wiredoor-cli/Dockerfile at main · wiredoor/wiredoor-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# syntax=docker/dockerfile:1

FROM golang:1.25-alpine AS builder

WORKDIR /app

ARG TARGETARCH
ENV GOARCH=$TARGETARCH

COPY . .

RUN go mod download && \
  CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH go build -o bin/wiredoor

FROM alpine:3.22 AS production

WORKDIR /app

ENV WIREDOOR_URL="" \
  TOKEN=""

RUN apk add --update iptables wireguard-tools tcpdump dnsmasq iproute2 libcap sudo \
  && ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf \
  && addgroup -g 1000 wiredoor \
  && adduser -S -u 1000 -G wiredoor -H -s /sbin/nologin wiredoor

COPY --chown=wiredoor:wiredoor build/linux/etc/wiredoor/config.ini.example /etc/wiredoor/config.ini

COPY connect-wiredoor /usr/bin/connect-wiredoor

COPY --chown=wiredoor:wiredoor --from=builder /app/bin/wiredoor /usr/bin/

RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/dnsmasq \
  && echo 'wiredoor ALL=(root) NOPASSWD: /usr/bin/wiredoor, /usr/bin/wg-quick, /usr/bin/wg, /sbin/ip, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/bin/tcpdump, /usr/sbin/xtables-nft-multi' > /etc/sudoers.d/wiredoor \
  && chmod +x /usr/bin/connect-wiredoor

USER wiredoor

CMD [ "/usr/bin/connect-wiredoor" ]