chore(settings): refactor settings processing (#756)

- Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility)
2022-01-06 06:40:23 -05:00
parent 46738b2934
commit 7d824a5179
275 changed files with 7167 additions and 6328 deletions
--- a/internal/provider/wevpn/openvpnconf.go
+++ b/internal/provider/wevpn/openvpnconf.go
@@ -1,22 +1,25 @@
 package wevpn

 import (
+	"fmt"
 	"strconv"

-	"github.com/qdm12/gluetun/internal/configuration"
+	"github.com/qdm12/gluetun/internal/configuration/settings"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/models"
+	"github.com/qdm12/gluetun/internal/openvpn/parse"
 	"github.com/qdm12/gluetun/internal/provider/utils"
 )

 func (w *Wevpn) BuildConf(connection models.Connection,
-	settings configuration.OpenVPN) (lines []string, err error) {
+	settings settings.OpenVPN) (lines []string, err error) {
 	if len(settings.Ciphers) == 0 {
 		settings.Ciphers = []string{constants.AES256gcm}
 	}

-	if settings.Auth == "" {
-		settings.Auth = constants.SHA512
+	auth := *settings.Auth
+	if auth == "" {
+		auth = constants.SHA512
 	}

 	lines = []string{
@@ -24,7 +27,7 @@ func (w *Wevpn) BuildConf(connection models.Connection,
 		"nobind",
 		"tls-exit",
 		"dev " + settings.Interface,
-		"verb " + strconv.Itoa(settings.Verbosity),
+		"verb " + strconv.Itoa(*settings.Verbosity),

 		// Wevpn specific
 		"ping 30",
@@ -32,7 +35,7 @@ func (w *Wevpn) BuildConf(connection models.Connection,
 		"redirect-gateway def1 bypass-dhcp",
 		"reneg-sec 0",
 		"auth-user-pass " + constants.OpenVPNAuthConf,
-		"auth " + settings.Auth,
+		"auth " + auth,

 		// Added constant values
 		"auth-nocache",
@@ -52,25 +55,29 @@ func (w *Wevpn) BuildConf(connection models.Connection,

 	lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...)

-	if !settings.Root {
+	if !*settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
 		lines = append(lines, "persist-tun")
 		lines = append(lines, "persist-key")
 	}

-	if settings.MSSFix > 0 {
-		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	if *settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(*settings.MSSFix)))
 	}

-	if settings.IPv6 {
+	if *settings.IPv6 {
 		lines = append(lines, "tun-ipv6")
 	} else {
 		lines = append(lines, `pull-filter ignore "route-ipv6"`)
 		lines = append(lines, `pull-filter ignore "ifconfig-ipv6"`)
 	}

-	lines = append(lines, utils.WrapOpenvpnKey(
-		settings.ClientKey)...)
+	keyData, err := parse.ExtractPrivateKey([]byte(*settings.ClientKey))
+	if err != nil {
+		return nil, fmt.Errorf("client key is not valid: %w", err)
+	}
+	lines = append(lines, utils.WrapOpenvpnKey(keyData)...)
+
 	lines = append(lines, utils.WrapOpenvpnCA(
 		constants.WevpnCA)...)
 	lines = append(lines, utils.WrapOpenvpnCert(