Rewrite of the entrypoint in Golang (#71)

- General improvements
    - Parallel download of only needed files at start
    - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.)
    - Simplified Docker final image
    - Faster bootup
- DNS over TLS
    - Finer grain blocking at DNS level: malicious, ads and surveillance
    - Choose your DNS over TLS providers
    - Ability to use multiple DNS over TLS providers for DNS split horizon
    - Environment variables for DNS logging
    - DNS block lists needed are downloaded and built automatically at start, in parallel
- PIA
    - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR)
    - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR)

internal/settings/dns.go

@@ -0,0 +1,108 @@
+package settings
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// DNS contains settings to configure Unbound for DNS over TLS operation
+type DNS struct {
+	Enabled               bool
+	Providers             []models.DNSProvider
+	AllowedHostnames      []string
+	PrivateAddresses      []string
+	BlockMalicious        bool
+	BlockSurveillance     bool
+	BlockAds              bool
+	VerbosityLevel        uint8
+	VerbosityDetailsLevel uint8
+	ValidationLogLevel    uint8
+}
+
+func (d *DNS) String() string {
+	if !d.Enabled {
+		return "DNS over TLS settings: disabled"
+	}
+	blockMalicious, blockSurveillance, blockAds := "disabed", "disabed", "disabed"
+	if d.BlockMalicious {
+		blockMalicious = "enabled"
+	}
+	if d.BlockSurveillance {
+		blockSurveillance = "enabled"
+	}
+	if d.BlockAds {
+		blockAds = "enabled"
+	}
+	var providersStr []string
+	for _, provider := range d.Providers {
+		providersStr = append(providersStr, string(provider))
+	}
+	settingsList := []string{
+		"DNS over TLS settings:",
+		"DNS over TLS provider: \n  |--" + strings.Join(providersStr, "\n  |--"),
+		"Block malicious: " + blockMalicious,
+		"Block surveillance: " + blockSurveillance,
+		"Block ads: " + blockAds,
+		"Allowed hostnames: " + strings.Join(d.AllowedHostnames, ", "),
+		"Private addresses:\n  |--" + strings.Join(d.PrivateAddresses, "\n  |--"),
+		"Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel),
+		"Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel),
+		"Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel),
+	}
+	return strings.Join(settingsList, "\n |--")
+}
+
+// GetDNSSettings obtains DNS over TLS settings from environment variables using the params package.
+func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
+	settings.Enabled, err = params.GetDNSOverTLS()
+	if err != nil || !settings.Enabled {
+		return settings, err
+	}
+	settings.Providers, err = params.GetDNSOverTLSProviders()
+	if err != nil {
+		return settings, err
+	}
+	settings.AllowedHostnames, err = params.GetDNSUnblockedHostnames()
+	if err != nil {
+		return settings, err
+	}
+	settings.BlockMalicious, err = params.GetDNSMaliciousBlocking()
+	if err != nil {
+		return settings, err
+	}
+	settings.BlockSurveillance, err = params.GetDNSSurveillanceBlocking()
+	if err != nil {
+		return settings, err
+	}
+	settings.BlockAds, err = params.GetDNSAdsBlocking()
+	if err != nil {
+		return settings, err
+	}
+	settings.VerbosityLevel, err = params.GetDNSOverTLSVerbosity()
+	if err != nil {
+		return settings, err
+	}
+	settings.VerbosityDetailsLevel, err = params.GetDNSOverTLSVerbosityDetails()
+	if err != nil {
+		return settings, err
+	}
+	settings.ValidationLogLevel, err = params.GetDNSOverTLSValidationLogLevel()
+	if err != nil {
+		return settings, err
+	}
+	settings.PrivateAddresses = []string{ // TODO make env variable
+		"127.0.0.1/8",
+		"10.0.0.0/8",
+		"172.16.0.0/12",
+		"192.168.0.0/16",
+		"169.254.0.0/16",
+		"::1/128",
+		"fc00::/7",
+		"fe80::/10",
+		"::ffff:0:0/96",
+	}
+	return settings, nil
+}

internal/settings/firewall.go

@@ -0,0 +1,34 @@
+package settings
+
+import (
+	"net"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// Firewall contains settings to customize the firewall operation
+type Firewall struct {
+	AllowedSubnets []net.IPNet
+}
+
+func (f *Firewall) String() string {
+	var allowedSubnets []string
+	for _, net := range f.AllowedSubnets {
+		allowedSubnets = append(allowedSubnets, net.String())
+	}
+	settingsList := []string{
+		"Firewall settings:",
+		"Allowed subnets: " + strings.Join(allowedSubnets, ", "),
+	}
+	return strings.Join(settingsList, "\n |--")
+}
+
+// GetFirewallSettings obtains firewall settings from environment variables using the params package.
+func GetFirewallSettings(params params.ParamsReader) (settings Firewall, err error) {
+	settings.AllowedSubnets, err = params.GetExtraSubnets()
+	if err != nil {
+		return settings, err
+	}
+	return settings, nil
+}

internal/settings/openvpn.go

@@ -0,0 +1,30 @@
+package settings
+
+import (
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// OpenVPN contains settings to configure the OpenVPN client
+type OpenVPN struct {
+	NetworkProtocol models.NetworkProtocol
+}
+
+// GetOpenVPNSettings obtains the OpenVPN settings using the params functions
+func GetOpenVPNSettings(params params.ParamsReader) (settings OpenVPN, err error) {
+	settings.NetworkProtocol, err = params.GetNetworkProtocol()
+	if err != nil {
+		return settings, err
+	}
+	return settings, nil
+}
+
+func (o *OpenVPN) String() string {
+	settingsList := []string{
+		"OpenVPN settings:",
+		"Network protocol: " + string(o.NetworkProtocol),
+	}
+	return strings.Join(settingsList, "\n|--")
+}

internal/settings/pia.go

@@ -0,0 +1,72 @@
+package settings
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// PIA contains the settings to connect to a PIA server
+type PIA struct {
+	User           string
+	Password       string
+	Encryption     models.PIAEncryption
+	Region         models.PIARegion
+	PortForwarding PortForwarding
+}
+
+// PortForwarding contains settings for port forwarding
+type PortForwarding struct {
+	Enabled  bool
+	Filepath models.Filepath
+}
+
+func (p *PortForwarding) String() string {
+	if p.Enabled {
+		return fmt.Sprintf("on, saved in %s", p.Filepath)
+	}
+	return "off"
+}
+
+func (p *PIA) String() string {
+	settingsList := []string{
+		"PIA settings:",
+		"Region: " + string(p.Region),
+		"Encryption: " + string(p.Encryption),
+		"Port forwarding: " + p.PortForwarding.String(),
+	}
+	return strings.Join(settingsList, "\n |--")
+}
+
+// GetPIASettings obtains PIA settings from environment variables using the params package.
+func GetPIASettings(params params.ParamsReader) (settings PIA, err error) {
+	settings.User, err = params.GetUser()
+	if err != nil {
+		return settings, err
+	}
+	settings.Password, err = params.GetPassword()
+	if err != nil {
+		return settings, err
+	}
+	settings.Encryption, err = params.GetPIAEncryption()
+	if err != nil {
+		return settings, err
+	}
+	settings.Region, err = params.GetPIARegion()
+	if err != nil {
+		return settings, err
+	}
+	settings.PortForwarding.Enabled, err = params.GetPortForwarding()
+	if err != nil {
+		return settings, err
+	}
+	if settings.PortForwarding.Enabled {
+		settings.PortForwarding.Filepath, err = params.GetPortForwardingStatusFilepath()
+		if err != nil {
+			return settings, err
+		}
+	}
+	return settings, nil
+}

internal/settings/settings.go

@@ -0,0 +1,60 @@
+package settings
+
+import (
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// Settings contains all settings for the program to run
+type Settings struct {
+	OpenVPN     OpenVPN
+	PIA         PIA
+	DNS         DNS
+	Firewall    Firewall
+	TinyProxy   TinyProxy
+	ShadowSocks ShadowSocks
+}
+
+func (s *Settings) String() string {
+	return strings.Join([]string{
+		"Settings summary below:",
+		s.OpenVPN.String(),
+		s.PIA.String(),
+		s.DNS.String(),
+		s.Firewall.String(),
+		s.TinyProxy.String(),
+		s.ShadowSocks.String(),
+		"", // new line at the end
+	}, "\n")
+}
+
+// GetAllSettings obtains all settings for the program and returns an error as soon
+// as an error is encountered reading them.
+func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
+	settings.OpenVPN, err = GetOpenVPNSettings(params)
+	if err != nil {
+		return settings, err
+	}
+	settings.PIA, err = GetPIASettings(params)
+	if err != nil {
+		return settings, err
+	}
+	settings.DNS, err = GetDNSSettings(params)
+	if err != nil {
+		return settings, err
+	}
+	settings.Firewall, err = GetFirewallSettings(params)
+	if err != nil {
+		return settings, err
+	}
+	settings.TinyProxy, err = GetTinyProxySettings(params)
+	if err != nil {
+		return settings, err
+	}
+	settings.ShadowSocks, err = GetShadowSocksSettings(params)
+	if err != nil {
+		return settings, err
+	}
+	return settings, nil
+}

internal/settings/shadowsocks.go

@@ -0,0 +1,48 @@
+package settings
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// ShadowSocks contains settings to configure the Shadowsocks server
+type ShadowSocks struct {
+	Enabled  bool
+	Password string
+	Log      bool
+	Port     uint16
+}
+
+func (s *ShadowSocks) String() string {
+	if !s.Enabled {
+		return "ShadowSocks settings: disabled"
+	}
+	settingsList := []string{
+		"ShadowSocks settings:",
+		fmt.Sprintf("Port: %d", s.Port),
+	}
+	return strings.Join(settingsList, "\n |--")
+}
+
+// GetShadowSocksSettings obtains ShadowSocks settings from environment variables using the params package.
+func GetShadowSocksSettings(params params.ParamsReader) (settings ShadowSocks, err error) {
+	settings.Enabled, err = params.GetShadowSocks()
+	if err != nil || !settings.Enabled {
+		return settings, err
+	}
+	settings.Port, err = params.GetShadowSocksPort()
+	if err != nil {
+		return settings, err
+	}
+	settings.Password, err = params.GetShadowSocksPassword()
+	if err != nil {
+		return settings, err
+	}
+	settings.Log, err = params.GetShadowSocksLog()
+	if err != nil {
+		return settings, err
+	}
+	return settings, nil
+}

internal/settings/tinyproxy.go

@@ -0,0 +1,60 @@
+package settings
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+	"github.com/qdm12/private-internet-access-docker/internal/params"
+)
+
+// TinyProxy contains settings to configure TinyProxy
+type TinyProxy struct {
+	Enabled  bool
+	User     string
+	Password string
+	Port     uint16
+	LogLevel models.TinyProxyLogLevel
+}
+
+func (t *TinyProxy) String() string {
+	if !t.Enabled {
+		return "TinyProxy settings: disabled"
+	}
+	auth := "disabled"
+	if t.User != "" {
+		auth = "enabled"
+	}
+	settingsList := []string{
+		"TinyProxy settings:",
+		fmt.Sprintf("Port: %d", t.Port),
+		"Authentication: " + auth,
+		"Log level: " + string(t.LogLevel),
+	}
+	return "TinyProxy settings:\n" + strings.Join(settingsList, "\n |--")
+}
+
+// GetTinyProxySettings obtains TinyProxy settings from environment variables using the params package.
+func GetTinyProxySettings(params params.ParamsReader) (settings TinyProxy, err error) {
+	settings.Enabled, err = params.GetTinyProxy()
+	if err != nil || !settings.Enabled {
+		return settings, err
+	}
+	settings.User, err = params.GetTinyProxyUser()
+	if err != nil {
+		return settings, err
+	}
+	settings.Password, err = params.GetTinyProxyPassword()
+	if err != nil {
+		return settings, err
+	}
+	settings.Port, err = params.GetTinyProxyPort()
+	if err != nil {
+		return settings, err
+	}
+	settings.LogLevel, err = params.GetTinyProxyLog()
+	if err != nil {
+		return settings, err
+	}
+	return settings, nil
+}