From 8f47503bb25a548d181d1d4fb612bc9e80b6ea1d Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 2 Apr 2026 10:21:07 +0200 Subject: [PATCH 1/6] add dockge --- .github/workflows/build-ova.yml | 18 ++++++++++++------ ova/files/docker-compose.standalone.yaml | 12 ++++++++++++ ova/files/docker-compose.yaml | 12 ++++++++++++ 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-ova.yml b/.github/workflows/build-ova.yml index 5d502f1..b21a53f 100644 --- a/.github/workflows/build-ova.yml +++ b/.github/workflows/build-ova.yml @@ -1,6 +1,9 @@ name: Build OVF Image on: + push: + branches: + - add-dockge workflow_dispatch: inputs: core_tag: @@ -63,11 +66,14 @@ jobs: env: PACKER_LOG: 1 run: | + CORE_TAG="${{ github.event.inputs.core_tag || '2.0.0-alpha2' }}" + PROXY_TAG="${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }}" + GATEWAY_TAG="${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }}" packer build \ -var "iso_url=file://$PWD/ubuntu-24.04.4-live-server-amd64.iso" \ - -var "core_tag=${{ github.event.inputs.core_tag }}" \ - -var "proxy_tag=${{ github.event.inputs.proxy_tag }}" \ - -var "gateway_tag=${{ github.event.inputs.gateway_tag }}" \ + -var "core_tag=${CORE_TAG}" \ + -var "proxy_tag=${PROXY_TAG}" \ + -var "gateway_tag=${GATEWAY_TAG}" \ defguard.pkr.hcl - name: Upload OVA to S3 @@ -75,9 +81,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: eu-central-1 - CORE_TAG: ${{ github.event.inputs.core_tag }} - PROXY_TAG: ${{ github.event.inputs.proxy_tag }} - GATEWAY_TAG: ${{ github.event.inputs.gateway_tag }} + CORE_TAG: ${{ github.event.inputs.core_tag || '2.0.0-alpha2' }} + PROXY_TAG: ${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }} + GATEWAY_TAG: ${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }} run: | TIMESTAMP=$(date +%Y%m%d-%H%M%S) FILENAME="defguard_${TIMESTAMP}_core-${CORE_TAG}_edge-${PROXY_TAG}_gateway-${GATEWAY_TAG}.ova" diff --git a/ova/files/docker-compose.standalone.yaml b/ova/files/docker-compose.standalone.yaml index 48e0f1e..913ebfa 100644 --- a/ova/files/docker-compose.standalone.yaml +++ b/ova/files/docker-compose.standalone.yaml @@ -52,6 +52,18 @@ services: - ./.volumes/npm/data:/data - ./.volumes/npm/letsencrypt:/etc/letsencrypt + dockge: + image: louislam/dockge:1 + restart: unless-stopped + ports: + - "5001:5001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./.volumes/dockge:/app/data + - /opt/stacks:/opt/stacks + environment: + DOCKGE_STACKS_DIR: /opt/stacks + db: restart: always profiles: [core] diff --git a/ova/files/docker-compose.yaml b/ova/files/docker-compose.yaml index 8fcebe0..1b7d037 100644 --- a/ova/files/docker-compose.yaml +++ b/ova/files/docker-compose.yaml @@ -53,6 +53,18 @@ services: - ./.volumes/npm/data:/data - ./.volumes/npm/letsencrypt:/etc/letsencrypt + dockge: + image: louislam/dockge:1 + restart: unless-stopped + ports: + - "5001:5001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./.volumes/dockge:/app/data + - /opt/stacks:/opt/stacks + environment: + DOCKGE_STACKS_DIR: /opt/stacks + db: restart: always image: postgres:18-alpine From c35fb7d658e204495bd4bd4006c070614504d327 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 2 Apr 2026 11:11:35 +0200 Subject: [PATCH 2/6] upload latest ova --- .github/workflows/build-ova.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-ova.yml b/.github/workflows/build-ova.yml index b21a53f..aecf8d7 100644 --- a/.github/workflows/build-ova.yml +++ b/.github/workflows/build-ova.yml @@ -90,3 +90,5 @@ jobs: ls -lh output/defguard/defguard.ova aws s3 cp output/defguard/defguard.ova "s3://defguard-downloads/ova/${FILENAME}" echo "Uploaded: s3://defguard-downloads/ova/${FILENAME}" + aws s3 cp output/defguard/defguard.ova "s3://defguard-downloads/ova/defguard-latest.ova" \ + --cache-control "no-cache" From 4358d811a9f897353a0b68a703527dd53f682379 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 2 Apr 2026 12:18:30 +0200 Subject: [PATCH 3/6] fix stacks directory --- ova/files/docker-compose.standalone.yaml | 4 ++-- ova/files/docker-compose.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ova/files/docker-compose.standalone.yaml b/ova/files/docker-compose.standalone.yaml index 913ebfa..d8dceff 100644 --- a/ova/files/docker-compose.standalone.yaml +++ b/ova/files/docker-compose.standalone.yaml @@ -60,9 +60,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt/stacks:/opt/stacks + - /opt/defguard:/opt/defguard environment: - DOCKGE_STACKS_DIR: /opt/stacks + DOCKGE_STACKS_DIR: /opt/defguard db: restart: always diff --git a/ova/files/docker-compose.yaml b/ova/files/docker-compose.yaml index 1b7d037..4f127fd 100644 --- a/ova/files/docker-compose.yaml +++ b/ova/files/docker-compose.yaml @@ -61,9 +61,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt/stacks:/opt/stacks + - /opt/defguard:/opt/defguard environment: - DOCKGE_STACKS_DIR: /opt/stacks + DOCKGE_STACKS_DIR: /opt/defguard db: restart: always From fc712fa3cc748b9774cf160dd0c7c66081c1b22f Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 2 Apr 2026 17:39:19 +0200 Subject: [PATCH 4/6] change stacks --- ova/files/docker-compose.standalone.yaml | 4 ++-- ova/files/docker-compose.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ova/files/docker-compose.standalone.yaml b/ova/files/docker-compose.standalone.yaml index d8dceff..526045d 100644 --- a/ova/files/docker-compose.standalone.yaml +++ b/ova/files/docker-compose.standalone.yaml @@ -60,9 +60,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt/defguard:/opt/defguard + - /opt:/opt environment: - DOCKGE_STACKS_DIR: /opt/defguard + DOCKGE_STACKS_DIR: /opt db: restart: always diff --git a/ova/files/docker-compose.yaml b/ova/files/docker-compose.yaml index 4f127fd..23f5193 100644 --- a/ova/files/docker-compose.yaml +++ b/ova/files/docker-compose.yaml @@ -61,9 +61,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt/defguard:/opt/defguard + - /opt:/opt environment: - DOCKGE_STACKS_DIR: /opt/defguard + DOCKGE_STACKS_DIR: /opt db: restart: always From 2e1ee491de01a4e4116e8673088e3f4eece022aa Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Thu, 2 Apr 2026 17:40:51 +0200 Subject: [PATCH 5/6] restore pipelines --- .github/workflows/build-ova.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-ova.yml b/.github/workflows/build-ova.yml index aecf8d7..fb03c1c 100644 --- a/.github/workflows/build-ova.yml +++ b/.github/workflows/build-ova.yml @@ -1,9 +1,6 @@ name: Build OVF Image on: - push: - branches: - - add-dockge workflow_dispatch: inputs: core_tag: @@ -66,9 +63,9 @@ jobs: env: PACKER_LOG: 1 run: | - CORE_TAG="${{ github.event.inputs.core_tag || '2.0.0-alpha2' }}" - PROXY_TAG="${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }}" - GATEWAY_TAG="${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }}" + CORE_TAG="${{ github.event.inputs.core_tag }}" + PROXY_TAG="${{ github.event.inputs.proxy_tag }}" + GATEWAY_TAG="${{ github.event.inputs.gateway_tag }}" packer build \ -var "iso_url=file://$PWD/ubuntu-24.04.4-live-server-amd64.iso" \ -var "core_tag=${CORE_TAG}" \ @@ -81,9 +78,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: eu-central-1 - CORE_TAG: ${{ github.event.inputs.core_tag || '2.0.0-alpha2' }} - PROXY_TAG: ${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }} - GATEWAY_TAG: ${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }} + CORE_TAG: ${{ github.event.inputs.core_tag }} + PROXY_TAG: ${{ github.event.inputs.proxy_tag }} + GATEWAY_TAG: ${{ github.event.inputs.gateway_tag }} run: | TIMESTAMP=$(date +%Y%m%d-%H%M%S) FILENAME="defguard_${TIMESTAMP}_core-${CORE_TAG}_edge-${PROXY_TAG}_gateway-${GATEWAY_TAG}.ova" From 84a352cdaf2c4efe39cf26ae1b86e18e7c5b54a5 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 3 Apr 2026 10:47:23 +0200 Subject: [PATCH 6/6] change path, make dockge optional --- .github/workflows/build-ova.yml | 15 ++++---- ova/defguard.pkr.hcl | 22 ++++++------ ova/files/defguard-init.service | 6 ++-- ova/files/docker-compose.standalone.yaml | 5 +-- ova/files/docker-compose.yaml | 5 +-- ova/files/generate-env.sh | 8 ++--- ova/files/start.sh | 44 ++++++++++++++++++++---- 7 files changed, 71 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-ova.yml b/.github/workflows/build-ova.yml index fb03c1c..aecf8d7 100644 --- a/.github/workflows/build-ova.yml +++ b/.github/workflows/build-ova.yml @@ -1,6 +1,9 @@ name: Build OVF Image on: + push: + branches: + - add-dockge workflow_dispatch: inputs: core_tag: @@ -63,9 +66,9 @@ jobs: env: PACKER_LOG: 1 run: | - CORE_TAG="${{ github.event.inputs.core_tag }}" - PROXY_TAG="${{ github.event.inputs.proxy_tag }}" - GATEWAY_TAG="${{ github.event.inputs.gateway_tag }}" + CORE_TAG="${{ github.event.inputs.core_tag || '2.0.0-alpha2' }}" + PROXY_TAG="${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }}" + GATEWAY_TAG="${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }}" packer build \ -var "iso_url=file://$PWD/ubuntu-24.04.4-live-server-amd64.iso" \ -var "core_tag=${CORE_TAG}" \ @@ -78,9 +81,9 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: eu-central-1 - CORE_TAG: ${{ github.event.inputs.core_tag }} - PROXY_TAG: ${{ github.event.inputs.proxy_tag }} - GATEWAY_TAG: ${{ github.event.inputs.gateway_tag }} + CORE_TAG: ${{ github.event.inputs.core_tag || '2.0.0-alpha2' }} + PROXY_TAG: ${{ github.event.inputs.proxy_tag || '2.0.0-alpha2' }} + GATEWAY_TAG: ${{ github.event.inputs.gateway_tag || '2.0.0-alpha2' }} run: | TIMESTAMP=$(date +%Y%m%d-%H%M%S) FILENAME="defguard_${TIMESTAMP}_core-${CORE_TAG}_edge-${PROXY_TAG}_gateway-${GATEWAY_TAG}.ova" diff --git a/ova/defguard.pkr.hcl b/ova/defguard.pkr.hcl index 1edd873..20ceb38 100644 --- a/ova/defguard.pkr.hcl +++ b/ova/defguard.pkr.hcl @@ -95,21 +95,21 @@ build { provisioner "shell" { inline = [ "sudo bash /tmp/docker-setup.sh", - "sudo mkdir -p /opt/defguard", - "sudo mv /tmp/docker-compose.yaml /opt/defguard/docker-compose.yaml", - "sudo mv /tmp/docker-compose.standalone.yaml /opt/defguard/docker-compose.standalone.yaml", - "sudo mv /tmp/generate-env.sh /opt/defguard/generate-env.sh", - "sudo chmod +x /opt/defguard/generate-env.sh", - "sudo mv /tmp/start.sh /opt/defguard/start.sh", - "sudo chmod +x /opt/defguard/start.sh", - "echo 'DEFGUARD_CORE_TAG=${var.core_tag}' | sudo tee /opt/defguard/.image-tags > /dev/null", - "echo 'DEFGUARD_PROXY_TAG=${var.proxy_tag}' | sudo tee -a /opt/defguard/.image-tags > /dev/null", - "echo 'DEFGUARD_GATEWAY_TAG=${var.gateway_tag}' | sudo tee -a /opt/defguard/.image-tags > /dev/null", + "sudo mkdir -p /opt/stacks/defguard", + "sudo mv /tmp/docker-compose.yaml /opt/stacks/defguard/docker-compose.yaml", + "sudo mv /tmp/docker-compose.standalone.yaml /opt/stacks/defguard/docker-compose.standalone.yaml", + "sudo mv /tmp/generate-env.sh /opt/stacks/defguard/generate-env.sh", + "sudo chmod +x /opt/stacks/defguard/generate-env.sh", + "sudo mv /tmp/start.sh /opt/stacks/defguard/start.sh", + "sudo chmod +x /opt/stacks/defguard/start.sh", + "echo 'DEFGUARD_CORE_TAG=${var.core_tag}' | sudo tee /opt/stacks/defguard/.image-tags > /dev/null", + "echo 'DEFGUARD_PROXY_TAG=${var.proxy_tag}' | sudo tee -a /opt/stacks/defguard/.image-tags > /dev/null", + "echo 'DEFGUARD_GATEWAY_TAG=${var.gateway_tag}' | sudo tee -a /opt/stacks/defguard/.image-tags > /dev/null", "sudo mv /tmp/99-defguard.cfg /etc/cloud/cloud.cfg.d/99-defguard.cfg", "sudo mv /tmp/defguard-init.service /etc/systemd/system/defguard-init.service", "sudo systemctl daemon-reload", "sudo systemctl enable docker.service", - "sudo chown -R ubuntu:ubuntu /opt/defguard", + "sudo chown -R ubuntu:ubuntu /opt/stacks/defguard", "sudo rm -f /etc/netplan/00-installer-config.yaml /etc/netplan/50-cloud-init.yaml", "sudo cloud-init clean --logs", "sudo rm -f /etc/ssh/ssh_host_*", diff --git a/ova/files/defguard-init.service b/ova/files/defguard-init.service index 972eaca..f7ed544 100644 --- a/ova/files/defguard-init.service +++ b/ova/files/defguard-init.service @@ -5,8 +5,8 @@ Wants=network-online.target docker.service [Service] Type=oneshot -WorkingDirectory=/opt/defguard +WorkingDirectory=/opt/stacks/defguard StandardOutput=append:/var/log/defguard-startup.log StandardError=append:/var/log/defguard-startup.log -ExecStart=/bin/bash /opt/defguard/generate-env.sh -ExecStart=/bin/bash /opt/defguard/start.sh +ExecStart=/bin/bash /opt/stacks/defguard/generate-env.sh +ExecStart=/bin/bash /opt/stacks/defguard/start.sh diff --git a/ova/files/docker-compose.standalone.yaml b/ova/files/docker-compose.standalone.yaml index 526045d..aee3f17 100644 --- a/ova/files/docker-compose.standalone.yaml +++ b/ova/files/docker-compose.standalone.yaml @@ -55,14 +55,15 @@ services: dockge: image: louislam/dockge:1 restart: unless-stopped + profiles: [dockge] ports: - "5001:5001" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt:/opt + - /opt/stacks:/opt/stacks environment: - DOCKGE_STACKS_DIR: /opt + DOCKGE_STACKS_DIR: /opt/stacks db: restart: always diff --git a/ova/files/docker-compose.yaml b/ova/files/docker-compose.yaml index 23f5193..65068db 100644 --- a/ova/files/docker-compose.yaml +++ b/ova/files/docker-compose.yaml @@ -56,14 +56,15 @@ services: dockge: image: louislam/dockge:1 restart: unless-stopped + profiles: [dockge] ports: - "5001:5001" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./.volumes/dockge:/app/data - - /opt:/opt + - /opt/stacks:/opt/stacks environment: - DOCKGE_STACKS_DIR: /opt + DOCKGE_STACKS_DIR: /opt/stacks db: restart: always diff --git a/ova/files/generate-env.sh b/ova/files/generate-env.sh index af5d67b..3ce3c11 100644 --- a/ova/files/generate-env.sh +++ b/ova/files/generate-env.sh @@ -1,8 +1,8 @@ #!/bin/bash -# Generates /opt/defguard/.env with random secrets on first boot. +# Generates /opt/stacks/defguard/.env with random secrets on first boot. # If .env already exists (e.g. provided via cloud-init), this script does nothing. -ENV_FILE="/opt/defguard/.env" +ENV_FILE="/opt/stacks/defguard/.env" if [ -f "$ENV_FILE" ]; then echo "DefGuard: .env already exists, skipping generation." @@ -17,8 +17,8 @@ DEFGUARD_GATEWAY_SECRET=$(openssl rand -hex 32) DEFGUARD_YUBIBRIDGE_SECRET=$(openssl rand -hex 32) DB_PASSWORD=$(openssl rand -hex 16) -if [ -f "/opt/defguard/.image-tags" ]; then - source "/opt/defguard/.image-tags" +if [ -f "/opt/stacks/defguard/.image-tags" ]; then + source "/opt/stacks/defguard/.image-tags" fi : "${DEFGUARD_CORE_TAG:?DEFGUARD_CORE_TAG is required}" diff --git a/ova/files/start.sh b/ova/files/start.sh index 3bce6a0..bacd81e 100644 --- a/ova/files/start.sh +++ b/ova/files/start.sh @@ -1,21 +1,53 @@ #!/bin/bash # Starts defguard via docker compose. # Default (no active-profiles file): starts the full all-in-one stack. -# To select specific components, create /opt/defguard/active-profiles with a +# To select specific components, create /opt/stacks/defguard/active-profiles with a # space or newline-separated list of profiles: core, gateway, edge +# +# To enable the Dockge docker management UI (port 5001), create the file: +# /opt/stacks/defguard/enable-docker-management +# Example cloud-init: +# write_files: +# - path: /opt/stacks/defguard/enable-docker-management +# content: "" -PROFILES_FILE="/opt/defguard/active-profiles" +PROFILES_FILE="/opt/stacks/defguard/active-profiles" +ENABLE_DOCKER_MGMT_FILE="/opt/stacks/defguard/enable-docker-management" + +# Append the dockge profile if the opt-in flag file is present +_maybe_add_dockge() { + local profiles="$1" + if [ -f "$ENABLE_DOCKER_MGMT_FILE" ]; then + if [ -z "$profiles" ]; then + echo "dockge" + else + echo "${profiles},dockge" + fi + else + echo "$profiles" + fi +} if [ ! -f "$PROFILES_FILE" ]; then - docker compose -f /opt/defguard/docker-compose.yaml up -d + COMPOSE_PROFILES=$(_maybe_add_dockge "") + if [ -n "$COMPOSE_PROFILES" ]; then + export COMPOSE_PROFILES + fi + docker compose -f /opt/stacks/defguard/docker-compose.yaml up -d else COMPOSE_PROFILES=$(tr '[:space:]' ',' < "$PROFILES_FILE" | tr -s ',' | sed 's/,$//') if [ -z "$COMPOSE_PROFILES" ]; then echo "Warning: $PROFILES_FILE is empty or contains only whitespace; starting full all-in-one stack." - unset COMPOSE_PROFILES - docker compose -f /opt/defguard/docker-compose.yaml up -d + COMPOSE_PROFILES=$(_maybe_add_dockge "") + if [ -n "$COMPOSE_PROFILES" ]; then + export COMPOSE_PROFILES + else + unset COMPOSE_PROFILES + fi + docker compose -f /opt/stacks/defguard/docker-compose.yaml up -d else + COMPOSE_PROFILES=$(_maybe_add_dockge "$COMPOSE_PROFILES") export COMPOSE_PROFILES - docker compose -f /opt/defguard/docker-compose.standalone.yaml up -d + docker compose -f /opt/stacks/defguard/docker-compose.standalone.yaml up -d fi fi