Update to bullseye and s6

063f010a · micah · 843e753c · 063f010a · 843e753c · 843e753c
Commit 063f010a authored Mar 8, 2022 by micah
--- a/Dockerfile
+++ b/Dockerfile
-FROM debian:buster-backports AS build
-RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-build-essential pkg-config git ca-certificates \
-&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-t buster-backports golang-go \
+FROM debian:bullseye AS build
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
+  build-essential \
+  pkg-config \
+  git \
+  ca-certificates \
+  golang-go \
  && rm -rf /var/lib/apt/lists/*

-# don't need to do bash tricks to keep the layers small, as this is a multi-stage build
 ENV GOPATH=/go
 WORKDIR $GOPATH
 RUN git clone https://github.com/OperatorFoundation/shapeshifter-dispatcher /shapeshifter-dispatcher && cd /shapeshifter-dispatcher && go build
@@ -13,19 +15,25 @@ RUN strip /shapeshifter-dispatcher/shapeshifter-dispatcher
 RUN go get -u github.com/kumina/openvpn_exporter
 RUN strip $GOPATH/bin/openvpn_exporter

-FROM registry.git.autistici.org/ai3/docker/chaperone-base:buster
+FROM registry.git.autistici.org/ai3/docker/s6-base
+RUN apt-get -q update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
+  libcap2-bin \
+  netcat-openbsd \
+  iptables \
+  iproute2 \
+  knot-resolver \
+  knot-resolver-module-http \
+  openvpn \
+  && rm -rf /var/lib/apt/lists/*
+
 COPY --from=build /shapeshifter-dispatcher/shapeshifter-dispatcher /usr/local/bin/shapeshifter-dispatcher
 COPY --from=build /go/bin/openvpn_exporter /usr/local/bin/openvpn_exporter
-COPY chaperone.d/ /etc/chaperone.d
-RUN echo "deb http://deb.debian.org/debian buster-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list
-RUN echo "deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_9.0/ /" > /etc/apt/sources.list.d/knot.list
-COPY cznic-obs.gpg /etc/apt/trusted.gpg.d
-RUN apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-libcap2-bin netcat-openbsd iptables iproute2 knot-resolver knot-resolver-module-http \
-&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-t buster-backports openvpn \
-&& rm -rf /var/lib/apt/lists/*
+
 RUN setcap cap_net_admin,cap_net_bind_service+ep /usr/sbin/openvpn
 RUN setcap cap_net_admin+ep /bin/ip
 RUN setcap cap_net_bind_service+ep /usr/sbin/kresd
 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy
+
+# S6 configuration
+COPY conf/ /etc/
--- a/chaperone.d/kres-cache-gc.conf
+++ b/chaperone.d/kres-cache-gc.conf
-kres-cache-gc.service: {
-     command: "/usr/sbin/kres-cache-gc -c /var/cache/knot-resolver -d 1000",
-     after: "knot-server.service",
-     exit_kills: false
-}
-
--- a/chaperone.d/kres.conf
+++ b/chaperone.d/kres.conf
-knot-server.service: {
-     command: "/usr/sbin/kresd -c /etc/knot-resolver/kresd.conf -n /var/cache/knot-resolver",
-     after: "openvpn-tcp-server.service",
-     exit_kills: true
-}
--- a/chaperone.d/openvpn.conf
+++ b/chaperone.d/openvpn.conf
-openvpn-tcp-server.service: {
-     command: "/usr/sbin/openvpn --syslog ovpn-tcp-server --cd /etc/openvpn --config /etc/openvpn/tcp.conf",
-     type: notify,
-     exit_kills: true
-}
-openvpn-udp-server.service: {
-     command: "/usr/sbin/openvpn --syslog ovpn-udp-server --cd /etc/openvpn --config /etc/openvpn/udp.conf",
-     type: notify,
-     exit_kills: true
-}
--- a/chaperone.d/openvpn_exporter.conf
+++ b/chaperone.d/openvpn_exporter.conf
-openvpn-exporter.service: {
-     command: "/usr/local/bin/openvpn_exporter -openvpn.status_paths /tmp/openvpn-status-tcp,/tmp/openvpn-status-udp",
-     after: "openvpn-tcp-server.service,openvpn-udp-server.service",
-     exit_kills: false
-}
--- a/chaperone.d/shapeshifter-dispatcher.conf
+++ b/chaperone.d/shapeshifter-dispatcher.conf
-shapeshifter-dispatcher.service: {
-     command: "/usr/local/bin/shapeshifter-dispatcher -transparent -server -state /srv/leap/shapeshifter-state -orport ${RHOST}:${RPORT} -transport obfs4 -bindhost ${LHOST} -bindport ${OBFSPORT} -extorport ${RHOST}:${EXTORPORT} -logLevel ${LOGLEVEL} -enableLogging",
-     exit_kills: true
-}
--- a/conf/services.d/kres-cache-gc/finish
+++ b/conf/services.d/kres-cache-gc/finish
+#!/usr/bin/execlineb -S0 
+
+s6-svscanctl -t /var/run/s6/services
--- a/conf/services.d/kres-cache-gc/run
+++ b/conf/services.d/kres-cache-gc/run
+#!/bin/sh
+
+echo "Starting kres-cache-gc"
+exec /usr/sbin/kres-cache-gc -c /var/cache/knot-resolver -d 1000
--- a/conf/services.d/kresd/finish
+++ b/conf/services.d/kresd/finish
+#!/usr/bin/execlineb -S0 
+
+s6-svscanctl -t /var/run/s6/services
--- a/conf/services.d/kresd/run
+++ b/conf/services.d/kresd/run
+#!/bin/sh
+
+echo "Starting kresd"
+exec /usr/sbin/kresd -c /etc/knot-resolver/kresd.conf -n /var/cache/knot-resolver
--- a/conf/services.d/openvpn-tcp/finish
+++ b/conf/services.d/openvpn-tcp/finish
+#!/usr/bin/execlineb -S0 
+
+echo "exiting openvpn: tcp"
+s6-svscanctl -t /var/run/s6/services
--- a/conf/services.d/openvpn-tcp/run
+++ b/conf/services.d/openvpn-tcp/run
+#!/bin/sh
+
+echo "Starting openvpn: tcp"
+exec /usr/sbin/openvpn --syslog ovpn-tcp-server --cd /etc/openvpn --config /etc/openvpn/tcp.conf
--- a/cznic-obs.gpg
+++ b/cznic-obs.gpg