From e3adb6b3477017dd09606b9f76da6b500482e33c Mon Sep 17 00:00:00 2001
From: ZhenYu <KFER.Mercer@gmail.com>
Date: Tue, 3 Mar 2020 11:12:33 +0800
Subject: [PATCH] dockerman: add wan mode option (#3486)

* dockerman: add wan mode option

* fix mistake

* impove notice
---
 package/lean/luci-app-dockerman/Makefile      |  2 +-
 .../luasrc/model/cbi/dockerman/overview.lua   |  3 +++
 .../luci-app-dockerman/po/zh-cn/dockerman.po  |  8 ++++++-
 .../root/etc/config/dockerman                 |  1 +
 .../root/etc/init.d/dockerd                   | 22 +++++++++++++++++++
 5 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100755 package/lean/luci-app-dockerman/root/etc/init.d/dockerd

diff --git a/package/lean/luci-app-dockerman/Makefile b/package/lean/luci-app-dockerman/Makefile
index ca02d92b6..55c7052df 100644
--- a/package/lean/luci-app-dockerman/Makefile
+++ b/package/lean/luci-app-dockerman/Makefile
@@ -4,7 +4,7 @@ LUCI_TITLE:=Docker Manager interface for LuCI
 LUCI_DEPENDS:=+luci-lib-docker +docker-ce +e2fsprogs +fdisk
 PKG_NAME:=luci-app-dockerman
 PKG_VERSION:=v0.3.0
-PKG_RELEASE:=beta
+PKG_RELEASE:=leanmod-3
 PKG_MAINTAINER:=lisaac <https://github.com/lisaac/luci-app-dockerman>
 PKG_LICENSE:=AGPL-3.0
 
diff --git a/package/lean/luci-app-dockerman/luasrc/model/cbi/dockerman/overview.lua b/package/lean/luci-app-dockerman/luasrc/model/cbi/dockerman/overview.lua
index 2655e73bf..da67655e4 100644
--- a/package/lean/luci-app-dockerman/luasrc/model/cbi/dockerman/overview.lua
+++ b/package/lean/luci-app-dockerman/luasrc/model/cbi/dockerman/overview.lua
@@ -83,6 +83,9 @@ s = m:section(NamedSection, "local", "section", translate("Setting"))
 
 socket_path = s:option(Value, "socket_path", translate("Socket Path"))
 status_path = s:option(Value, "status_path", translate("Action Status Tempfile Path"), translate("Where you want to save the docker status file"))
+wan_mode = s:option(Flag, "wan_mode", translate("Enable WAN access Dokcer"), translate("Enable WAN access docker mapped ports (need reload Docker-ce service)"))
+wan_mode.enabled="true"
+wan_mode.disabled="false"
 debug = s:option(Flag, "debug", translate("Enable Debug"), translate("For debug, It shows all docker API actions of luci-app-dockerman in Debug Tempfile Path"))
 debug.enabled="true"
 debug.disabled="false"
diff --git a/package/lean/luci-app-dockerman/po/zh-cn/dockerman.po b/package/lean/luci-app-dockerman/po/zh-cn/dockerman.po
index 0030f17bb..9737507ca 100644
--- a/package/lean/luci-app-dockerman/po/zh-cn/dockerman.po
+++ b/package/lean/luci-app-dockerman/po/zh-cn/dockerman.po
@@ -245,11 +245,17 @@ msgid "Socket Path"
 msgstr "Socket路径"
 
 msgid "Action Status Tempfile Path"
-msgstr "docker 动作状态的临时文件路径"
+msgstr "Docker 动作状态的临时文件路径"
 
 msgid "Where you want to save the docker status file"
 msgstr "保存docker status文件的位置"
 
+msgid "Enable WAN access Dokcer"
+msgstr "允许 WAN 访问 Dokcer"
+
+msgid "Enable WAN access docker mapped ports (need reload Docker-ce service)"
+msgstr "允许 WAN 访问 Dokcer 映射后的端口（易受攻击！）。<br /><br />如已更改此选项，需要点击应用并保存后重启docker服务。<br />推荐禁用该选项后，用系统防火墙选择性映射 172.17.0.X:XX 端口到 WAN"
+
 msgid "Enable Debug"
 msgstr "启用调试"
 
diff --git a/package/lean/luci-app-dockerman/root/etc/config/dockerman b/package/lean/luci-app-dockerman/root/etc/config/dockerman
index f13c5c205..7ed611663 100644
--- a/package/lean/luci-app-dockerman/root/etc/config/dockerman
+++ b/package/lean/luci-app-dockerman/root/etc/config/dockerman
@@ -1,5 +1,6 @@
 config section 'local'
         option socket_path '/var/run/docker.sock'
         option status_path '/tmp/.docker_action_status'
+        option wan_mode 'false'
         option debug_path '/tmp/.docker_debug'
         option debug 'false'
diff --git a/package/lean/luci-app-dockerman/root/etc/init.d/dockerd b/package/lean/luci-app-dockerman/root/etc/init.d/dockerd
new file mode 100755
index 000000000..fb3f5e6dd
--- /dev/null
+++ b/package/lean/luci-app-dockerman/root/etc/init.d/dockerd
@@ -0,0 +1,22 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=25
+
+start_service() {
+	local nofile=$(cat /proc/sys/fs/nr_open)
+	local wanmode=$(uci get dockerman.local.wan_mode)
+
+	if [ $wanmode = "true" ] ;then
+	dockerwan=" "
+	else
+	dockerwan="--iptables=false"
+  fi
+
+	procd_open_instance
+	procd_set_param stderr 1
+	procd_set_param command /usr/bin/dockerd $dockerwan
+	procd_set_param limits nofile="${nofile} ${nofile}"
+	procd_close_instance
+
+}