CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docker build setup

Browse Source
This commit is contained in:
Yuri Tatishchev 2024-12-24 03:23:58 -08:00
parent 7b3c45d845
commit c734b445a8
Signed by: CaZzzer
GPG Key ID: E0EBF441EA424369
9 changed files with 126 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.dockerignore Normal file
View File

@ -0,0 +1,33 @@
node_modules
# Output
.output
.vercel
/.svelte-kit
/build
# OS
.DS_Store
Thumbs.db
# Env
.env
.env.*
!.env.example
!.env.test
# Vite
vite.config.js.timestamp-*
vite.config.ts.timestamp-*
# SQLite
*.db
# Git
/.git
# IntelliJ
/.idea
# Bruno (API Docs)
/bruno

2
.env.example
View File

@ -16,3 +16,5 @@ IP_MAX_INDEX=100
VPN_ENDPOINT=vpn.lab.cazzzer.com:51820 VPN_ENDPOINT=vpn.lab.cazzzer.com:51820
VPN_DNS=10.18.11.1,fd00:10:18:11::1 VPN_DNS=10.18.11.1,fd00:10:18:11::1
MAX_CLIENTS_PER_USER=20 MAX_CLIENTS_PER_USER=20
ORIGIN=http://localhost:5173

45
Dockerfile Normal file
View File

@ -0,0 +1,45 @@
# use the official Bun image
# see all versions at https://hub.docker.com/r/oven/bun/tags
FROM oven/bun:1-alpine AS base
WORKDIR /app
COPY package.json bun.lockb /app/
# install dependencies into temp directory
# this will cache them and speed up future builds
FROM base AS install
RUN mkdir -p /temp/dev
COPY package.json bun.lockb /temp/dev/
RUN cd /temp/dev && bun install --frozen-lockfile
# install with --production (exclude devDependencies)
RUN mkdir -p /temp/prod
COPY package.json bun.lockb /temp/prod/
RUN cd /temp/prod && bun install --frozen-lockfile --production
# copy node_modules from temp directory
# then copy all (non-ignored) project files into the image
FROM base AS builder
COPY --from=install /temp/dev/node_modules /app/node_modules
COPY . /app
RUN bun run build
FROM base
# Metadata
LABEL org.opencontainers.image.title="VPGen"
LABEL org.opencontainers.image.description="A VPN config generator built with SvelteKit."
LABEL org.opencontainers.image.url="https://gitea.cazzzer.com/CaZzzer/vpgen"
LABEL org.opencontainers.image.source="https://gitea.cazzzer.com/CaZzzer/vpgen"
LABEL org.opencontainers.image.version="0.1"
COPY ./entrypoint.sh /entrypoint.sh
COPY --from=install /temp/prod/node_modules /app/node_modules
COPY --from=builder /app/build /app/build
COPY --from=builder /app/drizzle /app/drizzle
COPY --from=builder /app/drizzle.config.ts /app/
EXPOSE 3000
# entrypoint for drizzle migrations
ENTRYPOINT ["sh", "/entrypoint.sh"]
CMD ["bun", "./build"]

2
README.md
View File

@ -36,3 +36,5 @@ npm run build
You can preview the production build with `npm run preview`. You can preview the production build with `npm run preview`.
> To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment. > To deploy your app, you may need to install an [adapter](https://svelte.dev/docs/kit/adapters) for your target environment.
When deploying, set `ORIGIN` to the URL of your site to prevent cross-site request errors.

BIN
bun.lockb
View File

Binary file not shown.

8
entrypoint.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -e
# Run database migrations
bun run db:migrate
# Execute the CMD passed to the container
exec "$@"

6
package.json
View File

@ -33,8 +33,6 @@
"autoprefixer": "^10.4.20", "autoprefixer": "^10.4.20",
"bits-ui": "^0.21.16", "bits-ui": "^0.21.16",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"drizzle-kit": "^0.30.1",
"drizzle-orm": "^0.38.2",
"eslint": "^9.7.0", "eslint": "^9.7.0",
"eslint-config-prettier": "^9.1.0", "eslint-config-prettier": "^9.1.0",
"eslint-plugin-svelte": "^2.36.0", "eslint-plugin-svelte": "^2.36.0",
@ -55,6 +53,8 @@
"vite": "^5.0.3" "vite": "^5.0.3"
}, },
"dependencies": { "dependencies": {
"@libsql/client": "^0.14.0" "@libsql/client": "^0.14.0",
"drizzle-kit": "^0.30.1",
"drizzle-orm": "^0.38.2"
} }
} }

6
src/hooks.server.ts
View File

@ -1,7 +1,11 @@
import { type Handle, redirect } from '@sveltejs/kit'; import { type Handle, redirect } from '@sveltejs/kit';
import { sequence } from '@sveltejs/kit/hooks';
import { dev } from '$app/environment'; import { dev } from '$app/environment';
import * as auth from '$lib/server/auth'; import * as auth from '$lib/server/auth';
import { sequence } from '@sveltejs/kit/hooks'; import { fetchOpnsenseServer } from '$lib/server/opnsense';
// fetch opnsense server info on startup
await fetchOpnsenseServer();
const handleAuth: Handle = async ({ event, resolve }) => { const handleAuth: Handle = async ({ event, resolve }) => {
const sessionId = event.cookies.get(auth.sessionCookieName); const sessionId = event.cookies.get(auth.sessionCookieName);

51
src/lib/server/opnsense/index.ts
View File

@ -12,33 +12,38 @@ export const opnsenseIfname = env.OPNSENSE_WG_IFNAME;
// unset secret for security // unset secret for security
if (!dev) env.OPNSENSE_API_SECRET = ''; if (!dev) env.OPNSENSE_API_SECRET = '';
export let serverUuid: string, serverPublicKey: string;
export async function fetchOpnsenseServer() {
// this might be pretty bad if the server is down and in a bunch of other cases // this might be pretty bad if the server is down and in a bunch of other cases
// TODO: write a retry loop later // TODO: write a retry loop later
const resServers = await fetch(`${opnsenseUrl}/api/wireguard/client/list_servers`, { const resServers = await fetch(`${opnsenseUrl}/api/wireguard/client/list_servers`, {
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
});
assert(resServers.ok, 'Failed to fetch OPNsense WireGuard servers');
const servers = (await resServers.json()) as OpnsenseWgServers;
assert.equal(servers.status, 'ok', 'Failed to fetch OPNsense WireGuard servers');
export const serverUuid = servers.rows.find((server) => server.name === opnsenseIfname)?.uuid;
assert(serverUuid, 'Failed to find server UUID for OPNsense WireGuard server');
console.log('OPNsense WireGuard server UUID:', serverUuid);
const resServerInfo = await fetch(
`${opnsenseUrl}/api/wireguard/client/get_server_info/${serverUuid}`,
{
method: 'GET', method: 'GET',
headers: { headers: {
Authorization: opnsenseAuth, Authorization: opnsenseAuth,
Accept: 'application/json', Accept: 'application/json',
}, },
}, });
); assert(resServers.ok, 'Failed to fetch OPNsense WireGuard servers');
assert(resServerInfo.ok, 'Failed to fetch OPNsense WireGuard server info'); const servers = (await resServers.json()) as OpnsenseWgServers;
const serverInfo = await resServerInfo.json(); assert.equal(servers.status, 'ok', 'Failed to fetch OPNsense WireGuard servers');
assert.equal(serverInfo.status, 'ok', 'Failed to fetch OPNsense WireGuard server info'); const uuid = servers.rows.find((server) => server.name === opnsenseIfname)?.uuid;
export const serverPublicKey = serverInfo['pubkey']; assert(uuid, 'Failed to find server UUID for OPNsense WireGuard server');
serverUuid = uuid;
console.log('OPNsense WireGuard server UUID:', serverUuid);
const resServerInfo = await fetch(
`${opnsenseUrl}/api/wireguard/client/get_server_info/${serverUuid}`,
{
method: 'GET',
headers: {
Authorization: opnsenseAuth,
Accept: 'application/json',
},
},
);
assert(resServerInfo.ok, 'Failed to fetch OPNsense WireGuard server info');
const serverInfo = await resServerInfo.json();
assert.equal(serverInfo.status, 'ok', 'Failed to fetch OPNsense WireGuard server info');
serverPublicKey = serverInfo['pubkey'];
}