e7e4cfca4c
- `BLOCK_NSA` has precedence over `BLOCK_SURVEILLANCE` - `HEALTH_OPENVPN_DURATION_ADDITION` has precedence over `HEALTH_VPN_DURATION_ADDITION` - `HEALTH_OPENVPN_DURATION_INITIAL` has precendence over `HEALTH_VPN_DURATION_INITIAL` - Chain of precedence: `PROXY` > `TINYPROXY` > `HTTPPROXY` - Chain of precedence: `PROXY_LOG_LEVEL` > `TINYPROXY_LOG` > `HTTPPROXY_LOG` - `PROTOCOL` has precendence over `OPENVPN_PROTOCOL` - `IP_STATUS_FILE` has precendence over `PUBLICIP_FILE` - `SHADOWSOCKS_PORT` has precedence over `SHADOWSOCKS_LISTENING_ADDRESS` - `SHADOWSOCKS_METHOD` has precedence over `SHADOWSOCKS_CIPHER`
92 lines
2.3 KiB
Go
92 lines
2.3 KiB
Go
package env
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/qdm12/gluetun/internal/configuration/settings"
|
|
"inet.af/netaddr"
|
|
)
|
|
|
|
func (r *Reader) readDNSBlacklist() (blacklist settings.DNSBlacklist, err error) {
|
|
blacklist.BlockMalicious, err = envToBoolPtr("BLOCK_MALICIOUS")
|
|
if err != nil {
|
|
return blacklist, fmt.Errorf("environment variable BLOCK_MALICIOUS: %w", err)
|
|
}
|
|
|
|
blacklist.BlockSurveillance, err = r.readBlockSurveillance()
|
|
if err != nil {
|
|
return blacklist, fmt.Errorf("environment variable BLOCK_MALICIOUS: %w", err)
|
|
}
|
|
|
|
blacklist.BlockAds, err = envToBoolPtr("BLOCK_ADS")
|
|
if err != nil {
|
|
return blacklist, fmt.Errorf("environment variable BLOCK_ADS: %w", err)
|
|
}
|
|
|
|
blacklist.AddBlockedIPs, blacklist.AddBlockedIPPrefixes,
|
|
err = readDoTPrivateAddresses() // TODO v4 split in 2
|
|
if err != nil {
|
|
return blacklist, err
|
|
}
|
|
|
|
blacklist.AllowedHosts = envToCSV("UNBLOCK") // TODO v4 change name
|
|
|
|
return blacklist, nil
|
|
}
|
|
|
|
func (r *Reader) readBlockSurveillance() (blocked *bool, err error) {
|
|
blocked, err = envToBoolPtr("BLOCK_NSA")
|
|
if err != nil {
|
|
r.onRetroActive("BLOCK_NSA", "BLOCK_SURVEILLANCE")
|
|
return nil, fmt.Errorf("environment variable BLOCK_NSA: %w", err)
|
|
} else if blocked != nil {
|
|
r.onRetroActive("BLOCK_NSA", "BLOCK_SURVEILLANCE")
|
|
return blocked, nil
|
|
}
|
|
|
|
blocked, err = envToBoolPtr("BLOCK_SURVEILLANCE")
|
|
if err != nil {
|
|
return nil, fmt.Errorf("environment variable BLOCK_SURVEILLANCE: %w", err)
|
|
}
|
|
return blocked, nil
|
|
}
|
|
|
|
return nil, nil //nolint:nilnil
|
|
}
|
|
|
|
var (
|
|
ErrPrivateAddressNotValid = errors.New("private address is not a valid IP or CIDR range")
|
|
)
|
|
|
|
func readDoTPrivateAddresses() (ips []netaddr.IP,
|
|
ipPrefixes []netaddr.IPPrefix, err error) {
|
|
privateAddresses := envToCSV("DOT_PRIVATE_ADDRESS")
|
|
if len(privateAddresses) == 0 {
|
|
return nil, nil, nil
|
|
}
|
|
|
|
ips = make([]netaddr.IP, 0, len(privateAddresses))
|
|
ipPrefixes = make([]netaddr.IPPrefix, 0, len(privateAddresses))
|
|
|
|
for _, privateAddress := range privateAddresses {
|
|
ip, err := netaddr.ParseIP(privateAddress)
|
|
if err == nil {
|
|
ips = append(ips, ip)
|
|
continue
|
|
}
|
|
|
|
ipPrefix, err := netaddr.ParseIPPrefix(privateAddress)
|
|
if err == nil {
|
|
ipPrefixes = append(ipPrefixes, ipPrefix)
|
|
continue
|
|
}
|
|
|
|
return nil, nil, fmt.Errorf(
|
|
"environment variable DOT_PRIVATE_ADDRESS: %w: %s",
|
|
ErrPrivateAddressNotValid, privateAddress)
|
|
}
|
|
|
|
return ips, ipPrefixes, nil
|
|
}
|