Release 3.4.0 - See CHANGELOG.md

Author: tiredofit

CHANGELOG.md

@@ -1,3 +1,12 @@
+## 3.4.0 2023-06-01 <dave at tiredofit dot ca>
+
+This release changes the DEBUG environment variable into LOG_LEVEl variable. Old Debug environment variables will be phased out in a future release
+
+   ### Changed
+      - Switch DEBUG to LOG_LEVEL and set default to 2
+      - Refactor script and do a better job at creating configuration
+
+
 ## 3.3.1 2023-05-10 <dave at tiredofit dot ca>
 
    ### Added

README.md

@@ -33,7 +33,7 @@ This will build a Docker Image for [tinc](https://www.tinc.org/) - A VPN service
 - [Installation](#installation)
   - [Build from Source](#build-from-source)
   - [Prebuilt Images](#prebuilt-images)
-    - [Multi Architecture](#multi-archictecture)
+    - [Multi Architecture](#multi-architecture)
 - [Configuration](#configuration)
   - [Quick Start](#quick-start)
   - [Persistent Storage](#persistent-storage)
@@ -62,11 +62,13 @@ Clone this repository and build the image with `docker build <arguments> (imagen
 ### Prebuilt Images
 Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/tinc)
 
-Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-/pkgs/container/docker-) 
- 
+```bash
+docker pull docker.io/tiredofit/docker-tinc:(imagetag)
+Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-tinc/pkgs/container/docker-tinc)
+
+```bash
+docker pull ghcr.io/tiredofit/docker-tinc:(imagetag)
 ```
-docker pull ghcr.io/tiredofit/docker-:(imagetag)
-``` 
 
 The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md):
 
@@ -113,7 +115,6 @@ Be sure to view the following repositories to understand all the customizable op
 | `CIPHER`               | Encryption Cipher                                                                                                    | `aes-256-cbc`   |
 | `COMPRESSION`          | Level of LZO Compression (e.g. 9)                                                                                    | `0`             |
 | `CRON_PERIOD`          | Adjustable time to check GIT Server for any updates                                                                  | `30`            |
-| `DEBUG`                | Adjustable Debug level as per tinc documentation (e.g 5)                                                             | `0`             |
 | `DIGEST`               | Hashing Digest                                                                                                       | `sha256`        |
 | `ENABLE_GIT`           | Enable Git Repository Functionality `TRUE` or `FALSE`                                                                | `TRUE`          |
 | `ENABLE_CONFIG_RELOAD` | Enable reloading Tinc when configuration changes                                                                     | `TRUE`          |
@@ -123,6 +124,7 @@ Be sure to view the following repositories to understand all the customizable op
 | `GIT_USER`             | Username to Authenticate to git server (e.g. `username`)                                                             |                 |
 | `INTERFACE`            | Which Interface to use (relies on /dev/tun) (e.g. `tun0`)                                                            | `tun0`          |
 | `LISTEN_PORT`          | Listening Port                                                                                                       | `655`           |
+| `LOG_LEVEL`            | Adjustable Debug level as per tinc documentation (e.g 5)                                                             | `2`             |
 | `LOG_PATH`             | Log Path                                                                                                             | `/var/log/tinc` |
 | `MAC_LENGTH`           | MAC Length                                                                                                           | `16`            |
 | `NETWORK`              | The VPN name -  (e.g. `securenetwork`)                                                                               |                 |
@@ -151,16 +153,17 @@ The following ports are exposed.
 
 For debugging and maintenance purposes you may want access the containers shell.
 
-``bash
+````bash
 docker exec -it (whatever your container name is) bash
-``
+````
 
 ## Support
 
 These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
 ### Usage
 - The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image.
 - Consider [sponsoring me](https://github.com/sponsors/tiredofit) for personalized support
+
 ### Bugfixes
 - Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order.
 

install/assets/cron/crontab.txt

@@ -9,6 +9,12 @@ ENABLE_GIT=${ENABLE_GIT:-"TRUE"}
 ENABLE_WATCHDOG=${ENABLE_WATCHDOG:-"FALSE"}
 INTERFACE=${INTERFACE:-"tun0"}
 LISTEN_PORT=${LISTEN_PORT:-655}
+
+if [ -n "${DEBUG}" ] ; then
+    LOG_LEVEL=${DEBUG}
+fi
+
+LOG_LEVEL=${LOG_LEVEL:-"2"}
 LOG_PATH=${LOG_PATH:-"/var/log/tinc/"}
 MAC_LENGTH=${MAC_LENGTH:-16}
 WATCHDOG_FREQUENCY=${WATCHDOG_FREQUENCY:-60}

install/assets/defaults/10-tinc

@@ -11,18 +11,8 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then
 	sanity_var PRIVATE_IP "Private IP"
 	sanity_var PUBLIC_IP "Public IP"
 
-	if var_true "${DEBUG_MODE}" ; then
-		DEBUG=9
-	else
-		DEBUG=${DEBUG:-0}
-	fi
-
 	if var_true ${ENABLE_GIT} ; then
-		### Adjust Runtime Variables for Crontab
-		sed -i -e "s#<NETWORK>#${NETWORK}#g" /assets/cron/crontab.txt
-		sed -i -e "s#<CRON_PERIOD>#${CRON_PERIOD}#g" /assets/cron/crontab.txt
-	else
-		rm -rf /assets/cron/crontab.txt
+		echo "*/${CRON_PERIOD} * * * * git -C /etc/tinc/${NETWORK}/hosts/ pull >/dev/null 2>&1" > /assets/cron/crontab.txt
 	fi
 
 	### check if network exists
@@ -34,7 +24,7 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then
 			sanity_var GIT_PASS "Git password"
 			sanity_var GIT_URL "Git URL"
 			print_debug "Cloning existing repository from Git"
-			git clone https://"$GIT_USER":"$GIT_PASS"@"$GIT_URL" /etc/tinc/"${NETWORK}"/hosts
+			git clone https://"${GIT_USER}":"${GIT_PASS}"@"${GIT_URL}" /etc/tinc/"${NETWORK}"/hosts
 		else
 			mkdir -p /etc/tinc/"${NETWORK}"/hosts
 		fi
@@ -46,47 +36,52 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then
 		tinc -n "${NETWORK}" init "${NODE}"
 
 		# Declare public and private IPs in the host file, CONFIG/NET/hosts/HOST
-		echo "Address = ${PUBLIC_IP} ${LISTEN_PORT}" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
-		echo "Subnet = ${PRIVATE_IP}/32" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
-		echo "Cipher = ${CIPHER}" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
-		echo "Digest = ${DIGEST}" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
-		echo "MACLength = ${MAC_LENGTH}" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
-		echo "Compression = ${COMPRESSION}" >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
+        cat << EOF >> /etc/tinc/"${NETWORK}"/hosts/"${NODE}"
+Address = ${PUBLIC_IP} ${LISTEN_PORT}
+Subnet = ${PRIVATE_IP}/32
+Cipher = ${CIPHER}
+Digest = ${DIGEST}
+MACLength = ${MAC_LENGTH}
+Compression = ${COMPRESSION}
+EOF
 
 		if var_true "${ENABLE_GIT}" ; then
 			cd /etc/tinc/"${NETWORK}"/hosts
-
 			silent git config --global user.email "${NODE}""@docker"
 			silent git config --global user.name "${NODE}"
-
 			print_debug "Adding new node to Git"
 			silent git add .
 			print_debug "Comitting Changes to Git"
-			silent git commit -m "${NODE} - Reinitialized $(date +%Y%m%d-%H%M%S)"
+			silent git commit -m "${NODE} - Reinitialized $(TZ="${TIMEZONE}" date +"%Y%m%d-%H%M%S")"
 			print_debug "Pushing to Git"
 			silent git push
 		fi
 	fi
 
 	# Set Runtime Configuration for Tinc
-	echo "Name = ${NODE}" > /etc/tinc/"${NETWORK}"/tinc.conf
-	echo "BindToAddress * ${LISTEN_PORT}" >> /etc/tinc/"${NETWORK}"/tinc.conf
-	echo "AddressFamily = ipv4" >> /etc/tinc/"${NETWORK}"/tinc.conf
-	echo "Device = /dev/net/tun"  >> /etc/tinc/"${NETWORK}"/tinc.conf
-	echo "Interface = ${INTERFACE}"  >> /etc/tinc/"${NETWORK}"/tinc.conf
-
-	peers=$(echo "${PEERS}" | tr " " "\n")
-	for host in $peers
-	do
-		echo "ConnectTo = ""$host" >> /etc/tinc/"${NETWORK}"/tinc.conf
+    cat << EOF > /etc/tinc/"${NETWORK}"/tinc.conf
+Name = ${NODE}
+BindToAddress * ${LISTEN_PORT}
+AddressFamily = ipv4
+Device = /dev/net/tun
+Interface = ${INTERFACE}
+EOF
+
+	tinc_peers=$(echo "${PEERS}" | tr " " "\n" | uniq)
+	for host in $tinc_peers ; do
+		echo "ConnectTo = ${host}" >> /etc/tinc/"${NETWORK}"/tinc.conf
 	done
 
-	# Edit the tinc-up script
-	echo "#!/bin/sh" >/etc/tinc/"${NETWORK}"/tinc-up
-	echo "ifconfig ${INTERFACE} ${PRIVATE_IP} netmask 255.255.255.0" >> /etc/tinc/"${NETWORK}"/tinc-up
+	# Create the tinc-up / down scripts
+    cat <<EOF > /etc/tinc/"${NETWORK}"/tinc-up
+#!/bin/sh
+ifconfig ${INTERFACE} ${PRIVATE_IP} netmask 255.255.255.0
+EOF
 
-	echo "#!/bin/sh" > /etc/tinc/"${NETWORK}"/tinc-down
-	echo "ifconfig ${INTERFACE} down" >> /etc/tinc/"${NETWORK}"/tinc-down
+    cat <<EOF > /etc/tinc/"${NETWORK}"/tinc-down
+#!/bin/sh
+ifconfig ${INTERFACE} down
+EOF
 
 	### Grab latest hosts entries from Git
 	if var_true "${ENABLE_GIT}" ; then
@@ -110,9 +105,9 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then
 	chmod +x /etc/tinc/${NETWORK}/tinc-up
 	chmod +x /etc/tinc/${NETWORK}/tinc-down
 
-	mkdir -p ${LOG_PATH}
-	touch ${LOG_PATH}/${NETWORK}.log
-	create_logrotate tinc ${LOG_PATH}/${NETWORK}.log tinc
+	mkdir -p "${LOG_PATH}"
+	touch "${LOG_PATH}"/"${NETWORK}".log
+	create_logrotate tinc "${LOG_PATH}"/"${NETWORK}".log tinc
 fi
 
 liftoff

install/etc/cont-init.d/10-tinc

@@ -10,4 +10,4 @@ liftoff
 
 ### Startup Tinc
 print_start "Starting Tinc ${TINC_VERSION} for Host '${NODE}' on VPN '${NETWORK}'"
-exec tinc --net=${NETWORK} start --no-detach --debug=${DEBUG} --logfile=${LOG_PATH}/${NETWORK}.log
+exec tinc --net="${NETWORK}" start --no-detach --debug="${LOG_LEVEL}" --logfile="${LOG_PATH}"/"${NETWORK}".log

install/etc/services.available/10-tinc/run

@@ -9,8 +9,8 @@ check_service_initialized init 10-tinc
 
 liftoff
 
-while silent inotifywait -q -e create,delete,modify,attrib /etc/tinc/ /etc/tinc/${NETWORK}/ /etc/tinc/${NETWORK}/hosts/ ; do
-  print_info "[$(date +"%Y%m%d-%H%M%S")] Reloading Tinc due to a detected change"
-  silent tinc -n ${NETWORK} reload
+while silent inotifywait -q -e create,delete,modify,attrib /etc/tinc/ /etc/tinc/"${NETWORK}"/ /etc/tinc/"${NETWORK}"/hosts/ ; do
+  print_info "[$(TZ="${TIMEZONE}" date +"%Y%m%d-%H%M%S")] Reloading Tinc due to a detected change"
+  silent tinc -n "${NETWORK}" reload
   exit 0
 done

install/etc/services.available/11-config-reload/run

@@ -10,20 +10,19 @@ liftoff
 sleep 120
 
 while true ; do
-  sleep ${WATCHDOG_FREQUENCY}
-  print_debug "[$(date +"%Y%m%d-%H%M%S")] Checking for ping response for ${WATCHDOG_HOST}"
-  ping -c1 -t255 ${WATCHDOG_HOST} 2>/dev/null 1>/dev/null
-  if [ "$?" != "0" ]; then
-    print_debug "[$(date +"%Y%m%d-%H%M%S")] Watchdog Try #2"
+    sleep "${WATCHDOG_FREQUENCY}"
+    print_debug "[$(date +"%Y%m%d-%H%M%S")] Checking for ping response for ${WATCHDOG_HOST}"
     ping -c1 -t255 ${WATCHDOG_HOST} 2>/dev/null 1>/dev/null
     if [ "$?" != "0" ]; then
-      print_debug "[$(date +"%Y%m%d-%H%M%S")] Watchdog Try #3"
-      ping -c1 -t255 ${WATCHDOG_HOST} 2>/dev/null 1>/dev/null
-      if [ "$?" != "0" ]; then
-        print_info "[$(date +"%Y%m%d-%H%M%S")] Could not reach watchdog host ${WATCHDOG_HOST} - Restarting Tinc"
-        silent tinc -n ${NETWORK} stop
-      fi
+        print_debug "[$(date +"%Y%m%d-%H%M%S")] Watchdog Try #2"
+        ping -c1 -t255 ${WATCHDOG_HOST} 2>/dev/null 1>/dev/null
+        if [ "$?" != "0" ]; then
+            print_debug "[$(date +"%Y%m%d-%H%M%S")] Watchdog Try #3"
+            ping -c1 -t255 ${WATCHDOG_HOST} 2>/dev/null 1>/dev/null
+            if [ "$?" != "0" ]; then
+                print_info "[$(date +"%Y%m%d-%H%M%S")] Could not reach watchdog host ${WATCHDOG_HOST} - Restarting Tinc"
+                silent tinc -n "${NETWORK}" stop
+            fi
+        fi
     fi
-  fi
-
 done