internal/configuration/sources/env/openvpn.go

package env

import (
	"fmt"
	"strings"

	"github.com/qdm12/gluetun/internal/configuration/settings"
	"github.com/qdm12/gosettings/sources/env"
	"github.com/qdm12/govalid/binary"
)

func (s *Source) readOpenVPN() (
	openVPN settings.OpenVPN, err error) {
	defer func() {
		err = unsetEnvKeys([]string{"OPENVPN_KEY", "OPENVPN_CERT",
			"OPENVPN_KEY_PASSPHRASE", "OPENVPN_ENCRYPTED_KEY"}, err)
	}()

	openVPN.Version = env.Get("OPENVPN_VERSION")
	openVPN.User = s.readOpenVPNUser()
	openVPN.Password = s.readOpenVPNPassword()
	confFile := env.Get("OPENVPN_CUSTOM_CONFIG")
	if confFile != "" {
		openVPN.ConfFile = &confFile
	}

	ciphersKey, _ := s.getEnvWithRetro("OPENVPN_CIPHERS", []string{"OPENVPN_CIPHER"})
	openVPN.Ciphers = envToCSV(ciphersKey)

	auth := env.Get("OPENVPN_AUTH")
	if auth != "" {
		openVPN.Auth = &auth
	}

	openVPN.Cert = envToStringPtr("OPENVPN_CERT", env.ForceLowercase(false))
	openVPN.Key = envToStringPtr("OPENVPN_KEY", env.ForceLowercase(false))
	openVPN.EncryptedKey = envToStringPtr("OPENVPN_ENCRYPTED_KEY", env.ForceLowercase(false))

	openVPN.KeyPassphrase = s.readOpenVPNKeyPassphrase()

	openVPN.PIAEncPreset = s.readPIAEncryptionPreset()

	openVPN.MSSFix, err = envToUint16Ptr("OPENVPN_MSSFIX")
	if err != nil {
		return openVPN, fmt.Errorf("environment variable OPENVPN_MSSFIX: %w", err)
	}

	_, openVPN.Interface = s.getEnvWithRetro("VPN_INTERFACE",
		[]string{"OPENVPN_INTERFACE"}, env.ForceLowercase(false))

	openVPN.ProcessUser, err = s.readOpenVPNProcessUser()
	if err != nil {
		return openVPN, err
	}

	openVPN.Verbosity, err = envToIntPtr("OPENVPN_VERBOSITY")
	if err != nil {
		return openVPN, fmt.Errorf("environment variable OPENVPN_VERBOSITY: %w", err)
	}

	flagsStr := env.Get("OPENVPN_FLAGS", env.ForceLowercase(false))
	if flagsStr != "" {
		openVPN.Flags = strings.Fields(flagsStr)
	}

	return openVPN, nil
}

func (s *Source) readOpenVPNUser() (user *string) {
	user = new(string)
	_, *user = s.getEnvWithRetro("OPENVPN_USER",
		[]string{"USER"}, env.ForceLowercase(false))
	if *user == "" {
		return nil
	}

	// Remove spaces in user ID to simplify user's life, thanks @JeordyR
	*user = strings.ReplaceAll(*user, " ", "")
	return user
}

func (s *Source) readOpenVPNPassword() (password *string) {
	password = new(string)
	_, *password = s.getEnvWithRetro("OPENVPN_PASSWORD",
		[]string{"PASSWORD"}, env.ForceLowercase(false))
	if *password == "" {
		return nil
	}

	return password
}

func (s *Source) readOpenVPNKeyPassphrase() (passphrase *string) {
	passphrase = new(string)
	*passphrase = env.Get("OPENVPN_KEY_PASSPHRASE", env.ForceLowercase(false))
	if *passphrase == "" {
		return nil
	}
	return passphrase
}

func (s *Source) readPIAEncryptionPreset() (presetPtr *string) {
	_, preset := s.getEnvWithRetro(
		"PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET",
		[]string{"PIA_ENCRYPTION", "ENCRYPTION"})
	if preset != "" {
		return &preset
	}
	return nil
}

func (s *Source) readOpenVPNProcessUser() (processUser string, err error) {
	key, value := s.getEnvWithRetro("OPENVPN_PROCESS_USER",
		[]string{"OPENVPN_ROOT"})
	if key == "OPENVPN_PROCESS_USER" {
		return value, nil
	}

	// Retro-compatibility
	if value == "" {
		return "", nil
	}
	root, err := binary.Validate(value)
	if err != nil {
		return "", fmt.Errorf("environment variable %s: %w", key, err)
	}
	if *root {
		return "root", nil
	}
	const defaultNonRootUser = "nonrootuser"
	return defaultNonRootUser, nil
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`package env`

			`import (`
			`"fmt"`
			`"strings"`

			`"github.com/qdm12/gluetun/internal/configuration/settings"`
fix(settings): use qdm12/gosettings `env.Get` 2023-05-29 20:43:06 +00:00			`"github.com/qdm12/gosettings/sources/env"`
chore(env): `getEnvWithRetro` helper function 2022-01-29 14:55:56 +00:00			`"github.com/qdm12/govalid/binary"`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`)`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s *Source) readOpenVPN() (`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`openVPN settings.OpenVPN, err error) {`
			`defer func() {`
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider 2022-08-15 19:54:58 -04:00			`err = unsetEnvKeys([]string{"OPENVPN_KEY", "OPENVPN_CERT",`
			`"OPENVPN_KEY_PASSPHRASE", "OPENVPN_ENCRYPTED_KEY"}, err)`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}()`

fix(settings): use qdm12/gosettings `env.Get` 2023-05-29 20:43:06 +00:00			`openVPN.Version = env.Get("OPENVPN_VERSION")`
chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`openVPN.User = s.readOpenVPNUser()`
			`openVPN.Password = s.readOpenVPNPassword()`
fix(settings): use qdm12/gosettings `env.Get` 2023-05-29 20:43:06 +00:00			`confFile := env.Get("OPENVPN_CUSTOM_CONFIG")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if confFile != "" {`
			`openVPN.ConfFile = &confFile`
			`}`

hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`ciphersKey, _ := s.getEnvWithRetro("OPENVPN_CIPHERS", []string{"OPENVPN_CIPHER"})`
hotfix(env): `OPENVPN_CIPHERS` empty parsing 2022-02-06 22:58:23 +00:00			`openVPN.Ciphers = envToCSV(ciphersKey)`
chore(env): `OPENVPN_CIPHERS` variable - With retro-compatibility with `OPENVPN_CIPHER` 2022-02-05 22:36:51 +00:00
fix(settings): use qdm12/gosettings `env.Get` 2023-05-29 20:43:06 +00:00			`auth := env.Get("OPENVPN_AUTH")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if auth != "" {`
			`openVPN.Auth = &auth`
			`}`

hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`openVPN.Cert = envToStringPtr("OPENVPN_CERT", env.ForceLowercase(false))`
			`openVPN.Key = envToStringPtr("OPENVPN_KEY", env.ForceLowercase(false))`
			`openVPN.EncryptedKey = envToStringPtr("OPENVPN_ENCRYPTED_KEY", env.ForceLowercase(false))`
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider 2022-08-15 19:54:58 -04:00
chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`openVPN.KeyPassphrase = s.readOpenVPNKeyPassphrase()`
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider 2022-08-15 19:54:58 -04:00
chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`openVPN.PIAEncPreset = s.readPIAEncryptionPreset()`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00
			`openVPN.MSSFix, err = envToUint16Ptr("OPENVPN_MSSFIX")`
			`if err != nil {`
			`return openVPN, fmt.Errorf("environment variable OPENVPN_MSSFIX: %w", err)`
			`}`

hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`_, openVPN.Interface = s.getEnvWithRetro("VPN_INTERFACE",`
			`[]string{"OPENVPN_INTERFACE"}, env.ForceLowercase(false))`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00
chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`openVPN.ProcessUser, err = s.readOpenVPNProcessUser()`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if err != nil {`
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00			`return openVPN, err`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`

			`openVPN.Verbosity, err = envToIntPtr("OPENVPN_VERBOSITY")`
			`if err != nil {`
			`return openVPN, fmt.Errorf("environment variable OPENVPN_VERBOSITY: %w", err)`
			`}`

hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`flagsStr := env.Get("OPENVPN_FLAGS", env.ForceLowercase(false))`
fix(env): `OPENVPN_FLAGS` functionality 2022-03-31 20:49:01 +00:00			`if flagsStr != "" {`
			`openVPN.Flags = strings.Fields(flagsStr)`
			`}`

chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`return openVPN, nil`
			`}`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s Source) readOpenVPNUser() (user string) {`
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider 2022-08-13 16:44:38 +00:00			`user = new(string)`
hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`_, *user = s.getEnvWithRetro("OPENVPN_USER",`
			`[]string{"USER"}, env.ForceLowercase(false))`
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider 2022-08-13 16:44:38 +00:00			`if *user == "" {`
			`return nil`
			`}`

chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`// Remove spaces in user ID to simplify user's life, thanks @JeordyR`
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider 2022-08-13 16:44:38 +00:00			`user = strings.ReplaceAll(user, " ", "")`
			`return user`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s Source) readOpenVPNPassword() (password string) {`
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider 2022-08-13 16:44:38 +00:00			`password = new(string)`
hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`_, *password = s.getEnvWithRetro("OPENVPN_PASSWORD",`
			`[]string{"PASSWORD"}, env.ForceLowercase(false))`
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider 2022-08-13 16:44:38 +00:00			`if *password == "" {`
			`return nil`
			`}`

chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`return password`
			`}`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s Source) readOpenVPNKeyPassphrase() (passphrase string) {`
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider 2022-08-15 19:54:58 -04:00			`passphrase = new(string)`
hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`*passphrase = env.Get("OPENVPN_KEY_PASSPHRASE", env.ForceLowercase(false))`
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider 2022-08-15 19:54:58 -04:00			`if *passphrase == "" {`
			`return nil`
			`}`
			`return passphrase`
			`}`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s Source) readPIAEncryptionPreset() (presetPtr string) {`
			`_, preset := s.getEnvWithRetro(`
chore(env): `PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET` variable - With retro-compatibility with `PIA_ENCRYPTION` and `ENCRYPTION` 2022-02-05 22:38:03 +00:00			`"PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET",`
hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`[]string{"PIA_ENCRYPTION", "ENCRYPTION"})`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if preset != "" {`
			`return &preset`
			`}`
			`return nil`
			`}`
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00
chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s *Source) readOpenVPNProcessUser() (processUser string, err error) {`
hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`key, value := s.getEnvWithRetro("OPENVPN_PROCESS_USER",`
			`[]string{"OPENVPN_ROOT"})`
chore(env): `getEnvWithRetro` helper function 2022-01-29 14:55:56 +00:00			`if key == "OPENVPN_PROCESS_USER" {`
			`return value, nil`
			`}`

feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00			`// Retro-compatibility`
chore(env): `getEnvWithRetro` helper function 2022-01-29 14:55:56 +00:00			`if value == "" {`
			`return "", nil`
			`}`
			`root, err := binary.Validate(value)`
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00			`if err != nil {`
chore(env): `getEnvWithRetro` helper function 2022-01-29 14:55:56 +00:00			`return "", fmt.Errorf("environment variable %s: %w", key, err)`
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00			`}`
chore(deps): bump gosettings and govalid 2023-05-27 08:52:41 +00:00			`if *root {`
chore(env): `getEnvWithRetro` helper function 2022-01-29 14:55:56 +00:00			`return "root", nil`
			`}`
			`const defaultNonRootUser = "nonrootuser"`
			`return defaultNonRootUser, nil`
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT` 2022-01-27 23:34:19 +00:00			`}`