From d69b80858a0fa5923be4aefa3ccf0f2be5c67ca1 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Thu, 30 Jun 2016 23:46:01 +0800
Subject: [PATCH] strongswan uses docker-compose v2

---
 strongswan/Dockerfile           | 12 +++++------
 strongswan/README.md            | 35 ++++++++++++++++++---------------
 strongswan/docker-compose.yml   | 35 ++++++++++++++++++---------------
 strongswan/docker-entrypoint.sh | 11 +++++++++++
 strongswan/init.sh              |  8 ++++----
 5 files changed, 58 insertions(+), 43 deletions(-)
 create mode 100755 strongswan/docker-entrypoint.sh

diff --git a/strongswan/Dockerfile b/strongswan/Dockerfile
index dc8456b..154aaa1 100644
--- a/strongswan/Dockerfile
+++ b/strongswan/Dockerfile
@@ -10,17 +10,15 @@ RUN set -xe \
     && ln -sf /etc/ipsec.d/ipsec.conf /etc/ipsec.conf \
     && ln -sf /etc/ipsec.d/ipsec.secrets /etc/ipsec.secrets
 
-COPY init.sh /
+COPY init.sh /init.sh
+COPY docker-entrypoint.sh /entrypoint.sh
 
 VOLUME /etc/ipsec.d /etc/strongswan.d
 
-ENV VPN_SUBNET=10.20.30.0/24
+ENV VPN_DEVICE=eth0
+ENV VPN_NETWORK=10.20.30.0/24
 ENV VPN_DNS=8.8.8.8,8.8.4.4
 
 EXPOSE 500/udp 4500/udp
 
-CMD set -xe \
-    && /init.sh \
-    && rm -f /var/run/starter.charon.pid \
-    && iptables -t nat -A POSTROUTING -s $VPN_SUBNET -o eth0 -j MASQUERADE \
-    && ipsec start --nofork
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/strongswan/README.md b/strongswan/README.md
index e514ee6..2b37616 100644
--- a/strongswan/README.md
+++ b/strongswan/README.md
@@ -12,22 +12,25 @@ protocols.
 ### docker-compose.yml
 
 ```yaml
-strongswan:
-  image: vimagick/strongswan
-  ports:
-    - 500:500/udp
-    - 4500:4500/udp
-  volumes:
-    - /lib/modules:/lib/modules
-    - /etc/localtime:/etc/localtime
-  environment:
-    - VPN_DOMAIN=vpn.easypi.info
-    - VPN_SUBNET=10.20.30.0/24
-    - VPN_P12_PASSWORD=secret
-  cap_add:
-    - NET_ADMIN
-  privileged: yes
-  restart: always
+version: '2'
+services:
+  strongswan:
+    image: vimagick/strongswan
+    ports:
+      - 500:500/udp
+      - 4500:4500/udp
+    volumes:
+      - /lib/modules:/lib/modules
+      - /etc/localtime:/etc/localtime
+    environment:
+      - VPN_DOMAIN=vpn.easypi.info
+      - VPN_NETWORK=10.20.30.0/24
+      - VPN_P12_PASSWORD=secret
+    cap_add:
+      - NET_ADMIN
+    tmpfs: /run
+    privileged: yes
+    restart: always
 ```
 
 ### up and running
diff --git a/strongswan/docker-compose.yml b/strongswan/docker-compose.yml
index 7a1b73a..0b2d9b1 100644
--- a/strongswan/docker-compose.yml
+++ b/strongswan/docker-compose.yml
@@ -1,16 +1,19 @@
-strongswan:
-  image: vimagick/strongswan
-  ports:
-    - 500:500/udp
-    - 4500:4500/udp
-  volumes:
-    - /lib/modules:/lib/modules
-    - /etc/localtime:/etc/localtime
-  environment:
-    - VPN_DOMAIN=vpn.easypi.info
-    - VPN_SUBNET=10.20.30.0/24
-    - VPN_P12_PASSWORD=secret
-  cap_add:
-    - NET_ADMIN
-  privileged: yes
-  restart: always
+version: '2'
+services:
+  strongswan:
+    image: vimagick/strongswan
+    ports:
+      - 500:500/udp
+      - 4500:4500/udp
+    volumes:
+      - /lib/modules:/lib/modules
+      - /etc/localtime:/etc/localtime
+    environment:
+      - VPN_DOMAIN=vpn.easypi.info
+      - VPN_NETWORK=10.20.30.0/24
+      - VPN_P12_PASSWORD=secret
+    cap_add:
+      - NET_ADMIN
+    tmpfs: /run
+    privileged: yes
+    restart: always
diff --git a/strongswan/docker-entrypoint.sh b/strongswan/docker-entrypoint.sh
new file mode 100755
index 0000000..c4283d9
--- /dev/null
+++ b/strongswan/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+#
+# entrypoint for strongswan
+#
+# - VPN_DEVICE
+# - VPN_NETWORK
+#
+
+/init.sh
+iptables -t nat -A POSTROUTING -s ${VPN_NETWORK} -o ${VPN_DEVICE} -j MASQUERADE
+exec ipsec start --nofork "$@"
diff --git a/strongswan/init.sh b/strongswan/init.sh
index e36adff..7820634 100755
--- a/strongswan/init.sh
+++ b/strongswan/init.sh
@@ -1,11 +1,11 @@
-#!/bin/sh
+#!/bin/sh -e
 #
 # gen config files for strongswan
 #
 # - VPN_DNS
 # - VPN_DOMAIN
+# - VPN_NETWORK
 # - VPN_P12_PASSWORD
-# - VPN_SUBNET
 #
 
 if [ -e /etc/ipsec.d/ipsec.conf ]
@@ -13,7 +13,7 @@ then
     echo "Initialized!"
     exit 0
 else
-    echo "Initializing ..."
+    echo "Initializing..."
 fi
 
 cat > /etc/ipsec.d/ipsec.conf <<_EOF_
@@ -32,7 +32,7 @@ conn %default
     leftsubnet=0.0.0.0/0
     right=%any
     rightdns=${VPN_DNS}
-    rightsourceip=${VPN_SUBNET}
+    rightsourceip=${VPN_NETWORK}
 
 conn IPSec-IKEv2
     keyexchange=ikev2