This repository has been archived by the owner on Nov 25, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
/
Dockerfile
66 lines (57 loc) · 1.91 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
ARG BASE_IMAGE="alpine:3.16"
# uncomment below to enable qbittorrent search engine
# ARG BASE_IMAGE="python:3.8-alpine3.16"
# hadolint ignore=DL3006
FROM ${BASE_IMAGE}
# Build-time metadata as defined at http://label-schema.org
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION
LABEL org.label-schema.build-date=$BUILD_DATE \
org.label-schema.name="alpine-qbittorrent-openvpn" \
org.label-schema.description="qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux" \
org.label-schema.url="https://guillaumedsde.gitlab.io/alpine-qbittorrent-openvpn/" \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.vcs-url="https://github.com/guillaumedsde/alpine-qbittorrent-openvpn" \
org.label-schema.vendor="guillaumedsde" \
org.label-schema.version=$VERSION \
org.label-schema.schema-version="1.0"
COPY rootfs /
# hadolint ignore=DL3018
RUN addgroup -S openvpn \
&& adduser -SD \
-s /sbin/nologin \
-g openvpn \
-G openvpn \
openvpn \
&& apk add --no-cache \
bash \
bind-tools \
openvpn \
curl \
iptables \
libcap \
sudo \
subversion \
jq \
&& setcap cap_net_admin+ep "$(which openvpn)" \
&& apk del libcap --purge \
&& echo "openvpn ALL=(ALL) NOPASSWD: /sbin/ip" >>/etc/sudoers \
&& chmod 755 /usr/sbin/* \
&& /bin/sh /usr/sbin/install_s6.sh \
&& /bin/sh /usr/sbin/install_qbittorrent.sh
ENV CONFIG_DIR=/config \
QBT_SAVE_PATH=/downloads \
QBT_WEBUI_PORT=8080 \
TUN=/dev/net/tun \
LAN=192.168.0.0/24 \
DOCKER_CIDR=172.17.0.0/16 \
DNS=1.1.1.1 \
PUID=1000 \
PGID=1000 \
OPENVPN_CONFIG_FILE=/config/openvpn/config.ovpn \
CREDENTIALS_FILE=/config/openvpn/openvpn-credentials.txt \
S6_BEHAVIOUR_IF_STAGE2_FAILS=2
HEALTHCHECK --interval=1s --start-period=10s CMD healthcheck.sh
EXPOSE 8080
ENTRYPOINT ["/init"]