diff --git a/auth.go b/auth.go index ee52157..9890ae3 100644 --- a/auth.go +++ b/auth.go @@ -6,7 +6,8 @@ import ( "log" "golang.org/x/crypto/ssh" - "novit.nc/direktil/initrd/config" + + config "novit.tech/direktil/pkg/bootstrapconfig" ) var ( diff --git a/boot-v1.go b/boot-v1.go index 55a7a22..f829fdf 100644 --- a/boot-v1.go +++ b/boot-v1.go @@ -11,7 +11,7 @@ import ( "time" yaml "gopkg.in/yaml.v2" - "novit.nc/direktil/pkg/sysfs" + "novit.tech/direktil/pkg/sysfs" ) var loopOffset = 0 diff --git a/boot-v2.go b/boot-v2.go index e1665d4..9286798 100644 --- a/boot-v2.go +++ b/boot-v2.go @@ -7,7 +7,7 @@ import ( "gopkg.in/yaml.v3" - "novit.nc/direktil/initrd/config" + config "novit.tech/direktil/pkg/bootstrapconfig" ) func bootV2() { diff --git a/bootstrap.go b/bootstrap.go index 55fe77b..dacfd41 100644 --- a/bootstrap.go +++ b/bootstrap.go @@ -2,13 +2,16 @@ package main import ( "bytes" + "fmt" + "io" "io/ioutil" "log" + "net/http" "os" "path/filepath" "strings" - "novit.nc/direktil/initrd/config" + config "novit.tech/direktil/pkg/bootstrapconfig" ) func bootstrap(cfg *config.Config) { @@ -34,14 +37,58 @@ func bootstrap(cfg *config.Config) { log.Printf("seeding bootstrap from %s", seed) - // TODO + err = os.MkdirAll(baseDir, 0700) + if err != nil { + fatalf("failed to create bootstrap dir: %v", err) + } + + bootstrapFile := filepath.Join(baseDir, "bootstrap.tar") + + err = func() (err error) { + resp, err := http.Get(seed) + if err != nil { + return + } + + if resp.StatusCode != http.StatusOK { + err = fmt.Errorf("bad HTTP status: %s", resp.Status) + return + } + + defer resp.Body.Close() + + out, err := os.Create(bootstrapFile) + if err != nil { + return + } + + defer out.Close() + + _, err = io.Copy(out, resp.Body) + + return + }() + + if err != nil { + fatalf("seeding failed: %v", err) + } + + log.Print("unpacking bootstrap file") + run("tar", "xvf", bootstrapFile, "-C", baseDir) } layersDir = baseDir layersOverride["modules"] = "/modules.sqfs" sysCfg := applyConfig(sysCfgPath, false) - // mounts are v2 only + localGenDir := filepath.Join(bsDir, "local-gen") + + // vpns are v2+ + for _, vpn := range sysCfg.VPNs { + setupVPN(vpn, localGenDir) + } + + // mounts are v2+ for _, mount := range sysCfg.Mounts { log.Print("mount ", mount.Dev, " to system's ", mount.Path) diff --git a/config.go b/config.go index 45c9ffd..2582afb 100644 --- a/config.go +++ b/config.go @@ -1,26 +1,7 @@ package main import ( - nconfig "novit.nc/direktil/pkg/config" + nconfig "novit.tech/direktil/pkg/config" ) -type configV1 struct { - Layers []string `yaml:"layers"` - Files []nconfig.FileDef `yaml:"files"` - - // v2 handles more - - RootUser struct { - PasswordHash string `yaml:"password_hash"` - AuthorizedKeys []string `yaml:"authorized_keys"` - } `yaml:"root_user"` - - Mounts []MountDef `yaml:"mounts"` -} - -type MountDef struct { - Dev string - Path string - Options string - Type string -} +type configV1 = nconfig.Config diff --git a/config/config.go b/config/config.go deleted file mode 100644 index 333caba..0000000 --- a/config/config.go +++ /dev/null @@ -1,61 +0,0 @@ -package config - -type Config struct { - AntiPhishingCode string `json:"anti_phishing_code"` - - Keymap string - Modules string - - Auths []Auth - - Networks []struct { - Name string - Interfaces []struct { - Var string - N int - Regexps []string - } - Script string - } - - LVM []LvmVG - Bootstrap Bootstrap -} - -type Auth struct { - Name string - SSHKey string `yaml:"sshKey"` - Password string `yaml:"password"` -} - -type LvmVG struct { - VG string - PVs struct { - N int - Regexps []string - } - - Defaults struct { - FS string - Raid *RaidConfig - } - - LVs []struct { - Name string - Crypt string - FS string - Raid *RaidConfig - Size string - Extents string - } -} - -type RaidConfig struct { - Mirrors int - Stripes int -} - -type Bootstrap struct { - Dev string - Seed string -} diff --git a/config/password.go b/config/password.go deleted file mode 100644 index 5986cd2..0000000 --- a/config/password.go +++ /dev/null @@ -1,46 +0,0 @@ -package config - -import ( - "crypto/rand" - "crypto/sha512" - "encoding/base64" - "strings" - - "golang.org/x/crypto/pbkdf2" -) - -var ( - encoding = base64.RawStdEncoding -) - -func PasswordHashFromSeed(seed, pass []byte) string { - h := pbkdf2.Key(pass, seed, 2048, 32, sha512.New) - return encoding.EncodeToString(h) -} - -func PasswordHash(pass []byte) (hashedPassWithSeed string) { - seed := make([]byte, 10) // 8 bytes min by the RFC recommendation - _, err := rand.Read(seed) - if err != nil { - panic(err) // we do not expect this to fail... - } - return JoinSeedAndHash(seed, PasswordHashFromSeed(seed, pass)) -} - -func JoinSeedAndHash(seed []byte, hash string) string { - return encoding.EncodeToString(seed) + ":" + hash -} - -func CheckPassword(hashedPassWithSeed string, pass []byte) (ok bool) { - parts := strings.SplitN(hashedPassWithSeed, ":", 2) - - encodedSeed := parts[0] - encodedHash := parts[1] - - seed, err := encoding.DecodeString(encodedSeed) - if err != nil { - return false - } - - return encodedHash == PasswordHashFromSeed(seed, pass) -} diff --git a/config/password_test.go b/config/password_test.go deleted file mode 100644 index 2051fa8..0000000 --- a/config/password_test.go +++ /dev/null @@ -1,12 +0,0 @@ -package config - -import "fmt" - -func ExamplePasswordHash() { - seed := []byte("myseed") - hash := PasswordHashFromSeed(seed, []byte("mypass")) - fmt.Println(JoinSeedAndHash(seed, hash)) - - // Output: - // bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0 -} diff --git a/cpiocat/cpiocat.go b/cpiocat/cpiocat.go deleted file mode 100644 index 595747c..0000000 --- a/cpiocat/cpiocat.go +++ /dev/null @@ -1,95 +0,0 @@ -package cpiocat - -import ( - "io" - "os" - - "github.com/cavaliergopher/cpio" -) - -func Append(out io.Writer, in io.Reader, filesToAppend []string) (err error) { - cout := cpio.NewWriter(out) - - cin := cpio.NewReader(in) - - for { - var hdr *cpio.Header - hdr, err = cin.Next() - if err != nil { - if err == io.EOF { - break - } - return - } - - mode := hdr.FileInfo().Mode() - - if mode&os.ModeSymlink != 0 { - // symlink target must be written after - hdr.Size = int64(len(hdr.Linkname)) - } - - err = cout.WriteHeader(hdr) - if err != nil { - return - } - - if mode.IsRegular() { - _, err = io.Copy(cout, cin) - - } else if mode&os.ModeSymlink != 0 { - _, err = cout.Write([]byte(hdr.Linkname)) - } - - if err != nil { - return - } - } - - for _, file := range filesToAppend { - err = func() (err error) { - stat, err := os.Lstat(file) - if err != nil { - return - } - - link := "" - if stat.Mode()&os.ModeSymlink != 0 { - link, err = os.Readlink(file) - if err != nil { - return - } - } - - hdr, err := cpio.FileInfoHeader(stat, link) - if err != nil { - return - } - - hdr.Name = file - - cout.WriteHeader(hdr) - - if stat.Mode().IsRegular() { - var f *os.File - f, err = os.Open(file) - if err != nil { - return - } - defer f.Close() - - _, err = io.Copy(cout, f) - - } else if stat.Mode()&os.ModeSymlink != 0 { - _, err = cout.Write([]byte(link)) - } - return - }() - if err != nil { - return - } - } - - err = cout.Close() - return -} diff --git a/go.mod b/go.mod index f2ef565..4ecb9d2 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,28 @@ module novit.nc/direktil/initrd require ( - github.com/cavaliergopher/cpio v1.0.1 github.com/kr/pty v1.1.8 github.com/pkg/term v1.1.0 - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 + golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 golang.org/x/sys v0.0.0-20220209214540-3681064d5158 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b - novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2 + novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f ) -require github.com/creack/pty v1.1.17 // indirect +require ( + github.com/cavaliergopher/cpio v1.0.1 // indirect + github.com/creack/pty v1.1.17 // indirect + github.com/google/go-cmp v0.5.7 // indirect + github.com/josharian/native v1.0.0 // indirect + github.com/mdlayher/genetlink v1.2.0 // indirect + github.com/mdlayher/netlink v1.6.0 // indirect + github.com/mdlayher/socket v0.1.1 // indirect + golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect + golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect + golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 // indirect + golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01 // indirect +) go 1.18 diff --git a/go.sum b/go.sum index 5797c15..b878c8e 100644 --- a/go.sum +++ b/go.sum @@ -3,6 +3,11 @@ github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk= +github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -10,16 +15,55 @@ github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mdlayher/genetlink v1.2.0 h1:4yrIkRV5Wfk1WfpWTcoOlGmsWgQj3OtQN9ZsbrE+XtU= +github.com/mdlayher/genetlink v1.2.0/go.mod h1:ra5LDov2KrUCZJiAtEvXXZBxGMInICMXIwshlJ+qRxQ= +github.com/mdlayher/netlink v1.6.0 h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0= +github.com/mdlayher/netlink v1.6.0/go.mod h1:0o3PlBmGst1xve7wQ7j/hwpNaFaH4qCRyWCdcZk8/vA= +github.com/mdlayher/socket v0.1.1 h1:q3uOGirUPfAV2MUoaC7BavjQ154J7+JOkTWyiV+intI= +github.com/mdlayher/socket v0.1.1/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs= +github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc= github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk= github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 h1:S25/rfnfsMVgORT4/J61MJ7rdyseOZOyvLIrZEZ7s6s= +golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg= +golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= +golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 h1:Nrf94TOjrvW8nm6N3u2xtbnMZaZudNI9b8nIJH8p8qY= +golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI= +golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01 h1:G30UzvXRxKoX1KgKOkts6f5qVE9cucifzg46J2s1Cmg= +golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01/go.mod h1:8P32Ilp1kCpwB4ItaHyvSk4xAtnpQ+8gQVfg5WaO1TU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -28,5 +72,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2 h1:LN3K19gAJ1GamJXkzXAQmjbl8xCV7utqdxTTrM89MMc= -novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2/go.mod h1:zwTVO6U0tXFEaga73megQIBK7yVIKZJVePaIh/UtdfU= +novit.nc/direktil/pkg v0.0.0-20220221171542-fd3ce3a1491b/go.mod h1:zwTVO6U0tXFEaga73megQIBK7yVIKZJVePaIh/UtdfU= +novit.tech/direktil/pkg v0.0.0-20220330123644-8a2398667238 h1:al1i3XBlSPaxlcWom0NGMR3gOh90PtPh8z944jAZg5g= +novit.tech/direktil/pkg v0.0.0-20220330123644-8a2398667238/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= +novit.tech/direktil/pkg v0.0.0-20220331124929-ba878f31b8e0 h1:QGyQyvC+x9+CJxkFUOR2MqafiaokPSJkrUguocXpS7o= +novit.tech/direktil/pkg v0.0.0-20220331124929-ba878f31b8e0/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= +novit.tech/direktil/pkg v0.0.0-20220331125853-8c51e2a555a6 h1:tvdL2ZxdGZP0EUf+a82aAmlhp/Wvngia9JlpJW+XiAA= +novit.tech/direktil/pkg v0.0.0-20220331125853-8c51e2a555a6/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= +novit.tech/direktil/pkg v0.0.0-20220331135252-bf8427988ad7 h1:8LNQczE0Y7dRjvmeNgeMexHn1NiixEwqs5TVCdOoYds= +novit.tech/direktil/pkg v0.0.0-20220331135252-bf8427988ad7/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= +novit.tech/direktil/pkg v0.0.0-20220331140020-b11c53b36ae8 h1:hWOk8M67kCXr/Er5fmts4OSblk2KdbfqRtKZ3rAtZt0= +novit.tech/direktil/pkg v0.0.0-20220331140020-b11c53b36ae8/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= +novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f h1:Ka7zFkP01l4TW9JSmQQzaYVOq0i+qf+JIWAfyoreoSk= +novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k= diff --git a/lvm.go b/lvm.go index 97b4586..f4db1f0 100644 --- a/lvm.go +++ b/lvm.go @@ -9,8 +9,8 @@ import ( "path/filepath" "strconv" - "novit.nc/direktil/initrd/config" "novit.nc/direktil/initrd/lvm" + config "novit.tech/direktil/pkg/bootstrapconfig" ) func setupLVM(cfg *config.Config) { diff --git a/main.go b/main.go index 0296bf8..5708813 100644 --- a/main.go +++ b/main.go @@ -41,8 +41,21 @@ func newPipe() (io.ReadCloser, io.WriteCloser) { } func main() { + switch baseName := filepath.Base(os.Args[0]); baseName { + case "init": + runInit() + default: + log.Fatal("unknown sub-command: ", baseName) + } +} + +func runInit() { runtime.LockOSThread() + if pid := os.Getpid(); pid != 1 { + log.Fatal("init must be PID 1, not ", pid) + } + // move log to shio go io.Copy(os.Stdout, stdout.NewReader()) log.SetOutput(stderr) @@ -134,8 +147,10 @@ mainLoop: switch b[0] { case 'o': + run("sync") syscall.Reboot(syscall.LINUX_REBOOT_CMD_POWER_OFF) case 'r': + run("sync") syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART) case 's': for _, sh := range []string{"bash", "ash", "sh", "busybox"} { diff --git a/network.go b/network.go index 771a328..08f43a6 100644 --- a/network.go +++ b/network.go @@ -6,7 +6,7 @@ import ( "os/exec" "strings" - "novit.nc/direktil/initrd/config" + config "novit.tech/direktil/pkg/bootstrapconfig" ) func setupNetworks(cfg *config.Config) { diff --git a/ssh.go b/ssh.go index aaefae7..a31ddde 100644 --- a/ssh.go +++ b/ssh.go @@ -16,7 +16,7 @@ import ( "github.com/kr/pty" "golang.org/x/crypto/ssh" - "novit.nc/direktil/initrd/config" + config "novit.tech/direktil/pkg/bootstrapconfig" ) func startSSH(cfg *config.Config) { @@ -118,7 +118,7 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s }() var once sync.Once - close := func() { + closeCh := func() { channel.Close() } @@ -130,11 +130,27 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s case "init": go func() { io.Copy(channel, stdout.NewReader()) - once.Do(close) + once.Do(closeCh) }() go func() { io.Copy(stdinPipe, channel) - once.Do(close) + once.Do(closeCh) + }() + + req.Reply(true, nil) + + case "bootstrap": + // extract a new bootstrap package + os.MkdirAll("/bootstrap/current", 0750) + + cmd := exec.Command("/bin/tar", "xv", "-C", "/bootstrap/current") + cmd.Stdin = channel + cmd.Stdout = channel + cmd.Stderr = channel.Stderr() + + go func() { + cmd.Run() + closeCh() }() req.Reply(true, nil) @@ -167,11 +183,11 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s go func() { io.Copy(channel, ptyF) - once.Do(close) + once.Do(closeCh) }() go func() { io.Copy(ptyF, channel) - once.Do(close) + once.Do(closeCh) }() req.Reply(true, nil) diff --git a/tools/cpiocat/main.go b/tools/cpiocat/main.go index 6671ce6..af33f45 100644 --- a/tools/cpiocat/main.go +++ b/tools/cpiocat/main.go @@ -5,7 +5,7 @@ import ( "log" "os" - "novit.nc/direktil/initrd/cpiocat" + "novit.tech/direktil/pkg/cpiocat" ) func main() { diff --git a/vpn.go b/vpn.go new file mode 100644 index 0000000..1fd91f9 --- /dev/null +++ b/vpn.go @@ -0,0 +1,126 @@ +package main + +import ( + "io/ioutil" + "log" + "net" + "os" + "path/filepath" + + "golang.zx2c4.com/wireguard/wgctrl" + "golang.zx2c4.com/wireguard/wgctrl/wgtypes" + + "novit.tech/direktil/pkg/config" +) + +func setupVPN(vpn config.VPNDef, localGenDir string) { + log.Printf("setting up VPN %s", vpn.Name) + + vpnDir := filepath.Join(localGenDir, vpn.Name) + os.MkdirAll(vpnDir, 0750) + + // public/private key + keyFile := filepath.Join(vpnDir, "key") + keyBytes, err := ioutil.ReadFile(keyFile) + if os.IsNotExist(err) { + key, err := wgtypes.GeneratePrivateKey() + if err != nil { + fatalf("failed to generate VPN key: %v", err) + } + + keyBytes = []byte(key.String()) + + ioutil.WriteFile(keyFile, keyBytes, 0600) + } else if err != nil { + fatalf("failed to read VPN key: %v", err) + } + + key, err := wgtypes.ParseKey(string(keyBytes)) + if err != nil { + fatalf("bad VPN key: %v", err) + } + + log.Printf("VPN %s public key is %s", vpn.Name, key.PublicKey().String()) + + // pre-shared key + pskeyFile := filepath.Join(vpnDir, "pskey") + pskeyBytes, err := ioutil.ReadFile(pskeyFile) + if os.IsNotExist(err) { + key, err := wgtypes.GenerateKey() + if err != nil { + fatalf("failed to generate VPN pre-shared key: %v", err) + } + + pskeyBytes = []byte(key.String()) + + ioutil.WriteFile(pskeyFile, pskeyBytes, 0600) + } else if err != nil { + fatalf("failed to read VPN pre-shared key: %v", err) + } + + pskey, err := wgtypes.ParseKey(string(pskeyBytes)) + if err != nil { + fatalf("bad VPN pre-shared key: %v", err) + } + + log.Printf("VPN %s pre-shared key is %s", vpn.Name, key.String()) + + // setup interface + cfg := wgtypes.Config{ + PrivateKey: &key, + ListenPort: vpn.ListenPort, + Peers: make([]wgtypes.PeerConfig, 0, len(vpn.Peers)), + } + + for idx, vpnPeer := range vpn.Peers { + vpnPeer := vpnPeer + + wgPeer := wgtypes.PeerConfig{ + Endpoint: vpnPeer.Endpoint, + AllowedIPs: make([]net.IPNet, 0, len(vpnPeer.AllowedIPs)), + + PersistentKeepaliveInterval: &vpnPeer.KeepAlive, + } + + if vpnPeer.WithPreSharedKey { + wgPeer.PresharedKey = &pskey + } + + pubkey, err := wgtypes.ParseKey(vpnPeer.PublicKey) + if err != nil { + fatalf("bad VPN peer[%d] public key: %v", idx, err) + } + + wgPeer.PublicKey = pubkey + + for _, ipnetStr := range vpnPeer.AllowedIPs { + _, ipnet, err := net.ParseCIDR(ipnetStr) + if err != nil { + fatalf("bad IP/net: %q: %v", ipnetStr, err) + } + + wgPeer.AllowedIPs = append(wgPeer.AllowedIPs, *ipnet) + } + + cfg.Peers = append(cfg.Peers, wgPeer) + } + + wg, err := wgctrl.New() + if err != nil { + fatalf("failed to setup WireGuard client: %v", err) + } + defer wg.Close() + + run("ip", "link", "add", vpn.Name, "type", "wireguard") + + for _, ip := range vpn.IPs { + run("ip", "addr", "add", ip, "dev", vpn.Name) + } + + err = wg.ConfigureDevice(vpn.Name, cfg) + if err != nil { + fatalf("failed to setup VPN %s: %v", vpn.Name, err) + } + + run("ip", "link", "set", vpn.Name, "up") +}