ARG ALPINE_VERSION=3.15

FROM alpine:${ALPINE_VERSION}

LABEL zero-downtime.net.image.maintainer="stefan@zero-downtime.net" \
      zero-downtime.net.image.license="AGPLv3"

RUN apk upgrade -U --available --no-cache && \
    apk add --no-cache \
    openvpn \
    nftables \
    bash \
    easy-rsa \
    openvpn-auth-pam \
    google-authenticator \
    libqrencode && \
    ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin

# Needed by scripts
ENV OPENVPN=/etc/openvpn
ENV EASYRSA=/usr/share/easy-rsa \
    EASYRSA_CRL_DAYS=3650 \
    EASYRSA_PKI=$OPENVPN/pki

VOLUME ["/etc/openvpn"]

EXPOSE 1194/udp

CMD ["ovpn_run"]

ADD ./bin /usr/local/bin
RUN chmod a+x /usr/local/bin/*

# Add support for OTP authentication using a PAM module
ADD ./otp/openvpn /etc/pam.d/