Dockerize, and switch back to main boringtun repo

.dockerignore

@@ -0,0 +1,5 @@
+/.git/
+/target
+/.idea
+.envrc
+/Dockerfile

Cargo.lock

@@ -85,7 +85,7 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 [[package]]
 name = "boringtun"
 version = "0.3.0"
-source = "git+https://github.com/aramperes/boringtun.git?branch=onetun#d93c5db55172ef6133b21301fbf07ec315e00e03"
+source = "git+https://github.com/cloudflare/boringtun?branch=master#fbcf2689e7776a5af805c5a38feb5c8988829980"
 dependencies = [
  "base64",
  "clap",

Cargo.toml

@@ -6,7 +6,7 @@ edition = "2018"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-boringtun = { git = "https://github.com/aramperes/boringtun.git", branch = "onetun" }
+boringtun = { git = "https://github.com/cloudflare/boringtun", branch = "master" }
 clap = { version = "2.33", default-features = false, features = ["suggestions"] }
 log = "0.4"
 pretty_env_logger = "0.3"

Dockerfile

@@ -0,0 +1,25 @@
+FROM rust:1.55 as cargo-build
+RUN apt-get update
+
+WORKDIR /usr/src/onetun
+COPY Cargo.toml Cargo.toml
+
+# Placeholder to download dependencies and cache them using layering
+RUN mkdir src/
+RUN echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs
+RUN cargo build --release
+RUN rm -f target/x86_64-unknown-linux-musl/release/deps/myapp*
+
+# Build the actual project
+COPY . .
+RUN cargo build --release
+
+FROM debian:11-slim
+
+COPY --from=cargo-build /usr/src/onetun/target/release/onetun /usr/local/bin/onetun
+
+# Run as non-root
+RUN chown 1000 /usr/local/bin/onetun
+USER 1000
+
+ENTRYPOINT ["/usr/local/bin/onetun"]

src/config.rs

@@ -14,6 +14,7 @@ pub struct Config {
     pub(crate) endpoint_addr: SocketAddr,
     pub(crate) source_peer_ip: IpAddr,
     pub(crate) keepalive_seconds: Option<u16>,
+    pub(crate) log: String,
 }
 
 impl Config {
@@ -61,7 +62,14 @@ impl Config {
                     .takes_value(true)
                     .long("keep-alive")
                     .env("ONETUN_KEEP_ALIVE")
-                    .help("Configures a persistent keep-alive for the WireGuard tunnel, in seconds.")
+                    .help("Configures a persistent keep-alive for the WireGuard tunnel, in seconds."),
+                Arg::with_name("log")
+                    .required(false)
+                    .takes_value(true)
+                    .long("log")
+                    .env("ONETUN_LOG")
+                    .default_value("info")
+                    .help("Configures the log level and format.")
             ]).get_matches();
 
         Ok(Self {
@@ -83,6 +91,7 @@ impl Config {
                 .with_context(|| "Invalid source peer IP")?,
             keepalive_seconds: parse_keep_alive(matches.value_of("keep-alive"))
                 .with_context(|| "Invalid keep-alive value")?,
+            log: matches.value_of("log").unwrap_or_default().into(),
         })
     }
 }

src/main.rs

@@ -26,8 +26,8 @@ pub const MAX_PACKET: usize = 65536;
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-    pretty_env_logger::try_init_timed_custom_env("ONETUN_LOG").unwrap();
     let config = Config::from_args().with_context(|| "Failed to read config")?;
+    init_logger(&config)?;
     let port_pool = Arc::new(PortPool::new());
 
     let wg = WireGuardTunnel::new(&config, port_pool.clone())
@@ -379,3 +379,11 @@ async fn virtual_tcp_interface(
     abort.store(true, Ordering::Relaxed);
     Ok(())
 }
+
+fn init_logger(config: &Config) -> anyhow::Result<()> {
+    let mut builder = pretty_env_logger::formatted_builder();
+    builder.parse_filters(&config.log);
+    builder
+        .try_init()
+        .with_context(|| "Failed to initialize logger")
+}