Skip to content

Commit

Permalink
Get rid of advanced Docker image and change cloud deployments to use …
Browse files Browse the repository at this point in the history
…ENABLE_PRIMITIVE=false (#428)

* Terraform fmt

* fmt

* Remove unsued tfsec and tflint

* Rename pipeline file

* k8s plain manifests linters

* Mkdocs for hetzner docs

* Docker update

* fix

* Apply suggestions from code review

* Test image building

* Get rid of advanced image from cloud

* Remove all mentions of advanced image

* fix action

* fix

* fix conflicts

* Pass -e ENABLE_PRIMITIVE=false to ansible

* Return action

* Revert Dockerfile

Co-authored-by: Bohdan Ivashko <[email protected]>
  • Loading branch information
Amet13 and arriven authored Mar 25, 2022
1 parent 01572db commit 9798c1e
Show file tree
Hide file tree
Showing 12 changed files with 31 additions and 24 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/kubernetes-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,5 @@ jobs:
uses: actions/checkout@v2
- name: Kubeval
uses: instrumenta/kubeval-action@master
with:
files: kubernetes/manifests/
8 changes: 4 additions & 4 deletions ansible/linux/setup.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@
shell: |
echo "docker exec vpn expressvpn disconnect" >> /run.sh
echo 'docker exec vpn expressvpn connect "$(shuf -n 1 /countries.txt)"' >> /run.sh
echo "docker run --name=db1000n --pull=always --net=container:vpn -e PUID=1000 -e PGID=1000 --rm -d ghcr.io/arriven/db1000n-advanced:latest" >> /run.sh
echo "docker run --name=db1000n --pull=always --net=container:vpn -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --rm -d ghcr.io/arriven/db1000n:latest" >> /run.sh
when: setup_vpn == True

- name: add docker run to cron script
shell: |
echo "docker run --name=db1000n --pull=always -e PUID=1000 -e PGID=1000 --rm -d ghcr.io/arriven/db1000n-advanced:latest" >> /run.sh
echo "docker run --name=db1000n --pull=always -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --rm -d ghcr.io/arriven/db1000n:latest" >> /run.sh
when: setup_vpn != True

- name: start VPN container
Expand Down Expand Up @@ -94,9 +94,9 @@
shell: (crontab -l ; echo '*/10 * * * * /usr/bin/sudo /run.sh') | crontab -

- name: initial Docker run with VPN
shell: docker run --name=db1000n --net=container:vpn -e PUID=1000 -e PGID=1000 --rm -d ghcr.io/arriven/db1000n-advanced:latest
shell: docker run --name=db1000n --net=container:vpn -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --rm -d ghcr.io/arriven/db1000n:latest
when: setup_vpn == True

- name: initial Docker run without VPN
shell: docker run --name=db1000n -e PUID=1000 -e PGID=1000 --rm -d ghcr.io/arriven/db1000n-advanced:latest
shell: docker run --name=db1000n -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --rm -d ghcr.io/arriven/db1000n:latest
when: setup_vpn != True
6 changes: 3 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ services:
# it will use config.json created by 'updater' container above
# this is set by specifying same volume and -c config/config.json
db1000n_01:
image: ghcr.io/arriven/db1000n-advanced
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_01:
Expand All @@ -144,7 +144,7 @@ services:
# it will use config.json created by 'updater' container above
# this is set by specifying same volume and -c config/config.json
db1000n_02:
image: ghcr.io/arriven/db1000n-advanced
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_02:
Expand All @@ -170,7 +170,7 @@ services:
# this Docker container will use VPN 03
# it will download config itself and won't access shared volume so those options are undefined here
db1000n_03:
image: ghcr.io/arriven/db1000n-advanced
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_03:
Expand Down
7 changes: 0 additions & 7 deletions docs/advanced-docs/advanced-and-devs.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,6 @@ Make sure you've set all available resources to docker:
- [Mac](https://docs.docker.com/desktop/mac/#resources)
- [Linux](https://docs.docker.com/desktop/linux/#resources)

???+ note

there are currently two images pointing to different configs for different usages in this repo:

- `ghcr.io/arriven/db1000n` - default image using primitive configs that make their claim on the amount of traffic generated
- `ghcr.io/arriven/db1000n-advanced` - image pointing to a more advanced config that has its goal in generating less traffic that is harder to detect and has more chances to actually get to the target and be processed by it (potentially exploiting known vulnerabilities). Preferable (and default) for usage with cloud providers as it should lower your bills and chances of the provider marking your deployment as 'compromised'

See [docker-vpn](docker-vpn.md) for instructions on setting it up

## Kubernetes
Expand Down
1 change: 0 additions & 1 deletion docs/faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@

Cloud providers could charge a huge amount of money not only for compute resources but for traffic as well.
If you run an app in the cloud please control your billing
(if you use Docker, ensure that use advanced image: `ghcr.io/arriven/db1000n-advanced`)

---

Expand Down
2 changes: 0 additions & 2 deletions docs/faq.uk.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,6 @@

Хмарні провайдери можуть стягувати величезні гроші не тільки за обчислювальні ресурси,
а й за трафік. Якщо ви запускаєте програму в хмарі, будь ласка, керуйте своїми платежами
(якщо ви використовуєте Docker, переконайтеся, що використовуєте розширене зображення:
`ghcr.io/arriven/db1000n-advanced`)

---

Expand Down
5 changes: 5 additions & 0 deletions kubernetes/helm-charts/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
{{- range .Values.envVars }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
Expand Down
6 changes: 5 additions & 1 deletion kubernetes/helm-charts/values.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
replicaCount: 1

image:
repository: ghcr.io/arriven/db1000n-advanced
repository: ghcr.io/arriven/db1000n
pullPolicy: Always
# Available images: https://github.com/Arriven/db1000n/pkgs/container/db1000n
tag: latest

envVars:
- name: "ENABLE_PRIMITIVE"
value: "false"

resources:
{}
# limits:
Expand Down
5 changes: 4 additions & 1 deletion kubernetes/manifests/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ spec:
spec:
containers:
- name: db1000n
image: ghcr.io/arriven/db1000n-advanced:latest
image: ghcr.io/arriven/db1000n:latest
env:
- name: ENABLE_PRIMITIVE
value: "false"
imagePullPolicy: Always
resources:
requests:
Expand Down
5 changes: 4 additions & 1 deletion kubernetes/manifests/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,10 @@ spec:
spec:
containers:
- name: db1000n
image: ghcr.io/arriven/db1000n-advanced:latest
image: ghcr.io/arriven/db1000n:latest
env:
- name: ENABLE_PRIMITIVE
value: "false"
imagePullPolicy: Always
resources:
requests:
Expand Down
4 changes: 2 additions & 2 deletions terraform/aws/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,9 @@ resource "aws_route_table_association" "subnet-association" {
locals {
proxy_run_cmd = <<EOF
PIPS=$(host -4 ${contains(keys(module.tor-proxy), "tor-proxy") ? module.tor-proxy["tor-proxy"].lb.dns_name : ""} | egrep -o '[0-9]+(\.[0-9]+){3}$' | awk '{printf("socks5://%s:9050\n", $0)}' | paste -d',' -s -)
docker run -ti -d --restart always ghcr.io/arriven/db1000n-advanced ./db1000n -proxy $PIPS
docker run -e ENABLE_PRIMITIVE=false -ti -d --restart always ghcr.io/arriven/db1000n ./db1000n -proxy $PIPS
EOF
no_proxy_run_cmd = "docker run -ti -d --restart always ghcr.io/arriven/db1000n-advanced"
no_proxy_run_cmd = "docker run -e ENABLE_PRIMITIVE=false -ti -d --restart always ghcr.io/arriven/db1000n"
docker_run_cmd = var.enable_tor_proxy ? local.proxy_run_cmd : local.no_proxy_run_cmd
}

Expand Down
4 changes: 2 additions & 2 deletions terraform/gcp_expressvpn/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -125,13 +125,13 @@ cat <<EOF >> ./run.sh
docker stop db1000n
docker exec vpn expressvpn disconnect
docker exec vpn expressvpn connect "$(shuf -n 1 /countries.txt)"
docker run --name=db1000n --pull=always --net=container:vpn -e PUID=1000 -e PGID=1000 --log-driver=gcplogs --rm -d ghcr.io/arriven/db1000n-advanced:latest
docker run --name=db1000n --pull=always --net=container:vpn -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --log-driver=gcplogs --rm -d ghcr.io/arriven/db1000n:latest
EOF
chmod +x ./run.sh
(crontab -l ; echo '*/10 * * * * /usr/bin/sudo /run.sh') | crontab -
docker run --name=db1000n --net=container:vpn -e PUID=1000 -e PGID=1000 --log-driver=gcplogs --rm -d ghcr.io/arriven/db1000n-advanced:latest
docker run --name=db1000n --net=container:vpn -e PUID=1000 -e PGID=1000 -e ENABLE_PRIMITIVE=false --log-driver=gcplogs --rm -d ghcr.io/arriven/db1000n:latest
EOT

Expand Down

0 comments on commit 9798c1e

Please sign in to comment.