wagon/back/admin.Dockerfile

FROM debian:latest

# Change these
ENV LISTEN_PORT=4441
ENV ADMIN_EMAIL='me@example.com'

# Install deps
RUN apt-get update && apt-get install --yes \
	sudo curl apache2 openssl wireguard-tools dnsutils ipv6calc jq \
	&& rm -rf /var/lib/apt/lists/*

# Create dirs and temp files
RUN mkdir /var/www/cgi-bin/ /usr/lib/wgapi /var/log/wgapi
RUN touch /var/local/wgapi_tokens /var/log/wgapi/wgapi.log
RUN chown -R www-data:www-data /var/www/cgi-bin/ /usr/lib/wgapi \
	/var/log/wgapi /var/local/wgapi_tokens

# Configure apache
RUN a2enmod cgi rewrite
RUN sed -i "s/^Listen 80$/Listen ${LISTEN_PORT}/" \
	/etc/apache2/ports.conf
RUN sed -i "s/^<VirtualHost \*:80>$/<VirtualHost *:${LISTEN_PORT}>/" \
	/etc/apache2/sites-available/000-default.conf
RUN sed -i "s/ServerAdmin .*$/ServerAdmin ${ADMIN_EMAIL}/" \
	/etc/apache2/sites-available/000-default.conf
RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias /peer /var/www/cgi-bin/peer.cgi\n\tScriptAlias /user /var/www/cgi-bin/user.cgi|" \
	/etc/apache2/sites-available/000-default.conf

# Allow http to run these binaries as root with sudo
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /usr/bin/[, /usr/bin/tee, /bin/cat, /bin/mkdir, /bin/rm, /bin/chmod, /bin/chgrp" \
| sudo EDITOR='tee -a' visudo

# Copy over CGIs and libs
COPY admin_peer.cgi /var/www/cgi-bin/peer.cgi
COPY admin_user.cgi /var/www/cgi-bin/user.cgi
# TODO: Copy only needed libs
COPY lib/ /usr/lib/wgapi/

# Run time!
EXPOSE ${LISTEN_PORT}
CMD ["apachectl", "-D", "FOREGROUND"]