feat: First version (#2)

.github/workflows/ci.yml

@@ -6,7 +6,7 @@ on:
   pull_request:
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/dhcp"
 
 jobs:
   build:

.github/workflows/ci_cd.yml

@@ -5,7 +5,7 @@ on:
       - master
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/dhcp"
 
 jobs:
   build:

.github/workflows/regular_scan.yml

@@ -4,7 +4,7 @@ on:
     - cron: '0 6 * * *'
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/dhcp"
 
 jobs:
   build:

Dockerfile

@@ -1 +1,21 @@
-FROM alpine
+FROM homecentr/base:2.4.3-alpine
+
+ENV DHCP_ARGS=""
+
+RUN apk add --no-cache \
+        dhcp=4.4.2-r1 \
+        libcap=2.27-r0 && \
+    rm /etc/dhcp/dhcpd.conf.example && \
+    mkdir /leases && \
+    chmod 0777 /leases && \
+    mkdir /config && \
+    setcap 'cap_net_raw+ep' /usr/sbin/dhcpd && \
+    setcap 'cap_net_bind_service=+ep' /usr/sbin/dhcpd && \
+    deluser dhcp 
+
+COPY ./fs/ /
+
+EXPOSE 67/udp
+
+VOLUME /leases
+VOLUME /config

README.md

@@ -1,47 +1,54 @@
-[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-$$IMAGE_NAME$$/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
-[![](https://badgen.net/docker/pulls/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$) 
-[![](https://badgen.net/docker/size/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-dhcp/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-dhcp/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-dhcp/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-dhcp)](https://hub.docker.com/repository/docker/homecentr/dhcp)
+[![](https://badgen.net/docker/pulls/homecentr/dhcp)](https://hub.docker.com/repository/docker/homecentr/dhcp) 
+[![](https://badgen.net/docker/size/homecentr/dhcp)](https://hub.docker.com/repository/docker/homecentr/dhcp)
 
-![CI/CD on master](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/CI/CD%20on%20master/badge.svg)
-![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
+![CI/CD on master](https://github.com/homecentr/docker-dhcp/workflows/CI/CD%20on%20master/badge.svg)
+![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-dhcp/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
 
 
-# HomeCentr - $$IMAGE_NAME$$
+# HomeCentr - ISC DHCP Server
 
 
 ## Usage
 
 ```yml
 version: "3.7"
 services:
-  $$IMAGE_NAME$$:
-    build: .
-    image: homecentr/$$IMAGE_NAME$$
+  dhcp:
+    image: homecentr/dhcp
+  network: host
+  volumes:
+    - ./example:/config
 ```
 
 ## Environment variables
 
 | Name | Default value | Description |
 |------|---------------|-------------|
-| PUID | 7077 | UID of the user $$IMAGE_NAME$$ should be running as. |
-| PGID | 7077 | GID of the user $$IMAGE_NAME$$ should be running as. |
+| PUID | 7077 | UID of the user dhcp should be running as. |
+| PGID | 7077 | GID of the user dhcp should be running as. |
 
 ## Exposed ports
 
 | Port | Protocol | Description |
 |------|------|-------------|
-| 80 | TCP | Some useful details |
+| 67 | UDP | DHCP Server |
+
+:warning: Due to the nature of the DHCP protocol which is highly dependent on broadcast, exposing the container via a bridge network will not work as explained below. Because of this, the container should be exposed via drivers which allow the container to expose the port directly (host, macvlan, ipvlan).
+
+> Docker daemon will not pass the broadcast packets to the container because the container internally has an IP specific to the bridge network (e.g. 172.16.10.1) but the broadcast packet will be sent with the IP of your host machine (e.g. 192.168.2.50). The bridge will therefore decide the broadcast packet was not meant for the container and will not forward it.
 
 ## Volumes
 
 | Container path | Description |
 |------------|---------------|
-| /config | Some useful details |
+| /config | Configuration directory which must contain the `dhcpd.conf` file. See the official [documentation](https://kb.isc.org/docs/aa-00502) on how to configure the DHCP server. |
+| /leases | This is where the DHCP server records which IP addresses have been leased to individual clients. The location must be writable by the PUID/PGID. |
 
 ## Security
-The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-$$IMAGE_NAME$$/security).
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-dhcp/security).
 
 ### Container user
-The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The $$IMAGE_NAME$$ process runs as UID/GID provided in the PUID and PGID environment variables.
+The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The dhcp process runs as UID/GID provided in the PUID and PGID environment variables.
 
 :warning: Do not change the container user directly using the `user` Docker compose property or using the `--user` argument. This would break the privilege drop logic.

docker-compose.yml

@@ -1,6 +1,21 @@
 version: "3.7"
 services:
-  $$IMAGE_NAME$$:
+  dhcp:
     build: .
-    image: homecentr/$$IMAGE_NAME$$
-    restart: unless-stopped
+    image: homecentr/dhcp:local
+    environment:
+      PUID: "6065"
+      PGID: "6066"
+    volumes:
+      - ./example:/config
+    networks:
+      default:
+
+networks:
+  default:
+    driver: bridge
+    attachable: true
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.18.250.0/24"

example/dhcpd.conf

@@ -0,0 +1,8 @@
+authoritative;
+
+option client-arch code 93 = unsigned integer 16;
+
+subnet 172.18.250.0 netmask 255.255.255.0 {
+    range 172.18.250.50 172.18.250.60;
+    option routers 172.18.250.1;
+}

fs/etc/cont-init.d/50-leases.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv ash
+
+if [ ! -f "/leases/dhcp.leases" ]; then
+  touch "/leases/dhcp.leases"
+fi
+
+chown -R "$PUID:$PGID" "/leases"
+chown -R "$PUID:$PGID" "/var/lib/dhcp"

fs/etc/services.d/dhcpd/finish

@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb -S1
+
+s6-svscanctl -t /var/run/s6/services

fs/etc/services.d/dhcpd/run

@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv sh
+
+EXEC_USERNAME=$(getent passwd "$PUID" | cut -d: -f1)
+EXEC_GROUPNAME=$(getent group "$PGID" | cut -d: -f1)
+
+# Not executed via runas because dhcpd has its own logic of chowning files and switching user executing the process
+exec /usr/sbin/dhcpd -4 -f -cf /config/dhcpd.conf -lf /leases/dhcp.leases -user "$EXEC_USERNAME" -group "$EXEC_GROUPNAME" $DHCP_ARGS

package.json

@@ -1,15 +1,15 @@
 { 
-  "name": "homecentr-$$IMAGE_NAME$$",
+  "name": "homecentr-dhcp",
   "version": "1.0.0",
   "description": "",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/homecentr/docker-$$IMAGE_NAME$$.git"
+    "url": "git+https://github.com/homecentr/docker-dhcp.git"
   },
   "author": "",
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/homecentr/docker-$$IMAGE_NAME$$/issues"
+    "url": "https://github.com/homecentr/docker-dhcp/issues"
   },
-  "homepage": "https://github.com/homecentr/docker-$$IMAGE_NAME$$#readme"
+  "homepage": "https://github.com/homecentr/docker-dhcp#readme"
 }

tests/.classpath

@@ -6,12 +6,6 @@
 			<attribute name="gradle_used_by_scope" value="test"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="bin/test" path="src/test/resources">
-		<attributes>
-			<attribute name="gradle_scope" value="test"/>
-			<attribute name="gradle_used_by_scope" value="test"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
 	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
 	<classpathentry kind="output" path="bin/default"/>