chore: cleanup deb/rpm support

Author: tprasadtp

.goreleaser.yml

@@ -177,6 +177,9 @@ docker_manifests:
     - 'ghcr.io/tprasadtp/protonvpn:{{ .Version }}-amd64'
     - 'ghcr.io/tprasadtp/protonvpn:{{ .Version }}-arm64'
 
+checksum:
+  disable: true
+
 release:
   mode: replace
   prerelease: auto

Dockerfile

@@ -5,12 +5,11 @@ FROM base
 
 # hadolint ignore=DL3008,DL3009
 RUN --mount=type=tmpfs,target=/var/lib/apt/lists \
-    --mount=type=cache,sharing=private,target=/var/cache/apt \
+    --mount=type=tmpfs,target=/var/cache/apt \
     apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install \
         --yes \
         --no-install-recommends \
-        --option 'Binary::apt::APT::Keep-Downloaded-Packages=true' \
         ca-certificates \
         netcat-openbsd \
         curl \
@@ -33,4 +32,6 @@ COPY --chown=root:root --chmod=0755 protonwire /usr/bin/protonwire
 
 RUN ln -s /usr/bin/protonwire /usr/bin/protonvpn
 
-CMD [ "/usr/bin/protonwire", "connect", "--container" ]
+ENTRYPOINT [ "/usr/bin/protonwire" ]
+
+CMD [ "connect", "--container" ]

Makefile

@@ -6,7 +6,7 @@ endif
 export REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 
 ifeq ($(SHELLCHECK_VERSION),)
-	SHELLCHECK_VERSION := v0.9.0
+	SHELLCHECK_VERSION := v0.10.0
 endif
 
 # Set default goal to help
@@ -28,6 +28,7 @@ shellcheck: ## Runs shellcheck
 		-v $(REPO_ROOT)/protonwire:/protonwire:ro \
 		koalaman/shellcheck:$(SHELLCHECK_VERSION) \
 		--color=always \
+		--extended-analysis=true \
 		/protonwire
 
 .PHONY: docker
@@ -55,47 +56,6 @@ release: ## Build release
 release-prod: ## Build release and publish
 	goreleaser release --clean
 
-.PHONY: install
-install: ## Install protonwire
-	@if [[ ! -e /etc/polkit-1/localauthority/10-vendor.d ]]; then install -g root -o root -m 755 -d /etc/polkit-1/localauthority/10-vendor.d; fi
-	install -g root -o root -m 644 systemd/polkit/protonwire.pkla /etc/polkit-1/localauthority/10-vendor.d/protonwire.pkla
-
-	@if [[ ! -e /etc/sysctl.d ]]; then install -g root -o root -m 755 -d /etc/sysctl.d; fi
-	install -g root -o root -m 644 systemd/sysctl.d/protonwire.conf /etc/sysctl.d/protonwire.conf
-
-	@if [[ ! -e /etc/systemd/system ]]; then install -g root -o root -m 755 -d /etc/systemd/system; fi
-	install -g root -o root -m 644 systemd/system/protonwire.service /etc/systemd/system/protonwire.service
-
-	@if [[ ! -e /etc/sysusers.d ]]; then install -g root -o root -m 755 -d /etc/sysusers.d; fi
-	install -g root -o root -m 644 systemd/sysusers.d/protonwire.conf /etc/sysusers.d/protonwire.conf
-
-	@if [[ ! -e /etc/tmpfiles.d ]]; then install -g root -o root -m 755 -d /etc/tmpfiles.d; fi
-	install -g root -o root -m 644 systemd/tmpfiles.d/protonwire.conf /etc/tmpfiles.d/protonwire.conf
-
-	@if [[ ! -e /usr/local/bin ]]; then install -g root -o root -m 755 -d /usr/local/bin; fi
-	install -g root -o root -m 755 protonwire /usr/local/bin/protonwire
-
-	@if [[ ! -e /usr/local/man/man1 ]]; then install -g root -o root -m 755 -d /usr/local/man/man1; fi
-	help2man --no-info --manual="ProtonWire - ProtonVPN Wireguard Client" ./protonwire | install -g root -o root -m 644 /dev/stdin /usr/local/man/man1/protonwire.1
-
-	systemd-sysusers protonwire.conf
-	/usr/lib/systemd/systemd-sysctl protonwire.conf
-	systemd-tmpfiles --create protonwire.conf
-	systemctl daemon-reload
-
-.PHONY: uninstall
-uninstall: ## Uninstall protonwire
-	protonwire disable-killswitch || true
-	systemctl disable --now protonwire || true
-	rm -f /etc/polkit-1/localauthority/10-vendor.d/protonwire.pkla
-	rm -f /etc/sysctl.d/protonwire.conf
-	rm -f /etc/systemd/system/protonwire.service
-	rm -f /etc/sysusers.d/protonwire.conf
-	rm -f /etc/tmpfiles.d/protonwire.conf
-	rm -f /usr/local/man/man1/protonwire.1
-	rm -f /usr/local/bin/protonwire
-	systemctl daemon-reload
-
 .PHONY: clean
 clean: ## clean
 	rm -rf $(REPO_ROOT)/dist/
@@ -104,4 +64,4 @@ clean: ## clean
 .PHONY: update-readme
 update-readme: ## Update README
 	sed -i '/<!--diana::dynamic:protonwire-help:begin-->/,/<!--diana::dynamic:protonwire-help:end-->/!b;//!d;/<!--diana::dynamic:protonwire-help:end-->/e echo "<pre>" && ./protonwire --help && echo "</pre>"' README.md
-	sed -i '/<!--diana::dynamic:protonwire-sample-compose-file:begin-->/,/<!--diana::dynamic:protonwire-sample-compose-file:end-->/!b;//!d;/<!--diana::dynamic:protonwire-sample-compose-file:end-->/e echo "\\\`\\\`\\\`yaml" && cat docs/examples/docker-compose-demo.yml && echo "\\\`\\\`\\\`"' README.md
+	sed -i '/<!--diana::dynamic:protonwire-sample-compose-file:begin-->/,/<!--diana::dynamic:protonwire-sample-compose-file:end-->/!b;//!d;/<!--diana::dynamic:protonwire-sample-compose-file:end-->/e echo "\\\`\\\`\\\`yaml" && cat docs/examples/docker/docker-compose.yml && echo "\\\`\\\`\\\`"' README.md

docs/examples/container-protonwire-example-app.service

@@ -0,0 +1 @@
+# Podman Systemd Examples

docs/examples/container-protonwire.service

@@ -2,14 +2,18 @@
 Description=Example application using protonwire VPN container
 Documentation=https://github.com/tprasadtp/protonvpn-docker
 
+# Ensure protonwire container is started and healthy.
+Requires=protonwire.service
 After=protonwire.service
+
+# If protonwire container is stopped, this will be stopped as well.
 BindsTo=protonwire.service
 
 [Container]
-Pod=protonwire.pod
 Image=docker.io/library/caddy:latest
 Timezone=local
 RunInit=true
+Network=container:protonwire
 Exec=caddy reverse-proxy --change-host-header --from :8000 --to https://ip.me:443
 
 [Install]

docs/examples/docker-compose-demo.yml renamed to docs/examples/docker/docker-compose.yml

@@ -0,0 +1,63 @@
+[Unit]
+Description=ProtonVPN Container
+Documentation=https://github.com/tprasadtp/protonvpn-docker
+
+[Container]
+# Enable protonwire itself to handle systemd readiness protocol.
+# For podman 5.0 or later it might be tempting to use Notify=healthy
+# but container also posts status information like connected server and
+# exit IP which might be important.
+Notify=true
+
+# Container Name.
+#
+# Alternatively, pod can be used. But pod files are only supported on
+# podman 5.0 or later and require using PodmanArgs as Sysctl is not
+# recognized by the generator.
+ContainerName=protonwire
+
+# Runtime configuration
+Image=ghcr.io/tprasadtp/protonwire:7
+Timezone=local
+RunInit=true
+
+# Server Configuration.
+Environment=PROTONVPN_SERVER=node-nl-03.protonvpn.net
+Environment=KILL_SWITCH=1
+Environment=DEBUG=1
+
+# Private Key
+#
+# This MUST be created before enabling the service.
+Secret=protonwire-private-key,mode=600
+
+# Image specific extra permissions.
+AddCapability=NET_ADMIN
+Sysctl=net.ipv4.conf.all.rp_filter=2
+Sysctl=net.ipv6.conf.all.disable_ipv6=1
+
+# Mounts
+Tmpfs=/tmp
+
+# Healthcheck
+HealthCmd=protonwire check --container --quiet
+HealthInterval=2m
+HealthRetries=3
+HealthStartPeriod=30s
+HealthTimeout=20s
+
+# Ports
+#
+# This example only publishes a single port. port 8000 both on host and container.
+# Add as many ports as your applications require.
+#
+# Try to setup a reverse proxy which understands podman/docker and only expose ports
+# 443 and 80 (should redirect to 443). This ensures that you can reach hosted applications
+# using reverse proxy without re-configuring protonwire container every time a new service
+# is added. This is only a recommendation and not a requirement.
+# Do note that binding to ports < 1024 may require additional work if running in rootless mode.
+# See https://github.com/containers/podman/blob/master/rootless.md
+PublishPort=8000
+
+[Install]
+WantedBy=default.target