blob: 329900f8aab5cc64bba093ac71a5115ad7935e26 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
#!/bin/bash
run(){
# NOTE: you may need this line if you get an error using ip6tables
# (host needs ip6 kernel modules to use it in the container)
# sudo modprobe ip6_tables
# NOTE: to get X11 socket forwarding to work we need this
xhost local:root
CREDS_OPTS=''
if [[ -n $BITMASK_CREDENTIALS ]]; then
BITMASK_CREDENTIALS=`realpath $BITMASK_CREDENTIALS`
CREDS_OPTS="-e BITMASK_CREDENTIALS=/data/credentials.ini -v $BITMASK_CREDENTIALS:/data/credentials.ini"
fi
# NOTE: to use containerized VPN from the host you need to add `--net host`
docker run --rm -it \
--privileged \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=unix$DISPLAY \
$CREDS_OPTS \
-v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
-v `pwd`/data/config:/root/.config/leap \
-p 1984:1984 -p 2013:2013 \
-e LEAP_DOCKERIZED=1 \
--name bitmask \
test/bitmask run $@
# Services' related ports
# eip: ["80", "53", "443", "1194"]
# mail: ["1984", "2013"]
# logs when no ip6_tables module is not loaded on host:
# root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask
# modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.1.6-040106-generic/modules.dep.bin'
# ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
# Perhaps ip6tables or your kernel needs to be upgraded.
# logs when ip6_tables module is loaded on host:
# root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask
# root@bitmask-container:/bitmask# # success!
}
shell(){
xhost local:root
# NOTE: to use containerized VPN from the host you need to add `--net host`
docker run --rm -it \
--privileged \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=unix$DISPLAY \
-v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
-v `pwd`/data/config:/root/.config/leap \
-p 1984:1984 -p 2013:2013 \
-e LEAP_DOCKERIZED=1 \
--name bitmask \
--entrypoint=bash \
test/bitmask
}
init(){
JSON=`realpath $1`
docker run --rm -it \
-v `pwd`/data:/data \
-v $JSON:/shared/bitmask.json \
test/bitmask init ro /shared/bitmask.json
}
update(){
JSON=`realpath $1`
docker run --rm -it \
-v `pwd`/data:/data \
-v $JSON:/shared/bitmask.json \
test/bitmask update /shared/bitmask.json
}
build(){
docker build -t test/bitmask .
}
help() {
echo ">> Bitmask on docker"
echo "Run the bitmask app in a docker container."
echo
echo "Usage: $0 {init bitmask.json | update bitmask.json | build | shell | run | help}"
echo
echo " ?.json : The bitmask*.json file describes the version that will be used for each repo."
echo
echo " init : Clone repositories, install dependencies, and get bitmask ready to be used."
echo " update : Update the repositories and install new deps (if needed)."
echo " build : Build the docker image for bitmask."
echo " shell : Run a shell inside a bitmask docker container (useful to debug)."
echo " run : Run the client (any extra parameters will be sent to the app)."
echo " help : Show this help"
echo
}
case "$1" in
run)
run "$@"
;;
init)
init $2
;;
update)
update $2
;;
build)
build
;;
shell)
shell
;;
*)
help
;;
esac
|
