| # debian.sh --arch 'amd64' out/ 'trixie' '@1782172800' |
| /bin/sh -c apt-get update && apt-get install -y --no-install-recommends easy-rsa openssl ca-certificates curl && rm -rf /var/lib/apt/lists/* |
| /bin/sh -c useradd --system --uid 10002 --user-group --no-create-home --shell /usr/sbin/nologin vpnsigner |
| COPY file:caa35064f7fb3b6a82a4922e069438c5296d77a33a98b9d062170f91e1778d81 in /usr/local/bin/vpn-signer |
| ENV VPN_SIGNER_BIND=0.0.0.0:8080 VPN_SIGNER_EASYRSA_BIN=/usr/share/easy-rsa/easyrsa VPN_SIGNER_EASYRSA_DIR=/etc/openvpn/easy-rsa VPN_SIGNER_TA_KEY=/etc/openvpn/ta.key VPN_SIGNER_CRL_PUBLISH=/etc/openvpn/crl/crl.pem RUST_LOG=info |
| EXPOSE 8080 |
| USER vpnsigner:vpnsigner |
| HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD curl -sf http://127.0.0.1:8080/healthz | grep -q ok || exit 1 |
| ENTRYPOINT ["/usr/local/bin/vpn-signer"] |