From 48f9de3b5c994f1a3be34d95cd1a0156c61a94e9 Mon Sep 17 00:00:00 2001
From: Dmitriy Pervin <theforner@gmail.com>
Date: Tue, 2 Sep 2025 00:31:12 +0500
Subject: [PATCH 1/3] Add Docker multiarch support

---
 .github/workflows/docker.yml        | 60 +++++++++++++++++++++++++++++
 contrib/docker/Dockerfile.multiarch | 29 ++++++++++++++
 contrib/docker/entrypoint.sh        |  5 +++
 3 files changed, 94 insertions(+)
 create mode 100644 .github/workflows/docker.yml
 create mode 100644 contrib/docker/Dockerfile.multiarch

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 00000000..87b90d36
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,60 @@
+name: Docker Build
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-docker:
+    name: Build Docker Package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        id: docker_build
+        with:
+          context: .
+          file: ./contrib/docker/Dockerfile.multiarch
+          platforms: linux/amd64,linux/arm64,linux/armhf,linux/armel
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: false
\ No newline at end of file
diff --git a/contrib/docker/Dockerfile.multiarch b/contrib/docker/Dockerfile.multiarch
new file mode 100644
index 00000000..94474610
--- /dev/null
+++ b/contrib/docker/Dockerfile.multiarch
@@ -0,0 +1,29 @@
+# syntax=docker/dockerfile:1
+FROM --platform=$BUILDPLATFORM docker.io/golang:alpine as builder
+
+COPY . /src
+WORKDIR /src
+
+ARG TARGETOS
+ARG TARGETARCH
+ENV CGO_ENABLED=0
+ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH}
+
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go
+
+FROM docker.io/alpine
+
+COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil
+COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl
+COPY --from=builder /src/genkeys /usr/bin/genkeys
+COPY contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh
+
+# RUN addgroup -g 1000 -S yggdrasil-network \
+#  && adduser -u 1000 -S -g 1000 --home /etc/yggdrasil-network yggdrasil-network
+#
+# USER yggdrasil-network
+# TODO: Make running unprivileged work
+
+VOLUME [ "/etc/yggdrasil-network" ]
+
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]
diff --git a/contrib/docker/entrypoint.sh b/contrib/docker/entrypoint.sh
index 26c685a8..c08b58ff 100755
--- a/contrib/docker/entrypoint.sh
+++ b/contrib/docker/entrypoint.sh
@@ -9,5 +9,10 @@ if [ ! -f "$CONF_DIR/config.conf" ]; then
   yggdrasil --genconf > "$CONF_DIR/config.conf"
 fi
 
+if [ -n "$ALLOW_IPV6_FORWARDING" ]; then
+  echo "set sysctl -w net.ipv6.conf.all.forwarding=1"
+  sysctl -w net.ipv6.conf.all.forwarding=1
+fi
+
 yggdrasil --useconf < "$CONF_DIR/config.conf"
 exit $?

From 4c71e89b11dfc5be9391247966a5a903184ad328 Mon Sep 17 00:00:00 2001
From: Dmitriy Pervin <theforner@gmail.com>
Date: Tue, 2 Sep 2025 04:28:15 +0500
Subject: [PATCH 2/3] Update Dockerfile.multiarch

---
 contrib/docker/Dockerfile.multiarch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/docker/Dockerfile.multiarch b/contrib/docker/Dockerfile.multiarch
index 94474610..ee72fd10 100644
--- a/contrib/docker/Dockerfile.multiarch
+++ b/contrib/docker/Dockerfile.multiarch
@@ -9,7 +9,7 @@ ARG TARGETARCH
 ENV CGO_ENABLED=0
 ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH}
 
-RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go
+RUN apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go
 
 FROM docker.io/alpine
 

From ef164c1474ed98c357f093b1d0736ed0b38fd27e Mon Sep 17 00:00:00 2001
From: Dmitriy Pervin <theforner@gmail.com>
Date: Tue, 2 Sep 2025 04:52:22 +0500
Subject: [PATCH 3/3] Update docker.yml

---
 .github/workflows/docker.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 87b90d36..a7d6e661 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -2,6 +2,9 @@ name: Docker Build
 
 on:
   workflow_dispatch:
+  push:
+    branches: [ main, master ]
+    tags: [ 'v*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -40,7 +43,6 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=latest
             type=ref,event=tag
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}