initial release

src/Dockerfile

@@ -0,0 +1,26 @@
+# FROM debian:bookworm
+FROM debian:bookworm-slim as BUILDER
+ARG URL
+ARG DEBNAME
+RUN \
+  DEBIAN_FRONTEND=noninteractive apt update && \
+  DEBIAN_FRONTEND=noninteractive apt install -y wget && \
+  wget "${URL}" -O /tmp/client.tar.gz && \
+  tar xv -C /tmp -f /tmp/client.tar.gz && \
+  dpkg -i "/tmp/${DEBNAME}"
+
+FROM debian:bookworm-slim
+
+COPY --from=BUILDER /usr/local/bin/barracudavpn /app/
+
+RUN \
+  DEBIAN_FRONTEND=noninteractive apt update && \
+  DEBIAN_FRONTEND=noninteractive apt install -y iproute2 gettext-base && \
+  rm -rf /var/lib/apt/lists/*
+
+COPY rootfs /
+
+HEALTHCHECK --interval=30s --start-period=30s --timeout=3s \
+  CMD /app/healthcheck.sh
+
+ENTRYPOINT [ "/app/entrypoint.sh" ]

src/rootfs/app/barracudavpn.conf.tpl

@@ -0,0 +1,21 @@
+BINDIP = 0
+CERTFILE =
+CONNECTTIMEOUT = 10
+DYNSSA = 0
+HANDSHAKETIMEOUT = 10
+KEEPALIVE = 10
+KEYFILE =
+LICENSEFILE = ${LIC_FILE}
+LICISENCRYPTED =
+PROXYADDR =
+PROXYPORT = 8080
+PROXYTYPE = NO PROXY
+PROXYUSER =
+SERVER = ${SERVER}
+SERVERPORT = ${SERVERPORT}
+SPECIAL = NESSUNO
+TAP = /dev/tun0
+TUNNELENC = AES128-MD5
+TUNNELMODE = UDP
+TUNNELREKEY =
+WRITEDNS = MERGE

src/rootfs/app/entrypoint.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+stty -echoctl # hide ^C
+
+set +H # disable history expansion, to enable the use of exclamation mark in the password
+# set +o histexpand
+
+
+# add tap device if it doesn't exists
+if [ ! -d /sys/class/net/tap0 ] ; then
+    ip tuntap add mode tap tap0
+fi
+
+# TODO: check if /sys/class/net/tap0/operstate says "up" and quit?
+
+CONFIGDIR=/app/config/
+CONFIGFILE="${CONFIGDIR}/barracudavpn.conf"
+
+mkdir -p "${CONFIGDIR}"
+
+if [ -z "${VPN_PASSWORD}" ]; then
+    echo "You need to specify the password (VPN_PASSWORD env variable)"
+    exit 1
+fi
+
+if [ -z "${LIC_FILE}" ]; then
+    echo "You need to specify the path to the license file (LIC_FILE env variable)"
+    exit 1
+fi
+
+if [ ! -r "${LIC_FILE}" ]; then
+    echo "The license file is not readable"
+    exit 1
+fi
+
+if [ -z "${SERVER}" ]; then
+    echo "You need to specify the server (SERVER env variable)"
+    exit 1
+fi
+
+export SERVERPORT=${SERVERPORT:-691}
+
+# generate new config file
+envsubst < /app/barracudavpn.conf.tpl > "${CONFIGFILE}"
+
+stop_vpn() {
+    echo Closing VPN connection
+    /app/barracudavpn --config "${CONFIGDIR}" --stop
+    sleep 2
+    exit
+}
+
+start_vpn() {
+    echo Opening VPN connection
+    /app/barracudavpn --config "${CONFIGDIR}" --start  --keypwd "${VPN_PASSWORD}" --serverpwd "${VPN_PASSWORD}"
+}
+
+trap 'stop_vpn' INT TERM
+
+start_vpn
+while : ; do
+    sleep 1m
+done

src/rootfs/app/healthcheck.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+CONFIGDIR=/app/config/
+
+/app/barracudavpn --config "${CONFIGDIR}" --status|grep '^Status:\s*CONNECTED$' && exit 0
+exit 1
+
+# A "connected" answer contains:
+# Status:      CONNECTED
+
+# A "disconnected" answer contains:
+# STATE:       DISCONNECTED