122 lines
4.2 KiB
Docker
122 lines
4.2 KiB
Docker
FROM walt3rl/proton-privoxy AS proton
|
|
FROM jesec/rtorrent AS rtorrent
|
|
FROM debian
|
|
|
|
ARG PVPN_CLI_VER=2.2.12
|
|
ARG USERNAME=proton
|
|
|
|
ENV PVPN_USERNAME= \
|
|
PVPN_USERNAME_FILE= \
|
|
PVPN_PASSWORD= \
|
|
PVPN_PASSWORD_FILE= \
|
|
PVPN_TIER=2 \
|
|
PVPN_PROTOCOL=udp \
|
|
PVPN_TAGS="+pmp" \
|
|
PVPN_CMD_ARGS="connect --p2p --random" \
|
|
PVPN_DEBUG= \
|
|
HOST_NETWORK= \
|
|
DNS_SERVERS_OVERRIDE= \
|
|
PUID=1000 \
|
|
PGID=1000 \
|
|
PHOME=/home/${USERNAME} \
|
|
NATPMP_TIMEOUT=60 \
|
|
NATPMP_INTERVAL= \
|
|
MAX_UPTIME=
|
|
|
|
WORKDIR /root
|
|
COPY --from=rtorrent / /
|
|
|
|
RUN apt-get update -y \
|
|
&& apt-get upgrade -y \
|
|
&& apt-get install -y \
|
|
git \
|
|
iproute2 \
|
|
iptables \
|
|
natpmpc \
|
|
openvpn \
|
|
pipenv \
|
|
procps \
|
|
python3 \
|
|
python3-pip \
|
|
python3-setuptools \
|
|
sudo \
|
|
&& rm -rf /var/lib/apt/lists
|
|
|
|
RUN pip3 install --break-system-packages git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli
|
|
|
|
RUN mkdir /app
|
|
COPY --from=proton /app/proton-privoxy/run /app/proton
|
|
COPY --from=proton /root/.pvpn-cli/pvpn-cli.cfg.clean /root/.pvpn-cli/pvpn-cli.cfg
|
|
|
|
RUN \
|
|
sed -i \
|
|
-e "/^exec privoxy/d" \
|
|
-e "/^ln -s/d" \
|
|
/app/proton \
|
|
&& install -t /usr/local/bin /app/proton \
|
|
&& rm /app/proton
|
|
|
|
RUN printf "%s\n" \
|
|
"python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \
|
|
&& install -Dm 755 ./pvpn-cli /usr/local/bin \
|
|
&& rm ./pvpn-cli
|
|
|
|
RUN printf "%s\n" \
|
|
"#!/bin/bash" \
|
|
"groupadd --gid \$PGID ${USERNAME} > /dev/null" \
|
|
"useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \
|
|
"chown ${USERNAME} \$PHOME" \
|
|
'[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \
|
|
'if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then' \
|
|
" echo 'Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required.'" \
|
|
"exit 1" \
|
|
"fi" \
|
|
"" \
|
|
'if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then' \
|
|
"echo 'Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required.'" \
|
|
"exit 1" \
|
|
"fi" \
|
|
"" \
|
|
'[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")' \
|
|
'[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")' \
|
|
"pvpn-cli || exit" \
|
|
'ip link show proton0 > /dev/null 2>&1 || exit' \
|
|
'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \
|
|
'export NATPMP_INTERVAL="${NATPMP_INTERVAL:-$fallback}"' \
|
|
'echo "Opening a port using NAT-PMP for $NATPMP_TIMEOUT seconds…"' \
|
|
'output="$(natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT")"' \
|
|
'natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
|
|
'port="$(echo "$output" | grep -m 1 " public port [[:digit:]]\+ " | sed "s/.* public port \([[:digit:]]\+\).*/\\1/")"' \
|
|
'echo "Port $port has been opened for P2P data transfer!"' \
|
|
'echo "The NAT-PMP port forwarding will be updated every $NATPMP_INTERVAL seconds"' \
|
|
'export PEERPORT="$port"' \
|
|
"{" \
|
|
" while true" \
|
|
" do" \
|
|
' echo "Refreshing NAT-PMP port forwarding…"' \
|
|
' natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
|
|
' natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \
|
|
' echo "NAT-PMP port forwarding has been refreshed!"' \
|
|
' sleep "$NATPMP_INTERVAL"' \
|
|
" done" \
|
|
"} &" \
|
|
"set -m" \
|
|
'[ ${MAX_UPTIME:-0} -gt 0 ] && {' \
|
|
' sudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \
|
|
' pid=$!' \
|
|
' sleep "$MAX_UPTIME"' \
|
|
' pkill -9 $pid' \
|
|
'} || {' \
|
|
' sudo -u '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@' \
|
|
'}' > ./rtorrent-entrypoint \
|
|
&& install -Dm 755 ./rtorrent-entrypoint /usr/local/bin \
|
|
&& rm ./rtorrent-entrypoint
|
|
|
|
COPY pvpn-cli.py /app/pvpn-cli.py
|
|
|
|
#RUN apt-get update -y \
|
|
# && apt-get install -y sudo
|
|
# RUN echo "${USERNAME} ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
|
|
|
|
VOLUME [ "/proton" ]
|
|
ENTRYPOINT [ "rtorrent-entrypoint" ]
|