From 465c164953d915a747089f1c7c98a1c3386eef52 Mon Sep 17 00:00:00 2001
From: Spencer Heywood <l.spencer.heywood@protonmail.com>
Date: Mon, 11 Apr 2022 00:56:19 -0600
Subject: [PATCH] added docker image

---
 docker/Dockerfile | 36 ++++++++++++++++++++++++++++++++++++
 docker/expect.sh  |  8 ++++++++
 docker/run.sh     | 42 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 86 insertions(+)
 create mode 100644 docker/Dockerfile
 create mode 100755 docker/expect.sh
 create mode 100755 docker/run.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..ae9f79e
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,36 @@
+FROM rust:bullseye AS build
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN curl -fsSL https://deb.nodesource.com/setup_17.x | bash - \
+    && apt-get update \
+    && apt-get install -y nodejs openjdk-17-jdk \
+    && rm -rf /var/lib/apt/lists/* \
+    && npm install -g yarn \
+    && cargo install just
+
+RUN git clone https://github.com/Eugeny/warpgate /opt/warpgate \
+    && cd /opt/warpgate \
+    && just yarn \
+    && just yarn build \
+    && cargo build
+
+FROM debian:bullseye
+LABEL maintainer=heywoodlh
+
+COPY --from=build /opt/warpgate/target/debug/warpgate /usr/local/bin/warpgate
+COPY run.sh /run.sh
+COPY expect.sh /expect.sh
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+    && apt-get install -y expect openssl \
+    && rm -rf /var/lib/apt/lists/*
+
+EXPOSE 2222
+EXPOSE 8888
+
+VOLUME /data
+
+ENTRYPOINT ["/run.sh"]
diff --git a/docker/expect.sh b/docker/expect.sh
new file mode 100755
index 0000000..1e694bd
--- /dev/null
+++ b/docker/expect.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/expect -f
+
+set password [lindex $argv 0];
+
+spawn warpgate hash
+expect "*Password to be hashed*"
+send -- "$password\r"
+expect eof
diff --git a/docker/run.sh b/docker/run.sh
new file mode 100755
index 0000000..8cbb0d6
--- /dev/null
+++ b/docker/run.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
+[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
+
+[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
+
+password_hash=$(/expect.sh "${ADMIN_PASS}" | tail -1 | sed 's/\r$//')
+
+cat << EOF > /etc/warpgate.yaml
+---
+targets:
+  - name: web-admin
+    allow_roles:
+      - "warpgate:admin"
+    web_admin: {}
+users:
+  - username: ${ADMIN_USER}
+    credentials:
+      - type: password
+        hash: "${password_hash}"
+    roles:
+      - "warpgate:admin"
+roles:
+  - name: "warpgate:admin"
+recordings:
+  enable: true
+  path: /data/recordings
+web_admin:
+  enable: true
+  listen: "0.0.0.0:8888"
+  certificate: /data/web-admin.certificate.pem
+  key: /data/web-admin.key.pem
+database_url: "sqlite:/data/db"
+ssh:
+  listen: "0.0.0.0:2222"
+  keys: /data/ssh-keys
+  client_key: "./client_key"
+retention: 7days
+EOF
+
+warpgate -c /etc/warpgate.yaml $@