wip: dockerfile

This commit is contained in:
Christoph Haas 2020-11-10 09:57:49 +01:00
parent 07e7d1d6e9
commit 3cbc30fe48
5 changed files with 71 additions and 8 deletions

1
.gitignore vendored
View File

@ -27,6 +27,7 @@
*.iws *.iws
out/ out/
dist/ dist/
data/
ssh.key ssh.key
.testCoverage.txt .testCoverage.txt
wg_portal.db wg_portal.db

48
Dockerfile Normal file
View File

@ -0,0 +1,48 @@
# Dockerfile References: https://docs.docker.com/engine/reference/builder/
# This dockerfile uses a multi-stage build system to reduce the image footprint.
######-
# Start from the latest golang base image as builder image (only used to compile the code)
######-
FROM golang:1.15 as builder
RUN mkdir /build
# Copy the source from the current directory to the Working Directory inside the container
ADD . /build/
# Set the Current Working Directory inside the container
WORKDIR /build
# Build the Go app
RUN make build
######-
# Here starts the main image
######-
FROM debian:buster
# Setup timezone
ENV TZ=Europe/Vienna
# GOSS for container health checks
ENV GOSS_VERSION v0.3.14
RUN apt-get update && apt-get upgrade -y && \
apt-get install --no-install-recommends -y moreutils ca-certificates curl && \
rm -rf /var/cache/apt /var/lib/apt/lists/*; \
curl -L https://github.com/aelsabbahy/goss/releases/download/$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss && \
chmod +rx /usr/local/bin/goss && \
goss --version
COPY --from=builder /build/dist/wg-portal /app/
COPY --from=builder /build/dist/assets /app/assets
COPY --from=builder /build/scripts /app/
# Set the Current Working Directory inside the container
WORKDIR /app
# Command to run the executable
CMD [ "/app/wg-portal" ]
HEALTHCHECK --interval=1m --timeout=10s \
CMD /app/docker-healthcheck.sh

View File

@ -61,6 +61,7 @@ type Config struct {
MailFrom string `yaml:"mailfrom" envconfig:"MAIL_FROM"` MailFrom string `yaml:"mailfrom" envconfig:"MAIL_FROM"`
AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // optional, non LDAP admin user AdminUser string `yaml:"adminUser" envconfig:"ADMIN_USER"` // optional, non LDAP admin user
AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"` AdminPassword string `yaml:"adminPass" envconfig:"ADMIN_PASS"`
DatabasePath string `yaml:"database" envconfig:"DATABASE_PATH"`
} `yaml:"core"` } `yaml:"core"`
Email MailConfig `yaml:"email"` Email MailConfig `yaml:"email"`
LDAP ldap.Config `yaml:"ldap"` LDAP ldap.Config `yaml:"ldap"`
@ -79,12 +80,14 @@ func NewConfig() *Config {
cfg.Core.MailFrom = "WireGuard VPN <noreply@company.com>" cfg.Core.MailFrom = "WireGuard VPN <noreply@company.com>"
cfg.Core.AdminUser = "" // non-ldap admin access is disabled by default cfg.Core.AdminUser = "" // non-ldap admin access is disabled by default
cfg.Core.AdminPassword = "" cfg.Core.AdminPassword = ""
cfg.Core.DatabasePath = "data/wg_portal.db"
cfg.LDAP.URL = "ldap://srv-ad01.company.local:389" cfg.LDAP.URL = "ldap://srv-ad01.company.local:389"
cfg.LDAP.BaseDN = "DC=COMPANY,DC=LOCAL" cfg.LDAP.BaseDN = "DC=COMPANY,DC=LOCAL"
cfg.LDAP.StartTLS = true cfg.LDAP.StartTLS = true
cfg.LDAP.BindUser = "company\\\\ldap_wireguard" cfg.LDAP.BindUser = "company\\\\ldap_wireguard"
cfg.LDAP.BindPass = "SuperSecret" cfg.LDAP.BindPass = "SuperSecret"
cfg.WG.DeviceName = "wg0" cfg.WG.DeviceName = "wg0"
cfg.WG.WireGuardConfig = "/etc/wireguard/wg0.conf"
cfg.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL" cfg.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL"
cfg.Email.Host = "127.0.0.1" cfg.Email.Host = "127.0.0.1"
cfg.Email.Port = 25 cfg.Email.Port = 25

View File

@ -79,6 +79,11 @@ type Server struct {
} }
func (s *Server) Setup() error { func (s *Server) Setup() error {
dir := s.getExecutableDirectory()
rDir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
log.Infof("Real working directory: %s", rDir)
log.Infof("Current working directory: %s", dir)
// Init rand // Init rand
rand.Seed(time.Now().UnixNano()) rand.Seed(time.Now().UnixNano())
@ -102,7 +107,7 @@ func (s *Server) Setup() error {
} }
// Setup user manager // Setup user manager
if s.users = NewUserManager(s.wg, s.ldapUsers); s.users == nil { if s.users = NewUserManager(filepath.Join(dir, s.config.Core.DatabasePath), s.wg, s.ldapUsers); s.users == nil {
return errors.New("unable to setup user manager") return errors.New("unable to setup user manager")
} }
if err := s.users.InitFromCurrentInterface(); err != nil { if err := s.users.InitFromCurrentInterface(); err != nil {
@ -112,10 +117,7 @@ func (s *Server) Setup() error {
return errors.New("unable to restore wirguard state") return errors.New("unable to restore wirguard state")
} }
dir := s.getExecutableDirectory() // Setup mail template
rDir, _ := filepath.Abs(filepath.Dir(os.Args[0]))
log.Infof("Real working directory: %s", rDir)
log.Infof("Current working directory: %s", dir)
var err error var err error
s.mailTpl, err = template.New("email.html").ParseFiles(filepath.Join(dir, "/assets/tpl/email.html")) s.mailTpl, err = template.New("email.html").ParseFiles(filepath.Join(dir, "/assets/tpl/email.html"))
if err != nil { if err != nil {

View File

@ -6,6 +6,8 @@ import (
"errors" "errors"
"fmt" "fmt"
"net" "net"
"os"
"path/filepath"
"reflect" "reflect"
"regexp" "regexp"
"sort" "sort"
@ -281,12 +283,19 @@ type UserManager struct {
ldapUsers *ldap.SynchronizedUserCacheHolder ldapUsers *ldap.SynchronizedUserCacheHolder
} }
func NewUserManager(wg *wireguard.Manager, ldapUsers *ldap.SynchronizedUserCacheHolder) *UserManager { func NewUserManager(dbPath string, wg *wireguard.Manager, ldapUsers *ldap.SynchronizedUserCacheHolder) *UserManager {
um := &UserManager{wg: wg, ldapUsers: ldapUsers} um := &UserManager{wg: wg, ldapUsers: ldapUsers}
var err error var err error
um.db, err = gorm.Open(sqlite.Open("wg_portal.db"), &gorm.Config{}) if _, err = os.Stat(filepath.Dir(dbPath)); os.IsNotExist(err) {
if err = os.MkdirAll(filepath.Dir(dbPath), 0700); err != nil {
log.Errorf("failed to create database directory (%s): %v", filepath.Dir(dbPath), err)
return nil
}
}
um.db, err = gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
if err != nil { if err != nil {
log.Errorf("failed to open sqlite database: %v", err) log.Errorf("failed to open sqlite database (%s): %v", dbPath, err)
return nil return nil
} }