openvpn config

.gitignore

@@ -0,0 +1,3 @@
+openvpn
+local
+*~

Dockerfile

@@ -7,10 +7,17 @@ RUN export uid=1000 gid=1000 && \
     echo "user:x:${uid}:" >> /etc/group && \
     chown ${uid}:${gid} -R /home/user
 
+RUN apt-get install -y openvpn
+RUN apt-get install -y curl sudo
+
+RUN echo "user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user && \
+  chmod 0440 /etc/sudoers.d/user
+
 USER user
 
 COPY files/user.js /home/user/
 COPY files/start.sh /home/user/
+COPY files/start-openvpn-blocking.sh /home/user/
 
 ENV HOME /home/user
 CMD /bin/bash /home/user/start.sh

files/start-openvpn-blocking.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -eux -o pipefail
+
+CONF="$1"
+sudo openvpn "$CONF" > "$HOME/openvpn.log" &
+
+while [ `tail "$HOME/openvpn.log" | grep "Initialization Sequence Completed" | wc -l` == "0" ];
+do
+  # echo "still not done"
+  sleep 2
+done

files/start.sh

@@ -8,5 +8,23 @@ if [ ! -d "$HOME/.mozilla" ]; then
   mv $HOME/user.js `find $HOME/.mozilla/firefox -type d | grep .default`
 fi
 
+OPENVPN_CONF='/etc/openvpn/openvpn.conf'
+if [ -f "$OPENVPN_CONF" ]; then
+  "$HOME/start-openvpn-blocking.sh" "$OPENVPN_CONF"
+else
+  echo "no OpenVPN config"
+fi
+
+if [ ! -z ${ASSERT_COUNTRY+x} ]; then
+  IP_COUNTRY=`curl ifconfig.co/country`
+  echo " ---------------------------------------------------------------"
+  echo "      The IP of this container seems to be in $IP_COUNTRY"
+  echo " ---------------------------------------------------------------"
+  if [ "$IP_COUNTRY" != "$ASSERT_COUNTRY" ]; then
+    echo "*** does not match $ASSERT_COUNTRY ***"
+    exit 1
+  fi
+fi
+
 # Start firefox
 firefox

run.sh

@@ -1,2 +1,10 @@
-#!/bin/sh
-docker run -ti --rm -e DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix docker-vpn-browser
+#!/bin/bash
+set -eux
+docker run -ti --rm -e DISPLAY \
+  --privileged \
+  -v /tmp/.X11-unix:/tmp/.X11-unix \
+  -v `pwd`/openvpn:/etc/openvpn \
+  -v `pwd`/dbip:/home/user/dbip \
+  -e ASSERT_COUNTRY \
+  --dns 1.1.1.1 \
+  docker-vpn-browser