From 4aeb700019c3796d00d0b5406519ee8f4f6705a0 Mon Sep 17 00:00:00 2001
From: Otto Seiskari <otto.seiskari@gmail.com>
Date: Mon, 20 Aug 2018 22:13:40 +0300
Subject: [PATCH] openvpn config

---
 .gitignore                      |  3 +++
 Dockerfile                      |  7 +++++++
 files/start-openvpn-blocking.sh | 11 +++++++++++
 files/start.sh                  | 18 ++++++++++++++++++
 run.sh                          | 12 ++++++++++--
 5 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore
 create mode 100755 files/start-openvpn-blocking.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..617b4b2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+openvpn
+local
+*~
diff --git a/Dockerfile b/Dockerfile
index a0adb19..7510d02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,10 +7,17 @@ RUN export uid=1000 gid=1000 && \
     echo "user:x:${uid}:" >> /etc/group && \
     chown ${uid}:${gid} -R /home/user
 
+RUN apt-get install -y openvpn
+RUN apt-get install -y curl sudo
+
+RUN echo "user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user && \
+  chmod 0440 /etc/sudoers.d/user
+
 USER user
 
 COPY files/user.js /home/user/
 COPY files/start.sh /home/user/
+COPY files/start-openvpn-blocking.sh /home/user/
 
 ENV HOME /home/user
 CMD /bin/bash /home/user/start.sh
diff --git a/files/start-openvpn-blocking.sh b/files/start-openvpn-blocking.sh
new file mode 100755
index 0000000..2eed457
--- /dev/null
+++ b/files/start-openvpn-blocking.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -eux -o pipefail
+
+CONF="$1"
+sudo openvpn "$CONF" > "$HOME/openvpn.log" &
+
+while [ `tail "$HOME/openvpn.log" | grep "Initialization Sequence Completed" | wc -l` == "0" ];
+do
+  # echo "still not done"
+  sleep 2
+done
diff --git a/files/start.sh b/files/start.sh
index 2e3b4b6..1544a39 100644
--- a/files/start.sh
+++ b/files/start.sh
@@ -8,5 +8,23 @@ if [ ! -d "$HOME/.mozilla" ]; then
   mv $HOME/user.js `find $HOME/.mozilla/firefox -type d | grep .default`
 fi
 
+OPENVPN_CONF='/etc/openvpn/openvpn.conf'
+if [ -f "$OPENVPN_CONF" ]; then
+  "$HOME/start-openvpn-blocking.sh" "$OPENVPN_CONF"
+else
+  echo "no OpenVPN config"
+fi
+
+if [ ! -z ${ASSERT_COUNTRY+x} ]; then
+  IP_COUNTRY=`curl ifconfig.co/country`
+  echo " ---------------------------------------------------------------"
+  echo "      The IP of this container seems to be in $IP_COUNTRY"
+  echo " ---------------------------------------------------------------"
+  if [ "$IP_COUNTRY" != "$ASSERT_COUNTRY" ]; then
+    echo "*** does not match $ASSERT_COUNTRY ***"
+    exit 1
+  fi
+fi
+
 # Start firefox
 firefox
diff --git a/run.sh b/run.sh
index 3fdff1b..df4ca86 100755
--- a/run.sh
+++ b/run.sh
@@ -1,2 +1,10 @@
-#!/bin/sh
-docker run -ti --rm -e DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix docker-vpn-browser
+#!/bin/bash
+set -eux
+docker run -ti --rm -e DISPLAY \
+  --privileged \
+  -v /tmp/.X11-unix:/tmp/.X11-unix \
+  -v `pwd`/openvpn:/etc/openvpn \
+  -v `pwd`/dbip:/home/user/dbip \
+  -e ASSERT_COUNTRY \
+  --dns 1.1.1.1 \
+  docker-vpn-browser