added tailscale-mullvad-router container

heywoodlh · Nov 6, 2024 · 900c4bd · 900c4bd
1 parent 1f5b93d
commit 900c4bd
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/tailscale-mullvad-router/Dockerfile b/tailscale-mullvad-router/Dockerfile
@@ -0,0 +1,17 @@
+FROM docker.io/tailscale/tailscale:latest
+
+# Install Wireguard
+RUN apk --no-cache add -U wireguard-tools
+
+# Environment vars
+ENV TS_AUTH_ONCE="true"
+ENV TS_STATE_DIR="/var/lib/tailscale"
+ENV TS_ROUTES="10.64.0.1/32"
+ENV TS_HOSTNAME="mullvad-socks-router"
+
+# Tailscale volumes
+VOLUME /var/lib/tailscale
+VOLUME /dev/net/tun
+
+COPY start.sh /start.sh
+CMD ["/start.sh"]
diff --git a/tailscale-mullvad-router/start.sh b/tailscale-mullvad-router/start.sh
@@ -0,0 +1,31 @@
+#!/bin/ash
+
+export error="false"
+# Check for required environment variables
+[[ -z ${WIREGUARD_ADDRESS} ]] && echo "Wireguard address not set." && export error="true"
+[[ -z ${WIREGUARD_PRIVKEY} ]] && echo "Wireguard key not set." && export error="true"
+[[ -z ${WIREGUARD_ENDPOINT} ]] && echo "Wireguard endpoint not set." && export error="true"
+[[ -z ${WIREGUARD_ENDPOINT_PUBKEY} ]] && echo "Wireguard endpoint public key not set." && export error="true"
+[[ -z ${TS_AUTHKEY} ]] && echo "Tailscale auth key not set. Exiting." && export error="true"
+
+# If error encountered, exit
+[[ "${error}" == "true" ]] && echo "Error encountered. Exiting." && exit 3
+
+# Configure Mullvad Wireguard
+cat >/etc/wireguard/mullvad.conf <<EOL
+[Interface]
+PrivateKey = ${WIREGUARD_PRIVKEY}
+Address = ${WIREGUARD_ADDRESS}
+
+[Peer]
+PublicKey = ${WIREGUARD_ENDPOINT_PUBKEY}
+AllowedIPs = 10.64.0.1
+Endpoint = ${WIREGUARD_ENDPOINT}
+EOL
+
+set -ex
+# Bring Mullvad tunnel online
+wg-quick up mullvad
+
+# Bring Tailscale up
+/usr/local/bin/containerboot