render context: add asset_download_token

Dockerfile

@@ -1,6 +1,6 @@
 from novit.tech/direktil/dkl:bbea9b9 as dkl
 # ------------------------------------------------------------------------
-from golang:1.25.0-trixie as build
+from golang:1.24.4-bookworm as build
 
 run apt-get update && apt-get install -y git
 
@@ -22,13 +22,13 @@ run \
  hack/build ./...
 
 # ------------------------------------------------------------------------
-from debian:trixie
+from debian:bookworm
 entrypoint ["/bin/dkl-local-server"]
 
 env _uncache=1
 run apt-get update \
  && yes |apt-get install -y genisoimage gdisk dosfstools util-linux udev binutils systemd \
- grub2 grub-pc-bin grub-efi-amd64-bin ca-certificates curl openssh-client qemu-utils wireguard-tools \
+ grub2 grub-pc-bin grub-efi-amd64-bin ca-certificates curl openssh-client qemu-utils \
  && apt-get clean
 
 copy --from=dkl   /bin/dkl /bin/dls /bin/

cmd/dkl-dir2config/render-context.go

@@ -8,7 +8,6 @@ import (
 	"math/rand"
 	"path"
 	"reflect"
-	"strconv"
 	"strings"
 
 	"github.com/cespare/xxhash"
@@ -291,14 +290,6 @@ func (ctx *renderContext) templateFuncs(ctxMap map[string]any) map[string]any {
 		"host_download_token": func() (s string) {
 			return "{{ host_download_token }}"
 		},
-		"asset_download_token": func(args ...string) (s string) {
-			argsStr := new(strings.Builder)
-			for _, arg := range args {
-				argsStr.WriteByte(' ')
-				argsStr.WriteString(strconv.Quote(arg))
-			}
-			return "{{ asset_download_token" + argsStr.String() + " }}"
-		},
 
 		"hosts_of_group": func() (hosts []any) {
 			hosts = make([]any, 0)

cmd/dkl-local-server/cluster-render-context.go

@@ -60,14 +60,6 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 
 	return map[string]any{
 		"quote": strconv.Quote,
-		"yaml":  asYaml,
-		"indent": func(s, indent string) string {
-			buf := new(strings.Builder)
-			for _, line := range strings.Split(s, "\n") {
-				buf.WriteString(indent + line + "\n")
-			}
-			return buf.String()
-		},
 
 		"password": func(cluster, name, hashAlg string) (password string, err error) {
 			key := cluster + "/" + name
@@ -211,7 +203,7 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 	}
 }
 
-func asYaml(v any) (string, error) {
+func asYaml(v interface{}) (string, error) {
 	ba, err := yaml.Marshal(v)
 	if err != nil {
 		return "", err

cmd/dkl-local-server/html.go

@@ -1,15 +0,0 @@
-package main
-
-func htmlHeader(title string) string {
-	return `<!doctype html>
-<html>
-<head>
-  <title>` + title + `</title>
-  <style>@import url('/ui/style.css');@import url('/ui/app.css');</style>
-</head>
-<body><h1>` + title + `</h1>
-`
-}
-
-var htmlFooter = `</body>
-</html>`

cmd/dkl-local-server/render-context.go

@@ -266,20 +266,6 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
 
 			return
 		},
-		"wg_key": func(name string) (key string, err error) {
-			return wgKey(name + "/hosts/" + ctx.Host.Name)
-		},
-		"wg_psk": func(name, peerName string) (key string, err error) {
-			a := ctx.Host.Name
-			b := peerName
-			if a > b {
-				a, b = b, a
-			}
-			return wgKey(name + "/psks/" + a + " " + b)
-		},
-		"wg_pubkey": func(name, host string) (key string, err error) {
-			return wgKey(name + "/hosts/" + host)
-		},
 	} {
 		funcs[name] = method
 	}

cmd/dkl-local-server/wireguard.go

@@ -1,44 +0,0 @@
-package main
-
-import (
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-var wgKeys = KVSecrets[string]{"wireguard"}
-
-func wgKey(path string) (key string, err error) {
-	return wgKeys.GetOrCreate(path, func() (key string, err error) {
-		k, err := wgtypes.GeneratePrivateKey()
-		if err != nil {
-			return
-		}
-		key = k.String()
-		return
-	})
-}
-
-func wgPSKey(path string) (key string, err error) {
-	return wgKeys.GetOrCreate(path, func() (key string, err error) {
-		k, err := wgtypes.GenerateKey()
-		if err != nil {
-			return
-		}
-		key = k.String()
-		return
-	})
-}
-
-func wgPubKey(path string) (pubkey string, err error) {
-	key, err := wgKey(path)
-	if err != nil {
-		return
-	}
-
-	k, err := wgtypes.ParseKey(key)
-	if err != nil {
-		return
-	}
-
-	pubkey = k.PublicKey().String()
-	return
-}

cmd/dkl-local-server/ws-download-set.go

@@ -17,11 +17,6 @@ import (
 	"m.cluseau.fr/go/httperr"
 )
 
-func globMatch(pattern, value string) bool {
-	ok, _ := filepath.Match(pattern, value)
-	return ok
-}
-
 type DownloadSet struct {
 	Expiry time.Time
 	Items  []DownloadSetItem
@@ -29,7 +24,7 @@ type DownloadSet struct {
 
 func (s DownloadSet) Contains(kind, name, asset string) bool {
 	for _, item := range s.Items {
-		if item.Kind == kind && globMatch(item.Name, name) &&
+		if item.Kind == kind && item.Name == name &&
 			slices.Contains(item.Assets, asset) {
 			return true
 		}
@@ -246,13 +241,28 @@ func wsDownloadSet(req *restful.Request, resp *restful.Response) {
 	set, err := getDlSet(req)
 	if err != nil {
 		resp.WriteHeader(err.Status)
-		resp.Write([]byte(htmlHeader(err.Error())))
+		resp.Write([]byte(`<!doctype html>
-		resp.Write([]byte(htmlFooter))
+<html>
+<head>
+  <title>` + err.Error() + `</title>
+  <style src="/ui/style.css"/>
+  <style src="/ui/app.css"/>
+</head>
+<body><h1>` + err.Error() + `</h1></body>
+</html>`))
 		return
 	}
 
 	buf := new(bytes.Buffer)
-	buf.WriteString(htmlHeader("Download set"))
+	buf.WriteString(`<!doctype html>
+<html>
+<head>
+  <title>Download set</title>
+  <style src="/ui/style.css"/>
+  <style src="/ui/app.css"/>
+</head>
+<body><h1>Download set</h1>
+`)
 
 	cfg, err2 := readConfig()
 	if err2 != nil {
@@ -265,13 +275,13 @@ func wsDownloadSet(req *restful.Request, resp *restful.Response) {
 		switch item.Kind {
 		case "cluster":
 			for _, c := range cfg.Clusters {
-				if globMatch(item.Name, c.Name) {
+				if ok, _ := filepath.Match(item.Name, c.Name); ok {
 					names = append(names, c.Name)
 				}
 			}
 		case "host":
 			for _, h := range cfg.Hosts {
-				if globMatch(item.Name, h.Name) {
+				if ok, _ := filepath.Match(item.Name, h.Name); ok {
 					names = append(names, h.Name)
 				}
 			}
@@ -287,6 +297,6 @@ func wsDownloadSet(req *restful.Request, resp *restful.Response) {
 		}
 	}
 
-	buf.WriteString(htmlFooter)
+	buf.WriteString("</body></html>")
 	buf.WriteTo(resp)
 }

cmd/dkl-local-server/ws-downloads.go

@@ -180,20 +180,34 @@ func wsDownloadPage(req *restful.Request, resp *restful.Response) {
 	spec, ok := wState.Get().Downloads[token]
 	if !ok {
 		resp.WriteHeader(http.StatusNotFound)
-		resp.Write([]byte(htmlHeader("Token not found")))
+		resp.Write([]byte(`<!doctype html>
-		resp.Write([]byte(htmlFooter))
+<html>
+<head>
+  <title>Token not found</title>
+  <style src="/ui/style.css"/>
+  <style src="/ui/app.css"/>
+</head>
+<body><h1>Token not found</h1></body>
+</html>`))
 		return
 	}
 
 	buf := new(bytes.Buffer)
-	buf.WriteString(htmlHeader(fmt.Sprintf("Token assets: %s %s", spec.Kind, spec.Name)))
+	fmt.Fprintf(buf, `<!doctype html>
+<html>
+<head>
+  <title>Token assets: %s %s</title>
+  <style src="/ui/style.css"/>
+  <style src="/ui/app.css"/>
+</head>
+<body><h1>Token assets: %s %s</h1>
+<ul>
+`, spec.Kind, spec.Name, spec.Kind, spec.Name)
 
-	buf.WriteString("<ul>")
 	for _, asset := range spec.Assets {
 		fmt.Fprintf(buf, "<li><a href=\"%s\" download>%s</a></li>\n", asset, asset)
 	}
-	buf.WriteString("</ul>")
 
-	buf.WriteString(htmlFooter)
+	buf.WriteString("</ul></body></html>")
 	buf.WriteTo(resp)
 }

cmd/dkl-local-server/ws-hosts-from-templates.go

@@ -28,6 +28,7 @@ func (hft HostFromTemplate) ClusterName(cfg *localconfig.Config) string {
 func hostOrTemplate(cfg *localconfig.Config, name string) (host *localconfig.Host) {
 	host = cfg.Host(name)
 	if host != nil {
+		log.Print("no host named ", name)
 		return
 	}
 
@@ -38,13 +39,13 @@ func hostOrTemplate(cfg *localconfig.Config, name string) (host *localconfig.Hos
 	}
 
 	if !found {
-		log.Print("no host named ", name)
+		log.Print("no host from template named ", name)
 		return
 	}
 
 	ht := cfg.HostTemplate(hft.Template)
 	if ht == nil {
-		log.Print("host ", name, " found but no template named ", hft.Template)
+		log.Print("no host template named ", name)
 		return
 	}
 

go.mod

@@ -11,15 +11,12 @@ require (
 	github.com/emicklei/go-restful v2.16.0+incompatible
 	github.com/emicklei/go-restful-openapi v1.4.1
 	github.com/go-git/go-git/v5 v5.16.2
-	github.com/klauspost/compress v1.18.0
 	github.com/mcluseau/go-swagger-ui v0.0.0-20191019002626-fd9128c24a34
 	github.com/miolini/datacounter v1.0.3
 	github.com/oklog/ulid v1.3.1
 	github.com/pierrec/lz4 v2.6.1+incompatible
 	github.com/sergeymakinen/go-crypt v1.0.1
 	golang.org/x/crypto v0.39.0
-	golang.org/x/sys v0.33.0
-	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
 	gopkg.in/src-d/go-billy.v4 v4.3.2
 	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v2 v2.4.0
@@ -58,6 +55,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kisielk/sqlstruct v0.0.0-20210630145711-dae28ed37023 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -73,6 +71,7 @@ require (
 	github.com/zmap/zlint/v3 v3.5.0 // indirect
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/text v0.26.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect

go.sum

@@ -3,6 +3,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/DataDog/zstd v1.5.7 h1:ybO8RBeh29qrxIhCA9E8gKY6xfONU9T6G6aP9DTKfLE=
+github.com/DataDog/zstd v1.5.7/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
@@ -311,8 +313,6 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 h1:3GDAcqdIg1ozBNLgPy4SLT84nfcBjr6rhGtXYtrkWLU=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ=
 gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0=
 gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=

hack/docker-build

@@ -1,11 +1,8 @@
 #! /bin/bash
 set -ex
-
-GIT_TAG=$(git describe --always --dirty)
-
 case "$1" in
-commit) tag=$GIT_TAG ;;
+commit) tag=$(git describe --always --dirty) ;;
 "")     tag=latest ;;
 *)      tag=$1 ;;
 esac
-docker build -t novit.tech/direktil/local-server:$tag . --build-arg GIT_TAG=$GIT_TAG
+docker build -t novit.tech/direktil/local-server:$tag .