internal/settings/dns.go

package settings

import (
	"fmt"
	"strings"

	"github.com/qdm12/private-internet-access-docker/internal/models"
	"github.com/qdm12/private-internet-access-docker/internal/params"
)

// DNS contains settings to configure Unbound for DNS over TLS operation
type DNS struct {
	Enabled               bool
	Providers             []models.DNSProvider
	AllowedHostnames      []string
	PrivateAddresses      []string
	BlockMalicious        bool
	BlockSurveillance     bool
	BlockAds              bool
	VerbosityLevel        uint8
	VerbosityDetailsLevel uint8
	ValidationLogLevel    uint8
}

func (d *DNS) String() string {
	if !d.Enabled {
		return "DNS over TLS settings: disabled"
	}
	blockMalicious, blockSurveillance, blockAds := "disabed", "disabed", "disabed"
	if d.BlockMalicious {
		blockMalicious = "enabled"
	}
	if d.BlockSurveillance {
		blockSurveillance = "enabled"
	}
	if d.BlockAds {
		blockAds = "enabled"
	}
	var providersStr []string
	for _, provider := range d.Providers {
		providersStr = append(providersStr, string(provider))
	}
	settingsList := []string{
		"DNS over TLS settings:",
		"DNS over TLS provider:\n  |--" + strings.Join(providersStr, "\n  |--"),
		"Block malicious: " + blockMalicious,
		"Block surveillance: " + blockSurveillance,
		"Block ads: " + blockAds,
		"Allowed hostnames:\n  |--" + strings.Join(d.AllowedHostnames, "\n  |--"),
		"Private addresses:\n  |--" + strings.Join(d.PrivateAddresses, "\n  |--"),
		"Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel),
		"Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel),
		"Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel),
	}
	return strings.Join(settingsList, "\n |--")
}

// GetDNSSettings obtains DNS over TLS settings from environment variables using the params package.
func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
	settings.Enabled, err = params.GetDNSOverTLS()
	if err != nil || !settings.Enabled {
		return settings, err
	}
	settings.Providers, err = params.GetDNSOverTLSProviders()
	if err != nil {
		return settings, err
	}
	settings.AllowedHostnames, err = params.GetDNSUnblockedHostnames()
	if err != nil {
		return settings, err
	}
	settings.BlockMalicious, err = params.GetDNSMaliciousBlocking()
	if err != nil {
		return settings, err
	}
	settings.BlockSurveillance, err = params.GetDNSSurveillanceBlocking()
	if err != nil {
		return settings, err
	}
	settings.BlockAds, err = params.GetDNSAdsBlocking()
	if err != nil {
		return settings, err
	}
	settings.VerbosityLevel, err = params.GetDNSOverTLSVerbosity()
	if err != nil {
		return settings, err
	}
	settings.VerbosityDetailsLevel, err = params.GetDNSOverTLSVerbosityDetails()
	if err != nil {
		return settings, err
	}
	settings.ValidationLogLevel, err = params.GetDNSOverTLSValidationLogLevel()
	if err != nil {
		return settings, err
	}
	settings.PrivateAddresses = []string{ // TODO make env variable
		"127.0.0.1/8",
		"10.0.0.0/8",
		"172.16.0.0/12",
		"192.168.0.0/16",
		"169.254.0.0/16",
		"::1/128",
		"fc00::/7",
		"fe80::/10",
		"::ffff:0:0/96",
	}
	return settings, nil
}
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`package settings`

			`import (`
			`"fmt"`
			`"strings"`

			`"github.com/qdm12/private-internet-access-docker/internal/models"`
			`"github.com/qdm12/private-internet-access-docker/internal/params"`
			`)`

			`// DNS contains settings to configure Unbound for DNS over TLS operation`
			`type DNS struct {`
			`Enabled bool`
			`Providers []models.DNSProvider`
			`AllowedHostnames []string`
			`PrivateAddresses []string`
			`BlockMalicious bool`
			`BlockSurveillance bool`
			`BlockAds bool`
			`VerbosityLevel uint8`
			`VerbosityDetailsLevel uint8`
			`ValidationLogLevel uint8`
			`}`

			`func (d *DNS) String() string {`
			`if !d.Enabled {`
			`return "DNS over TLS settings: disabled"`
			`}`
			`blockMalicious, blockSurveillance, blockAds := "disabed", "disabed", "disabed"`
			`if d.BlockMalicious {`
			`blockMalicious = "enabled"`
			`}`
			`if d.BlockSurveillance {`
			`blockSurveillance = "enabled"`
			`}`
			`if d.BlockAds {`
			`blockAds = "enabled"`
			`}`
			`var providersStr []string`
			`for _, provider := range d.Providers {`
			`providersStr = append(providersStr, string(provider))`
			`}`
			`settingsList := []string{`
			`"DNS over TLS settings:",`
Minor changes - Added missing environment variables to Dockerfile - Constant ca certificates filepath - Removed dns/os.go unused file - Formatting improvements - Added comments - Readme TODOs update 2020-02-08 21:08:49 +00:00			`"DNS over TLS provider:\n \|--" + strings.Join(providersStr, "\n \|--"),`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`"Block malicious: " + blockMalicious,`
			`"Block surveillance: " + blockSurveillance,`
			`"Block ads: " + blockAds,`
Minor changes - Added missing environment variables to Dockerfile - Constant ca certificates filepath - Removed dns/os.go unused file - Formatting improvements - Added comments - Readme TODOs update 2020-02-08 21:08:49 +00:00			`"Allowed hostnames:\n \|--" + strings.Join(d.AllowedHostnames, "\n \|--"),`
Rewrite of the entrypoint in Golang (#71) - General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR) 2020-02-06 20:42:46 -05:00			`"Private addresses:\n \|--" + strings.Join(d.PrivateAddresses, "\n \|--"),`
			`"Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel),`
			`"Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel),`
			`"Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel),`
			`}`
			`return strings.Join(settingsList, "\n \|--")`
			`}`

			`// GetDNSSettings obtains DNS over TLS settings from environment variables using the params package.`
			`func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {`
			`settings.Enabled, err = params.GetDNSOverTLS()`
			`if err != nil \|\| !settings.Enabled {`
			`return settings, err`
			`}`
			`settings.Providers, err = params.GetDNSOverTLSProviders()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.AllowedHostnames, err = params.GetDNSUnblockedHostnames()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.BlockMalicious, err = params.GetDNSMaliciousBlocking()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.BlockSurveillance, err = params.GetDNSSurveillanceBlocking()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.BlockAds, err = params.GetDNSAdsBlocking()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.VerbosityLevel, err = params.GetDNSOverTLSVerbosity()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.VerbosityDetailsLevel, err = params.GetDNSOverTLSVerbosityDetails()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.ValidationLogLevel, err = params.GetDNSOverTLSValidationLogLevel()`
			`if err != nil {`
			`return settings, err`
			`}`
			`settings.PrivateAddresses = []string{ // TODO make env variable`
			`"127.0.0.1/8",`
			`"10.0.0.0/8",`
			`"172.16.0.0/12",`
			`"192.168.0.0/16",`
			`"169.254.0.0/16",`
			`"::1/128",`
			`"fc00::/7",`
			`"fe80::/10",`
			`"::ffff:0:0/96",`
			`}`
			`return settings, nil`
			`}`