direktil/initrd
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: direktil:v2.2.0
Branches Tags
direktil:main
direktil:rs
direktil:v2.3.6
direktil:v2.3.5
direktil:v2.3.4
direktil:v2.3.3
direktil:v2.3.2
direktil:v2.3.1
direktil:v2.3.0
direktil:v2.2.2
direktil:v2.2.1
direktil:v2.2.0
direktil:v2.1.2
direktil:v2.1.1
direktil:v2.0.4
...
compare: direktil:main
Branches Tags
direktil:main
direktil:rs
direktil:v2.3.6
direktil:v2.3.5
direktil:v2.3.4
direktil:v2.3.3
direktil:v2.3.2
direktil:v2.3.1
direktil:v2.3.0
direktil:v2.2.2
direktil:v2.2.1
direktil:v2.2.0
direktil:v2.1.2
direktil:v2.1.1
direktil:v2.0.4

12 Commits
v2.2.0 ... main

Author SHA1 Message Date
Mikaël Cluseau
6e1cb57e03 upgrade go+deps 2025-06-02 14:53:05 +02:00
Mikaël Cluseau
3f2549c746 unix module disappeared 2025-06-02 14:51:26 +02:00
Mikaël Cluseau
91eb83d6e1 bootstrap: attemps fetching for 1 minute before giving up 2024-11-06 00:42:51 +01:00
Mikaël Cluseau
5924705b24 shrink exec 2024-11-04 22:06:48 +01:00
Mikaël Cluseau
0f9679d91e use udev for lvm & net 2024-11-04 17:33:23 +01:00
Mikaël Cluseau
7325ee1c0c don't write config.yaml anymore 2024-01-21 15:42:15 +01:00
Mikaël Cluseau
4a12e1ba8f rework ssh 'init' command 2024-01-21 15:32:51 +01:00
Mikaël Cluseau
2df68d3fca bump pkg mod to support symlink&dir in file def 2024-01-20 18:28:28 +01:00
Mikaël Cluseau
5fd3a9d925 remove boot-v1 2024-01-20 17:31:57 +01:00
Mikaël Cluseau
6bf1d1ccf2 move to zerolog 2024-01-20 16:41:54 +01:00
Mikaël Cluseau
5ab8b74041 Dockerfile: bump 'from' 2024-01-08 09:50:02 +01:00
Mikaël Cluseau
7b62140d2a bootstrap: update-ca-certificates 2024-01-08 09:47:40 +01:00
22 changed files with 458 additions and 408 deletions
Show Stats Expand all files Collapse all files

25
Dockerfile
View File

@ -1,22 +1,29 @@
from golang:1.21.4-alpine3.18 as build
from golang:1.23.2-alpine3.20 as build
run apk add --no-cache gcc musl-dev linux-headers eudev-dev upx
workdir /src
copy go.mod go.sum .
run go mod download
copy . .
run go test ./...
run go build -o /go/bin/init -trimpath .
env CGO_ENABLED=1
run \
--mount=type=cache,id=gomod,target=/go/pkg/mod \
--mount=type=cache,id=gobuild,target=/root/.cache/go-build \
go test ./... \
&& go build -ldflags "-s -w" -o /go/bin/init -trimpath .
run upx /go/bin/init
# ------------------------------------------------------------------------
from alpine:3.18.4 as initrd
from alpine:3.20.3 as initrd
run apk add --no-cache xz
workdir /layer
run wget -O- https://dl-cdn.alpinelinux.org/alpine/v3.18/releases/x86_64/alpine-minirootfs-3.18.4-x86_64.tar.gz |tar zxv
run . /etc/os-release \
&& wget -O- https://dl-cdn.alpinelinux.org/alpine/v${VERSION_ID%.*}/releases/x86_64/alpine-minirootfs-${VERSION_ID}-x86_64.tar.gz |tar zxv
run apk add --no-cache -p . musl lvm2 lvm2-dmeventd udev cryptsetup e2fsprogs btrfs-progs lsblk
run apk add --no-cache -p . musl lvm2 lvm2-extra lvm2-dmeventd udev cryptsetup e2fsprogs lsblk
run rm -rf usr/share/apk var/cache/apk
copy --from=build /go/bin/init .
@ -27,6 +34,6 @@ run chroot /layer /init hello
run find |cpio -H newc -o >/initrd
# ------------------------------------------------------------------------
from alpine:3.18.4
from alpine:3.20.3
copy --from=initrd /initrd /
entrypoint ["base64","/initrd"]

104
boot-v1.go → apply-config.go
View File

@ -1,7 +1,6 @@
package main
import (
"log"
"os"
"path/filepath"
"strconv"
@ -9,53 +8,14 @@ import (
"syscall"
"time"
"github.com/rs/zerolog/log"
yaml "gopkg.in/yaml.v2"
"novit.tech/direktil/pkg/sysfs"
"novit.tech/direktil/pkg/config/apply"
)
var loopOffset = 0
func bootV1() {
log.Print("-- boot v1 --")
// find and mount /boot
bootMatch := param("boot", "")
bootMounted := false
if bootMatch != "" {
bootFS := param("boot.fs", "vfat")
for i := 0; ; i++ {
devNames := sysfs.DeviceByProperty("block", bootMatch)
if len(devNames) == 0 {
if i > 30 {
fatal("boot partition not found after 30s")
}
log.Print("boot partition not found, retrying")
time.Sleep(1 * time.Second)
continue
}
devFile := filepath.Join("/dev", devNames[0])
log.Print("boot partition found: ", devFile)
mount(devFile, "/boot", bootFS, bootMountFlags, "")
bootMounted = true
break
}
} else {
log.Print("Assuming /boot is already populated.")
}
// load config
cfgPath := param("config", "/boot/config.yaml")
layersDir = filepath.Join("/boot", bootVersion, "layers")
applyConfig(cfgPath, bootMounted)
finalizeBoot()
}
func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
cfgBytes, err := os.ReadFile(cfgPath)
if err != nil {
@ -72,10 +32,10 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
fatal("no layers configured!")
}
log.Printf("wanted layers: %q", cfg.Layers)
layersInMemory := paramBool("layers-in-mem", false)
log.Info().Strs("layers", cfg.Layers).Bool("in-memory", layersInMemory).Msg("mounting layers")
const layersInMemDir = "/layers-in-mem"
if layersInMemory {
mkdir(layersInMemDir, 0700)
@ -84,6 +44,8 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
lowers := make([]string, len(cfg.Layers))
for i, layer := range cfg.Layers {
log := log.With().Str("layer", layer).Logger()
path := layerPath(layer)
info, err := os.Stat(path)
@ -91,10 +53,10 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
fatal(err)
}
log.Printf("layer %s found (%d bytes)", layer, info.Size())
log.Info().Int64("size", info.Size()).Msg("layer found")
if layersInMemory {
log.Print(" copying to memory...")
log.Info().Msg("copying to memory")
targetPath := filepath.Join(layersInMemDir, layer)
cp(path, targetPath)
path = targetPath
@ -126,7 +88,7 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
if bootMounted {
if layersInMemory {
if err := syscall.Unmount("/boot", 0); err != nil {
log.Print("WARNING: failed to unmount /boot: ", err)
log.Warn().Err(err).Msg("failed to unmount /boot")
time.Sleep(2 * time.Second)
}
@ -135,74 +97,44 @@ func applyConfig(cfgPath string, bootMounted bool) (cfg *configV1) {
}
}
// - write configuration
log.Print("writing /config.yaml")
if err := os.WriteFile("/system/config.yaml", cfgBytes, 0600); err != nil {
fatal("failed: ", err)
}
// - write files
for _, fileDef := range cfg.Files {
log.Print("writing ", fileDef.Path)
filePath := filepath.Join("/system", fileDef.Path)
if err := os.MkdirAll(filepath.Dir(filePath), 0755); err != nil {
log.Printf("failed to create dir %s: %v", filepath.Dir(fileDef.Path), err)
}
mode := fileDef.Mode
if mode == 0 {
mode = 0644
}
err = os.WriteFile(filePath, []byte(fileDef.Content), mode)
if err != nil {
fatalf("failed to write %s: %v", fileDef.Path, err)
}
}
apply.Files(cfg.Files, "/system")
// - groups
for _, group := range cfg.Groups {
log.Print("creating group ", group.Name)
logEvt := log.Info().Str("group", group.Name)
opts := make([]string, 0)
opts = append(opts /* chroot */, "/system", "groupadd", "-r")
if group.Gid != 0 {
opts = append(opts, "-g", strconv.Itoa(group.Gid))
logEvt.Int("gid", group.Gid)
}
opts = append(opts, group.Name)
logEvt.Msg("creating group")
run("chroot", opts...)
}
// - user
for _, user := range cfg.Users {
log.Print("creating user ", user.Name)
logEvt := log.Info().Str("user", user.Name)
opts := make([]string, 0)
opts = append(opts /* chroot */, "/system", "useradd", "-r")
if user.Gid != 0 {
opts = append(opts, "-g", strconv.Itoa(user.Gid))
logEvt.Int("gid", user.Gid)
}
if user.Uid != 0 {
opts = append(opts, "-u", strconv.Itoa(user.Uid))
logEvt.Int("uid", user.Uid)
}
opts = append(opts, user.Name)
logEvt.Msg("creating user")
run("chroot", opts...)
}
return
}
func finalizeBoot() {
// clean zombies
cleanZombies()
// switch root
log.Print("switching root")
err := syscall.Exec("/sbin/switch_root", []string{"switch_root",
"-c", "/dev/console", "/system", "/sbin/init"}, os.Environ())
fatal("switch_root failed: ", err)
}

56
ask-secret.go
View File

@ -6,41 +6,51 @@ import (
"fmt"
"io"
"os"
"sync"
"sync/atomic"
)
func askSecret(prompt string) []byte {
stdinTTY.EchoOff()
var (
inputTTYs = new(sync.Map)
askingSecret atomic.Bool
)
var (
in io.Reader = stdin
out io.Writer = stdout
)
func registerInput(in *tty) { inputTTYs.Store(in, in) }
func unregiterInput(in *tty) { inputTTYs.Delete(in) }
if stdin == nil {
in = os.Stdin
out = os.Stdout
}
func askSecret(prompt string) (s []byte) {
err := func() (err error) {
askingSecret.Store(true)
defer askingSecret.Store(false)
out.Write([]byte(prompt + ": "))
inputTTYs.Range(func(k, v any) (con bool) { v.(*tty).EchoOff(); return true })
defer inputTTYs.Range(func(k, v any) (con bool) { v.(*tty).Restore(); return true })
if stdin != nil {
stdout.HideInput()
}
var (
in io.Reader = stdin
out io.Writer = stdout
)
s, err := bufio.NewReader(in).ReadBytes('\n')
if stdin == nil {
in = os.Stdin
out = os.Stdout
}
if stdin != nil {
stdout.ShowInput()
}
out.Write([]byte(prompt + ": "))
stdinTTY.Restore()
s, err = bufio.NewReader(in).ReadBytes('\n')
if err != nil {
return
}
fmt.Println()
s = bytes.TrimRight(s, "\r\n")
return
}()
if err != nil {
fatalf("failed to read from stdin: %v", err)
}
fmt.Println()
s = bytes.TrimRight(s, "\r\n")
return s
return
}

8
auth.go
View File

@ -3,8 +3,8 @@ package main
import (
"bytes"
"errors"
"log"
"github.com/rs/zerolog/log"
"golang.org/x/crypto/ssh"
config "novit.tech/direktil/pkg/bootstrapconfig"
@ -23,7 +23,7 @@ func localAuth() bool {
}
if config.CheckPassword(auth.Password, sec) {
log.Printf("login with auth %q", auth.Name)
log.Info().Msgf("login with auth %q", auth.Name)
return true
}
}
@ -41,12 +41,12 @@ func sshCheckPubkey(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions,
allowedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(auth.SSHKey))
if err != nil {
log.Printf("SSH pubkey for %q invalid: %v", auth.Name, auth.SSHKey)
log.Warn().Err(err).Str("user", auth.Name).Str("key", auth.SSHKey).Msg("SSH public key is invalid")
return nil, err
}
if bytes.Equal(allowedKey.Marshal(), keyBytes) {
log.Print("ssh: accepting public key for ", auth.Name)
log.Info().Str("user", auth.Name).Msg("ssh: accepting public key")
return &ssh.Permissions{
Extensions: map[string]string{
"pubkey-fp": ssh.FingerprintSHA256(key),

33
boot-v2.go
View File

@ -1,20 +1,21 @@
package main
import (
"log"
"os"
"os/exec"
"syscall"
"github.com/rs/zerolog/log"
"gopkg.in/yaml.v3"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func bootV2() {
log.Print("-- boot v2 --")
log.Info().Msg("-- boot v2 --")
kernelVersion := unameRelease()
log.Print("Linux version ", kernelVersion)
log.Info().Str("version", kernelVersion).Msg("Linux")
cfg := &config.Config{}
@ -32,15 +33,19 @@ func bootV2() {
}
}
log.Print("config loaded")
log.Printf("\n\nanti-phishing code: %q\n", cfg.AntiPhishingCode)
log.Info().Msg("config loaded")
if cfg.AntiPhishingCode != "" {
log.Info().Str("anti-phishing-code", cfg.AntiPhishingCode).Send()
}
auths = cfg.Auths
// mount kernel modules
if cfg.Modules == "" {
log.Print("NOT mounting modules (nothing specified)")
log.Warn().Msg("NOT mounting modules (\"modules:\" not specified)")
} else {
log.Info().Str("from", cfg.Modules).Msg("mounting modules")
mountSquahfs(cfg.Modules, "/modules")
modulesSourcePath := "/modules/lib/modules/" + kernelVersion
@ -54,20 +59,18 @@ func bootV2() {
}
}
// load basic modules
run("modprobe", "unix")
// devices init
log.Info().Msg("starting udevd")
err := exec.Command("udevd").Start()
if err != nil {
fatal("failed to start udevd: ", err)
}
log.Print("udevadm triggers")
log.Info().Msg("udevadm triggers")
run("udevadm", "trigger", "-c", "add", "-t", "devices")
run("udevadm", "trigger", "-c", "add", "-t", "subsystems")
log.Print("udevadm settle")
log.Info().Msg("udevadm settle")
run("udevadm", "settle")
// networks
@ -91,3 +94,11 @@ func bootV2() {
// finalize
finalizeBoot()
}
func finalizeBoot() {
// switch root
log.Info().Msg("switching root")
err := syscall.Exec("/sbin/switch_root", []string{"switch_root",
"-c", "/dev/console", "/system", "/sbin/init"}, os.Environ())
fatal("switch_root failed: ", err)
}

40
bootstrap.go
View File

@ -4,11 +4,13 @@ import (
"bytes"
"fmt"
"io"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"time"
"github.com/rs/zerolog/log"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
@ -27,14 +29,14 @@ func bootstrap(cfg *config.Config) {
sysCfgPath := filepath.Join(baseDir, "config.yaml")
if _, err := os.Stat(sysCfgPath); os.IsNotExist(err) {
log.Printf("bootstrap %q does not exist", bootVersion)
log.Warn().Msgf("bootstrap %q does not exist", bootVersion)
seed := cfg.Bootstrap.Seed
if seed == "" {
fatalf("boostrap seed not defined, admin required")
}
log.Printf("seeding bootstrap from %s", seed)
log.Info().Str("from", seed).Msgf("seeding bootstrap")
err = os.MkdirAll(baseDir, 0700)
if err != nil {
@ -44,9 +46,18 @@ func bootstrap(cfg *config.Config) {
bootstrapFile := filepath.Join(baseDir, "bootstrap.tar")
err = func() (err error) {
resp, err := http.Get(seed)
var resp *http.Response
start := time.Now()
for time.Since(start) <= time.Minute {
resp, err = http.Get(seed)
if err == nil {
break
}
time.Sleep(time.Second)
}
if err != nil {
return
return fmt.Errorf("failed to fetch bootstrap")
}
if resp.StatusCode != http.StatusOK {
@ -72,7 +83,7 @@ func bootstrap(cfg *config.Config) {
fatalf("seeding failed: %v", err)
}
log.Print("unpacking bootstrap file")
log.Info().Msg("unpacking bootstrap file")
run("tar", "xvf", bootstrapFile, "-C", baseDir)
}
@ -80,6 +91,13 @@ func bootstrap(cfg *config.Config) {
layersOverride["modules"] = "/modules.sqfs"
sysCfg := applyConfig(sysCfgPath, false)
// load requested modules
for _, mod := range sysCfg.Modules {
log.Info().Str("module", mod).Msg("loading module")
run("modprobe", mod)
}
// localy-generated assets dir
localGenDir := filepath.Join(bsDir, "local-gen")
// vpns are v2+
@ -89,7 +107,7 @@ func bootstrap(cfg *config.Config) {
// mounts are v2+
for _, mount := range sysCfg.Mounts {
log.Print("mount ", mount.Dev, " to system's ", mount.Path)
log.Info().Str("source", mount.Dev).Str("target", mount.Path).Msg("mount")
path := filepath.Join("/system", mount.Path)
@ -108,13 +126,17 @@ func bootstrap(cfg *config.Config) {
// setup root user
if ph := sysCfg.RootUser.PasswordHash; ph != "" {
log.Print("setting root's password")
log.Info().Msg("setting root's password")
setUserPass("root", ph)
}
if ak := sysCfg.RootUser.AuthorizedKeys; len(ak) != 0 {
log.Print("setting root's authorized keys")
log.Info().Msg("setting root's authorized keys")
setAuthorizedKeys(ak)
}
// update-ca-certificates
log.Info().Msg("updating CA certificates")
run("chroot", "/system", "update-ca-certificates")
}
func setUserPass(user, passwordHash string) {

34
go.mod
View File

@ -1,29 +1,35 @@
module novit.nc/direktil/initrd
module novit.tech/direktil/initrd
require (
github.com/creack/pty v1.1.24
github.com/freddierice/go-losetup/v2 v2.0.1
github.com/kr/pty v1.1.8
github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b
github.com/pkg/term v1.1.0
golang.org/x/crypto v0.16.0
golang.org/x/sys v0.15.0
golang.org/x/term v0.15.0
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
github.com/rs/zerolog v1.34.0
golang.org/x/crypto v0.38.0
golang.org/x/sys v0.33.0
golang.org/x/term v0.32.0
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
novit.tech/direktil/pkg v0.0.0-20231217121409-827fa62f58aa
novit.tech/direktil/pkg v0.0.0-20240415130406-0d2e181a4ed6
)
require (
github.com/cavaliergopher/cpio v1.0.1 // indirect
github.com/creack/pty v1.1.21 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1 // indirect
github.com/josharian/native v1.1.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mdlayher/genetlink v1.3.2 // indirect
github.com/mdlayher/netlink v1.7.2 // indirect
github.com/mdlayher/socket v0.5.0 // indirect
golang.org/x/net v0.19.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect
github.com/mdlayher/socket v0.5.1 // indirect
golang.org/x/net v0.40.0 // indirect
golang.org/x/sync v0.14.0 // indirect
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb // indirect
)
go 1.21
go 1.23.1
toolchain go1.24.3

114
go.sum
View File

@ -1,93 +1,86 @@
github.com/cavaliergopher/cpio v1.0.1 h1:KQFSeKmZhv0cr+kawA3a0xTQCU4QxXF1vhU7P7av2KM=
github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI16PX4xejRQc=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
github.com/freddierice/go-losetup/v2 v2.0.1 h1:wPDx/Elu9nDV8y/CvIbEDz5Xi5Zo80y4h7MKbi3XaAI=
github.com/freddierice/go-losetup/v2 v2.0.1/go.mod h1:TEyBrvlOelsPEhfWD5rutNXDmUszBXuFnwT1kIQF4J8=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1 h1:smvLGU3obGU5kny71BtE/ibR0wIXRUiRFDmSn0Nxz1E=
github.com/jkeiser/iter v0.0.0-20200628201005-c8aa0ae784d1/go.mod h1:fP/NdyhRVOv09PLRbVXrSqHhrfQypdZwgE2L4h2U5C8=
github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b h1:Pzf7tldbCVqwl3NnOnTamEWdh/rL41fsoYCn2HdHgRA=
github.com/jochenvg/go-udev v0.0.0-20240801134859-b65ed646224b/go.mod h1:IBDUGq30U56w969YNPomhMbRje1GrhUsCh7tHdwgLXA=
github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/mdlayher/genetlink v1.3.1 h1:roBiPnual+eqtRkKX2Jb8UQN5ZPWnhDCGj/wR6Jlz2w=
github.com/mdlayher/genetlink v1.3.1/go.mod h1:uaIPxkWmGk753VVIzDtROxQ8+T+dkHqOI0vB1NA9S/Q=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
github.com/mdlayher/netlink v1.7.1 h1:FdUaT/e33HjEXagwELR8R3/KL1Fq5x3G5jgHLp/BTmg=
github.com/mdlayher/netlink v1.7.1/go.mod h1:nKO5CSjE/DJjVhk/TNp6vCE1ktVxEA8VEh8drhZzxsQ=
github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw=
github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc=
github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk=
github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw=
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220321153916-2c7772ba3064/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
@ -97,26 +90,15 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c h1:Okh6a1xpnJslG9Mn84pId1Mn+Q8cvpo4HCeeFWHo0cA=
golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c/go.mod h1:enML0deDxY1ux+B6ANGiwtg0yAJi1rctkTpcHNAVPyg=
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb h1:c5tyN8sSp8jSDxdCCDXVOpJwYXXhmTkNMt+g0zTSOic=
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb h1:9aqVcYEDHmSNb0uOWukxV5lHV09WqiSiCuhEgWNETLY=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvYQH2OU3/TnxLx97WDSUDRABfT18pCOYwc2GE=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80=
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 h1:3GDAcqdIg1ozBNLgPy4SLT84nfcBjr6rhGtXYtrkWLU=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
novit.nc/direktil/pkg v0.0.0-20220221171542-fd3ce3a1491b/go.mod h1:zwTVO6U0tXFEaga73megQIBK7yVIKZJVePaIh/UtdfU=
novit.tech/direktil/pkg v0.0.0-20230201224712-5e39572dc50e h1:eQFbzcuB4wOSrnOhkcN30hFDCIack40VkIoqVRbWnWc=
novit.tech/direktil/pkg v0.0.0-20230201224712-5e39572dc50e/go.mod h1:2Mir5x1eT/e295WeFGzzXa4siunKX4z+rmNPfVsXS0k=
novit.tech/direktil/pkg v0.0.0-20231217121409-827fa62f58aa h1:eBk9nQTxIJU5cT8aJVjfRWiUd4sv8YV0kXALbSFOKdI=
novit.tech/direktil/pkg v0.0.0-20231217121409-827fa62f58aa/go.mod h1:AYEEjNi7ljJG+V4F4LzxWntfbSs+KnNPO3kqvcEzIU4=
novit.tech/direktil/pkg v0.0.0-20240415130406-0d2e181a4ed6 h1:D0TN5GyZ4d88ILpgVZgcZ62027lW8/LLnQSpQyN2yOw=
novit.tech/direktil/pkg v0.0.0-20240415130406-0d2e181a4ed6/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=

102
lvm.go
View File

@ -3,15 +3,19 @@ package main
import (
"bytes"
"io/fs"
"log"
"os"
"os/exec"
"path/filepath"
"sort"
"strconv"
"syscall"
udev "github.com/jochenvg/go-udev"
"github.com/rs/zerolog/log"
"novit.nc/direktil/initrd/lvm"
config "novit.tech/direktil/pkg/bootstrapconfig"
"novit.tech/direktil/initrd/lvm"
)
func sortedKeys[T any](m map[string]T) (keys []string) {
@ -25,7 +29,7 @@ func sortedKeys[T any](m map[string]T) (keys []string) {
func setupLVM(cfg *config.Config) {
if len(cfg.LVM) == 0 {
log.Print("no LVM VG configured.")
log.Info().Msg("no LVM VG configured.")
return
}
@ -75,53 +79,73 @@ func setupVG(vg config.LvmVG) {
}
}
log := log.With().Str("vg", vg.VG).Logger()
if devNeeded <= 0 {
log.Print("LVM VG ", vg.VG, " has all its devices")
log.Info().Msg("LVM VG has all its devices")
return
}
if vgExists {
log.Printf("LVM VG %s misses %d devices", vg.VG, devNeeded)
log.Info().Msgf("LVM VG misses %d devices", devNeeded)
} else {
log.Printf("LVM VG %s does not exists, creating", vg.VG)
log.Info().Msg("LVM VG does not exists, creating")
}
devNames := make([]string, 0)
err = filepath.Walk("/dev", func(n string, fi fs.FileInfo, err error) error {
if fi.Mode().Type() == os.ModeDevice {
devNames = append(devNames, n)
devNames := make([]NameAliases, 0)
{
devRefs := map[uint64]*NameAliases{}
enum := new(udev.Udev).NewEnumerate()
enum.AddMatchSubsystem("block")
devs, err := enum.Devices()
if err != nil {
fatal("udev enumeration failed")
}
return err
})
if err != nil {
fatalf("failed to walk /dev: %v", err)
}
devNames = filter(devNames, func(v string) bool {
for _, pv := range pvs.PVs() {
if v == pv.Name {
return false
for _, dev := range devs {
num := dev.Devnum()
n := dev.PropertyValue("DEVNAME")
idx := len(devNames)
devNames = append(devNames, nameAlias(n))
ref := uint64(num.Major())<<8 | uint64(num.Minor())
devRefs[ref] = &devNames[idx]
}
err = filepath.Walk("/dev", func(n string, fi fs.FileInfo, err error) error {
if fi.Mode().Type() == os.ModeDevice {
stat := fi.Sys().(*syscall.Stat_t)
ref := stat.Rdev
if na := devRefs[ref]; na != nil {
na.AddAlias(n)
}
}
return err
})
if err != nil {
fatalf("failed to walk /dev: %v", err)
}
return true
})
}
for _, dev := range devNames {
log.Info().Str("name", dev.Name).Any("aliases", dev.Aliases).Msg("found block device")
}
m := regexpSelectN(vg.PVs.N, vg.PVs.Regexps, devNames)
if len(m) == 0 {
log.Printf("no devices match the regexps %v", vg.PVs.Regexps)
for _, d := range devNames {
log.Print("- ", d)
}
log.Error().Strs("regexps", vg.PVs.Regexps).Msg("no device match the regexps")
fatalf("failed to setup VG %s", vg.VG)
}
if vgExists {
log.Print("- extending vg to ", m)
log.Info().Strs("devices", m).Msg("LVM VG: extending")
run("vgextend", append([]string{vg.VG}, m...)...)
devNeeded -= len(m)
} else {
log.Print("- creating vg with devices ", m)
log.Info().Strs("devices", m).Msg("LVM VG: creating")
run("vgcreate", append([]string{vg.VG}, m...)...)
devNeeded -= len(m)
}
@ -142,17 +166,17 @@ func setupLVs(vg config.LvmVG, createdDevs map[string]string) {
defaults := vg.Defaults
for _, lv := range vg.LVs {
lvKey := vg.VG + "/" + lv.Name
for idx, lv := range vg.LVs {
log := log.With().Str("vg", vg.VG).Str("lv", lv.Name).Logger()
if contains(lvs, func(v lvm.LV) bool {
return v.VGName == vg.VG && v.Name == lv.Name
}) {
log.Printf("LV %s exists", lvKey)
log.Info().Msg("LV exists")
continue
}
log.Printf("creating LV %s", lvKey)
log.Info().Msg("LV does not exist")
if lv.Raid == nil {
lv.Raid = defaults.Raid
@ -161,7 +185,7 @@ func setupLVs(vg config.LvmVG, createdDevs map[string]string) {
args := make([]string, 0)
if lv.Name == "" {
fatalf("LV has no name")
fatalf("LV[%d] has no name", idx)
}
args = append(args, vg.VG, "--name", lv.Name)
@ -184,7 +208,7 @@ func setupLVs(vg config.LvmVG, createdDevs map[string]string) {
}
}
log.Print("lvcreate args: ", args)
log.Info().Strs("args", args).Msg("LV: creating")
run("lvcreate", args...)
dev := "/dev/" + vg.VG + "/" + lv.Name
@ -286,12 +310,12 @@ func setupCrypt(devSpecs []config.CryptDev, createdDevs map[string]string) {
}
if !eq {
log.Print("passwords don't match")
log.Error().Msg("passwords don't match")
goto retry
}
}
log.Print("formatting encrypted device ", dev)
log.Info().Str("dev", dev).Msg("formatting encrypted device")
cmd := exec.Command("cryptsetup", "luksFormat", dev, "--key-file=-")
cmd.Stdin = bytes.NewBuffer(password)
cmd.Stdout = stdout
@ -312,7 +336,7 @@ func setupCrypt(devSpecs []config.CryptDev, createdDevs map[string]string) {
}
}
log.Print("openning encrypted device ", name, " from ", dev)
log.Info().Str("name", name).Str("dev", dev).Msg("openning encrypted device")
cmd := exec.Command("cryptsetup", "open", dev, name, "--key-file=-")
cmd.Stdin = bytes.NewBuffer(password)
cmd.Stdout = stdout
@ -364,7 +388,7 @@ func devInitialized(dev string) bool {
func setupFS(dev, fs string) {
if devInitialized(dev) {
log.Print("device ", dev, " already formatted")
log.Info().Str("dev", dev).Msg("device already formatted")
return
}
@ -372,7 +396,7 @@ func setupFS(dev, fs string) {
fs = "ext4"
}
log.Print("formatting ", dev, " (", fs, ")")
log.Info().Str("dev", dev).Str("fs", fs).Msg("formatting device")
args := make([]string, 0)
switch fs {

56
main.go
View File

@ -3,7 +3,6 @@ package main
import (
"fmt"
"io"
"log"
"os"
"os/exec"
"path/filepath"
@ -12,10 +11,12 @@ import (
"time"
"github.com/pkg/term/termios"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"golang.org/x/term"
"novit.nc/direktil/initrd/colorio"
"novit.nc/direktil/initrd/shio"
"novit.tech/direktil/initrd/colorio"
"novit.tech/direktil/initrd/shio"
)
const (
@ -41,11 +42,15 @@ func newPipe() (io.ReadCloser, io.WriteCloser) {
}
func main() {
log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
registerInput(newTTY(os.Stdin.Fd()))
switch baseName := filepath.Base(os.Args[0]); baseName {
case "init":
runInit()
default:
log.Fatal("unknown sub-command: ", baseName)
log.Fatal().Msgf("unknown sub-command: %q", baseName)
}
}
@ -57,18 +62,19 @@ func runInit() {
runtime.LockOSThread()
if pid := os.Getpid(); pid != 1 {
log.Fatal("init must be PID 1, not ", pid)
}
// move log to shio
go io.Copy(os.Stdout, stdout.NewReader())
log.SetOutput(stderr)
log.Logger = log.Output(zerolog.ConsoleWriter{Out: stderr})
// check the PID is 1
if pid := os.Getpid(); pid != 1 {
log.Fatal().Int("pid", pid).Msg("init must be PID 1")
}
// copy os.Stdin to my stdin pipe
go io.Copy(stdinPipe, os.Stdin)
log.Print("Welcome to ", VERSION)
log.Info().Msg("Welcome to " + VERSION)
// essential mounts
mount("none", "/proc", "proc", 0, "")
@ -78,17 +84,14 @@ func runInit() {
// get the "boot version"
bootVersion = param("version", "current")
log.Printf("booting system %q", bootVersion)
log.Info().Msgf("booting system %q", bootVersion)
os.Setenv("PATH", "/usr/bin:/bin:/usr/sbin:/sbin")
_, err := os.Stat("/config.yaml")
if err != nil {
if os.IsNotExist(err) {
bootV1()
return
}
fatal("stat failed: ", err)
log.Error().Err(err).Msg("config not found")
fatal()
}
bootV2()
@ -107,19 +110,20 @@ func layerPath(name string) string {
}
func fatal(v ...interface{}) {
log.Print("*** FATAL ***")
log.Print(v...)
log.Error().Msg("*** FATAL ***")
log.Error().Msg(fmt.Sprint(v...))
die()
}
func fatalf(pattern string, v ...interface{}) {
log.Print("*** FATAL ***")
log.Printf(pattern, v...)
log.Error().Msg("*** FATAL ***")
log.Error().Msgf(pattern, v...)
die()
}
func die() {
log.SetOutput(os.Stderr)
log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
stdout.Close()
stdin.Close()
stdinPipe.Close()
@ -138,13 +142,13 @@ mainLoop:
deadline := time.Now().Add(time.Minute)
os.Stdin.SetReadDeadline(deadline)
termios.Tcflush(os.Stdin.Fd(), termios.TCIFLUSH)
term.MakeRaw(int(os.Stdin.Fd()))
termios.Tcflush(os.Stdin.Fd(), termios.TCIFLUSH)
b := make([]byte, 1)
_, err := os.Stdin.Read(b)
if err != nil {
log.Print("failed to read from stdin: ", err)
log.Error().Err(err).Msg("failed to read from stdin")
time.Sleep(5 * time.Second)
syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART)
}
@ -184,10 +188,10 @@ mainLoop:
}
continue mainLoop
}
log.Print("failed to find a shell!")
log.Error().Msg("failed to find a shell!")
default:
log.Printf("unknown choice: %q", string(b))
log.Error().Msgf("unknown choice: %q", string(b))
}
}
}
@ -212,7 +216,7 @@ func mount(source, target, fstype string, flags uintptr, data string) {
if err := syscall.Mount(source, target, fstype, flags, data); err != nil {
fatalf("mount %q %q -t %q -o %q failed: %v", source, target, fstype, data, err)
}
log.Printf("mounted %q", target)
log.Info().Str("target", target).Msg("mounted")
}
func cp(srcPath, dstPath string) {

1
modd.conf
View File

@ -3,6 +3,7 @@ modd.conf {}
go.??? **/*.go {
prep: go test ./...
prep: mkdir -p dist
prep: go build -o dist/init .
prep: go build -o dist/ ./tools/...
}

58
network.go
View File

@ -1,47 +1,58 @@
package main
import (
"log"
"net"
"os/exec"
"strings"
udev "github.com/jochenvg/go-udev"
"github.com/rs/zerolog/log"
config "novit.tech/direktil/pkg/bootstrapconfig"
)
func setupNetworks(cfg *config.Config) {
if len(cfg.Networks) == 0 {
log.Print("no networks configured.")
log.Info().Msg("no networks configured.")
return
}
ifNames := make([]string, 0)
type Iface struct {
Name string
AliasOf string
}
ifaces := make([]NameAliases, 0)
{
ifaces, err := net.Interfaces()
enum := new(udev.Udev).NewEnumerate()
enum.AddMatchSubsystem("net")
devs, err := enum.Devices()
if err != nil {
fatal("failed")
fatal("udev enumeration failed")
}
for _, iface := range ifaces {
ifNames = append(ifNames, iface.Name)
for _, dev := range devs {
iface := nameAliases(dev.Sysname(),
dev.PropertyValue("INTERFACE"),
dev.PropertyValue("ID_NET_NAME"),
dev.PropertyValue("ID_NET_NAME_PATH"),
dev.PropertyValue("ID_NET_NAME_MAC"),
dev.PropertyValue("ID_NET_NAME_SLOT"),
)
log.Info().Str("name", iface.Name).Any("aliases", iface.Aliases).Msg("found network device")
ifaces = append(ifaces, iface)
}
}
assigned := map[string]bool{}
for _, network := range cfg.Networks {
log.Print("setting up network ", network.Name)
log := log.With().Str("network", network.Name).Logger()
log.Info().Msg("setting up network")
// compute available names
if len(assigned) != 0 {
newNames := make([]string, 0, len(ifNames))
for _, n := range ifNames {
if assigned[n] {
continue
}
newNames = append(newNames, n)
}
ifNames = newNames
}
unassigned := filter(ifaces, func(iface NameAliases) bool {
return !assigned[iface.Name]
})
// assign envvars
envvars := make([]string, 0, 1+len(network.Interfaces))
@ -51,19 +62,20 @@ func setupNetworks(cfg *config.Config) {
envvar := new(strings.Builder)
envvar.WriteString(match.Var)
envvar.WriteByte('=')
for i, m := range regexpSelectN(match.N, match.Regexps, unassigned) {
assigned[m] = true
for i, m := range regexpSelectN(match.N, match.Regexps, ifNames) {
if i != 0 {
envvar.WriteByte(' ')
}
envvar.WriteString(m)
assigned[m] = true
}
log.Print("- ", envvar)
envvars = append(envvars, envvar.String())
}
log.Info().Strs("env", envvars).Msg("running script")
cmd := exec.Command("/bin/sh", "-c", network.Script)
cmd.Env = envvars
cmd.Stdout = stdout

50
regexp.go
View File

@ -1,36 +1,62 @@
package main
import (
"log"
"regexp"
"github.com/rs/zerolog/log"
)
func regexpSelectN(n int, regexps []string, names []string) (matches []string) {
if n <= 0 {
matches = make([]string, 0)
} else {
matches = make([]string, 0, n)
type NameAliases struct {
Name string
Aliases []string
}
func nameAlias(name string) NameAliases {
return NameAliases{Name: name, Aliases: []string{name}}
}
func nameAliases(name string, aliases ...string) NameAliases {
na := NameAliases{Name: name, Aliases: make([]string, 0, len(aliases)+1)}
na.Aliases = append(na.Aliases, name)
for _, alias := range aliases {
na.AddAlias(alias)
}
return na
}
func (na *NameAliases) AddAlias(alias string) {
if alias == "" {
return
}
if contains(na.Aliases, func(s string) bool { return s == alias }) {
return
}
na.Aliases = append(na.Aliases, alias)
}
func regexpSelectN(n int, regexps []string, nameAliases []NameAliases) (matches []string) {
matches = make([]string, 0)
res := make([]*regexp.Regexp, 0, len(regexps))
for _, reStr := range regexps {
re, err := regexp.Compile(reStr)
if err != nil {
log.Printf("warning: invalid regexp ignored: %q: %v", reStr, err)
log.Warn().Err(err).Str("regexp", reStr).Msg("invalid regexp, ignored")
continue
}
res = append(res, re)
}
namesLoop:
for _, name := range names {
nameAliasesLoop:
for _, item := range nameAliases {
if len(matches) == n {
break
}
for _, re := range res {
if re.MatchString(name) {
matches = append(matches, name)
continue namesLoop
for _, alias := range item.Aliases {
if re.MatchString(alias) {
matches = append(matches, item.Name)
continue nameAliasesLoop
}
}
}
}

2
shio/shio.go
View File

@ -5,7 +5,7 @@ import (
"io"
"sync"
"novit.nc/direktil/initrd/colorio"
"novit.tech/direktil/initrd/colorio"
)
type ShIO struct {

2
shio/shio_test.go
View File

@ -8,7 +8,7 @@ import (
"time"
)
func ExampleOutput() {
func Example_output() {
done := false
defer func() { done = true }()
go func() {

82
ssh.go
View File

@ -4,15 +4,16 @@ import (
"encoding/binary"
"fmt"
"io"
"log"
"net"
"os"
"os/exec"
"sync"
"syscall"
"time"
"unsafe"
"github.com/kr/pty"
"github.com/creack/pty"
"github.com/rs/zerolog/log"
"golang.org/x/crypto/ssh"
config "novit.tech/direktil/pkg/bootstrapconfig"
@ -26,20 +27,24 @@ func startSSH(cfg *config.Config) {
hostKeyLoaded := false
for _, format := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
log := log.With().Str("format", format).Logger()
pkBytes, err := os.ReadFile("/id_" + format)
if err != nil {
log.Printf("ssh : failed to load %s host key: %v", format, err)
log.Error().Err(err).Msg("ssh: failed to load host key")
continue
}
pk, err := ssh.ParsePrivateKey(pkBytes)
if err != nil {
log.Printf("ssh: failed to parse %s host key: %v", format, err)
log.Error().Err(err).Msg("ssh: failed to parse host key")
continue
}
sshConfig.AddHostKey(pk)
hostKeyLoaded = true
log.Info().Msg("ssh: loaded host key")
}
if !hostKeyLoaded {
@ -52,13 +57,13 @@ func startSSH(cfg *config.Config) {
fatalf("ssh: failed to listen on %s: %v", sshBind, err)
}
log.Print("SSH server listening on ", sshBind)
log.Info().Str("bind-address", sshBind).Msg("SSH server listening")
go func() {
for {
conn, err := listener.Accept()
if err != nil {
log.Print("ssh: accept conn failed: ", err)
log.Info().Err(err).Msg("ssh: accept conn failed")
continue
}
@ -71,12 +76,12 @@ func sshHandleConn(conn net.Conn, sshConfig *ssh.ServerConfig) {
sshConn, chans, reqs, err := ssh.NewServerConn(conn, sshConfig)
if err != nil {
log.Print("ssh: handshake failed: ", err)
log.Error().Err(err).Msg("ssh: handshake failed")
return
}
remoteAddr := sshConn.User() + "@" + sshConn.RemoteAddr().String()
log.Print("ssh: new connection from ", remoteAddr)
log.Info().Str("remote", remoteAddr).Msg("ssh: new connection")
go sshHandleReqs(reqs)
go sshHandleChannels(remoteAddr, chans)
@ -89,7 +94,7 @@ func sshHandleReqs(reqs <-chan *ssh.Request) {
req.Reply(true, nil)
default:
log.Printf("ssh: discarding req: %+v", req)
log.Info().Str("type", req.Type).Msg("ssh: discarding request")
req.Reply(false, nil)
}
}
@ -104,7 +109,7 @@ func sshHandleChannels(remoteAddr string, chans <-chan ssh.NewChannel) {
channel, requests, err := newChannel.Accept()
if err != nil {
log.Print("ssh: failed to accept channel: ", err)
log.Error().Err(err).Msg("ssh: failed to accept channel")
continue
}
@ -138,14 +143,35 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
command := string(req.Payload[4 : req.Payload[3]+4])
switch command {
case "init":
go func() {
io.Copy(channel, stdout.NewReader())
once.Do(closeCh)
}()
go func() {
io.Copy(stdinPipe, channel)
once.Do(closeCh)
}()
if ptyF == nil {
go func() {
channel.Stderr().Write([]byte("\033[5m\033[31;1m\n\nWARNING: no TTY requested, passwords will be echoed!\n\n\033[0m"))
time.Sleep(3 * time.Second)
io.Copy(channel, stdout.NewReader())
once.Do(closeCh)
}()
go func() {
io.Copy(stdinPipe, channel)
once.Do(closeCh)
}()
} else {
stdinTTY := newTTY(ptyF.Fd())
if askingSecret.Load() {
stdinTTY.EchoOff()
}
registerInput(stdinTTY)
defer unregiterInput(stdinTTY)
go func() {
io.Copy(ttyF, stdout.NewReader())
once.Do(closeCh)
}()
go func() {
io.Copy(stdinPipe, ttyF)
once.Do(closeCh)
}()
}
req.Reply(true, nil)
@ -191,15 +217,6 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
ttyF = nil
}()
go func() {
io.Copy(channel, ptyF)
once.Do(closeCh)
}()
go func() {
io.Copy(ptyF, channel)
once.Do(closeCh)
}()
req.Reply(true, nil)
case "pty-req":
@ -211,7 +228,7 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
var err error
ptyF, ttyF, err = pty.Open()
if err != nil {
log.Print("PTY err: ", err)
log.Error().Err(err).Msg("ssh: PTY open failed")
req.Reply(false, nil)
continue
}
@ -223,6 +240,15 @@ func sshHandleChannel(remoteAddr string, channel ssh.Channel, requests <-chan *s
req.Reply(true, nil)
go func() {
io.Copy(channel, ptyF)
once.Do(closeCh)
}()
go func() {
io.Copy(ptyF, channel)
once.Do(closeCh)
}()
case "window-change":
w, h := sshParseDims(req.Payload)
sshSetWinsize(ptyF.Fd(), w, h)

4
test-initrd/config.yaml
View File

@ -26,9 +26,9 @@ networks:
- eno.*
- enp.*
script: |
ip a add 2001:41d0:306:168f::1337:2eed/64 dev $iface
ip li set $iface up
#udhcpc $iface
udhcpc -i $iface -b -t1 -T1 -A5 ||
ip a add 2001:41d0:306:168f::1337:2eed/64 dev $iface
pre_lvm_crypt:
- dev: /dev/vda

5
tools/cpiocat/main.go
View File

@ -2,7 +2,7 @@ package main
import (
"flag"
"log"
"fmt"
"os"
"novit.tech/direktil/pkg/cpiocat"
@ -13,6 +13,7 @@ func main() {
err := cpiocat.Append(os.Stdout, os.Stdin, flag.Args())
if err != nil {
log.Fatal(err)
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
}

19
tools/testconf/main.go
View File

@ -3,7 +3,7 @@ package main
import (
"bytes"
"flag"
"log"
"fmt"
"os"
"gopkg.in/yaml.v3"
@ -14,12 +14,10 @@ func main() {
flag.Parse()
for _, arg := range flag.Args() {
log.Print("testing ", arg)
fmt.Println("testing", arg)
cfgBytes, err := os.ReadFile(arg)
if err != nil {
log.Fatal(err)
}
fail(err)
cfg := config.Config{}
@ -27,8 +25,13 @@ func main() {
dec.KnownFields(true)
err = dec.Decode(&cfg)
if err != nil {
log.Fatal(err)
}
fail(err)
}
}
func fail(err error) {
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
}

25
tty.go
View File

@ -1,29 +1,25 @@
package main
import (
"os"
"golang.org/x/sys/unix"
)
var (
stdinTTY = &tty{int(os.Stdin.Fd()), nil}
)
type tty struct {
fd int
termios *unix.Termios
}
func newTTY(fd uintptr) *tty {
termios, _ := unix.IoctlGetTermios(int(fd), unix.TCGETS)
return &tty{int(fd), termios}
}
func (t *tty) EchoOff() {
termios, err := unix.IoctlGetTermios(t.fd, unix.TCGETS)
if err != nil {
if t.termios == nil {
return
}
t.termios = termios
newState := *termios
newState := *t.termios
newState.Lflag &^= unix.ECHO
newState.Lflag |= unix.ICANON | unix.ISIG
newState.Iflag |= unix.ICRNL
@ -31,8 +27,9 @@ func (t *tty) EchoOff() {
}
func (t *tty) Restore() {
if t.termios != nil {
unix.IoctlSetTermios(t.fd, unix.TCSETS, t.termios)
t.termios = nil
if t.termios == nil {
return
}
unix.IoctlSetTermios(t.fd, unix.TCSETS, t.termios)
}

20
vpn.go
View File

@ -1,11 +1,11 @@
package main
import (
"log"
"net"
"os"
"path/filepath"
"github.com/rs/zerolog/log"
"golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@ -13,11 +13,18 @@ import (
)
func setupVPN(vpn config.VPNDef, localGenDir string) {
log.Printf("setting up VPN %s", vpn.Name)
log := log.With().Str("vpn", vpn.Name).Logger()
log.Info().Msg("VPN: setting up")
vpnDir := filepath.Join(localGenDir, vpn.Name)
os.MkdirAll(vpnDir, 0750)
logMsg := log.Info()
if vpn.ListenPort != nil {
logMsg.Int("ListenPort", *vpn.ListenPort)
}
// public/private key
keyFile := filepath.Join(vpnDir, "key")
keyBytes, err := os.ReadFile(keyFile)
@ -39,7 +46,7 @@ func setupVPN(vpn config.VPNDef, localGenDir string) {
fatalf("bad VPN key: %v", err)
}
log.Printf("VPN %s public key is %s", vpn.Name, key.PublicKey().String())
logMsg.Stringer("PublicKey", key.PublicKey())
// pre-shared key
pskeyFile := filepath.Join(vpnDir, "pskey")
@ -62,7 +69,10 @@ func setupVPN(vpn config.VPNDef, localGenDir string) {
fatalf("bad VPN pre-shared key: %v", err)
}
log.Printf("VPN %s pre-shared key is %s", vpn.Name, key.String())
{
keyStr := key.String()
logMsg.Str("PresharedKey", keyStr[0:4]+"..."+keyStr[len(keyStr)-4:])
}
// setup interface
cfg := wgtypes.Config{
@ -110,12 +120,14 @@ func setupVPN(vpn config.VPNDef, localGenDir string) {
}
defer wg.Close()
log.Info().Strs("ips", vpn.IPs).Msg("VPN: creating interface")
run("ip", "link", "add", vpn.Name, "type", "wireguard")
for _, ip := range vpn.IPs {
run("ip", "addr", "add", ip, "dev", vpn.Name)
}
logMsg.Msg("VPN: configuring interface")
err = wg.ConfigureDevice(vpn.Name, cfg)
if err != nil {
fatalf("failed to setup VPN %s: %v", vpn.Name, err)

26
zombies.go
View File

@ -1,26 +0,0 @@
package main
import (
"log"
"syscall"
)
func cleanZombies() {
return // FIXME noop... udhcpc is a daemon staying alive so we never finish
var wstatus syscall.WaitStatus
for {
pid, err := syscall.Wait4(-1, &wstatus, 0, nil)
switch err {
case nil:
log.Printf("collected PID %v", pid)
case syscall.ECHILD:
return
default:
log.Printf("unknown error: %v", err)
}
}
}