direktil/initrd
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bootv2: bootstrap, vpn

Browse Source
This commit is contained in:
Mikaël Cluseau 2022-04-04 10:29:28 +02:00
parent 8506f8807d
commit 3c7d56ae48
17 changed files with 296 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
auth.go
View File

@ -6,7 +6,8 @@ import (
"log"
"golang.org/x/crypto/ssh"
"novit.nc/direktil/initrd/config"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
var (

2
boot-v1.go
View File

@ -11,7 +11,7 @@ import (
"time"
yaml "gopkg.in/yaml.v2"
"novit.nc/direktil/pkg/sysfs"
"novit.tech/direktil/pkg/sysfs"
)
var loopOffset = 0

2
boot-v2.go
View File

@ -7,7 +7,7 @@ import (
"gopkg.in/yaml.v3"
"novit.nc/direktil/initrd/config"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func bootV2() {

53
bootstrap.go
View File

@ -2,13 +2,16 @@ package main
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"novit.nc/direktil/initrd/config"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func bootstrap(cfg *config.Config) {
@ -34,14 +37,58 @@ func bootstrap(cfg *config.Config) {
log.Printf("seeding bootstrap from %s", seed)
// TODO
err = os.MkdirAll(baseDir, 0700)
if err != nil {
fatalf("failed to create bootstrap dir: %v", err)
}
bootstrapFile := filepath.Join(baseDir, "bootstrap.tar")
err = func() (err error) {
resp, err := http.Get(seed)
if err != nil {
return
}
if resp.StatusCode != http.StatusOK {
err = fmt.Errorf("bad HTTP status: %s", resp.Status)
return
}
defer resp.Body.Close()
out, err := os.Create(bootstrapFile)
if err != nil {
return
}
defer out.Close()
_, err = io.Copy(out, resp.Body)
return
}()
if err != nil {
fatalf("seeding failed: %v", err)
}
log.Print("unpacking bootstrap file")
run("tar", "xvf", bootstrapFile, "-C", baseDir)
}
layersDir = baseDir
layersOverride["modules"] = "/modules.sqfs"
sysCfg := applyConfig(sysCfgPath, false)
// mounts are v2 only
localGenDir := filepath.Join(bsDir, "local-gen")
// vpns are v2+
for _, vpn := range sysCfg.VPNs {
setupVPN(vpn, localGenDir)
}
// mounts are v2+
for _, mount := range sysCfg.Mounts {
log.Print("mount ", mount.Dev, " to system's ", mount.Path)

23
config.go
View File

@ -1,26 +1,7 @@
package main
import (
nconfig "novit.nc/direktil/pkg/config"
nconfig "novit.tech/direktil/pkg/config"
)
type configV1 struct {
Layers []string `yaml:"layers"`
Files []nconfig.FileDef `yaml:"files"`
// v2 handles more
RootUser struct {
PasswordHash string `yaml:"password_hash"`
AuthorizedKeys []string `yaml:"authorized_keys"`
} `yaml:"root_user"`
Mounts []MountDef `yaml:"mounts"`
}
type MountDef struct {
Dev string
Path string
Options string
Type string
}
type configV1 = nconfig.Config

61
config/config.go
View File

@ -1,61 +0,0 @@
package config
type Config struct {
AntiPhishingCode string `json:"anti_phishing_code"`
Keymap string
Modules string
Auths []Auth
Networks []struct {
Name string
Interfaces []struct {
Var string
N int
Regexps []string
}
Script string
}
LVM []LvmVG
Bootstrap Bootstrap
}
type Auth struct {
Name string
SSHKey string `yaml:"sshKey"`
Password string `yaml:"password"`
}
type LvmVG struct {
VG string
PVs struct {
N int
Regexps []string
}
Defaults struct {
FS string
Raid *RaidConfig
}
LVs []struct {
Name string
Crypt string
FS string
Raid *RaidConfig
Size string
Extents string
}
}
type RaidConfig struct {
Mirrors int
Stripes int
}
type Bootstrap struct {
Dev string
Seed string
}

46
config/password.go
View File

@ -1,46 +0,0 @@
package config
import (
"crypto/rand"
"crypto/sha512"
"encoding/base64"
"strings"
"golang.org/x/crypto/pbkdf2"
)
var (
encoding = base64.RawStdEncoding
)
func PasswordHashFromSeed(seed, pass []byte) string {
h := pbkdf2.Key(pass, seed, 2048, 32, sha512.New)
return encoding.EncodeToString(h)
}
func PasswordHash(pass []byte) (hashedPassWithSeed string) {
seed := make([]byte, 10) // 8 bytes min by the RFC recommendation
_, err := rand.Read(seed)
if err != nil {
panic(err) // we do not expect this to fail...
}
return JoinSeedAndHash(seed, PasswordHashFromSeed(seed, pass))
}
func JoinSeedAndHash(seed []byte, hash string) string {
return encoding.EncodeToString(seed) + ":" + hash
}
func CheckPassword(hashedPassWithSeed string, pass []byte) (ok bool) {
parts := strings.SplitN(hashedPassWithSeed, ":", 2)
encodedSeed := parts[0]
encodedHash := parts[1]
seed, err := encoding.DecodeString(encodedSeed)
if err != nil {
return false
}
return encodedHash == PasswordHashFromSeed(seed, pass)
}

12
config/password_test.go
View File

@ -1,12 +0,0 @@
package config
import "fmt"
func ExamplePasswordHash() {
seed := []byte("myseed")
hash := PasswordHashFromSeed(seed, []byte("mypass"))
fmt.Println(JoinSeedAndHash(seed, hash))
// Output:
// bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0
}

95
cpiocat/cpiocat.go
View File

@ -1,95 +0,0 @@
package cpiocat
import (
"io"
"os"
"github.com/cavaliergopher/cpio"
)
func Append(out io.Writer, in io.Reader, filesToAppend []string) (err error) {
cout := cpio.NewWriter(out)
cin := cpio.NewReader(in)
for {
var hdr *cpio.Header
hdr, err = cin.Next()
if err != nil {
if err == io.EOF {
break
}
return
}
mode := hdr.FileInfo().Mode()
if mode&os.ModeSymlink != 0 {
// symlink target must be written after
hdr.Size = int64(len(hdr.Linkname))
}
err = cout.WriteHeader(hdr)
if err != nil {
return
}
if mode.IsRegular() {
_, err = io.Copy(cout, cin)
} else if mode&os.ModeSymlink != 0 {
_, err = cout.Write([]byte(hdr.Linkname))
}
if err != nil {
return
}
}
for _, file := range filesToAppend {
err = func() (err error) {
stat, err := os.Lstat(file)
if err != nil {
return
}
link := ""
if stat.Mode()&os.ModeSymlink != 0 {
link, err = os.Readlink(file)
if err != nil {
return
}
}
hdr, err := cpio.FileInfoHeader(stat, link)
if err != nil {
return
}
hdr.Name = file
cout.WriteHeader(hdr)
if stat.Mode().IsRegular() {
var f *os.File
f, err = os.Open(file)
if err != nil {
return
}
defer f.Close()
_, err = io.Copy(cout, f)
} else if stat.Mode()&os.ModeSymlink != 0 {
_, err = cout.Write([]byte(link))
}
return
}()
if err != nil {
return
}
}
err = cout.Close()
return
}

19
go.mod
View File

@ -1,17 +1,28 @@
module novit.nc/direktil/initrd
require (
github.com/cavaliergopher/cpio v1.0.1
github.com/kr/pty v1.1.8
github.com/pkg/term v1.1.0
golang.org/x/crypto v0.0.0-20220214200702-86341886e292
golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064
golang.org/x/sys v0.0.0-20220209214540-3681064d5158
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2
novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f
)
require github.com/creack/pty v1.1.17 // indirect
require (
github.com/cavaliergopher/cpio v1.0.1 // indirect
github.com/creack/pty v1.1.17 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/josharian/native v1.0.0 // indirect
github.com/mdlayher/genetlink v1.2.0 // indirect
github.com/mdlayher/netlink v1.6.0 // indirect
github.com/mdlayher/socket v0.1.1 // indirect
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 // indirect
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01 // indirect
)
go 1.18

63
go.sum
View File

@ -3,6 +3,11 @@ github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=
github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -10,16 +15,55 @@ github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/mdlayher/genetlink v1.2.0 h1:4yrIkRV5Wfk1WfpWTcoOlGmsWgQj3OtQN9ZsbrE+XtU=
github.com/mdlayher/genetlink v1.2.0/go.mod h1:ra5LDov2KrUCZJiAtEvXXZBxGMInICMXIwshlJ+qRxQ=
github.com/mdlayher/netlink v1.6.0 h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0=
github.com/mdlayher/netlink v1.6.0/go.mod h1:0o3PlBmGst1xve7wQ7j/hwpNaFaH4qCRyWCdcZk8/vA=
github.com/mdlayher/socket v0.1.1 h1:q3uOGirUPfAV2MUoaC7BavjQ154J7+JOkTWyiV+intI=
github.com/mdlayher/socket v0.1.1/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk=
github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw=
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064 h1:S25/rfnfsMVgORT4/J61MJ7rdyseOZOyvLIrZEZ7s6s=
golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c=
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg=
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 h1:Nrf94TOjrvW8nm6N3u2xtbnMZaZudNI9b8nIJH8p8qY=
golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01 h1:G30UzvXRxKoX1KgKOkts6f5qVE9cucifzg46J2s1Cmg=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220330030906-9490840b0b01/go.mod h1:8P32Ilp1kCpwB4ItaHyvSk4xAtnpQ+8gQVfg5WaO1TU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -28,5 +72,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2 h1:LN3K19gAJ1GamJXkzXAQmjbl8xCV7utqdxTTrM89MMc=
novit.nc/direktil/pkg v0.0.0-20191211161950-96b0448b84c2/go.mod h1:zwTVO6U0tXFEaga73megQIBK7yVIKZJVePaIh/UtdfU=
novit.nc/direktil/pkg v0.0.0-20220221171542-fd3ce3a1491b/go.mod h1:zwTVO6U0tXFEaga73megQIBK7yVIKZJVePaIh/UtdfU=
novit.tech/direktil/pkg v0.0.0-20220330123644-8a2398667238 h1:al1i3XBlSPaxlcWom0NGMR3gOh90PtPh8z944jAZg5g=
novit.tech/direktil/pkg v0.0.0-20220330123644-8a2398667238/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20220331124929-ba878f31b8e0 h1:QGyQyvC+x9+CJxkFUOR2MqafiaokPSJkrUguocXpS7o=
novit.tech/direktil/pkg v0.0.0-20220331124929-ba878f31b8e0/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20220331125853-8c51e2a555a6 h1:tvdL2ZxdGZP0EUf+a82aAmlhp/Wvngia9JlpJW+XiAA=
novit.tech/direktil/pkg v0.0.0-20220331125853-8c51e2a555a6/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20220331135252-bf8427988ad7 h1:8LNQczE0Y7dRjvmeNgeMexHn1NiixEwqs5TVCdOoYds=
novit.tech/direktil/pkg v0.0.0-20220331135252-bf8427988ad7/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20220331140020-b11c53b36ae8 h1:hWOk8M67kCXr/Er5fmts4OSblk2KdbfqRtKZ3rAtZt0=
novit.tech/direktil/pkg v0.0.0-20220331140020-b11c53b36ae8/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f h1:Ka7zFkP01l4TW9JSmQQzaYVOq0i+qf+JIWAfyoreoSk=
novit.tech/direktil/pkg v0.0.0-20220331152412-40403eca850f/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=

2
lvm.go
View File

@ -9,8 +9,8 @@ import (
"path/filepath"
"strconv"
"novit.nc/direktil/initrd/config"
"novit.nc/direktil/initrd/lvm"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func setupLVM(cfg *config.Config) {

15
main.go
View File

@ -41,8 +41,21 @@ func newPipe() (io.ReadCloser, io.WriteCloser) {
}
func main() {
switch baseName := filepath.Base(os.Args[0]); baseName {
case "init":
runInit()
default:
log.Fatal("unknown sub-command: ", baseName)
}
}
func runInit() {
runtime.LockOSThread()
if pid := os.Getpid(); pid != 1 {
log.Fatal("init must be PID 1, not ", pid)
}
// move log to shio
go io.Copy(os.Stdout, stdout.NewReader())
log.SetOutput(stderr)
@ -134,8 +147,10 @@ mainLoop:
switch b[0] {
case 'o':
run("sync")
syscall.Reboot(syscall.LINUX_REBOOT_CMD_POWER_OFF)
case 'r':
run("sync")
syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART)
case 's':
for _, sh := range []string{"bash", "ash", "sh", "busybox"} {

2
network.go
View File

@ -6,7 +6,7 @@ import (
"os/exec"
"strings"
"novit.nc/direktil/initrd/config"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func setupNetworks(cfg *config.Config) {

28
ssh.go
View File

@ -16,7 +16,7 @@ import (
"github.com/kr/pty"
"golang.org/x/crypto/ssh"
"novit.nc/direktil/initrd/config"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func startSSH(cfg *config.Config) {
@ -118,7 +118,7 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
}()
var once sync.Once
close := func() {
closeCh := func() {
channel.Close()
}
@ -130,11 +130,27 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
case "init":
go func() {
io.Copy(channel, stdout.NewReader())
once.Do(close)
once.Do(closeCh)
}()
go func() {
io.Copy(stdinPipe, channel)
once.Do(close)
once.Do(closeCh)
}()
req.Reply(true, nil)
case "bootstrap":
// extract a new bootstrap package
os.MkdirAll("/bootstrap/current", 0750)
cmd := exec.Command("/bin/tar", "xv", "-C", "/bootstrap/current")
cmd.Stdin = channel
cmd.Stdout = channel
cmd.Stderr = channel.Stderr()
go func() {
cmd.Run()
closeCh()
}()
req.Reply(true, nil)
@ -167,11 +183,11 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
go func() {
io.Copy(channel, ptyF)
once.Do(close)
once.Do(closeCh)
}()
go func() {
io.Copy(ptyF, channel)
once.Do(close)
once.Do(closeCh)
}()
req.Reply(true, nil)

2
tools/cpiocat/main.go
View File

@ -5,7 +5,7 @@ import (
"log"
"os"
"novit.nc/direktil/initrd/cpiocat"
"novit.tech/direktil/pkg/cpiocat"
)
func main() {

126
vpn.go Normal file
View File

@ -0,0 +1,126 @@
package main
import (
"io/ioutil"
"log"
"net"
"os"
"path/filepath"
"golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"novit.tech/direktil/pkg/config"
)
func setupVPN(vpn config.VPNDef, localGenDir string) {
log.Printf("setting up VPN %s", vpn.Name)
vpnDir := filepath.Join(localGenDir, vpn.Name)
os.MkdirAll(vpnDir, 0750)
// public/private key
keyFile := filepath.Join(vpnDir, "key")
keyBytes, err := ioutil.ReadFile(keyFile)
if os.IsNotExist(err) {
key, err := wgtypes.GeneratePrivateKey()
if err != nil {
fatalf("failed to generate VPN key: %v", err)
}
keyBytes = []byte(key.String())
ioutil.WriteFile(keyFile, keyBytes, 0600)
} else if err != nil {
fatalf("failed to read VPN key: %v", err)
}
key, err := wgtypes.ParseKey(string(keyBytes))
if err != nil {
fatalf("bad VPN key: %v", err)
}
log.Printf("VPN %s public key is %s", vpn.Name, key.PublicKey().String())
// pre-shared key
pskeyFile := filepath.Join(vpnDir, "pskey")
pskeyBytes, err := ioutil.ReadFile(pskeyFile)
if os.IsNotExist(err) {
key, err := wgtypes.GenerateKey()
if err != nil {
fatalf("failed to generate VPN pre-shared key: %v", err)
}
pskeyBytes = []byte(key.String())
ioutil.WriteFile(pskeyFile, pskeyBytes, 0600)
} else if err != nil {
fatalf("failed to read VPN pre-shared key: %v", err)
}
pskey, err := wgtypes.ParseKey(string(pskeyBytes))
if err != nil {
fatalf("bad VPN pre-shared key: %v", err)
}
log.Printf("VPN %s pre-shared key is %s", vpn.Name, key.String())
// setup interface
cfg := wgtypes.Config{
PrivateKey: &key,
ListenPort: vpn.ListenPort,
Peers: make([]wgtypes.PeerConfig, 0, len(vpn.Peers)),
}
for idx, vpnPeer := range vpn.Peers {
vpnPeer := vpnPeer
wgPeer := wgtypes.PeerConfig{
Endpoint: vpnPeer.Endpoint,
AllowedIPs: make([]net.IPNet, 0, len(vpnPeer.AllowedIPs)),
PersistentKeepaliveInterval: &vpnPeer.KeepAlive,
}
if vpnPeer.WithPreSharedKey {
wgPeer.PresharedKey = &pskey
}
pubkey, err := wgtypes.ParseKey(vpnPeer.PublicKey)
if err != nil {
fatalf("bad VPN peer[%d] public key: %v", idx, err)
}
wgPeer.PublicKey = pubkey
for _, ipnetStr := range vpnPeer.AllowedIPs {
_, ipnet, err := net.ParseCIDR(ipnetStr)
if err != nil {
fatalf("bad IP/net: %q: %v", ipnetStr, err)
}
wgPeer.AllowedIPs = append(wgPeer.AllowedIPs, *ipnet)
}
cfg.Peers = append(cfg.Peers, wgPeer)
}
wg, err := wgctrl.New()
if err != nil {
fatalf("failed to setup WireGuard client: %v", err)
}
defer wg.Close()
run("ip", "link", "add", vpn.Name, "type", "wireguard")
for _, ip := range vpn.IPs {
run("ip", "addr", "add", ip, "dev", vpn.Name)
}
err = wg.ConfigureDevice(vpn.Name, cfg)
if err != nil {
fatalf("failed to setup VPN %s: %v", vpn.Name, err)
}
run("ip", "link", "set", vpn.Name, "up")
}