Dockerfile

#
# Base image
# @see https://github.com/SloCompTech/docker-baseimage
#
FROM slocomptech/bi-python:3.8.0

# Build arguments
ARG BUILD_DATE
ARG VCS_REF
ARG VCS_SRC
ARG VERSION

# 
# Image labels
# @see https://github.com/opencontainers/image-spec/blob/master/annotations.md
# @see https://semver.org/
#
LABEL org.opencontainers.image.title="OpenVPN Server" \
      org.opencontainers.image.description="Docker image with OpenVPN server" \
      org.opencontainers.image.url="https://github.com/SloCompTech/docker-openvpn" \
      org.opencontainers.image.authors="Martin Dagarin <martin.dagarin@gmail.com>" \
      org.opencontainers.image.version=$VERSION \
      org.opencontainers.image.revision=$VCS_REF \
      org.opencontainers.image.source=$VCS_SRC \
      org.opencontainers.image.created=$BUILD_DATE

#
# Environment variables
# @see https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Advanced.md
#
ENV BACKUP_DIR=/config/backup \
    EASYRSA=/usr/share/easy-rsa \
    EASYRSA_EXT_DIR=/config/x509-types \
    EASYRSA_PKI=/config/pki \
    EASYRSA_SSL_CONF=/config/openssl-easyrsa.cnf \
    EASYRSA_SAFE_CONF=/config/safessl-easyrsa.cnf \
    EASYRSA_VARS_FILE=/config/vars \
    OPENVPN_DIR=/config/openvpn

# Install packages
RUN apk add --no-cache \
      # Core packages
      bash \
      gettext \
      easy-rsa \
      iptables \
      ip6tables \
      nano \
      openvpn \
      openvpn-doc \
      sudo && \
    # Link easy-rsa in bin directory
    ln -s ${EASYRSA}/easyrsa /usr/local/bin && \
    rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/* && \
    # Add permission for network management to container user
    echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD:SETENV: \
      /bin/*, \
      /usr/bin/*, \
      /usr/local/bin/*, \
      /sbin/ip, \
      /sbin/ip6tables, \
      /sbin/ip6tables-compat, \
      /sbin/ip6tables-compat-restore, \
      /sbin/ip6tables-compat-save, \
      /sbin/ip6tables-restore, \
      /sbin/ip6tables-restore-translate, \
      /sbin/ip6tables-save, \
      /sbin/ip6tables-translate, \
      /sbin/iptables, \
      /sbin/iptables-compat, \
      /sbin/iptables-compat-restore, \
      /sbin/iptables-compat-save, \
      /sbin/iptables-restore, \
      /sbin/iptables-restore-translate, \
      /sbin/iptables-save, \
      /sbin/iptables-translate, \
      /sbin/route" \
      >> /etc/sudoers.d/${CONTAINER_USER} && \
    # Default configuration
    cp $EASYRSA/vars.example /defaults/vars && \
    cp $EASYRSA/openssl-easyrsa.cnf /defaults && \
    cp -r $EASYRSA/x509-types /defaults

# Add repo files to image
COPY root/ /