Initial commit

2 years ago · 99b4fb9da6
commit 99b4fb9da6
3 changed files with 28 additions and 0 deletions
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+FROM python:3-alpine
+RUN apk add --update --no-cache strongswan curl
+RUN pip install requests
+RUN rm /etc/ipsec.conf && ln -s /server-secrets/ipsec.conf /etc/ipsec.conf
+RUN rm /etc/ipsec.secrets && ln -s /server-secrets/ipsec.secrets /etc/ipsec.secrets
+ADD helpers /helpers
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT /entrypoint.sh
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+while [ ! -e $1 ]; do
+  sleep 1
+done
+curl -X DELETE http://127.0.0.1:2001/api/by-service/strongswan
+ipsec start --nofork
--- a/helpers/updown.py
+++ b/helpers/updown.py
@ -0,0 +1,14 @@
+#!/usr/bin/env python
+import requests
+import os
+
+# TODO: Replace with simple shell script and drop Python
+url = "http://127.0.0.1:2001/api/by-dn/%s" % os.environ["PLUTO_PEER_ID"]
+for key, value in os.environ.items():
+    if key.startswith("PLUTO_PEER_SOURCEIP"):
+        requests.post(url, data={
+            "service": "strongswan",
+            "internal_addr": value,
+            "remote_addr": os.environ["PLUTO_PEER"],
+            "remote_port": 0
+        })