admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47593928f9afe6456c53490fd1f1d6c9331730b4
gluetun/internal/configuration/sources/env/openvpn.go

129 lines
3.1 KiB
Go
Raw Normal View History

chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
package env
import (
"fmt"
"strings"
"github.com/qdm12/gluetun/internal/configuration/settings"
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
"github.com/qdm12/gosettings/sources/env"
chore(env): `getEnvWithRetro` helper function
2022-01-29 14:55:56 +00:00
"github.com/qdm12/govalid/binary"
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
)
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readOpenVPN() (
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
openVPN settings.OpenVPN, err error) {
defer func() {
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
2022-08-15 19:54:58 -04:00
err = unsetEnvKeys([]string{"OPENVPN_KEY", "OPENVPN_CERT",
"OPENVPN_KEY_PASSPHRASE", "OPENVPN_ENCRYPTED_KEY"}, err)
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
}()
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
openVPN.Version = env.Get("OPENVPN_VERSION")
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
openVPN.User = s.readOpenVPNUser()
openVPN.Password = s.readOpenVPNPassword()
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
confFile := env.Get("OPENVPN_CUSTOM_CONFIG")
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
if confFile != "" {
openVPN.ConfFile = &confFile
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
ciphersKey, _ := s.getEnvWithRetro("OPENVPN_CIPHERS", "OPENVPN_CIPHER")
hotfix(env): `OPENVPN_CIPHERS` empty parsing
2022-02-06 22:58:23 +00:00
openVPN.Ciphers = envToCSV(ciphersKey)
chore(env): `OPENVPN_CIPHERS` variable - With retro-compatibility with `OPENVPN_CIPHER`
2022-02-05 22:36:51 +00:00
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
auth := env.Get("OPENVPN_AUTH")
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
if auth != "" {
openVPN.Auth = &auth
}
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key
2022-08-24 17:48:45 +00:00
openVPN.Cert = envToStringPtr("OPENVPN_CERT")
openVPN.Key = envToStringPtr("OPENVPN_KEY")
openVPN.EncryptedKey = envToStringPtr("OPENVPN_ENCRYPTED_KEY")
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
2022-08-15 19:54:58 -04:00
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
openVPN.KeyPassphrase = s.readOpenVPNKeyPassphrase()
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
2022-08-15 19:54:58 -04:00
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
openVPN.PIAEncPreset = s.readPIAEncryptionPreset()
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
openVPN.MSSFix, err = envToUint16Ptr("OPENVPN_MSSFIX")
if err != nil {
return openVPN, fmt.Errorf("environment variable OPENVPN_MSSFIX: %w", err)
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
_, openVPN.Interface = s.getEnvWithRetro("VPN_INTERFACE", "OPENVPN_INTERFACE")
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
openVPN.ProcessUser, err = s.readOpenVPNProcessUser()
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
if err != nil {
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
return openVPN, err
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
}
openVPN.Verbosity, err = envToIntPtr("OPENVPN_VERBOSITY")
if err != nil {
return openVPN, fmt.Errorf("environment variable OPENVPN_VERBOSITY: %w", err)
}
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
flagsStr := env.Get("OPENVPN_FLAGS")
fix(env): `OPENVPN_FLAGS` functionality
2022-03-31 20:49:01 +00:00
if flagsStr != "" {
openVPN.Flags = strings.Fields(flagsStr)
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
return openVPN, nil
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readOpenVPNUser() (user *string) {
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider
2022-08-13 16:44:38 +00:00
user = new(string)
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
_, *user = s.getEnvWithRetro("OPENVPN_USER", "USER")
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider
2022-08-13 16:44:38 +00:00
if *user == "" {
return nil
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
// Remove spaces in user ID to simplify user's life, thanks @JeordyR
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider
2022-08-13 16:44:38 +00:00
*user = strings.ReplaceAll(*user, " ", "")
return user
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readOpenVPNPassword() (password *string) {
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider
2022-08-13 16:44:38 +00:00
password = new(string)
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
_, *password = s.getEnvWithRetro("OPENVPN_PASSWORD", "PASSWORD")
chore: OpenVPN user and password as nullable - Username and password can be the empty string for custom provider
2022-08-13 16:44:38 +00:00
if *password == "" {
return nil
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
return password
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readOpenVPNKeyPassphrase() (passphrase *string) {
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
2022-08-15 19:54:58 -04:00
passphrase = new(string)
fix(settings): use qdm12/gosettings `env.Get`
2023-05-29 20:43:06 +00:00
*passphrase = env.Get("OPENVPN_KEY_PASSPHRASE")
feat: add VPNsecure.me support (#848) - `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
2022-08-15 19:54:58 -04:00
if *passphrase == "" {
return nil
}
return passphrase
}
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readPIAEncryptionPreset() (presetPtr *string) {
_, preset := s.getEnvWithRetro(
chore(env): `PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET` variable - With retro-compatibility with `PIA_ENCRYPTION` and `ENCRYPTION`
2022-02-05 22:38:03 +00:00
"PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET",
"PIA_ENCRYPTION", "ENCRYPTION")
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
if preset != "" {
return &preset
}
return nil
}
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
chore(config): rename `Reader` to `Source` struct
2022-08-26 15:16:51 +00:00
func (s *Source) readOpenVPNProcessUser() (processUser string, err error) {
key, value := s.getEnvWithRetro("OPENVPN_PROCESS_USER", "OPENVPN_ROOT")
chore(env): `getEnvWithRetro` helper function
2022-01-29 14:55:56 +00:00
if key == "OPENVPN_PROCESS_USER" {
return value, nil
}
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
// Retro-compatibility
chore(env): `getEnvWithRetro` helper function
2022-01-29 14:55:56 +00:00
if value == "" {
return "", nil
}
root, err := binary.Validate(value)
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
if err != nil {
chore(env): `getEnvWithRetro` helper function
2022-01-29 14:55:56 +00:00
return "", fmt.Errorf("environment variable %s: %w", key, err)
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
}
chore(deps): bump gosettings and govalid
2023-05-27 08:52:41 +00:00
if *root {
chore(env): `getEnvWithRetro` helper function
2022-01-29 14:55:56 +00:00
return "root", nil
}
const defaultNonRootUser = "nonrootuser"
return defaultNonRootUser, nil
feat(openvpn): `OPENVPN_PROCESS_USER` and deprecates `OPENVPN_ROOT`
2022-01-27 23:34:19 +00:00
}
Reference in New Issue Copy Permalink