Merge pull request #14 from balena-io/vpn

vpn requirements

Vagrantfile

@@ -25,4 +25,7 @@ Vagrant.configure('2') do |config|
 
   config.vm.provision :shell, privileged: false,
     inline: "cd /home/vagrant/open-balena && ./scripts/quickstart -p -d #{ENV.fetch('OPENBALENA_DOMAIN', 'openbalena.local')}"
+
+  config.vm.provision :shell, privileged: false,
+    inline: "echo 'cd ~/open-balena' >> ~/.bashrc"
 end

compose/services.yml

@@ -26,7 +26,7 @@ services:
       DB_USER: docker
       DELTA_HOST: delta.${OPENBALENA_HOST_NAME}
       DEVICE_CONFIG_OPENVPN_CONFIG: ${OPENBALENA_VPN_CONFIG}
-      DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA}
+      DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN}
       DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS}
       HOST: api.${OPENBALENA_HOST_NAME}
       IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME}
@@ -144,6 +144,7 @@ services:
       - "80:80"
       - "222:222"
       - "443:443"
+      - "3128:3128"
       - "5432:5432"
       - "6379:6379"
     networks:

haproxy/haproxy.cfg

@@ -103,3 +103,8 @@ frontend redis
 backend backend_redis
   mode tcp
   server resin_redis_1 redis:6379 check port 6379
+
+listen vpn-tunnel
+  mode tcp
+  bind *:3128
+  server balena_vpn vpn:3128 check port 3128

scripts/make-env

@@ -76,6 +76,7 @@ export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT")
 export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY")
 export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID")
 export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA")
+export OPENBALENA_VPN_CA_CHAIN=$(b64encode "$ROOT_CA" "$VPN_CA")
 export OPENBALENA_VPN_CONFIG=$VPN_CONFIG
 export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT")
 export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY")