docker-wireguard-client/Dockerfile

FROM ich777/debian-baseimage

LABEL org.opencontainers.image.authors="admin@minenet.at"
LABEL org.opencontainers.image.source="https://git.minenet.at/ich777/docker-wireguard-client"

RUN apt-get update && \
	apt-get -y install --no-install-recommends wireguard iproute2 iptables iputils-ping sudo socat && \
	apt-get -y install resolvconf || true && \
	rm -rf /var/lib/dpkg/info/resolvconf.* && \
	sed -i '/net\.ipv4\.conf\.all\.src_valid_mark=1/s/^/# /' /usr/bin/wg-quick && \
	sed -i '/secure_path=/a Defaults        env_keep += "ALLOWED_CIDR"' /etc/sudoers && \
	rm -rf initrd.img initrd.img.old vmlinuz vmlinuz.old /boot && \
	rm -rf /var/lib/apt/lists/*

RUN wget -O /tmp/gotty.tar.gz https://github.com/sorenisanerd/gotty/releases/download/v1.5.0/gotty_v1.5.0_linux_amd64.tar.gz && \
	tar -C /usr/bin/ -xvf /tmp/gotty.tar.gz && \
	rm -rf /tmp/gotty.tar.gz

ENV DATA_DIR="/wireguard"
ENV ALLOWED_CIDR="192.168.1.0/24 172.17.0.0/24"
ENV CONNECTED_CONTAINERS=""
ENV UMASK=000
ENV UID=99
ENV GID=100
ENV DATA_PERM=770
ENV USER="wireguard"

RUN mkdir $DATA_DIR && \
	useradd -d $DATA_DIR -s /bin/bash $USER && \
	chown -R $USER $DATA_DIR && \
	ulimit -n 2048

ADD /scripts/ /opt/scripts/
COPY /wrapper/ /usr/local/bin/

RUN chmod -R 770 /opt/scripts/ && \
	chmod +x /usr/local/bin/iptables-wg

#Server Start
ENTRYPOINT ["/opt/scripts/start.sh"]