Skip to content

Commit

Permalink
Merge pull request netbirdio#5 from wiretrustee/signal-docker
Browse files Browse the repository at this point in the history
Building docker images for signal service
  • Loading branch information
braginini authored May 11, 2021
2 parents dc34bf5 + 9e09cf9 commit ba9bbcb
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 30 deletions.
14 changes: 13 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,22 @@ jobs:
-
name: Install modules
run: go mod tidy
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GITHUB_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
if: startsWith(github.ref, 'refs/tags/')
with:
version: latest
args: release --rm-dist
Expand Down
38 changes: 38 additions & 0 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,41 @@ nfpms:

scripts:
postinstall: "release_files/post_install.sh"
dockers:
- image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
goarch: amd64
use_buildx: true
dockerfile: Dockerfile
build_flag_templates:
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=maintainer=wiretrustee@wiretrustee.com"
- image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
goarch: arm64
use_buildx: true
dockerfile: Dockerfile
build_flag_templates:
- "--platform=linux/arm64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=maintainer=wiretrustee@wiretrustee.com"

docker_manifests:
- name_template: ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}
image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64

- name_template: ghcr.io/wiretrustee/wiretrustee:signal-latest
image_templates:
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
- ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
24 changes: 5 additions & 19 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,19 +1,5 @@
FROM docker.io/golang:1.16 AS build

WORKDIR /src

COPY go.mod .
COPY cmd .
COPY connection .
COPY iface .
COPY signal .
COPY util .
COPY main.go .

RUN go mod download
RUN go mod tidy
RUN go install .

FROM gcr.io/distroless/base
COPY --from=build /go/bin/wiretrustee /
ENTRYPOINT [ "/wiretrustee signal" ]
FROM gcr.io/distroless/base:debug
EXPOSE 10000
ENTRYPOINT [ "/go/bin/wiretrustee","signal" ]
CMD ["--log-level","DEBUG"]
COPY wiretrustee /go/bin/wiretrustee
29 changes: 19 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,11 @@ A WireGuard®-based mesh network that connects your devices into a single privat
For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server.
[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups.

### What Wiretrustee is not doing (yet):
* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. However, the support for the key management feature is on our roadmap.
### What Wiretrustee is not doing:
* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step.
* Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee
The peer management assignment is on our roadmap too.

### Installation
### Client Installation
1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases)
2. Download the latest release:
```shell
Expand All @@ -36,7 +35,8 @@ wget https://github.com/wiretrustee/wiretrustee/releases/download/v0.0.4/wiretru
```shell
sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb
```
4. Initialize Wiretrustee:
### Client Configuration
1. Initialize Wiretrustee:
```shell
sudo wiretrustee init \
--stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
Expand All @@ -52,17 +52,26 @@ If for some reason, you already have a generated Wireguard key, you can specify
If not specified, then a new one will be generated, and its corresponding public key will be output to the log.
A new config will be generated and stored under ```/etc/wiretrustee/config.json```

5. Add a peer to connect to.
```
2. Add a peer to connect to.
```shell
sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
```

6. Restart Wiretrustee
3. Restart Wiretrustee to reload changes
```shell
sudo systemctl restart wiretrustee.service
sudo systemctl status wiretrustee.service
```

### Running the Signal service
We have packed the signal into docker images. You can pull the images from the Github registry and execute it with the following commands:
````shell
docker pull ghcr.io/wiretrustee/wiretrustee:signal-latest
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest
````
The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed:
````shell
docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest --log-level DEBUG
````
### Roadmap
* Android app
* Key and address management service with SSO

0 comments on commit ba9bbcb

Please sign in to comment.