Add docker

2024-07-04 14:43:27 +02:00 · 2024-07-04 14:43:27 +02:00 · 68eede42b2
commit 68eede42b2
parent edbb5fc644
9 changed files with 104 additions and 65 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,2 @@
+config
+wg-pn.conf
--- a/config.toml
+++ b/config.toml
@ -1,32 +0,0 @@
-local = "net1"
-
-
-[network.net1]
-local_range = "192.168.1.0/30"
-local_translated_range = "192.168.51.0/30"
-
-private_key = "priv"
-public_key = "pub"
-listen_port = 51820
-wireguard_address = "172.16.0.1/24"
-endpoint = "1.2.3.4:51820"
-
-[network.net2]
-local_range = "192.168.1.0/30"
-local_translated_range = "192.168.64.0/30"
-
-private_key = "priv2"
-public_key = "pub2"
-listen_port = 51820
-wireguard_address = "172.16.0.2/24"
-endpoint = "1.2.3.5:51820"
-
-[network.net3]
-local_range = "192.168.1.0/30"
-local_translated_range = "192.168.128.0/30"
-untranslated_networks = "10.255.0.0/24"
-
-private_key = "priv3"
-public_key = "pub3"
-listen_port = 51820
-wireguard_address = "172.16.0.3/24"
--- a/config/config.toml
+++ b/config/config.toml
@ -0,0 +1,15 @@
+[network.net1]
+local_range = "172.20.1.0/24"
+local_translated_range = "172.21.1.0/24"
+
+public_key = "N2LlL0Ievsjv/ea/VDpJcivYL6hfYxdcD3W54kmjaEU="
+wireguard_address = "10.0.0.1/24"
+endpoint = "172.20.0.11:51820"
+
+[network.net2]
+local_range = "172.20.2.0/24"
+local_translated_range = "172.22.1.0/24"
+
+public_key = "cisk8cRCQZaOxn6VaFVnpCYsamBp9iVLvhs4DtmnjS4="
+wireguard_address = "10.0.0.2/24"
+endpoint = "172.20.0.12:51820"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,51 @@
+services:
+  polyculenetwork1:
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile
+    container_name: polyculenetwork1
+    volumes:
+      - "./config/config.toml:/config.toml"
+    environment:
+      - LOCAL_NETWORK=net1
+      - PRIVATE_KEY=YLxXnAcelMMkanrdSHuci9ZSJyKQpRn7PdJK96IllV4=
+      - LISTEN_PORT=51820
+    cap_add:
+      - NET_ADMIN
+    networks:
+      net1:
+        ipv4_address: 172.20.1.11
+      internet:
+        ipv4_address: 172.20.0.11
+
+  polyculenetwork2:
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile
+    container_name: polyculenetwork2
+    volumes:
+      - "./config/config.toml:/config.toml"
+    environment:
+      - LOCAL_NETWORK=net2
+      - PRIVATE_KEY=OCllQNCxX5DxcJSEsjkvsWCry1FOnWe+aCupwEByFmk=
+    cap_add:
+      - NET_ADMIN
+    networks:
+      net2:
+        ipv4_address: 172.20.2.12
+      internet:
+        ipv4_address: 172.20.0.12
+
+networks:
+  net1:
+    ipam:
+      config:
+        - subnet: 172.20.1.0/24
+  net2:
+    ipam:
+      config:
+        - subnet: 172.20.2.0/24
+  internet:
+    ipam:
+      config:
+        - subnet: 172.20.0.0/24
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -0,0 +1,8 @@
+FROM python:3.11-alpine
+ENV PYTHONUNBUFFERED=1
+RUN pip install poetry
+RUN apk add nftables wireguard-tools
+WORKDIR /code
+COPY . /code/
+RUN poetry install
+CMD docker/entrypoint.sh
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -0,0 +1,5 @@
+#!/bin/sh
+
+poetry run python load.py
+wg-quick up ./wg-pn.conf
+sleep infinity
--- a/load.py
+++ b/load.py
@ -20,7 +20,7 @@ import tomllib
 import jinja2


-dry_run = True
+dry_run = False
 if dry_run:
    run = print
 else:
@ -32,27 +32,27 @@ def load_config(path):
        return data

 def load_firewall():
-    data = load_config("config.toml")
+    data = load_config("/config.toml")

-    run("sudo nft -f templates/rules.nft")
+    run("nft -f templates/rules.nft")

    networks = data["network"].keys()

-    local_network = data["local"]
+    local_network = os.environ.get('LOCAL_NETWORK')
    remote_networks = list(filter(lambda k: k != local_network, networks))

    local_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_range"]))
    local_translated_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_translated_range"]))
    remote_ranges = [str(ipaddress.IPv4Network(data["network"][net]["local_translated_range"])) for net in remote_networks]

-    run(f"sudo nft add element ip filter local_range {{ {local_range} }}")
-    run(f"sudo nft add element ip filter local_translated_range {{ {local_translated_range} }}")
+    run(f"nft add element ip filter local_range {{ {local_range} }}")
+    run(f"nft add element ip filter local_translated_range {{ {local_translated_range} }}")
    for net in remote_ranges:
-        run(f"sudo nft add element ip filter remote_range {{ {net} }}")
+        run(f"nft add element ip filter remote_range {{ {net} }}")

    for (loc, trans) in zip(ipaddress.IPv4Network(local_range), ipaddress.IPv4Network(local_translated_range)):
-        run(f"sudo nft add element ip filter ip_map_dnat {{ {loc} : {trans} }}")
-        run(f"sudo nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}")
+        run(f"nft add element ip filter ip_map_snat {{ {loc} : {trans} }}")
+        run(f"nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}")


 def load_wireguard():
@ -63,9 +63,9 @@ def load_wireguard():
    peers = []


-    data = load_config("config.toml")
+    data = load_config("/config.toml")
    networks = data["network"].keys()
-    local_network = data["local"]
+    local_network = os.environ.get('LOCAL_NETWORK')
    remote_networks = list(filter(lambda k: k != local_network, networks))
    for net in remote_networks:
        peer = {
@ -88,10 +88,11 @@ def load_wireguard():

    with open("wg-pn.conf", "w") as f:
        f.write(template.render(
-            private_key=data["network"][local_network]["private_key"],
-            listen_port=data["network"][local_network]["listen_port"],
+            private_key=os.environ.get('PRIVATE_KEY'),
+            listen_port=os.environ.get('LISTEN_PORT', "51820"),
            wireguard_address=data["network"][local_network]["wireguard_address"],
            peers=peers
        ))

-load_firewall()
+load_firewall()
+load_wireguard()
--- a/poetry.lock
+++ b/poetry.lock
@ -1,14 +1,14 @@
-# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.

 [[package]]
 name = "jinja2"
-version = "3.1.3"
+version = "3.1.4"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"},
-    {file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"},
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
 ]

 [package.dependencies]
@ -86,18 +86,7 @@ files = [
    {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"},
 ]

-[[package]]
-name = "toml"
-version = "0.10.2"
-description = "Python Library for Tom's Obvious, Minimal Language"
-optional = false
-python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
-files = [
-    {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
-    {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
-]
-
 [metadata]
 lock-version = "2.0"
-python-versions = "^3.9"
-content-hash = "da9d08994a725c881cc7a63ecde92b65151defd09f826417f8d27b15d9cd97d7"
+python-versions = "^3.11"
+content-hash = "c3237c8f339183364bdecaf2f59aee1f02a0099374326b5e0b314c04c07d8448"
--- a/pyproject.toml
+++ b/pyproject.toml
@ -7,9 +7,9 @@ readme = "README.md"
 package-mode = false

 [tool.poetry.dependencies]
-python = "^3.9"
+python = "^3.11"
 Jinja2 = "^3.1.3"
-toml = "^0.10.2"
+# toml = "^0.10.2"

 [build-system]
 requires = ["poetry-core"]