🚑 Don't show resolved secrets in add-on log

.gitlab-ci.yml

@@ -7,8 +7,8 @@ variables:
   ADDON_TARGET: "zerotier"
   ADDON_LEGACY_TAGS: "true"
 
-  ADDON_AARCH64_BASE: "hassioaddons/base-aarch64:3.0.1"
-  ADDON_AMD64_BASE: "hassioaddons/base-amd64:3.0.1"
-  ADDON_ARMHF_BASE: "hassioaddons/base-armhf:3.0.1"
-  ADDON_ARMV7_BASE: "hassioaddons/base-armv7:3.0.1"
-  ADDON_I386_BASE: "hassioaddons/base-i386:3.0.1"
+  ADDON_AARCH64_BASE: "hassioaddons/base-aarch64:3.1.0"
+  ADDON_AMD64_BASE: "hassioaddons/base-amd64:3.1.0"
+  ADDON_ARMHF_BASE: "hassioaddons/base-armhf:3.1.0"
+  ADDON_ARMV7_BASE: "hassioaddons/base-armv7:3.1.0"
+  ADDON_I386_BASE: "hassioaddons/base-i386:3.1.0"

README.md

@@ -59,9 +59,11 @@ Example add-on configuration:
 
 ```json
 {
-    "log_level": "info",
-    "port": 9993,
-    "network_id":"wgfyiwe73747457"
+    "networks":[
+        "wgfyiwe73747457",
+        "fhu3888892jjfdk"
+    ],
+    "api_auth_token":""
 }
 ```
 
@@ -85,20 +87,13 @@ more severe level, e.g., `debug` also shows `info` messages. By default,
 the `log_level` is set to `info`, which is the recommended setting unless
 you are troubleshooting.
 
-### Option: `network_id`
+### Option: `networks`
 
-Configures the network identifier of the network (VLAN) to join.
+Configures one or more network identifiers of the networks (VLAN) to join.
 You can find this number in your ZeroTier account.
 
 **Note**: _This option support secrets, e.g., `!secret zerotier_network_id`._
 
-### Option: `port`
-
-ZeroTier UDP & TCP port for communications.
-
-You **do not** need to expose this port to the outside world!
-So please **do not** forward this port in your router.
-
 ### Option: `api_auth_token`
 
 ZeroTier exposes a local HTTP JSON API, which uses the port set using the

zerotier/Dockerfile

@@ -1,4 +1,4 @@
-ARG BUILD_FROM=hassioaddons/base:3.0.1
+ARG BUILD_FROM=hassioaddons/base:3.1.0
 # hadolint ignore=DL3006
 FROM ${BUILD_FROM}
 
@@ -14,8 +14,8 @@ RUN \
         git=2.20.1-r0 \
     \
     && apk add --no-cache \
-        libgcc=8.2.0-r2 \
-        libstdc++=8.2.0-r2 \
+        libgcc=8.3.0-r0 \
+        libstdc++=8.3.0-r0 \
     \
     && git clone --branch "1.2.12" --depth=1 \
         "https://github.com/zerotier/ZeroTierOne.git" /tmp/zerotier \

zerotier/build.json

@@ -1,10 +1,10 @@
 {
     "build_from": {
-        "aarch64": "hassioaddons/base-aarch64:3.0.1",
-        "amd64": "hassioaddons/base-amd64:3.0.1",
-        "armhf": "hassioaddons/base-armhf:3.0.1",
-        "armv7": "hassioaddons/base-armv7:3.0.1",
-        "i386": "hassioaddons/base-i386:3.0.1"
+        "aarch64": "hassioaddons/base-aarch64:3.1.0",
+        "amd64": "hassioaddons/base-amd64:3.1.0",
+        "armhf": "hassioaddons/base-armhf:3.1.0",
+        "armv7": "hassioaddons/base-armv7:3.1.0",
+        "i386": "hassioaddons/base-i386:3.1.0"
     },
     "args": {}
 }

zerotier/config.json

@@ -12,12 +12,17 @@
     "armv7",
     "i386"
   ],
+  "ports": {
+    "9993/tcp": 9993
+  },
+  "ports_description": {
+    "9993/tcp": "ZeroTier's primary port"
+  },
   "boot": "auto",
   "hassio_api": true,
   "hassio_role": "default",
   "homeassistant_api": false,
   "host_network": true,
-  "apparmor": true,
   "privileged": [
     "NET_ADMIN",
     "SYS_ADMIN"
@@ -30,14 +35,12 @@
     "ssl:rw"
   ],
   "options": {
-    "network_id":"",
-    "port": 9993,
+    "networks":[],
     "api_auth_token": ""
   },
   "schema": {
+    "networks":["match(^!secret [a-zA-Z0-9_\\-]+$|[0-9a-z]{16})"],
     "api_auth_token": "str",
-    "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?",
-    "network_id":"match([0-9a-z]{16})",
-    "port": "port"
+    "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?"
   }
 }

zerotier/rootfs/etc/cont-init.d/20-api.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: ZeroTier One
-# Sets the auth token for the local JSON API
-# ==============================================================================
-declare token
-if bashio::config.has_value 'api_auth_token'; then
-    token=$(bashio::config 'api_auth_token')
-    echo "${token}" > /data/authtoken.secret
-fi

zerotier/rootfs/etc/cont-init.d/21-network.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: ZeroTier One
-# Creates ZeroTier One configuration in case it is non-existing
-# ==============================================================================
-readonly network=$(bashio::config 'network_id')
-
-# Ensure network folder exists
-mkdir -p "/var/lib/zerotier-one/networks.d" \
-    || bashio::exit.nok "Could not create networks folder"
-
-# Ensure the file exists. An empty file will cause automatic join.
-touch "/data/network.${network}.conf"
-ln -s \
-    "/data/network.${network}.conf" \
-    "/var/lib/zerotier-one/networks.d/${network}.conf" \
-        || bashio::exit.nok "Could not create network file"

zerotier/rootfs/etc/cont-init.d/zerotier.sh

@@ -5,7 +5,9 @@
 # ==============================================================================
 readonly private='/ssl/zerotier/identity.secret'
 readonly public='/ssl/zerotier/identity.public'
+declare network
 declare node
+declare token
 
 # Generate identity if it does not exist
 if ! bashio::fs.file_exists "${private}" \
@@ -36,3 +38,33 @@ ln -s "${public}" /var/lib/zerotier-one/identity.public
 
 node=$(cut -d ':' -f1 < "${private}")
 bashio::log.info "ZeroTier node address: ${node}"
+
+# Sets the auth token for the local JSON API
+if bashio::config.has_value 'api_auth_token'; then
+    token=$(bashio::config 'api_auth_token')
+    echo "${token}" > /data/authtoken.secret
+fi
+
+# Ensure network folder exists
+mkdir -p "/var/lib/zerotier-one/networks.d" \
+    || bashio::exit.nok "Could not create networks folder"
+
+# Install user configured/requested packages
+if bashio::config.has_value 'networks'; then
+    while read -r network; do
+        bashio::log.info "Configuring network: ${network}"
+
+        # Get network ID from secrets, if it is a secret
+        if bashio::is_secret "${network}"; then
+            network=$(bashio::secret "${network}")
+        fi
+
+        # Ensure the file exists. An empty file will cause automatic join.
+        touch "/data/network.${network}.conf"
+        ln -s \
+            "/data/network.${network}.conf" \
+            "/var/lib/zerotier-one/networks.d/${network}.conf" \
+                || bashio::exit.nok "Could not create network file"
+    done <<< "$(bashio::config 'networks')"
+
+fi

zerotier/rootfs/etc/services.d/zerotier/run

@@ -9,7 +9,7 @@ bashio::log.info "Starting ZeroTier One..."
 
 # Note sure what this does.
 options+=(-U)
-options+=("-p$(bashio::config 'port')")
+options+=("-p$(bashio::addon.port 9993)")
 
 # Run the ZeroTier One
 exec zerotier-one "${options[@]}"