First Commit

2025-11-19 16:23:45 +07:00
commit dbdc5bcc4a
1791 changed files with 489451 additions and 0 deletions
--- a/ext/central-controller-docker/Dockerfile
+++ b/ext/central-controller-docker/Dockerfile
@@ -0,0 +1,15 @@
+# Dockerfile for ZeroTier Central Controllers
+FROM registry.zerotier.com/zerotier/ctlbuild:latest as builder
+MAINTAINER Adam Ierymekno <adam.ierymenko@zerotier.com>, Grant Limberg <grant.limberg@zerotier.com>
+ADD . /ZeroTierOne
+RUN export PATH=$PATH:~/.cargo/bin && cd ZeroTierOne && make clean && make central-controller -j8
+
+FROM registry.zerotier.com/zerotier/ctlrun:latest
+COPY --from=builder /ZeroTierOne/zerotier-one /usr/local/bin/zerotier-one
+RUN chmod a+x /usr/local/bin/zerotier-one
+RUN echo "/usr/local/lib64" > /etc/ld.so.conf.d/usr-local-lib64.conf && ldconfig
+
+ADD ext/central-controller-docker/main.sh /
+RUN chmod a+x /main.sh
+
+ENTRYPOINT /main.sh
--- a/ext/central-controller-docker/Dockerfile.builder
+++ b/ext/central-controller-docker/Dockerfile.builder
@@ -0,0 +1,26 @@
+# Dockerfile for building ZeroTier Central Controllers
+FROM ubuntu:jammy as builder
+MAINTAINER Adam Ierymekno <adam.ierymenko@zerotier.com>, Grant Limberg <grant.limberg@zerotier.com>
+
+ARG git_branch=master
+
+RUN apt update && apt upgrade -y
+RUN apt -y install \
+    build-essential \
+    pkg-config \
+    bash \
+    clang \
+    libjemalloc2 \
+    libjemalloc-dev \
+    libpq5 \
+    libpq-dev \
+    openssl \
+    libssl-dev \
+    postgresql-client \
+    postgresql-client-common \
+    curl \
+    google-perftools \
+    libgoogle-perftools-dev \
+    protobuf-compiler 
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
--- a/ext/central-controller-docker/Dockerfile.run_base
+++ b/ext/central-controller-docker/Dockerfile.run_base
@@ -0,0 +1,15 @@
+FROM ubuntu:jammy
+
+RUN apt update && apt upgrade -y
+
+RUN apt -y install \
+    netcat \
+    postgresql-client \
+    postgresql-client-common \
+    libjemalloc2 \
+    libpq5 \
+    curl \
+    binutils \
+    linux-tools-gke \
+    perf-tools-unstable \
+    google-perftools 
--- a/ext/central-controller-docker/Makefile
+++ b/ext/central-controller-docker/Makefile
@@ -0,0 +1,16 @@
+registry = registry.zerotier.com/zerotier
+
+all:	controller-builder controller-runbase
+
+buildx:
+	@echo "docker buildx create"
+	# docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+	docker run --privileged --rm tonistiigi/binfmt --install all
+	@echo docker buildx create --name multiarch --driver docker-container --use
+	@echo docker buildx inspect --bootstrap
+
+controller-builder:	buildx
+	docker buildx build --no-cache --platform linux/amd64,linux/arm64 -t $(registry)/ctlbuild:latest -f Dockerfile.builder . --push
+
+controller-runbase: buildx
+	docker buildx build --no-cache --platform linux/amd64,linux/arm64 -t $(registry)/ctlrun:latest -f Dockerfile.run_base . --push
--- a/ext/central-controller-docker/README.md
+++ b/ext/central-controller-docker/README.md
@@ -0,0 +1,3 @@
+# ZeroTier Central Controller Docker Image
+
+Dockerfile & startup script for use with [ZeroTier Central](https://my.zerotier.com).  Not intended for public use.
--- a/ext/central-controller-docker/main.sh
+++ b/ext/central-controller-docker/main.sh
@@ -0,0 +1,115 @@
+#!/bin/bash
+
+if [ -z "$ZT_IDENTITY_PATH" ]; then
+    echo '*** FAILED: ZT_IDENTITY_PATH environment variable is not defined'
+    exit 1
+fi
+if [ -z "$ZT_DB_HOST" ]; then
+    echo '*** FAILED: ZT_DB_HOST environment variable not defined'
+    exit 1
+fi
+if [ -z "$ZT_DB_PORT" ]; then
+    echo '*** FAILED: ZT_DB_PORT environment variable not defined'
+    exit 1
+fi
+if [ -z "$ZT_DB_NAME" ]; then
+    echo '*** FAILED: ZT_DB_NAME environment variable not defined'
+    exit 1
+fi
+if [ -z "$ZT_DB_USER" ]; then
+    echo '*** FAILED: ZT_DB_USER environment variable not defined'
+    exit 1
+fi
+if [ -z "$ZT_DB_PASSWORD" ]; then
+    echo '*** FAILED: ZT_DB_PASSWORD environment variable not defined'
+    exit 1
+fi
+
+REDIS=""
+if [ "$ZT_USE_REDIS" == "true" ]; then
+    if [ -z "$ZT_REDIS_HOST" ]; then
+        echo '*** FAILED: ZT_REDIS_HOST environment variable not defined'
+        exit 1
+    fi
+
+    if [ -z "$ZT_REDIS_PORT" ]; then
+        echo '*** FAILED: ZT_REDIS_PORT enivronment variable not defined'
+        exit 1
+    fi
+
+    if [ -z "$ZT_REDIS_CLUSTER_MODE" ]; then
+        echo '*** FAILED: ZT_REDIS_CLUSTER_MODE environment variable not defined'
+        exit 1
+    fi
+
+    REDIS="\"redis\": {
+            \"hostname\": \"${ZT_REDIS_HOST}\",
+            \"port\": ${ZT_REDIS_PORT},
+            \"clusterMode\": ${ZT_REDIS_CLUSTER_MODE},
+            \"password\": \"${ZT_REDIS_PASSWORD}\"
+        }
+    "
+else
+    REDIS="\"redis\": null"
+fi
+
+mkdir -p /var/lib/zerotier-one
+
+pushd /var/lib/zerotier-one
+ln -s $ZT_IDENTITY_PATH/identity.public identity.public
+ln -s $ZT_IDENTITY_PATH/identity.secret identity.secret
+if [ -f  "$ZT_IDENTITY_PATH/authtoken.secret" ]; then
+    ln -s $ZT_IDENTITY_PATH/authtoken.secret authtoken.secret
+fi
+popd
+
+DEFAULT_PORT=9993
+DEFAULT_LB_MODE=false
+
+APP_NAME="controller-$(cat /var/lib/zerotier-one/identity.public | cut -d ':' -f 1)"
+
+echo "{
+    \"settings\": {
+        \"controllerDbPath\": \"postgres:host=${ZT_DB_HOST} port=${ZT_DB_PORT} dbname=${ZT_DB_NAME} user=${ZT_DB_USER} password=${ZT_DB_PASSWORD} application_name=${APP_NAME} sslmode=prefer sslcert=${DB_CLIENT_CERT} sslkey=${DB_CLIENT_KEY} sslrootcert=${DB_SERVER_CA}\",
+        \"portMappingEnabled\": true,
+        \"softwareUpdate\": \"disable\",
+        \"interfacePrefixBlacklist\": [
+            \"inot\",
+            \"nat64\"
+        ],
+        \"lowBandwidthMode\": ${ZT_LB_MODE:-$DEFAULT_LB_MODE},
+        \"ssoRedirectURL\": \"${ZT_SSO_REDIRECT_URL}\",
+        \"allowManagementFrom\": [\"127.0.0.1\", \"::1\", \"10.0.0.0/8\"],
+        ${REDIS}
+    }
+}    
+" > /var/lib/zerotier-one/local.conf
+
+if [ -n "$DB_SERVER_CA" ]; then
+    echo "secret list"
+    chmod 600 /secrets/db/*.pem
+    ls -l /secrets/db/
+    until /usr/bin/pg_isready -h ${ZT_DB_HOST} -p ${ZT_DB_PORT} -d "sslmode=prefer sslcert=${DB_CLIENT_CERT} sslkey=${DB_CLIENT_KEY} sslrootcert=${DB_SERVER_CA}"; do
+	    echo "Waiting for PostgreSQL...";
+	    sleep 2;
+    done
+else
+    until /usr/bin/pg_isready -h ${ZT_DB_HOST} -p ${ZT_DB_PORT}; do
+	    echo "Waiting for PostgreSQL...";
+	    sleep 2;
+    done
+fi
+
+if [ -n "$ZT_TEMPORAL_HOST" ] && [ -n "$ZT_TEMPORAL_PORT" ]; then
+    echo "waiting for temporal..."
+    while ! nc -z ${ZT_TEMPORAL_HOST} ${ZT_TEMPORAL_PORT}; do
+        echo "waiting...";
+        sleep 1;
+    done
+    echo "Temporal is up"
+fi
+
+export GLIBCXX_FORCE_NEW=1
+export GLIBCPP_FORCE_NEW=1
+export LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
+exec /usr/local/bin/zerotier-one -p${ZT_CONTROLLER_PORT:-$DEFAULT_PORT} /var/lib/zerotier-one