From b4317dad1a3045c271330bb671686f2f0e5f189d Mon Sep 17 00:00:00 2001
From: Aram Peres <aram.peres@wavy.fm>
Date: Fri, 15 Oct 2021 20:05:18 -0400
Subject: [PATCH] Dockerize, and switch back to main boringtun repo

---
 .dockerignore |  5 +++++
 Cargo.lock    |  2 +-
 Cargo.toml    |  2 +-
 Dockerfile    | 25 +++++++++++++++++++++++++
 src/config.rs | 11 ++++++++++-
 src/main.rs   | 10 +++++++++-
 6 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..674ccdf
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+/.git/
+/target
+/.idea
+.envrc
+/Dockerfile
diff --git a/Cargo.lock b/Cargo.lock
index b2d6da8..46d5ff0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -85,7 +85,7 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 [[package]]
 name = "boringtun"
 version = "0.3.0"
-source = "git+https://github.com/aramperes/boringtun.git?branch=onetun#d93c5db55172ef6133b21301fbf07ec315e00e03"
+source = "git+https://github.com/cloudflare/boringtun?branch=master#fbcf2689e7776a5af805c5a38feb5c8988829980"
 dependencies = [
  "base64",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index 7e64826..9f288a0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2018"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-boringtun = { git = "https://github.com/aramperes/boringtun.git", branch = "onetun" }
+boringtun = { git = "https://github.com/cloudflare/boringtun", branch = "master" }
 clap = { version = "2.33", default-features = false, features = ["suggestions"] }
 log = "0.4"
 pretty_env_logger = "0.3"
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..bd01361
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,25 @@
+FROM rust:1.55 as cargo-build
+RUN apt-get update
+
+WORKDIR /usr/src/onetun
+COPY Cargo.toml Cargo.toml
+
+# Placeholder to download dependencies and cache them using layering
+RUN mkdir src/
+RUN echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs
+RUN cargo build --release
+RUN rm -f target/x86_64-unknown-linux-musl/release/deps/myapp*
+
+# Build the actual project
+COPY . .
+RUN cargo build --release
+
+FROM debian:11-slim
+
+COPY --from=cargo-build /usr/src/onetun/target/release/onetun /usr/local/bin/onetun
+
+# Run as non-root
+RUN chown 1000 /usr/local/bin/onetun
+USER 1000
+
+ENTRYPOINT ["/usr/local/bin/onetun"]
diff --git a/src/config.rs b/src/config.rs
index 1a5ebeb..e8b71a4 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -14,6 +14,7 @@ pub struct Config {
     pub(crate) endpoint_addr: SocketAddr,
     pub(crate) source_peer_ip: IpAddr,
     pub(crate) keepalive_seconds: Option<u16>,
+    pub(crate) log: String,
 }
 
 impl Config {
@@ -61,7 +62,14 @@ impl Config {
                     .takes_value(true)
                     .long("keep-alive")
                     .env("ONETUN_KEEP_ALIVE")
-                    .help("Configures a persistent keep-alive for the WireGuard tunnel, in seconds.")
+                    .help("Configures a persistent keep-alive for the WireGuard tunnel, in seconds."),
+                Arg::with_name("log")
+                    .required(false)
+                    .takes_value(true)
+                    .long("log")
+                    .env("ONETUN_LOG")
+                    .default_value("info")
+                    .help("Configures the log level and format.")
             ]).get_matches();
 
         Ok(Self {
@@ -83,6 +91,7 @@ impl Config {
                 .with_context(|| "Invalid source peer IP")?,
             keepalive_seconds: parse_keep_alive(matches.value_of("keep-alive"))
                 .with_context(|| "Invalid keep-alive value")?,
+            log: matches.value_of("log").unwrap_or_default().into(),
         })
     }
 }
diff --git a/src/main.rs b/src/main.rs
index 57a13b4..9811071 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -26,8 +26,8 @@ pub const MAX_PACKET: usize = 65536;
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-    pretty_env_logger::try_init_timed_custom_env("ONETUN_LOG").unwrap();
     let config = Config::from_args().with_context(|| "Failed to read config")?;
+    init_logger(&config)?;
     let port_pool = Arc::new(PortPool::new());
 
     let wg = WireGuardTunnel::new(&config, port_pool.clone())
@@ -379,3 +379,11 @@ async fn virtual_tcp_interface(
     abort.store(true, Ordering::Relaxed);
     Ok(())
 }
+
+fn init_logger(config: &Config) -> anyhow::Result<()> {
+    let mut builder = pretty_env_logger::formatted_builder();
+    builder.parse_filters(&config.log);
+    builder
+        .try_init()
+        .with_context(|| "Failed to initialize logger")
+}