mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-06 20:10:11 +02:00
Golangcilint in build pipeline and fix lint errors
- Fix bad permissions bits for files - VPNSP is 'private internet access' instead of 'pia' (retro compatible) - Check errors of deferred unsetEnv functions in params package - Other lint errors fixing and code simplifications
This commit is contained in:
Quentin McGaw
@@ -1,10 +1,14 @@
|
||||
{
|
||||
"name": "pia-dev",
|
||||
"dockerComposeFile": ["docker-compose.yml"],
|
||||
"dockerComposeFile": [
|
||||
"docker-compose.yml"
|
||||
],
|
||||
"service": "vscode",
|
||||
"runServices": ["vscode"],
|
||||
"runServices": [
|
||||
"vscode"
|
||||
],
|
||||
"shutdownAction": "stopCompose",
|
||||
// "postCreateCommand": "go mod download",
|
||||
"postCreateCommand": "go mod download",
|
||||
"workspaceFolder": "/workspace",
|
||||
"extensions": [
|
||||
"ms-vscode.go",
|
||||
@@ -38,10 +42,54 @@
|
||||
"deepCompletion": true,
|
||||
"usePlaceholders": false
|
||||
},
|
||||
"go.lintTool": "golangci-lint",
|
||||
"go.lintFlags": [
|
||||
"--fast",
|
||||
"--enable",
|
||||
"staticcheck",
|
||||
"--enable",
|
||||
"bodyclose",
|
||||
"--enable",
|
||||
"dogsled",
|
||||
"--enable",
|
||||
"gochecknoglobals",
|
||||
"--enable",
|
||||
"gochecknoinits",
|
||||
"--enable",
|
||||
"gocognit",
|
||||
"--enable",
|
||||
"goconst",
|
||||
"--enable",
|
||||
"gocritic",
|
||||
"--enable",
|
||||
"gocyclo",
|
||||
"--enable",
|
||||
"golint",
|
||||
"--enable",
|
||||
"gosec",
|
||||
"--enable",
|
||||
"interfacer",
|
||||
"--enable",
|
||||
"maligned",
|
||||
"--enable",
|
||||
"misspell",
|
||||
"--enable",
|
||||
"nakedret",
|
||||
"--enable",
|
||||
"prealloc",
|
||||
"--enable",
|
||||
"scopelint",
|
||||
"--enable",
|
||||
"unconvert",
|
||||
"--enable",
|
||||
"unparam",
|
||||
"--enable",
|
||||
"whitespace"
|
||||
],
|
||||
// Golang on save
|
||||
"go.buildOnSave": "package",
|
||||
"go.lintOnSave": "package",
|
||||
"go.vetOnSave": "package",
|
||||
"go.buildOnSave": "workspace",
|
||||
"go.lintOnSave": "workspace",
|
||||
"go.vetOnSave": "workspace",
|
||||
"editor.formatOnSave": true,
|
||||
"[go]": {
|
||||
"editor.codeActionsOnSave": {
|
||||
@@ -56,7 +104,10 @@
|
||||
"GOFLAGS": "-tags=integration"
|
||||
},
|
||||
"go.testEnvVars": {},
|
||||
"go.testFlags": ["-v"],
|
||||
"go.testFlags": [
|
||||
"-v",
|
||||
// "-race"
|
||||
],
|
||||
"go.testTimeout": "600s"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
linters-settings:
|
||||
maligned:
|
||||
suggest-new: true
|
||||
misspell:
|
||||
locale: US
|
||||
|
||||
linters:
|
||||
disable-all: true
|
||||
enable:
|
||||
- bodyclose
|
||||
- deadcode
|
||||
- dogsled
|
||||
- dupl
|
||||
- errcheck
|
||||
- gochecknoglobals
|
||||
- gochecknoinits
|
||||
- gocognit
|
||||
- goconst
|
||||
- gocritic
|
||||
- gocyclo
|
||||
- goimports
|
||||
- golint
|
||||
- gosec
|
||||
- gosimple
|
||||
- govet
|
||||
- ineffassign
|
||||
- interfacer
|
||||
- maligned
|
||||
- misspell
|
||||
- nakedret
|
||||
- prealloc
|
||||
- rowserrcheck
|
||||
- scopelint
|
||||
- staticcheck
|
||||
- structcheck
|
||||
- typecheck
|
||||
- unconvert
|
||||
- unparam
|
||||
- unused
|
||||
- varcheck
|
||||
- whitespace
|
||||
|
||||
run:
|
||||
skip-dirs:
|
||||
- .devcontainer
|
||||
- .github
|
||||
- postgres
|
||||
|
||||
service:
|
||||
golangci-lint-version: 1.24.x # use the fixed version to not introduce new linters unexpectedly
|
||||
+6
-2
@@ -3,13 +3,17 @@ ARG GO_VERSION=1.14
|
||||
|
||||
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
|
||||
RUN apk --update add git
|
||||
WORKDIR /tmp/gobuild
|
||||
ENV CGO_ENABLED=0
|
||||
ARG GOLANGCI_LINT_VERSION=v1.24.0
|
||||
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_LINT_VERSION}
|
||||
WORKDIR /tmp/gobuild
|
||||
COPY .golangci.yml .
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download 2>&1
|
||||
COPY cmd/main.go .
|
||||
COPY internal/ ./internal/
|
||||
RUN go test ./...
|
||||
RUN golangci-lint run --timeout=10m
|
||||
RUN go build -ldflags="-s -w" -o entrypoint main.go
|
||||
|
||||
FROM alpine:${ALPINE_VERSION}
|
||||
@@ -29,7 +33,7 @@ LABEL \
|
||||
org.opencontainers.image.source="https://github.com/qdm12/private-internet-access-docker" \
|
||||
org.opencontainers.image.title="PIA client" \
|
||||
org.opencontainers.image.description="VPN client to tunnel to private internet access servers using OpenVPN, IPtables, DNS over TLS and Alpine Linux"
|
||||
ENV VPNSP=pia \
|
||||
ENV VPNSP="private internet access" \
|
||||
USER= \
|
||||
PROTOCOL=udp \
|
||||
OPENVPN_VERBOSITY=1 \
|
||||
|
||||
@@ -113,7 +113,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
|
||||
|
||||
| Environment variable | Default | Properties | PIA | Mullvad | Windscribe | Description | Choices |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| `VPNSP` | `pia` | | ✅ | ✅ | ✅ | VPN Service Provider | `pia`, `mullvad`, `windscribe` |
|
||||
| `VPNSP` | `private internet access` | | ✅ | ✅ | ✅ | VPN Service Provider | `private internet access`, `mullvad`, `windscribe` |
|
||||
| `REGION` | `Austria` | | ✅ | ❌ | ✅ | VPN server region | One of the [PIA regions](https://www.privateinternetaccess.com/pages/network/) or of the [Windscribe regions](https://windscribe.com/status) |
|
||||
| `COUNTRY` | `Sweden` | Optional | ❌ | ✅ | ❌ | VPN server country | One of the [Mullvad countries](https://mullvad.net/en/servers/#openvpn) |
|
||||
| `CITY` | | Optional | ❌ | ✅ | ❌ | VPN server city | One of the [Mullvad cities](https://mullvad.net/en/servers/#openvpn) |
|
||||
|
||||
+11
-11
@@ -45,7 +45,7 @@ func main() {
|
||||
}
|
||||
os.Exit(0)
|
||||
}
|
||||
paramsReader := params.NewParamsReader(logger)
|
||||
paramsReader := params.NewReader(logger)
|
||||
fmt.Println(splash.Splash(paramsReader))
|
||||
e := env.New(logger)
|
||||
client := network.NewClient(15 * time.Second)
|
||||
@@ -90,13 +90,13 @@ func main() {
|
||||
|
||||
var openVPNUser, openVPNPassword string
|
||||
switch allSettings.VPNSP {
|
||||
case "pia":
|
||||
case constants.PrivateInternetAccess:
|
||||
openVPNUser = allSettings.PIA.User
|
||||
openVPNPassword = allSettings.PIA.Password
|
||||
case "mullvad":
|
||||
case constants.Mullvad:
|
||||
openVPNUser = allSettings.Mullvad.User
|
||||
openVPNPassword = "m"
|
||||
case "windscribe":
|
||||
case constants.Windscribe:
|
||||
openVPNUser = allSettings.Windscribe.User
|
||||
openVPNPassword = allSettings.Windscribe.Password
|
||||
}
|
||||
@@ -115,7 +115,7 @@ func main() {
|
||||
e.FatalOnError(err)
|
||||
|
||||
go func() {
|
||||
// Blocking line merging reader for all programs: openvpn, tinyproxy, unbound and shadowsocks
|
||||
// Blocking line merging paramsReader for all programs: openvpn, tinyproxy, unbound and shadowsocks
|
||||
logger.Info("Launching standard output merger")
|
||||
err = streamMerger.CollectLines(func(line string) {
|
||||
logger.Info(line)
|
||||
@@ -157,7 +157,7 @@ func main() {
|
||||
|
||||
var connections []models.OpenVPNConnection
|
||||
switch allSettings.VPNSP {
|
||||
case "pia":
|
||||
case constants.PrivateInternetAccess:
|
||||
connections, err = piaConf.GetOpenVPNConnections(
|
||||
allSettings.PIA.Region,
|
||||
allSettings.OpenVPN.NetworkProtocol,
|
||||
@@ -174,7 +174,7 @@ func main() {
|
||||
allSettings.OpenVPN.Cipher,
|
||||
allSettings.OpenVPN.Auth)
|
||||
e.FatalOnError(err)
|
||||
case "mullvad":
|
||||
case constants.Mullvad:
|
||||
connections, err = mullvadConf.GetOpenVPNConnections(
|
||||
allSettings.Mullvad.Country,
|
||||
allSettings.Mullvad.City,
|
||||
@@ -191,7 +191,7 @@ func main() {
|
||||
allSettings.OpenVPN.Root,
|
||||
allSettings.OpenVPN.Cipher)
|
||||
e.FatalOnError(err)
|
||||
case "windscribe":
|
||||
case constants.Windscribe:
|
||||
connections, err = windscribeConf.GetOpenVPNConnections(
|
||||
allSettings.Windscribe.Region,
|
||||
allSettings.OpenVPN.NetworkProtocol,
|
||||
@@ -285,7 +285,7 @@ func onConnected(
|
||||
fileManager files.FileManager,
|
||||
piaConf pia.Configurator,
|
||||
defaultInterface string,
|
||||
VPNSP string,
|
||||
vpnsp models.VPNProvider,
|
||||
portForwarding bool,
|
||||
portForwardingFilepath models.Filepath,
|
||||
ipStatusFilepath models.Filepath,
|
||||
@@ -300,12 +300,12 @@ func onConnected(
|
||||
string(ipStatusFilepath),
|
||||
[]string{ip.String()},
|
||||
files.Ownership(uid, gid),
|
||||
files.Permissions(400))
|
||||
files.Permissions(0400))
|
||||
if err != nil {
|
||||
logger.Error(err)
|
||||
}
|
||||
}
|
||||
if VPNSP != "pia" || !portForwarding {
|
||||
if vpnsp != constants.PrivateInternetAccess || !portForwarding {
|
||||
return
|
||||
}
|
||||
port, err := piaConf.GetPortForward()
|
||||
|
||||
+1
-1
@@ -14,7 +14,7 @@ services:
|
||||
# command:
|
||||
environment:
|
||||
# More variables are available, see the readme table
|
||||
- VPNSP=pia
|
||||
- VPNSP=private internet access
|
||||
- USER=js89ds7
|
||||
- PROTOCOL=udp
|
||||
- OPENVPN_VERBOSITY=1
|
||||
|
||||
@@ -27,43 +27,43 @@ const (
|
||||
// to their data such as IP addresses or TLS host name.
|
||||
func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
|
||||
return map[models.DNSProvider]models.DNSProviderData{
|
||||
Cloudflare: models.DNSProviderData{
|
||||
Cloudflare: {
|
||||
IPs: []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x01}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("cloudflare-dns.com"),
|
||||
},
|
||||
Google: models.DNSProviderData{
|
||||
Google: {
|
||||
IPs: []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("dns.google"),
|
||||
},
|
||||
Quad9: models.DNSProviderData{
|
||||
Quad9: {
|
||||
IPs: []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("dns.quad9.net"),
|
||||
},
|
||||
Quadrant: models.DNSProviderData{
|
||||
Quadrant: {
|
||||
IPs: []net.IP{{12, 159, 2, 159}, {0x20, 0x1, 0x18, 0x90, 0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x59}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("dns-tls.qis.io"),
|
||||
},
|
||||
CleanBrowsing: models.DNSProviderData{
|
||||
CleanBrowsing: {
|
||||
IPs: []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("security-filter-dns.cleanbrowsing.org"),
|
||||
},
|
||||
SecureDNS: models.DNSProviderData{
|
||||
SecureDNS: {
|
||||
IPs: []net.IP{{146, 185, 167, 43}, {0x2a, 0x3, 0xb0, 0xc0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe, 0x9a, 0x30, 0x1}},
|
||||
SupportsTLS: true,
|
||||
SupportsIPv6: true,
|
||||
Host: models.DNSHost("dot.securedns.eu"),
|
||||
},
|
||||
LibreDNS: models.DNSProviderData{
|
||||
LibreDNS: {
|
||||
IPs: []net.IP{{116, 203, 115, 192}},
|
||||
SupportsTLS: true,
|
||||
Host: models.DNSHost("dot.libredns.gr"),
|
||||
|
||||
@@ -12,10 +12,10 @@ const (
|
||||
)
|
||||
|
||||
const (
|
||||
PIAX509CRL_NORMAL = "MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EWB4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Reze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqyMR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A=="
|
||||
PIAX509CRL_STRONG = "MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMdKydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8PpLN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKvIdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbeyqxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOoxNeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZyo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA="
|
||||
PIACertificate_NORMAL = "MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXDL1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzXlH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWpcdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RCOfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tLy8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZOsqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2VzczEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5jb22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAna5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xUryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK37pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyCGohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUtYDQ8z9v+DMO6iwyIDRiU"
|
||||
PIACertificate_STRONG = "MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQwMzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVkhjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULNDe4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9KV2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SNDfCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZylp7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7pKwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzjtRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wijSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNzmeGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRtyWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCtpXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dvEm89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1GtF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZuLfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj35xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnXJUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJiyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ="
|
||||
PiaX509CRLNormal = "MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EWB4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Reze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqyMR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A=="
|
||||
PiaX509CRLStrong = "MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMdKydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8PpLN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKvIdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbeyqxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOoxNeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZyo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA="
|
||||
PIACertificateNormal = "MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXDL1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzXlH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWpcdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RCOfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tLy8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZOsqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2VzczEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5jb22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAna5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xUryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK37pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyCGohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUtYDQ8z9v+DMO6iwyIDRiU"
|
||||
PIACertificateStrong = "MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQwMzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVkhjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULNDe4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9KV2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SNDfCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZylp7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7pKwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzjtRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wijSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNzmeGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNVHQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRtyWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCtpXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dvEm89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1GtF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZuLfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj35xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnXJUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJiyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ="
|
||||
)
|
||||
|
||||
func PIAGeoChoices() (regions []string) {
|
||||
|
||||
+15
-13
@@ -2,6 +2,7 @@ package dns
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
@@ -14,13 +15,10 @@ import (
|
||||
|
||||
func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err error) {
|
||||
c.logger.Info("generating Unbound configuration")
|
||||
lines, warnings, err := generateUnboundConf(settings, c.client, c.logger)
|
||||
lines, warnings := generateUnboundConf(settings, c.client, c.logger)
|
||||
for _, warning := range warnings {
|
||||
c.logger.Warn(warning)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return c.fileManager.WriteLinesToFile(
|
||||
string(constants.UnboundConf),
|
||||
lines,
|
||||
@@ -29,7 +27,7 @@ func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err
|
||||
}
|
||||
|
||||
// MakeUnboundConf generates an Unbound configuration from the user provided settings
|
||||
func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error, err error) {
|
||||
func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error) {
|
||||
doIPv6 := "no"
|
||||
if settings.IPv6 {
|
||||
doIPv6 = "yes"
|
||||
@@ -87,9 +85,11 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
|
||||
|
||||
// Server
|
||||
lines = append(lines, "server:")
|
||||
var serverLines []string
|
||||
serverLines := make([]string, len(serverSection))
|
||||
i := 0
|
||||
for k, v := range serverSection {
|
||||
serverLines = append(serverLines, " "+k+": "+v)
|
||||
serverLines[i] = " " + k + ": " + v
|
||||
i++
|
||||
}
|
||||
sort.Slice(serverLines, func(i, j int) bool {
|
||||
return serverLines[i] < serverLines[j]
|
||||
@@ -109,9 +109,11 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
|
||||
} else {
|
||||
forwardZoneSection["forward-no-cache"] = "yes"
|
||||
}
|
||||
var forwardZoneLines []string
|
||||
forwardZoneLines := make([]string, len(forwardZoneSection))
|
||||
i = 0
|
||||
for k, v := range forwardZoneSection {
|
||||
forwardZoneLines = append(forwardZoneLines, " "+k+": "+v)
|
||||
forwardZoneLines[i] = " " + k + ": " + v
|
||||
i++
|
||||
}
|
||||
sort.Slice(forwardZoneLines, func(i, j int) bool {
|
||||
return forwardZoneLines[i] < forwardZoneLines[j]
|
||||
@@ -124,7 +126,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
|
||||
}
|
||||
}
|
||||
lines = append(lines, forwardZoneLines...)
|
||||
return lines, warnings, nil
|
||||
return lines, warnings
|
||||
}
|
||||
|
||||
func buildBlocked(client network.Client, blockMalicious, blockAds, blockSurveillance bool,
|
||||
@@ -157,11 +159,11 @@ func buildBlocked(client network.Client, blockMalicious, blockAds, blockSurveill
|
||||
return hostnamesLines, ipsLines, errs
|
||||
}
|
||||
|
||||
func getList(client network.Client, URL string) (results []string, err error) {
|
||||
content, status, err := client.GetContent(URL)
|
||||
func getList(client network.Client, url string) (results []string, err error) {
|
||||
content, status, err := client.GetContent(url)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if status != 200 {
|
||||
} else if status != http.StatusOK {
|
||||
return nil, fmt.Errorf("HTTP status code is %d and not 200", status)
|
||||
}
|
||||
results = strings.Split(string(content), "\n")
|
||||
|
||||
@@ -39,9 +39,8 @@ func Test_generateUnboundConf(t *testing.T) {
|
||||
logger := mock_logging.NewMockLogger(mockCtrl)
|
||||
logger.EXPECT().Info("%d hostnames blocked overall", 2).Times(1)
|
||||
logger.EXPECT().Info("%d IP addresses blocked overall", 3).Times(1)
|
||||
lines, warnings, err := generateUnboundConf(settings, client, logger)
|
||||
lines, warnings := generateUnboundConf(settings, client, logger)
|
||||
require.Len(t, warnings, 0)
|
||||
require.NoError(t, err)
|
||||
expected := `
|
||||
server:
|
||||
cache-max-ttl: 9000
|
||||
@@ -383,7 +382,7 @@ func Test_buildBlockedHostnames(t *testing.T) {
|
||||
" local-zone: \"site_d\" static"},
|
||||
},
|
||||
}
|
||||
for name, tc := range tests {
|
||||
for name, tc := range tests { //nolint:dupl
|
||||
tc := tc
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
@@ -499,7 +498,7 @@ func Test_buildBlockedIPs(t *testing.T) {
|
||||
" private-address: site_d"},
|
||||
},
|
||||
}
|
||||
for name, tc := range tests {
|
||||
for name, tc := range tests { //nolint:dupl
|
||||
tc := tc
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@@ -9,20 +9,20 @@ import (
|
||||
)
|
||||
|
||||
// UseDNSInternally is to change the Go program DNS only
|
||||
func (c *configurator) UseDNSInternally(IP net.IP) {
|
||||
c.logger.Info("using DNS address %s internally", IP.String())
|
||||
func (c *configurator) UseDNSInternally(ip net.IP) {
|
||||
c.logger.Info("using DNS address %s internally", ip.String())
|
||||
net.DefaultResolver = &net.Resolver{
|
||||
PreferGo: true,
|
||||
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||
d := net.Dialer{}
|
||||
return d.DialContext(ctx, "udp", net.JoinHostPort(IP.String(), "53"))
|
||||
return d.DialContext(ctx, "udp", net.JoinHostPort(ip.String(), "53"))
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// UseDNSSystemWide changes the nameserver to use for DNS system wide
|
||||
func (c *configurator) UseDNSSystemWide(IP net.IP) error {
|
||||
c.logger.Info("using DNS address %s system wide", IP.String())
|
||||
func (c *configurator) UseDNSSystemWide(ip net.IP) error {
|
||||
c.logger.Info("using DNS address %s system wide", ip.String())
|
||||
data, err := c.fileManager.ReadFile(string(constants.ResolvConf))
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -35,12 +35,12 @@ func (c *configurator) UseDNSSystemWide(IP net.IP) error {
|
||||
found := false
|
||||
for i := range lines {
|
||||
if strings.HasPrefix(lines[i], "nameserver ") {
|
||||
lines[i] = "nameserver " + IP.String()
|
||||
lines[i] = "nameserver " + ip.String()
|
||||
found = true
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
lines = append(lines, "nameserver "+IP.String())
|
||||
lines = append(lines, "nameserver "+ip.String())
|
||||
}
|
||||
data = []byte(strings.Join(lines, "\n"))
|
||||
return c.fileManager.WriteToFile(string(constants.ResolvConf), data)
|
||||
|
||||
@@ -2,6 +2,7 @@ package dns
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/qdm12/golibs/files"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
@@ -12,7 +13,7 @@ func (c *configurator) DownloadRootHints(uid, gid int) error {
|
||||
content, status, err := c.client.GetContent(string(constants.NamedRootURL))
|
||||
if err != nil {
|
||||
return err
|
||||
} else if status != 200 {
|
||||
} else if status != http.StatusOK {
|
||||
return fmt.Errorf("HTTP status code is %d for %s", status, constants.NamedRootURL)
|
||||
}
|
||||
return c.fileManager.WriteToFile(
|
||||
@@ -27,7 +28,7 @@ func (c *configurator) DownloadRootKey(uid, gid int) error {
|
||||
content, status, err := c.client.GetContent(string(constants.RootKeyURL))
|
||||
if err != nil {
|
||||
return err
|
||||
} else if status != 200 {
|
||||
} else if status != http.StatusOK {
|
||||
return fmt.Errorf("HTTP status code is %d for %s", status, constants.RootKeyURL)
|
||||
}
|
||||
return c.fileManager.WriteToFile(
|
||||
|
||||
@@ -16,7 +16,7 @@ import (
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
)
|
||||
|
||||
func Test_DownloadRootHints(t *testing.T) {
|
||||
func Test_DownloadRootHints(t *testing.T) { //nolint:dupl
|
||||
t.Parallel()
|
||||
tests := map[string]struct {
|
||||
content []byte
|
||||
@@ -78,7 +78,7 @@ func Test_DownloadRootHints(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func Test_DownloadRootKey(t *testing.T) {
|
||||
func Test_DownloadRootKey(t *testing.T) { //nolint:dupl
|
||||
t.Parallel()
|
||||
tests := map[string]struct {
|
||||
content []byte
|
||||
|
||||
@@ -14,7 +14,7 @@ func (c *configurator) WaitForUnbound() (err error) {
|
||||
return nil
|
||||
}
|
||||
c.logger.Warn("could not resolve %s (try %d of %d): %s", hostToResolve, try, maxTries, err)
|
||||
time.Sleep(time.Duration(maxTries * 50 * time.Millisecond))
|
||||
time.Sleep(maxTries * 50 * time.Millisecond)
|
||||
}
|
||||
return fmt.Errorf("Unbound does not seem to be working after %d tries", maxTries)
|
||||
}
|
||||
|
||||
Vendored
-1
@@ -68,7 +68,6 @@ func Test_PrintVersion(t *testing.T) {
|
||||
logger.EXPECT().Error(tc.commandErr).Do(func(err error) {
|
||||
logged = err.Error()
|
||||
}).Times(1)
|
||||
|
||||
} else {
|
||||
logger.EXPECT().Info("%s version: %s", tc.program, tc.commandVersion).
|
||||
Do(func(format, program, version string) {
|
||||
|
||||
@@ -10,8 +10,8 @@ import (
|
||||
|
||||
func HealthCheck() error {
|
||||
// DNS, HTTP and HTTPs check on github.com
|
||||
connectivty := connectivity.NewConnectivity(3 * time.Second)
|
||||
errs := connectivty.Checks("github.com")
|
||||
connectivity := connectivity.NewConnectivity(3 * time.Second)
|
||||
errs := connectivity.Checks("github.com")
|
||||
if len(errs) > 0 {
|
||||
var errsStr []string
|
||||
for _, err := range errs {
|
||||
|
||||
@@ -3,10 +3,10 @@ package models
|
||||
import "net"
|
||||
|
||||
type MullvadServer struct {
|
||||
IPs []net.IP
|
||||
Country MullvadCountry
|
||||
City MullvadCity
|
||||
Provider MullvadProvider
|
||||
Owned bool
|
||||
IPs []net.IP
|
||||
DefaultPort uint16
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ func (c *configurator) CreateTUN() error {
|
||||
if err := c.mkNod(string(constants.TunnelDevice), unix.S_IFCHR, int(dev)); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := c.fileManager.SetUserPermissions(string(constants.TunnelDevice), 666); err != nil {
|
||||
if err := c.fileManager.SetUserPermissions(string(constants.TunnelDevice), 0666); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
+13
-15
@@ -11,13 +11,13 @@ import (
|
||||
|
||||
// GetDNSOverTLS obtains if the DNS over TLS should be enabled
|
||||
// from the environment variable DOT
|
||||
func (p *paramsReader) GetDNSOverTLS() (DNSOverTLS bool, err error) {
|
||||
func (p *reader) GetDNSOverTLS() (DNSOverTLS bool, err error) { //nolint:gocritic
|
||||
return p.envParams.GetOnOff("DOT", libparams.Default("on"))
|
||||
}
|
||||
|
||||
// GetDNSOverTLSProviders obtains the DNS over TLS providers to use
|
||||
// from the environment variable DOT_PROVIDERS
|
||||
func (p *paramsReader) GetDNSOverTLSProviders() (providers []models.DNSProvider, err error) {
|
||||
func (p *reader) GetDNSOverTLSProviders() (providers []models.DNSProvider, err error) {
|
||||
s, err := p.envParams.GetEnv("DOT_PROVIDERS", libparams.Default("cloudflare"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -36,35 +36,35 @@ func (p *paramsReader) GetDNSOverTLSProviders() (providers []models.DNSProvider,
|
||||
|
||||
// GetDNSOverTLSVerbosity obtains the verbosity level to use for Unbound
|
||||
// from the environment variable DOT_VERBOSITY
|
||||
func (p *paramsReader) GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error) {
|
||||
func (p *reader) GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error) {
|
||||
n, err := p.envParams.GetEnvIntRange("DOT_VERBOSITY", 0, 5, libparams.Default("1"))
|
||||
return uint8(n), err
|
||||
}
|
||||
|
||||
// GetDNSOverTLSVerbosityDetails obtains the log level to use for Unbound
|
||||
// from the environment variable DOT_VERBOSITY_DETAILS
|
||||
func (p *paramsReader) GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error) {
|
||||
func (p *reader) GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error) {
|
||||
n, err := p.envParams.GetEnvIntRange("DOT_VERBOSITY_DETAILS", 0, 4, libparams.Default("0"))
|
||||
return uint8(n), err
|
||||
}
|
||||
|
||||
// GetDNSOverTLSValidationLogLevel obtains the log level to use for Unbound DOT validation
|
||||
// from the environment variable DOT_VALIDATION_LOGLEVEL
|
||||
func (p *paramsReader) GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error) {
|
||||
func (p *reader) GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error) {
|
||||
n, err := p.envParams.GetEnvIntRange("DOT_VALIDATION_LOGLEVEL", 0, 2, libparams.Default("0"))
|
||||
return uint8(n), err
|
||||
}
|
||||
|
||||
// GetDNSMaliciousBlocking obtains if malicious hostnames/IPs should be blocked
|
||||
// from being resolved by Unbound, using the environment variable BLOCK_MALICIOUS
|
||||
func (p *paramsReader) GetDNSMaliciousBlocking() (blocking bool, err error) {
|
||||
func (p *reader) GetDNSMaliciousBlocking() (blocking bool, err error) {
|
||||
return p.envParams.GetOnOff("BLOCK_MALICIOUS", libparams.Default("on"))
|
||||
}
|
||||
|
||||
// GetDNSSurveillanceBlocking obtains if surveillance hostnames/IPs should be blocked
|
||||
// from being resolved by Unbound, using the environment variable BLOCK_SURVEILLANCE
|
||||
// and BLOCK_NSA for retrocompatibility
|
||||
func (p *paramsReader) GetDNSSurveillanceBlocking() (blocking bool, err error) {
|
||||
func (p *reader) GetDNSSurveillanceBlocking() (blocking bool, err error) {
|
||||
// Retro-compatibility
|
||||
s, err := p.envParams.GetEnv("BLOCK_NSA")
|
||||
if err != nil {
|
||||
@@ -78,13 +78,13 @@ func (p *paramsReader) GetDNSSurveillanceBlocking() (blocking bool, err error) {
|
||||
|
||||
// GetDNSAdsBlocking obtains if ads hostnames/IPs should be blocked
|
||||
// from being resolved by Unbound, using the environment variable BLOCK_ADS
|
||||
func (p *paramsReader) GetDNSAdsBlocking() (blocking bool, err error) {
|
||||
func (p *reader) GetDNSAdsBlocking() (blocking bool, err error) {
|
||||
return p.envParams.GetOnOff("BLOCK_ADS", libparams.Default("off"))
|
||||
}
|
||||
|
||||
// GetDNSUnblockedHostnames obtains a list of hostnames to unblock from block lists
|
||||
// from the comma separated list for the environment variable UNBLOCK
|
||||
func (p *paramsReader) GetDNSUnblockedHostnames() (hostnames []string, err error) {
|
||||
func (p *reader) GetDNSUnblockedHostnames() (hostnames []string, err error) {
|
||||
s, err := p.envParams.GetEnv("UNBLOCK")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -103,22 +103,20 @@ func (p *paramsReader) GetDNSUnblockedHostnames() (hostnames []string, err error
|
||||
|
||||
// GetDNSOverTLSCaching obtains if Unbound caching should be enable or not
|
||||
// from the environment variable DOT_CACHING
|
||||
func (p *paramsReader) GetDNSOverTLSCaching() (caching bool, err error) {
|
||||
func (p *reader) GetDNSOverTLSCaching() (caching bool, err error) {
|
||||
return p.envParams.GetOnOff("DOT_CACHING")
|
||||
}
|
||||
|
||||
// GetDNSOverTLSPrivateAddresses obtains if Unbound caching should be enable or not
|
||||
// from the environment variable DOT_PRIVATE_ADDRESS
|
||||
func (p *paramsReader) GetDNSOverTLSPrivateAddresses() (privateAddresses []string) {
|
||||
func (p *reader) GetDNSOverTLSPrivateAddresses() (privateAddresses []string) {
|
||||
s, _ := p.envParams.GetEnv("DOT_PRIVATE_ADDRESS")
|
||||
for _, s := range strings.Split(s, ",") {
|
||||
privateAddresses = append(privateAddresses, s)
|
||||
}
|
||||
privateAddresses = append(privateAddresses, strings.Split(s, ",")...)
|
||||
return privateAddresses
|
||||
}
|
||||
|
||||
// GetDNSOverTLSIPv6 obtains if Unbound should resolve ipv6 addresses using ipv6 DNS over TLS
|
||||
// servers from the environment variable DOT_IPV6
|
||||
func (p *paramsReader) GetDNSOverTLSIPv6() (ipv6 bool, err error) {
|
||||
func (p *reader) GetDNSOverTLSIPv6() (ipv6 bool, err error) {
|
||||
return p.envParams.GetOnOff("DOT_IPV6")
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
|
||||
// GetExtraSubnets obtains the CIDR subnets from the comma separated list of the
|
||||
// environment variable EXTRA_SUBNETS
|
||||
func (p *paramsReader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
|
||||
func (p *reader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
|
||||
s, err := p.envParams.GetEnv("EXTRA_SUBNETS")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
|
||||
// GetMullvadCountry obtains the country for the Mullvad server from the
|
||||
// environment variable COUNTRY
|
||||
func (p *paramsReader) GetMullvadCountry() (country models.MullvadCountry, err error) {
|
||||
func (p *reader) GetMullvadCountry() (country models.MullvadCountry, err error) {
|
||||
choices := append(constants.MullvadCountryChoices(), "")
|
||||
s, err := p.envParams.GetValueIfInside("COUNTRY", choices)
|
||||
return models.MullvadCountry(strings.ToLower(s)), err
|
||||
@@ -18,7 +18,7 @@ func (p *paramsReader) GetMullvadCountry() (country models.MullvadCountry, err e
|
||||
|
||||
// GetMullvadCity obtains the city for the Mullvad server from the
|
||||
// environment variable CITY
|
||||
func (p *paramsReader) GetMullvadCity() (country models.MullvadCity, err error) {
|
||||
func (p *reader) GetMullvadCity() (country models.MullvadCity, err error) {
|
||||
choices := append(constants.MullvadCityChoices(), "")
|
||||
s, err := p.envParams.GetValueIfInside("CITY", choices)
|
||||
return models.MullvadCity(strings.ToLower(s)), err
|
||||
@@ -26,7 +26,7 @@ func (p *paramsReader) GetMullvadCity() (country models.MullvadCity, err error)
|
||||
|
||||
// GetMullvadISP obtains the ISP for the Mullvad server from the
|
||||
// environment variable ISP
|
||||
func (p *paramsReader) GetMullvadISP() (country models.MullvadProvider, err error) {
|
||||
func (p *reader) GetMullvadISP() (country models.MullvadProvider, err error) {
|
||||
choices := append(constants.MullvadProviderChoices(), "")
|
||||
s, err := p.envParams.GetValueIfInside("ISP", choices)
|
||||
return models.MullvadProvider(strings.ToLower(s)), err
|
||||
@@ -34,7 +34,7 @@ func (p *paramsReader) GetMullvadISP() (country models.MullvadProvider, err erro
|
||||
|
||||
// GetMullvadPort obtains the port to reach the Mullvad server on from the
|
||||
// environment variable PORT
|
||||
func (p *paramsReader) GetMullvadPort() (port uint16, err error) {
|
||||
func (p *reader) GetMullvadPort() (port uint16, err error) {
|
||||
n, err := p.envParams.GetEnvIntRange("PORT", 0, 65535, libparams.Default("0"))
|
||||
return uint16(n), err
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
// GetUser obtains the user to use to connect to the VPN servers
|
||||
func (p *paramsReader) GetUser() (s string, err error) {
|
||||
func (p *reader) GetUser() (s string, err error) {
|
||||
defer func() {
|
||||
unsetenvErr := p.unsetEnv("USER")
|
||||
if err == nil {
|
||||
@@ -21,7 +21,7 @@ func (p *paramsReader) GetUser() (s string, err error) {
|
||||
}
|
||||
|
||||
// GetPassword obtains the password to use to connect to the VPN servers
|
||||
func (p *paramsReader) GetPassword() (s string, err error) {
|
||||
func (p *reader) GetPassword() (s string, err error) {
|
||||
defer func() {
|
||||
unsetenvErr := p.unsetEnv("PASSWORD")
|
||||
if err == nil {
|
||||
@@ -33,30 +33,32 @@ func (p *paramsReader) GetPassword() (s string, err error) {
|
||||
|
||||
// GetNetworkProtocol obtains the network protocol to use to connect to the
|
||||
// VPN servers from the environment variable PROTOCOL
|
||||
func (p *paramsReader) GetNetworkProtocol() (protocol models.NetworkProtocol, err error) {
|
||||
func (p *reader) GetNetworkProtocol() (protocol models.NetworkProtocol, err error) {
|
||||
s, err := p.envParams.GetValueIfInside("PROTOCOL", []string{"tcp", "udp"}, libparams.Default("udp"))
|
||||
return models.NetworkProtocol(s), err
|
||||
}
|
||||
|
||||
// GetOpenVPNVerbosity obtains the verbosity level for verbosity between 0 and 6
|
||||
// from the environment variable OPENVPN_VERBOSITY
|
||||
func (p *paramsReader) GetOpenVPNVerbosity() (verbosity int, err error) {
|
||||
func (p *reader) GetOpenVPNVerbosity() (verbosity int, err error) {
|
||||
return p.envParams.GetEnvIntRange("OPENVPN_VERBOSITY", 0, 6, libparams.Default("1"))
|
||||
}
|
||||
|
||||
// GetOpenVPNRoot obtains if openvpn should be run as root
|
||||
// from the environment variable OPENVPN_ROOT
|
||||
func (p *paramsReader) GetOpenVPNRoot() (root bool, err error) {
|
||||
func (p *reader) GetOpenVPNRoot() (root bool, err error) {
|
||||
return p.envParams.GetYesNo("OPENVPN_ROOT", libparams.Default("no"))
|
||||
}
|
||||
|
||||
// GetTargetIP obtains the IP address to choose from the list of IP addresses
|
||||
// available for a particular region, from the environment variable
|
||||
// OPENVPN_TARGET_IP
|
||||
func (p *paramsReader) GetTargetIP() (ip net.IP, err error) {
|
||||
func (p *reader) GetTargetIP() (ip net.IP, err error) {
|
||||
s, err := p.envParams.GetEnv("OPENVPN_TARGET_IP")
|
||||
if len(s) == 0 {
|
||||
return nil, nil
|
||||
} else if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ip = net.ParseIP(s)
|
||||
if ip == nil {
|
||||
@@ -67,14 +69,14 @@ func (p *paramsReader) GetTargetIP() (ip net.IP, err error) {
|
||||
|
||||
// GetOpenVPNCipher obtains a custom cipher to use with OpenVPN
|
||||
// from the environment variable OPENVPN_CIPHER
|
||||
func (p *paramsReader) GetOpenVPNCipher() (cipher string, err error) {
|
||||
func (p *reader) GetOpenVPNCipher() (cipher string, err error) {
|
||||
cipher, err = p.envParams.GetEnv("OPENVPN_CIPHER")
|
||||
return strings.ToLower(cipher), err
|
||||
}
|
||||
|
||||
// GetOpenVPNAuth obtains a custom auth algorithm to use with OpenVPN
|
||||
// from the environment variable OPENVPN_AUTH
|
||||
func (p *paramsReader) GetOpenVPNAuth() (auth string, err error) {
|
||||
func (p *reader) GetOpenVPNAuth() (auth string, err error) {
|
||||
auth, err = p.envParams.GetEnv("OPENVPN_AUTH")
|
||||
return strings.ToLower(auth), err
|
||||
}
|
||||
|
||||
+13
-10
@@ -10,9 +10,9 @@ import (
|
||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||
)
|
||||
|
||||
// ParamsReader contains methods to obtain parameters
|
||||
type ParamsReader interface {
|
||||
GetVPNSP() (vpnServiceProvider string, err error)
|
||||
// Reader contains methods to obtain parameters
|
||||
type Reader interface {
|
||||
GetVPNSP() (vpnServiceProvider models.VPNProvider, err error)
|
||||
|
||||
// DNS over TLS getters
|
||||
GetDNSOverTLS() (DNSOverTLS bool, err error)
|
||||
@@ -83,17 +83,17 @@ type ParamsReader interface {
|
||||
GetVcsRef() string
|
||||
}
|
||||
|
||||
type paramsReader struct {
|
||||
type reader struct {
|
||||
envParams libparams.EnvParams
|
||||
logger logging.Logger
|
||||
verifier verification.Verifier
|
||||
unsetEnv func(key string) error
|
||||
}
|
||||
|
||||
// NewParamsReader returns a paramsReadeer object to read parameters from
|
||||
// Newreader returns a paramsReadeer object to read parameters from
|
||||
// environment variables
|
||||
func NewParamsReader(logger logging.Logger) ParamsReader {
|
||||
return ¶msReader{
|
||||
func NewReader(logger logging.Logger) Reader {
|
||||
return &reader{
|
||||
envParams: libparams.NewEnvParams(),
|
||||
logger: logger,
|
||||
verifier: verification.NewVerifier(),
|
||||
@@ -102,7 +102,10 @@ func NewParamsReader(logger logging.Logger) ParamsReader {
|
||||
}
|
||||
|
||||
// GetVPNSP obtains the VPN service provider to use from the environment variable VPNSP
|
||||
func (p *paramsReader) GetVPNSP() (vpnServiceProvider string, err error) {
|
||||
s, err := p.envParams.GetValueIfInside("VPNSP", []string{"pia", "mullvad", "windscribe"})
|
||||
return s, err
|
||||
func (p *reader) GetVPNSP() (vpnServiceProvider models.VPNProvider, err error) {
|
||||
s, err := p.envParams.GetValueIfInside("VPNSP", []string{"pia", "private internet access", "mullvad", "windscribe"})
|
||||
if s == "pia" {
|
||||
s = "private internet access"
|
||||
}
|
||||
return models.VPNProvider(s), err
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
|
||||
// GetPortForwarding obtains if port forwarding on the VPN provider server
|
||||
// side is enabled or not from the environment variable PORT_FORWARDING
|
||||
func (p *paramsReader) GetPortForwarding() (activated bool, err error) {
|
||||
func (p *reader) GetPortForwarding() (activated bool, err error) {
|
||||
s, err := p.envParams.GetEnv("PORT_FORWARDING", libparams.Default("off"))
|
||||
if err != nil {
|
||||
return false, err
|
||||
@@ -27,7 +27,7 @@ func (p *paramsReader) GetPortForwarding() (activated bool, err error) {
|
||||
|
||||
// GetPortForwardingStatusFilepath obtains the port forwarding status file path
|
||||
// from the environment variable PORT_FORWARDING_STATUS_FILE
|
||||
func (p *paramsReader) GetPortForwardingStatusFilepath() (filepath models.Filepath, err error) {
|
||||
func (p *reader) GetPortForwardingStatusFilepath() (filepath models.Filepath, err error) {
|
||||
filepathStr, err := p.envParams.GetPath("PORT_FORWARDING_STATUS_FILE", libparams.Default("/forwarded_port"), libparams.CaseSensitiveValue())
|
||||
return models.Filepath(filepathStr), err
|
||||
}
|
||||
@@ -35,7 +35,7 @@ func (p *paramsReader) GetPortForwardingStatusFilepath() (filepath models.Filepa
|
||||
// GetPIAEncryption obtains the encryption level for the PIA connection
|
||||
// from the environment variable PIA_ENCRYPTION, and using ENCRYPTION for
|
||||
// retro compatibility
|
||||
func (p *paramsReader) GetPIAEncryption() (models.PIAEncryption, error) {
|
||||
func (p *reader) GetPIAEncryption() (models.PIAEncryption, error) {
|
||||
// Retro-compatibility
|
||||
s, err := p.envParams.GetValueIfInside("ENCRYPTION", []string{"normal", "strong", ""})
|
||||
if err != nil {
|
||||
@@ -50,11 +50,11 @@ func (p *paramsReader) GetPIAEncryption() (models.PIAEncryption, error) {
|
||||
|
||||
// GetPIARegion obtains the region for the PIA server from the
|
||||
// environment variable REGION
|
||||
func (p *paramsReader) GetPIARegion() (region models.PIARegion, err error) {
|
||||
func (p *reader) GetPIARegion() (region models.PIARegion, err error) {
|
||||
choices := append(constants.PIAGeoChoices(), "")
|
||||
s, err := p.envParams.GetValueIfInside("REGION", choices)
|
||||
if len(s) == 0 { // Suggestion by @rorph https://github.com/rorph
|
||||
s = choices[rand.Int()%len(choices)]
|
||||
s = choices[rand.Int()%len(choices)] //nolint:gosec
|
||||
}
|
||||
return models.PIARegion(s), err
|
||||
}
|
||||
|
||||
@@ -8,19 +8,19 @@ import (
|
||||
|
||||
// GetShadowSocks obtains if ShadowSocks is on from the environment variable
|
||||
// SHADOWSOCKS
|
||||
func (p *paramsReader) GetShadowSocks() (activated bool, err error) {
|
||||
func (p *reader) GetShadowSocks() (activated bool, err error) {
|
||||
return p.envParams.GetOnOff("SHADOWSOCKS", libparams.Default("off"))
|
||||
}
|
||||
|
||||
// GetShadowSocksLog obtains the ShadowSocks log level from the environment variable
|
||||
// SHADOWSOCKS_LOG
|
||||
func (p *paramsReader) GetShadowSocksLog() (activated bool, err error) {
|
||||
func (p *reader) GetShadowSocksLog() (activated bool, err error) {
|
||||
return p.envParams.GetOnOff("SHADOWSOCKS_LOG", libparams.Default("off"))
|
||||
}
|
||||
|
||||
// GetShadowSocksPort obtains the ShadowSocks listening port from the environment variable
|
||||
// SHADOWSOCKS_PORT
|
||||
func (p *paramsReader) GetShadowSocksPort() (port uint16, err error) {
|
||||
func (p *reader) GetShadowSocksPort() (port uint16, err error) {
|
||||
portStr, err := p.envParams.GetEnv("SHADOWSOCKS_PORT", libparams.Default("8388"))
|
||||
if err != nil {
|
||||
return 0, err
|
||||
@@ -34,13 +34,18 @@ func (p *paramsReader) GetShadowSocksPort() (port uint16, err error) {
|
||||
|
||||
// GetShadowSocksPassword obtains the ShadowSocks server password from the environment variable
|
||||
// SHADOWSOCKS_PASSWORD
|
||||
func (p *paramsReader) GetShadowSocksPassword() (password string, err error) {
|
||||
defer p.unsetEnv("SHADOWSOCKS_PASSWORD")
|
||||
func (p *reader) GetShadowSocksPassword() (password string, err error) {
|
||||
defer func() {
|
||||
unsetErr := p.unsetEnv("SHADOWSOCKS_PASSWORD")
|
||||
if err == nil {
|
||||
err = unsetErr
|
||||
}
|
||||
}()
|
||||
return p.envParams.GetEnv("SHADOWSOCKS_PASSWORD", libparams.CaseSensitiveValue())
|
||||
}
|
||||
|
||||
// GetShadowSocksMethod obtains the ShadowSocks method to use from the environment variable
|
||||
// SHADOWSOCKS_METHOD
|
||||
func (p *paramsReader) GetShadowSocksMethod() (method string, err error) {
|
||||
func (p *reader) GetShadowSocksMethod() (method string, err error) {
|
||||
return p.envParams.GetEnv("SHADOWSOCKS_METHOD", libparams.Default("chacha20-ietf-poly1305"))
|
||||
}
|
||||
|
||||
@@ -6,23 +6,23 @@ import (
|
||||
)
|
||||
|
||||
// GetUID obtains the user ID to use from the environment variable UID
|
||||
func (p *paramsReader) GetUID() (uid int, err error) {
|
||||
func (p *reader) GetUID() (uid int, err error) {
|
||||
return p.envParams.GetEnvIntRange("UID", 0, 65535, libparams.Default("1000"))
|
||||
}
|
||||
|
||||
// GetGID obtains the group ID to use from the environment variable GID
|
||||
func (p *paramsReader) GetGID() (gid int, err error) {
|
||||
func (p *reader) GetGID() (gid int, err error) {
|
||||
return p.envParams.GetEnvIntRange("GID", 0, 65535, libparams.Default("1000"))
|
||||
}
|
||||
|
||||
// GetTZ obtains the timezone from the environment variable TZ
|
||||
func (p *paramsReader) GetTimezone() (timezone string, err error) {
|
||||
func (p *reader) GetTimezone() (timezone string, err error) {
|
||||
return p.envParams.GetEnv("TZ")
|
||||
}
|
||||
|
||||
// GetIPStatusFilepath obtains the IP status file path
|
||||
// from the environment variable IP_STATUS_FILE
|
||||
func (p *paramsReader) GetIPStatusFilepath() (filepath models.Filepath, err error) {
|
||||
func (p *reader) GetIPStatusFilepath() (filepath models.Filepath, err error) {
|
||||
filepathStr, err := p.envParams.GetPath("IP_STATUS_FILE", libparams.Default("/ip"), libparams.CaseSensitiveValue())
|
||||
return models.Filepath(filepathStr), err
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
|
||||
// GetTinyProxy obtains if TinyProxy is on from the environment variable
|
||||
// TINYPROXY, and using PROXY as a retro-compatibility name
|
||||
func (p *paramsReader) GetTinyProxy() (activated bool, err error) {
|
||||
func (p *reader) GetTinyProxy() (activated bool, err error) {
|
||||
// Retro-compatibility
|
||||
s, err := p.envParams.GetEnv("PROXY")
|
||||
if err != nil {
|
||||
@@ -23,7 +23,7 @@ func (p *paramsReader) GetTinyProxy() (activated bool, err error) {
|
||||
|
||||
// GetTinyProxyLog obtains the TinyProxy log level from the environment variable
|
||||
// TINYPROXY_LOG, and using PROXY_LOG_LEVEL as a retro-compatibility name
|
||||
func (p *paramsReader) GetTinyProxyLog() (models.TinyProxyLogLevel, error) {
|
||||
func (p *reader) GetTinyProxyLog() (models.TinyProxyLogLevel, error) {
|
||||
// Retro-compatibility
|
||||
s, err := p.envParams.GetEnv("PROXY_LOG_LEVEL")
|
||||
if err != nil {
|
||||
@@ -39,14 +39,15 @@ func (p *paramsReader) GetTinyProxyLog() (models.TinyProxyLogLevel, error) {
|
||||
|
||||
// GetTinyProxyPort obtains the TinyProxy listening port from the environment variable
|
||||
// TINYPROXY_PORT, and using PROXY_PORT as a retro-compatibility name
|
||||
func (p *paramsReader) GetTinyProxyPort() (port uint16, err error) {
|
||||
func (p *reader) GetTinyProxyPort() (port uint16, err error) {
|
||||
// Retro-compatibility
|
||||
portStr, err := p.envParams.GetEnv("PROXY_PORT")
|
||||
if err != nil {
|
||||
switch {
|
||||
case err != nil:
|
||||
return 0, err
|
||||
} else if len(portStr) != 0 {
|
||||
case len(portStr) != 0:
|
||||
p.logger.Warn("You are using the old environment variable PROXY_PORT, please consider changing it to TINYPROXY_PORT")
|
||||
} else {
|
||||
default:
|
||||
portStr, err = p.envParams.GetEnv("TINYPROXY_PORT", libparams.Default("8888"))
|
||||
if err != nil {
|
||||
return 0, err
|
||||
@@ -61,9 +62,19 @@ func (p *paramsReader) GetTinyProxyPort() (port uint16, err error) {
|
||||
|
||||
// GetTinyProxyUser obtains the TinyProxy server user from the environment variable
|
||||
// TINYPROXY_USER, and using PROXY_USER as a retro-compatibility name
|
||||
func (p *paramsReader) GetTinyProxyUser() (user string, err error) {
|
||||
defer p.unsetEnv("PROXY_USER")
|
||||
defer p.unsetEnv("TINYPROXY_USER")
|
||||
func (p *reader) GetTinyProxyUser() (user string, err error) {
|
||||
defer func() {
|
||||
unsetErr := p.unsetEnv("PROXY_USER")
|
||||
if err == nil {
|
||||
err = unsetErr
|
||||
}
|
||||
}()
|
||||
defer func() {
|
||||
unsetErr := p.unsetEnv("TINYPROXY_USER")
|
||||
if err == nil {
|
||||
err = unsetErr
|
||||
}
|
||||
}()
|
||||
// Retro-compatibility
|
||||
user, err = p.envParams.GetEnv("PROXY_USER", libparams.CaseSensitiveValue())
|
||||
if err != nil {
|
||||
@@ -78,9 +89,20 @@ func (p *paramsReader) GetTinyProxyUser() (user string, err error) {
|
||||
|
||||
// GetTinyProxyPassword obtains the TinyProxy server password from the environment variable
|
||||
// TINYPROXY_PASSWORD, and using PROXY_PASSWORD as a retro-compatibility name
|
||||
func (p *paramsReader) GetTinyProxyPassword() (password string, err error) {
|
||||
defer p.unsetEnv("PROXY_PASSWORD")
|
||||
defer p.unsetEnv("TINYPROXY_PASSWORD")
|
||||
func (p *reader) GetTinyProxyPassword() (password string, err error) {
|
||||
defer func() {
|
||||
unsetErr := p.unsetEnv("PROXY_PASSWORD")
|
||||
if err == nil {
|
||||
err = unsetErr
|
||||
}
|
||||
}()
|
||||
defer func() {
|
||||
unsetErr := p.unsetEnv("TINYPROXY_PASSWORD")
|
||||
if err == nil {
|
||||
err = unsetErr
|
||||
}
|
||||
}()
|
||||
|
||||
// Retro-compatibility
|
||||
password, err = p.envParams.GetEnv("PROXY_PASSWORD", libparams.CaseSensitiveValue())
|
||||
if err != nil {
|
||||
|
||||
@@ -4,17 +4,17 @@ import (
|
||||
libparams "github.com/qdm12/golibs/params"
|
||||
)
|
||||
|
||||
func (p *paramsReader) GetVersion() string {
|
||||
func (p *reader) GetVersion() string {
|
||||
version, _ := p.envParams.GetEnv("VERSION", libparams.Default("?"), libparams.CaseSensitiveValue())
|
||||
return version
|
||||
}
|
||||
|
||||
func (p *paramsReader) GetBuildDate() string {
|
||||
func (p *reader) GetBuildDate() string {
|
||||
buildDate, _ := p.envParams.GetEnv("BUILD_DATE", libparams.Default("?"), libparams.CaseSensitiveValue())
|
||||
return buildDate
|
||||
}
|
||||
|
||||
func (p *paramsReader) GetVcsRef() string {
|
||||
func (p *reader) GetVcsRef() string {
|
||||
buildDate, _ := p.envParams.GetEnv("VCS_REF", libparams.Default("?"), libparams.CaseSensitiveValue())
|
||||
return buildDate
|
||||
}
|
||||
|
||||
@@ -11,15 +11,14 @@ import (
|
||||
|
||||
// GetWindscribeRegion obtains the region for the Windscribe server from the
|
||||
// environment variable REGION
|
||||
func (p *paramsReader) GetWindscribeRegion() (country models.WindscribeRegion, err error) {
|
||||
choices := append(constants.WindscribeRegionChoices())
|
||||
s, err := p.envParams.GetValueIfInside("REGION", choices)
|
||||
func (p *reader) GetWindscribeRegion() (country models.WindscribeRegion, err error) {
|
||||
s, err := p.envParams.GetValueIfInside("REGION", constants.WindscribeRegionChoices())
|
||||
return models.WindscribeRegion(strings.ToLower(s)), err
|
||||
}
|
||||
|
||||
// GetMullvadPort obtains the port to reach the Mullvad server on from the
|
||||
// environment variable PORT
|
||||
func (p *paramsReader) GetWindscribePort(protocol models.NetworkProtocol) (port uint16, err error) {
|
||||
func (p *reader) GetWindscribePort(protocol models.NetworkProtocol) (port uint16, err error) {
|
||||
n, err := p.envParams.GetEnvIntRange("PORT", 0, 65535, libparams.Default("0"))
|
||||
if err != nil {
|
||||
return 0, err
|
||||
|
||||
@@ -14,7 +14,7 @@ func (c *configurator) GetOpenVPNConnections(region models.PIARegion, protocol m
|
||||
geoMapping := constants.PIAGeoToSubdomainMapping()
|
||||
var subdomain string
|
||||
for r, s := range geoMapping {
|
||||
if strings.ToLower(string(region)) == strings.ToLower(string(r)) {
|
||||
if strings.EqualFold(string(region), string(r)) {
|
||||
subdomain = s
|
||||
break
|
||||
}
|
||||
@@ -75,8 +75,8 @@ func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encrypt
|
||||
if len(auth) == 0 {
|
||||
auth = "sha1"
|
||||
}
|
||||
X509CRL = constants.PIAX509CRL_NORMAL
|
||||
certificate = constants.PIACertificate_NORMAL
|
||||
X509CRL = constants.PiaX509CRLNormal
|
||||
certificate = constants.PIACertificateNormal
|
||||
} else { // strong encryption
|
||||
if len(cipher) == 0 {
|
||||
cipher = "aes-256-cbc"
|
||||
@@ -84,8 +84,8 @@ func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encrypt
|
||||
if len(auth) == 0 {
|
||||
auth = "sha256"
|
||||
}
|
||||
X509CRL = constants.PIAX509CRL_STRONG
|
||||
certificate = constants.PIACertificate_STRONG
|
||||
X509CRL = constants.PiaX509CRLStrong
|
||||
certificate = constants.PIACertificateStrong
|
||||
}
|
||||
lines := []string{
|
||||
"client",
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/qdm12/golibs/files"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
@@ -19,11 +20,12 @@ func (c *configurator) GetPortForward() (port uint16, err error) {
|
||||
clientID := hex.EncodeToString(b)
|
||||
url := fmt.Sprintf("%s/?client_id=%s", constants.PIAPortForwardURL, clientID)
|
||||
content, status, err := c.client.GetContent(url)
|
||||
if err != nil {
|
||||
switch {
|
||||
case err != nil:
|
||||
return 0, err
|
||||
} else if status != 200 {
|
||||
case status != http.StatusOK:
|
||||
return 0, fmt.Errorf("status is %d for %s; does your PIA server support port forwarding?", status, url)
|
||||
} else if len(content) == 0 {
|
||||
case len(content) == 0:
|
||||
return 0, fmt.Errorf("port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding")
|
||||
}
|
||||
body := struct {
|
||||
@@ -42,7 +44,7 @@ func (c *configurator) WritePortForward(filepath models.Filepath, port uint16, u
|
||||
string(filepath),
|
||||
[]string{fmt.Sprintf("%d", port)},
|
||||
files.Ownership(uid, gid),
|
||||
files.Permissions(400))
|
||||
files.Permissions(0400))
|
||||
}
|
||||
|
||||
func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error) {
|
||||
@@ -52,5 +54,5 @@ func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port ui
|
||||
|
||||
func (c *configurator) ClearPortForward(filepath models.Filepath, uid, gid int) (err error) {
|
||||
c.logger.Info("Clearing forwarded port status file %s", filepath)
|
||||
return c.fileManager.WriteToFile(string(filepath), nil, files.Ownership(uid, gid), files.Permissions(400))
|
||||
return c.fileManager.WriteToFile(string(filepath), nil, files.Ownership(uid, gid), files.Permissions(0400))
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ func parseRoutingEntry(s string) (r routingEntry, err error) {
|
||||
return r, nil
|
||||
}
|
||||
|
||||
func reversedHexToIPv4(reversedHex string) (IP net.IP, err error) {
|
||||
func reversedHexToIPv4(reversedHex string) (ip net.IP, err error) {
|
||||
bytes, err := hex.DecodeString(reversedHex)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot parse reversed IP hex %q: %s", reversedHex, err)
|
||||
|
||||
+30
-25
@@ -29,25 +29,29 @@ func (d *DNS) String() string {
|
||||
if !d.Enabled {
|
||||
return "DNS over TLS settings: disabled"
|
||||
}
|
||||
caching, blockMalicious, blockSurveillance, blockAds, ipv6 := "disabled", "disabed", "disabed", "disabed", "disabed"
|
||||
const (
|
||||
enabled = "enabled"
|
||||
disabled = "disabled"
|
||||
)
|
||||
caching, blockMalicious, blockSurveillance, blockAds, ipv6 := disabled, disabled, disabled, disabled, disabled
|
||||
if d.Caching {
|
||||
caching = "enabled"
|
||||
caching = enabled
|
||||
}
|
||||
if d.BlockMalicious {
|
||||
blockMalicious = "enabled"
|
||||
blockMalicious = enabled
|
||||
}
|
||||
if d.BlockSurveillance {
|
||||
blockSurveillance = "enabled"
|
||||
blockSurveillance = enabled
|
||||
}
|
||||
if d.BlockAds {
|
||||
blockAds = "enabled"
|
||||
blockAds = enabled
|
||||
}
|
||||
if d.IPv6 {
|
||||
ipv6 = "enabled"
|
||||
ipv6 = enabled
|
||||
}
|
||||
var providersStr []string
|
||||
for _, provider := range d.Providers {
|
||||
providersStr = append(providersStr, string(provider))
|
||||
providersStr := make([]string, len(d.Providers))
|
||||
for i := range d.Providers {
|
||||
providersStr[i] = string(d.Providers[i])
|
||||
}
|
||||
settingsList := []string{
|
||||
"DNS over TLS settings:",
|
||||
@@ -67,49 +71,49 @@ func (d *DNS) String() string {
|
||||
}
|
||||
|
||||
// GetDNSSettings obtains DNS over TLS settings from environment variables using the params package.
|
||||
func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
|
||||
settings.Enabled, err = params.GetDNSOverTLS()
|
||||
func GetDNSSettings(paramsReader params.Reader) (settings DNS, err error) {
|
||||
settings.Enabled, err = paramsReader.GetDNSOverTLS()
|
||||
if err != nil || !settings.Enabled {
|
||||
return settings, err
|
||||
}
|
||||
settings.Providers, err = params.GetDNSOverTLSProviders()
|
||||
settings.Providers, err = paramsReader.GetDNSOverTLSProviders()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.AllowedHostnames, err = params.GetDNSUnblockedHostnames()
|
||||
settings.AllowedHostnames, err = paramsReader.GetDNSUnblockedHostnames()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Caching, err = params.GetDNSOverTLSCaching()
|
||||
settings.Caching, err = paramsReader.GetDNSOverTLSCaching()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.BlockMalicious, err = params.GetDNSMaliciousBlocking()
|
||||
settings.BlockMalicious, err = paramsReader.GetDNSMaliciousBlocking()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.BlockSurveillance, err = params.GetDNSSurveillanceBlocking()
|
||||
settings.BlockSurveillance, err = paramsReader.GetDNSSurveillanceBlocking()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.BlockAds, err = params.GetDNSAdsBlocking()
|
||||
settings.BlockAds, err = paramsReader.GetDNSAdsBlocking()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.VerbosityLevel, err = params.GetDNSOverTLSVerbosity()
|
||||
settings.VerbosityLevel, err = paramsReader.GetDNSOverTLSVerbosity()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.VerbosityDetailsLevel, err = params.GetDNSOverTLSVerbosityDetails()
|
||||
settings.VerbosityDetailsLevel, err = paramsReader.GetDNSOverTLSVerbosityDetails()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.ValidationLogLevel, err = params.GetDNSOverTLSValidationLogLevel()
|
||||
settings.ValidationLogLevel, err = paramsReader.GetDNSOverTLSValidationLogLevel()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.PrivateAddresses = params.GetDNSOverTLSPrivateAddresses()
|
||||
settings.IPv6, err = params.GetDNSOverTLSIPv6()
|
||||
settings.PrivateAddresses = paramsReader.GetDNSOverTLSPrivateAddresses()
|
||||
settings.IPv6, err = paramsReader.GetDNSOverTLSIPv6()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
@@ -118,11 +122,12 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
|
||||
IPv6Support := false
|
||||
for _, provider := range settings.Providers {
|
||||
providerData, ok := constants.DNSProviderMapping()[provider]
|
||||
if !ok {
|
||||
switch {
|
||||
case !ok:
|
||||
return settings, fmt.Errorf("DNS provider %q does not have associated data", provider)
|
||||
} else if !providerData.SupportsTLS {
|
||||
case !providerData.SupportsTLS:
|
||||
return settings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
|
||||
} else if providerData.SupportsIPv6 {
|
||||
case providerData.SupportsIPv6:
|
||||
IPv6Support = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,9 +13,9 @@ type Firewall struct {
|
||||
}
|
||||
|
||||
func (f *Firewall) String() string {
|
||||
var allowedSubnets []string
|
||||
for _, net := range f.AllowedSubnets {
|
||||
allowedSubnets = append(allowedSubnets, net.String())
|
||||
allowedSubnets := make([]string, len(f.AllowedSubnets))
|
||||
for i := range f.AllowedSubnets {
|
||||
allowedSubnets[i] = f.AllowedSubnets[i].String()
|
||||
}
|
||||
settingsList := []string{
|
||||
"Firewall settings:",
|
||||
@@ -25,8 +25,8 @@ func (f *Firewall) String() string {
|
||||
}
|
||||
|
||||
// GetFirewallSettings obtains firewall settings from environment variables using the params package.
|
||||
func GetFirewallSettings(params params.ParamsReader) (settings Firewall, err error) {
|
||||
settings.AllowedSubnets, err = params.GetExtraSubnets()
|
||||
func GetFirewallSettings(paramsReader params.Reader) (settings Firewall, err error) {
|
||||
settings.AllowedSubnets, err = paramsReader.GetExtraSubnets()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -29,26 +29,26 @@ func (m *Mullvad) String() string {
|
||||
}
|
||||
|
||||
// GetMullvadSettings obtains Mullvad settings from environment variables using the params package.
|
||||
func GetMullvadSettings(params params.ParamsReader) (settings Mullvad, err error) {
|
||||
settings.User, err = params.GetUser()
|
||||
func GetMullvadSettings(paramsReader params.Reader) (settings Mullvad, err error) {
|
||||
settings.User, err = paramsReader.GetUser()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
// Remove spaces in user ID to simplify user's life, thanks @JeordyR
|
||||
settings.User = strings.ReplaceAll(settings.User, " ", "")
|
||||
settings.Country, err = params.GetMullvadCountry()
|
||||
settings.Country, err = paramsReader.GetMullvadCountry()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.City, err = params.GetMullvadCity()
|
||||
settings.City, err = paramsReader.GetMullvadCity()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.ISP, err = params.GetMullvadISP()
|
||||
settings.ISP, err = paramsReader.GetMullvadISP()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Port, err = params.GetMullvadPort()
|
||||
settings.Port, err = paramsReader.GetMullvadPort()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -20,28 +20,28 @@ type OpenVPN struct {
|
||||
}
|
||||
|
||||
// GetOpenVPNSettings obtains the OpenVPN settings using the params functions
|
||||
func GetOpenVPNSettings(params params.ParamsReader) (settings OpenVPN, err error) {
|
||||
settings.NetworkProtocol, err = params.GetNetworkProtocol()
|
||||
func GetOpenVPNSettings(paramsReader params.Reader) (settings OpenVPN, err error) {
|
||||
settings.NetworkProtocol, err = paramsReader.GetNetworkProtocol()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Verbosity, err = params.GetOpenVPNVerbosity()
|
||||
settings.Verbosity, err = paramsReader.GetOpenVPNVerbosity()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Root, err = params.GetOpenVPNRoot()
|
||||
settings.Root, err = paramsReader.GetOpenVPNRoot()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.TargetIP, err = params.GetTargetIP()
|
||||
settings.TargetIP, err = paramsReader.GetTargetIP()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Cipher, err = params.GetOpenVPNCipher()
|
||||
settings.Cipher, err = paramsReader.GetOpenVPNCipher()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Auth, err = params.GetOpenVPNAuth()
|
||||
settings.Auth, err = paramsReader.GetOpenVPNAuth()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -43,29 +43,29 @@ func (p *PIA) String() string {
|
||||
}
|
||||
|
||||
// GetPIASettings obtains PIA settings from environment variables using the params package.
|
||||
func GetPIASettings(params params.ParamsReader) (settings PIA, err error) {
|
||||
settings.User, err = params.GetUser()
|
||||
func GetPIASettings(paramsReader params.Reader) (settings PIA, err error) {
|
||||
settings.User, err = paramsReader.GetUser()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Password, err = params.GetPassword()
|
||||
settings.Password, err = paramsReader.GetPassword()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Encryption, err = params.GetPIAEncryption()
|
||||
settings.Encryption, err = paramsReader.GetPIAEncryption()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Region, err = params.GetPIARegion()
|
||||
settings.Region, err = paramsReader.GetPIARegion()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.PortForwarding.Enabled, err = params.GetPortForwarding()
|
||||
settings.PortForwarding.Enabled, err = paramsReader.GetPortForwarding()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
if settings.PortForwarding.Enabled {
|
||||
settings.PortForwarding.Filepath, err = params.GetPortForwardingStatusFilepath()
|
||||
settings.PortForwarding.Filepath, err = paramsReader.GetPortForwardingStatusFilepath()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -4,12 +4,14 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/params"
|
||||
)
|
||||
|
||||
// Settings contains all settings for the program to run
|
||||
type Settings struct {
|
||||
VPNSP string
|
||||
VPNSP models.VPNProvider
|
||||
OpenVPN OpenVPN
|
||||
PIA PIA
|
||||
Mullvad Mullvad
|
||||
@@ -22,19 +24,19 @@ type Settings struct {
|
||||
}
|
||||
|
||||
func (s *Settings) String() string {
|
||||
var vpnServiceProvider string
|
||||
var vpnServiceProviderSettings string
|
||||
switch s.VPNSP {
|
||||
case "pia":
|
||||
vpnServiceProvider = s.PIA.String()
|
||||
case "mullvad":
|
||||
vpnServiceProvider = s.Mullvad.String()
|
||||
case "windscribe":
|
||||
vpnServiceProvider = s.Windscribe.String()
|
||||
case constants.PrivateInternetAccess:
|
||||
vpnServiceProviderSettings = s.PIA.String()
|
||||
case constants.Mullvad:
|
||||
vpnServiceProviderSettings = s.Mullvad.String()
|
||||
case constants.Windscribe:
|
||||
vpnServiceProviderSettings = s.Windscribe.String()
|
||||
}
|
||||
return strings.Join([]string{
|
||||
"Settings summary below:",
|
||||
s.OpenVPN.String(),
|
||||
vpnServiceProvider,
|
||||
vpnServiceProviderSettings,
|
||||
s.System.String(),
|
||||
s.DNS.String(),
|
||||
s.Firewall.String(),
|
||||
@@ -46,17 +48,17 @@ func (s *Settings) String() string {
|
||||
|
||||
// GetAllSettings obtains all settings for the program and returns an error as soon
|
||||
// as an error is encountered reading them.
|
||||
func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
|
||||
settings.VPNSP, err = params.GetVPNSP()
|
||||
func GetAllSettings(paramsReader params.Reader) (settings Settings, err error) {
|
||||
settings.VPNSP, err = paramsReader.GetVPNSP()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.OpenVPN, err = GetOpenVPNSettings(params)
|
||||
settings.OpenVPN, err = GetOpenVPNSettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
switch settings.VPNSP {
|
||||
case "pia":
|
||||
case constants.PrivateInternetAccess:
|
||||
switch settings.OpenVPN.Cipher {
|
||||
case "", "aes-128-cbc", "aes-256-cbc", "aes-128-gcm", "aes-256-gcm":
|
||||
default:
|
||||
@@ -67,8 +69,8 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
|
||||
default:
|
||||
return settings, fmt.Errorf("auth algorithm %q is not supported by Private Internet Access", settings.OpenVPN.Auth)
|
||||
}
|
||||
settings.PIA, err = GetPIASettings(params)
|
||||
case "mullvad":
|
||||
settings.PIA, err = GetPIASettings(paramsReader)
|
||||
case constants.Mullvad:
|
||||
switch settings.OpenVPN.Cipher {
|
||||
case "":
|
||||
default:
|
||||
@@ -79,8 +81,8 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
|
||||
default:
|
||||
return settings, fmt.Errorf("auth algorithm %q is not supported by Mullvad (not using auth at all)", settings.OpenVPN.Auth)
|
||||
}
|
||||
settings.Mullvad, err = GetMullvadSettings(params)
|
||||
case "windscribe":
|
||||
settings.Mullvad, err = GetMullvadSettings(paramsReader)
|
||||
case constants.Windscribe:
|
||||
switch settings.OpenVPN.Cipher {
|
||||
case "", "aes-256-cbc", "aes-256-gcm": // TODO check inside params getters
|
||||
default:
|
||||
@@ -91,7 +93,7 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
|
||||
default:
|
||||
return settings, fmt.Errorf("auth algorithm %q is not supported by Windscribe", settings.OpenVPN.Auth)
|
||||
}
|
||||
settings.Windscribe, err = GetWindscribeSettings(params, settings.OpenVPN.NetworkProtocol)
|
||||
settings.Windscribe, err = GetWindscribeSettings(paramsReader, settings.OpenVPN.NetworkProtocol)
|
||||
default:
|
||||
err = fmt.Errorf("VPN service provider %q is not valid", settings.VPNSP)
|
||||
}
|
||||
@@ -101,23 +103,23 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.DNS, err = GetDNSSettings(params)
|
||||
settings.DNS, err = GetDNSSettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Firewall, err = GetFirewallSettings(params)
|
||||
settings.Firewall, err = GetFirewallSettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.TinyProxy, err = GetTinyProxySettings(params)
|
||||
settings.TinyProxy, err = GetTinyProxySettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.ShadowSocks, err = GetShadowSocksSettings(params)
|
||||
settings.ShadowSocks, err = GetShadowSocksSettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.System, err = GetSystemSettings(params)
|
||||
settings.System, err = GetSystemSettings(paramsReader)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -9,11 +9,11 @@ import (
|
||||
|
||||
// ShadowSocks contains settings to configure the Shadowsocks server
|
||||
type ShadowSocks struct {
|
||||
Enabled bool
|
||||
Password string
|
||||
Log bool
|
||||
Port uint16
|
||||
Method string
|
||||
Password string
|
||||
Port uint16
|
||||
Enabled bool
|
||||
Log bool
|
||||
}
|
||||
|
||||
func (s *ShadowSocks) String() string {
|
||||
@@ -35,24 +35,24 @@ func (s *ShadowSocks) String() string {
|
||||
}
|
||||
|
||||
// GetShadowSocksSettings obtains ShadowSocks settings from environment variables using the params package.
|
||||
func GetShadowSocksSettings(params params.ParamsReader) (settings ShadowSocks, err error) {
|
||||
settings.Enabled, err = params.GetShadowSocks()
|
||||
func GetShadowSocksSettings(paramsReader params.Reader) (settings ShadowSocks, err error) {
|
||||
settings.Enabled, err = paramsReader.GetShadowSocks()
|
||||
if err != nil || !settings.Enabled {
|
||||
return settings, err
|
||||
}
|
||||
settings.Port, err = params.GetShadowSocksPort()
|
||||
settings.Port, err = paramsReader.GetShadowSocksPort()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Password, err = params.GetShadowSocksPassword()
|
||||
settings.Password, err = paramsReader.GetShadowSocksPassword()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Log, err = params.GetShadowSocksLog()
|
||||
settings.Log, err = paramsReader.GetShadowSocksLog()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Method, err = params.GetShadowSocksMethod()
|
||||
settings.Method, err = paramsReader.GetShadowSocksMethod()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -17,20 +17,20 @@ type System struct {
|
||||
}
|
||||
|
||||
// GetSystemSettings obtains the System settings using the params functions
|
||||
func GetSystemSettings(params params.ParamsReader) (settings System, err error) {
|
||||
settings.UID, err = params.GetUID()
|
||||
func GetSystemSettings(paramsReader params.Reader) (settings System, err error) {
|
||||
settings.UID, err = paramsReader.GetUID()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.GID, err = params.GetGID()
|
||||
settings.GID, err = paramsReader.GetGID()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Timezone, err = params.GetTimezone()
|
||||
settings.Timezone, err = paramsReader.GetTimezone()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.IPStatusFilepath, err = params.GetIPStatusFilepath()
|
||||
settings.IPStatusFilepath, err = paramsReader.GetIPStatusFilepath()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -10,11 +10,11 @@ import (
|
||||
|
||||
// TinyProxy contains settings to configure TinyProxy
|
||||
type TinyProxy struct {
|
||||
Enabled bool
|
||||
User string
|
||||
Password string
|
||||
Port uint16
|
||||
LogLevel models.TinyProxyLogLevel
|
||||
Port uint16
|
||||
Enabled bool
|
||||
}
|
||||
|
||||
func (t *TinyProxy) String() string {
|
||||
@@ -34,24 +34,24 @@ func (t *TinyProxy) String() string {
|
||||
}
|
||||
|
||||
// GetTinyProxySettings obtains TinyProxy settings from environment variables using the params package.
|
||||
func GetTinyProxySettings(params params.ParamsReader) (settings TinyProxy, err error) {
|
||||
settings.Enabled, err = params.GetTinyProxy()
|
||||
func GetTinyProxySettings(paramsReader params.Reader) (settings TinyProxy, err error) {
|
||||
settings.Enabled, err = paramsReader.GetTinyProxy()
|
||||
if err != nil || !settings.Enabled {
|
||||
return settings, err
|
||||
}
|
||||
settings.User, err = params.GetTinyProxyUser()
|
||||
settings.User, err = paramsReader.GetTinyProxyUser()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Password, err = params.GetTinyProxyPassword()
|
||||
settings.Password, err = paramsReader.GetTinyProxyPassword()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Port, err = params.GetTinyProxyPort()
|
||||
settings.Port, err = paramsReader.GetTinyProxyPort()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.LogLevel, err = params.GetTinyProxyLog()
|
||||
settings.LogLevel, err = paramsReader.GetTinyProxyLog()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -28,20 +28,20 @@ func (w *Windscribe) String() string {
|
||||
}
|
||||
|
||||
// GetWindscribeSettings obtains Windscribe settings from environment variables using the params package.
|
||||
func GetWindscribeSettings(params params.ParamsReader, protocol models.NetworkProtocol) (settings Windscribe, err error) {
|
||||
settings.User, err = params.GetUser()
|
||||
func GetWindscribeSettings(paramsReader params.Reader, protocol models.NetworkProtocol) (settings Windscribe, err error) {
|
||||
settings.User, err = paramsReader.GetUser()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Password, err = params.GetPassword()
|
||||
settings.Password, err = paramsReader.GetPassword()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Region, err = params.GetWindscribeRegion()
|
||||
settings.Region, err = paramsReader.GetWindscribeRegion()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Port, err = params.GetWindscribePort(protocol)
|
||||
settings.Port, err = paramsReader.GetWindscribePort(protocol)
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
)
|
||||
|
||||
// Splash returns the welcome spash message
|
||||
func Splash(paramsReader params.ParamsReader) string {
|
||||
func Splash(paramsReader params.Reader) string {
|
||||
version := paramsReader.GetVersion()
|
||||
vcsRef := paramsReader.GetVcsRef()
|
||||
buildDate := paramsReader.GetBuildDate()
|
||||
|
||||
Reference in New Issue
Block a user