
is erased - will look like a new identity but can be authorised and
will then be reachable for additional configuration.
4. Support `PUID` + `PGID` environment variables. Default to 999 and
994, respectively, mimicking what happens on a "native" install of
ZeroTier-One (on a Raspberry Pi).
5. Perform unconditional reset of ownership (PUID:PGID) throughout
persistent store on each launch. This avoids many permission problems
that can sometimes occur in docker environments.
6. Add launch message with date. Assists in assessing recency of
"sendto: Network unreachable" messages that can occur after a reboot
where the container resumes before networking is available.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:41:38 +10:00
bf15adc4ce timezone support
Adding `tzdata` to Dockerfile.router activates TZ environment variable.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 15:58:18 +10:00
ddb2636141 rename "bridge" to "router"
1. Rename files with "bridge" in the name to "router".
2. Edit file contents referring to "bridge" so they refer to "router".
3. Update README to reflect this change, plus point to the relevant
link in the ZeroTier documentation.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-18 16:03:36 +10:00
a69a1b57ca upgrade to 1.10.1 2022-07-01 00:15:27 +02:00
90e425bdd7 update gh actions 2022-06-21 16:56:05 +02:00
e238c36f28 upgrade to 1.10.0 1.10.0 2022-06-14 10:13:17 +02:00
a793e8b971 upgrade gh actions to ubuntu 22.04 2022-06-13 08:01:35 +02:00
43de76e5ea proper variant tagging 2022-06-12 23:11:47 +02:00
97d63e4637 fix manifest creation 2022-06-12 21:50:15 +02:00
6f866c1c0b cleanup 2022-06-12 20:33:21 +02:00
4767514530 copy missing scripts 2022-06-12 19:30:07 +02:00
52ee605ed1 add entrypoint and define env variables to override local settings 2022-06-12 17:53:02 +02:00
e2a1c86072 disable sso 1.8.10 2022-05-24 14:13:25 +02:00
d560485234 Update Dockerfile 2022-05-16 21:42:01 +02:00
7df4c4a138 upgrade to 1.8.9 1.8.9 2022-04-28 09:50:00 +02:00
79d54a0413 Update Dockerfile 1.8.8 2022-04-12 08:33:08 +02:00
b94f10f9e6 upgrade to version 1.8.7 1.8.7 2022-03-30 22:32:25 +02:00
285dacd2aa switch to the correct commit id for 1.8.6 1.8.6 2022-03-11 08:23:47 +01:00
7509eb2658 1.8.6 2022-03-10 16:18:46 +01:00
9263237d27 Update Dockerfile 1.8.5 2022-03-04 08:23:39 +01:00
a4d92b7050 fix build 2022-03-03 16:39:53 +01:00
1cefbf3f6d version 1.8.5 2022-03-03 15:09:40 +01:00
c3ceacd36a add net_raw cap for bridge mode, seems to be not a default for podman on fedora 2022-01-31 11:58:07 +01:00