ARG ALPINE_VERSION=3.16

FROM alpine:${ALPINE_VERSION}
ARG ALPINE_VERSION

LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \
      zero-downtime.net.image.license="AGPLv3"

RUN cd /etc/apk/keys && \
    wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
    echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \
    apk upgrade -U --available --no-cache && \
    apk add --no-cache \
      openvpn \
      nftables \
      bash \
      easy-rsa \
      openvpn-auth-pam \
      google-authenticator \
      libqrencode \
      openvpn_exporter@kubezero && \
      ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin

# Needed by scripts
ENV OPENVPN=/etc/openvpn
ENV EASYRSA=/usr/share/easy-rsa \
    EASYRSA_CRL_DAYS=3650 \
    EASYRSA_PKI=$OPENVPN/pki

VOLUME ["/etc/openvpn"]

EXPOSE 1194/udp
EXPOSE 9176/tcp

CMD ["ovpn_run"]

ADD ./bin /usr/local/bin
RUN chmod a+x /usr/local/bin/*

# Add support for OTP authentication using a PAM module
ADD ./otp/openvpn /etc/pam.d/