diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..87b90d36 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,60 @@ +name: Docker Build + +on: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + packages: write + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-docker: + name: Build Docker Package + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Build and push + uses: docker/build-push-action@v6 + id: docker_build + with: + context: . + file: ./contrib/docker/Dockerfile.multiarch + platforms: linux/amd64,linux/arm64,linux/armhf,linux/armel + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + provenance: false \ No newline at end of file diff --git a/contrib/docker/Dockerfile.multiarch b/contrib/docker/Dockerfile.multiarch new file mode 100644 index 00000000..94474610 --- /dev/null +++ b/contrib/docker/Dockerfile.multiarch @@ -0,0 +1,29 @@ +# syntax=docker/dockerfile:1 +FROM --platform=$BUILDPLATFORM docker.io/golang:alpine as builder + +COPY . /src +WORKDIR /src + +ARG TARGETOS +ARG TARGETARCH +ENV CGO_ENABLED=0 +ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH} + +RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} apk add git && ./build && go build -o /src/genkeys cmd/genkeys/main.go + +FROM docker.io/alpine + +COPY --from=builder /src/yggdrasil /usr/bin/yggdrasil +COPY --from=builder /src/yggdrasilctl /usr/bin/yggdrasilctl +COPY --from=builder /src/genkeys /usr/bin/genkeys +COPY contrib/docker/entrypoint.sh /usr/bin/entrypoint.sh + +# RUN addgroup -g 1000 -S yggdrasil-network \ +# && adduser -u 1000 -S -g 1000 --home /etc/yggdrasil-network yggdrasil-network +# +# USER yggdrasil-network +# TODO: Make running unprivileged work + +VOLUME [ "/etc/yggdrasil-network" ] + +ENTRYPOINT [ "/usr/bin/entrypoint.sh" ] diff --git a/contrib/docker/entrypoint.sh b/contrib/docker/entrypoint.sh index 26c685a8..c08b58ff 100755 --- a/contrib/docker/entrypoint.sh +++ b/contrib/docker/entrypoint.sh @@ -9,5 +9,10 @@ if [ ! -f "$CONF_DIR/config.conf" ]; then yggdrasil --genconf > "$CONF_DIR/config.conf" fi +if [ -n "$ALLOW_IPV6_FORWARDING" ]; then + echo "set sysctl -w net.ipv6.conf.all.forwarding=1" + sysctl -w net.ipv6.conf.all.forwarding=1 +fi + yggdrasil --useconf < "$CONF_DIR/config.conf" exit $?