diff --git a/Vagrantfile b/Vagrantfile index d1ff12b..440d869 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -25,4 +25,7 @@ Vagrant.configure('2') do |config| config.vm.provision :shell, privileged: false, inline: "cd /home/vagrant/open-balena && ./scripts/quickstart -p -d #{ENV.fetch('OPENBALENA_DOMAIN', 'openbalena.local')}" + + config.vm.provision :shell, privileged: false, + inline: "echo 'cd ~/open-balena' >> ~/.bashrc" end diff --git a/compose/services.yml b/compose/services.yml index f76b2fb..e06774b 100644 --- a/compose/services.yml +++ b/compose/services.yml @@ -26,7 +26,7 @@ services: DB_USER: docker DELTA_HOST: delta.${OPENBALENA_HOST_NAME} DEVICE_CONFIG_OPENVPN_CONFIG: ${OPENBALENA_VPN_CONFIG} - DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA} + DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN} DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS} HOST: api.${OPENBALENA_HOST_NAME} IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME} @@ -144,6 +144,7 @@ services: - "80:80" - "222:222" - "443:443" + - "3128:3128" - "5432:5432" - "6379:6379" networks: diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index ff2af6a..b33137e 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -103,3 +103,8 @@ frontend redis backend backend_redis mode tcp server resin_redis_1 redis:6379 check port 6379 + +listen vpn-tunnel + mode tcp + bind *:3128 + server balena_vpn vpn:3128 check port 3128 diff --git a/scripts/make-env b/scripts/make-env index 53bd4a4..55cce30 100755 --- a/scripts/make-env +++ b/scripts/make-env @@ -76,6 +76,7 @@ export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT") export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY") export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID") export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA") +export OPENBALENA_VPN_CA_CHAIN=$(b64encode "$ROOT_CA" "$VPN_CA") export OPENBALENA_VPN_CONFIG=$VPN_CONFIG export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT") export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY")