Merge pull request #4 from dangeroustech/feature/multiple_networks

feat: support multiple zt network joins

README.md

@@ -4,9 +4,7 @@ A container to provide out-of-the-box bridging functionality to a ZeroTier netwo
 
 ## Running
 
-`docker build -t zerotierbridge .`
+### ZeroTier UI Changes
-
-`docker run --privileged -e ZT_NETWORK=NETWORK_ID_HERE zerotierbridge:latest`
 
 Once running, log into your ZeroTier interface and approve the new device. Click the wrench next to the name and select 'Allow Ethernet Bridging.'
 
@@ -16,13 +14,33 @@ You also need to add a static route into ZeroTier so that the traffic is routed
 
 ![brave_4wHd9zo193](https://user-images.githubusercontent.com/1135584/129230132-11bcfb72-7d9b-4b40-a4e5-72130c583077.png)
 
-### Persistent Storage
+### Docker Compose
+
+**You need to edit the `ZT_NETWORKS` and `ARCH` variable in the `docker-compose.yml` file first to add your networks and make sure your acrhitecture is correct (see [this page](http://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/) for examples, usually either amd64 or arm64)**
+
+Easy one-liner for Docker Compose:
+
+`docker-compose build && docker-compose up -d`
+
+If you want to disable bridging, set `ZT_BRIDGE=false`. This can be done after the initial networks have been joined (just rebuild the container), as the ZeroTier config persists but IPTables forwarding is done on each container startup.
+
+### OG Docker
+
+`docker build -t zerotierbridge .`
+
+`docker run --privileged -e ZT_NETWORKS=NETWORK_ID_HERE -e ZT_BRIDGE=true zerotierbridge:latest`
+
+Add your network ID(s) into the `ZT_NETWORKS` argument, space separated.
+
+Disable bridging by passing `ZT_BRIDGE=false`. This can be done after the initial networks have been joined (just rebuild the container), as the ZeroTier config persists but IPTables forwarding is done on each container startup.
+
+#### Persistent Storage
 
 If you would like the container to retain the same ZeroTier client ID on reboot, attach a volume as per the below.
 
-`docker run --privileged -e ZT_NETWORK=NETWORK_ID_HERE --volume zt1:/var/lib/zerotier-one/ zerotierbridge:latest`
+`docker run --privileged -e ZT_NETWORKS=NETWORK_ID_HERE ZT_BRIDGE=true --volume zt1:/var/lib/zerotier-one/ zerotierbridge:latest`
 
-### Caveat: Architecture
+#### Caveat: Architecture
 
 If you need to run this on a device with different architecture (a raspberry pi, for instance), then just edit line 3 of the Dockerfile.
 
@@ -31,4 +49,3 @@ If you were using a Raspberry Pi 4, you would change this to `ARCH=arm64` and th
 ## TODO
 
 - Add kubernetes deployment YAML
-- Allow multiple network joins

docker-compose.yml

@@ -14,6 +14,7 @@ services:
     volumes:
       - zt_config:/var/lib/zerotier-one
     environment:
-      - ZT_NETWORK=NETWORK_ID_HERE
+      - ZT_NETWORKS=NETWORK_ID_1 NETWORK_ID_2 NETWORK_ID_3
+      - ZT_BRIDGE=true
 volumes:
   zt_config:

entrypoint.sh

@@ -14,24 +14,36 @@ do
   sleep 1
 done
 
-#echo "joining networks: $ZT_NETWORK"
-
-echo "joining $ZT_NETWORK"
-
-while ! zerotier-cli join "$ZT_NETWORK"
-do 
-    echo "joining $ZT_NETWORK failed; trying again in 1s"
-    sleep 1
-done
-# Print Client Info
-echo "$(zerotier-cli info)"
-
 # Set IPTables to allow NATting
 sysctl -w net.ipv4.ip_forward=1 > /dev/null
-PHY_IFACE=eth0; ZT_IFACE=$(ls /sys/class/net | grep ^zt)
+
+echo "joining networks: $ZT_NETWORKS"
+
+for n in $ZT_NETWORKS
+do
+  echo "joining $n"
+
+  while ! zerotier-cli join "$n"
+  do 
+    echo "joining $n failed; trying again in 1s"
+    sleep 1
+  done
+
+  if [ "$ZT_BRIDGE" = "true" ]
+  then
+    echo "iptables on $(zerotier-cli get $n portDeviceName)"
+    PHY_IFACE=eth0; ZT_IFACE=$(zerotier-cli get $n portDeviceName)
 
     iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
     iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
     iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
+  fi
+done
+
+# Give ZT a second realise it's online
+sleep 10
+
+# Print Client Info
+echo "$(zerotier-cli info)"
 
 sleep infinity