From 87b63045f52d92892f640ef7de2ecb6f1b5b77a9 Mon Sep 17 00:00:00 2001 From: pstruebi Date: Thu, 27 Mar 2025 17:30:15 +0100 Subject: [PATCH] update docker configuration --- .gitignore | 1 + Dockerfile | 6 ++++ docker-compose.yaml | 57 +++++++++++++++--------------- wg_config/wg_confs/peer_raspi.conf | 11 ------ 4 files changed, 35 insertions(+), 40 deletions(-) delete mode 100644 wg_config/wg_confs/peer_raspi.conf diff --git a/.gitignore b/.gitignore index b5cff35..6479242 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ __pycache__/ # Exclude .env file from all platforms */.env +wg_config/wg_confs/ diff --git a/Dockerfile b/Dockerfile index d7619cc..db9ae5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,12 @@ # TODO: investigate using -alpine in the future FROM python:3.11 +# Install system dependencies and poetry +RUN apt-get update && apt-get install -y \ + iputils-ping \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + WORKDIR /usr/src/app COPY ./pyproject.toml . diff --git a/docker-compose.yaml b/docker-compose.yaml index d0896bb..b2bd8da 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,28 +1,28 @@ services: - # multicaster: - # # TODO: make this more restricitive in the future - # privileged: true # Grants full access to all devices (for serial access) - # restart: unless-stopped - # #ports: - # # - "5000:5000" # make the multicaster also reachable from the host - # build: - # dockerfile: Dockerfile - # ssh: - # #- default=~/.ssh/id_ed25519 #lappi - # - default=~/.ssh/id_rsa #raspi - # volumes: - # - "/dev/serial:/dev/serial" - # #devices: - # # - /dev/serial/by-id/usb-ZEPHYR_Zephyr_HCI_UART_sample_81BD14B8D71B5662-if00 - # environment: - # LOG_LEVEL: INFO + multicaster: + container_name: multicaster + # TODO: make this more restricitive in the future + privileged: true # Grants full access to all devices (for serial access) + restart: unless-stopped + network_mode: service:wireguard + #ports: + # - "5000:5000" + build: + dockerfile: Dockerfile + ssh: + - default=~/.ssh/id_ed25519 #lappi + #- default=~/.ssh/id_rsa #raspi + volumes: + - "/dev/serial:/dev/serial" + #devices: + # - /dev/serial/by-id/usb-ZEPHYR_Zephyr_HCI_UART_sample_81BD14B8D71B5662-if00 + environment: + LOG_LEVEL: INFO - # network_mode: service:wireguard - - # command: python ./auracast/multicast_server.py - # #command: python ./auracast/multicast.py # continously streaming test app - # #networks: - # # - default + #vpn only seems to initiate handshake after some outgoing connection is being made + command: > + bash -c "(while true; do ping -c 1 vpn.pstruebi.xyz || echo 'Ping failed'; sleep 60; done) & python ./auracast/multicast_server.py" + #command: python ./auracast/multicast.py # continously streaming test app wireguard: # TODO: make all privileges in this compose file as tight as possible image: lscr.io/linuxserver/wireguard:latest @@ -47,15 +47,14 @@ services: - ./wg_config:/config - /lib/modules:/lib/modules #optional ports: - - 51820:51820/udp # TODO: nececcarry ? - #- "5000:5000" # make the multicaster also reachable from the host - + #- 51820:51820/udp + - 51821:51821/udp # just a workaround if another wireguard client is already running - make sure to change in .conf file too + #- 5000:5000 # make the multicaster also reachable from the host - TODO: this should be removed for production sysctls: - net.ipv4.conf.all.src_valid_mark=1 networks: - default - #- vpn + +# place corresponding peer config for each peer in wg_confs # use docker compose up --build --remove-orphans -networks: - vpn: \ No newline at end of file diff --git a/wg_config/wg_confs/peer_raspi.conf b/wg_config/wg_confs/peer_raspi.conf deleted file mode 100644 index 8df0777..0000000 --- a/wg_config/wg_confs/peer_raspi.conf +++ /dev/null @@ -1,11 +0,0 @@ -[Interface] -Address = 10.13.13.2 -PrivateKey = WJkEh2FDxJxNnqvVyjOs7acI+RlT63zdQ3wrKbi1oE4= -ListenPort = 51820 -DNS = 10.13.13.1 - -[Peer] -PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0= -PresharedKey = YmLbW5O76gRlFvnA/ifRpk1Yiao+SilOJDya0K6bjBo= -Endpoint = vpn-hinterwaldner.duckdns.org:51821 -AllowedIPs = 0.0.0.0/0