isle/go/cmd/entrypoint/vpn.go

package main

import (
	"errors"
	"fmt"
	"isle/nebula"
	"os"
)

var subCmdVPNCreateCert = subCmd{
	name:  "create-cert",
	descr: "Creates a signed nebula certificate file for an existing host and writes it to stdout",
	do: func(ctx subCmdCtx) error {

		var hostName hostNameFlag
		hostNameF := ctx.flags.VarPF(
			&hostName,
			"hostname", "n",
			"Name of the host to generate a certificate for",
		)

		pubKeyPath := ctx.flags.StringP(
			"public-key-path", "p", "",
			`Path to PEM file containing public key which will be embedded in the cert.`,
		)

		ctx, err := ctx.withParsedFlags(nil)
		if err != nil {
			return fmt.Errorf("parsing flags: %w", err)
		}

		if !hostNameF.Changed || *pubKeyPath == "" {
			return errors.New("--hostname and --pub-key-path are required")
		}

		hostPubPEM, err := os.ReadFile(*pubKeyPath)
		if err != nil {
			return fmt.Errorf("reading public key from %q: %w", *pubKeyPath, err)
		}

		var hostPub nebula.EncryptingPublicKey
		if err := hostPub.UnmarshalNebulaPEM(hostPubPEM); err != nil {
			return fmt.Errorf("unmarshaling public key as PEM: %w", err)
		}

		daemonRPC, err := ctx.newDaemonRPC()
		if err != nil {
			return fmt.Errorf("creating daemon RPC client: %w", err)
		}
		defer daemonRPC.Close()

		res, err := daemonRPC.CreateNebulaCertificate(
			ctx, hostName.V, hostPub,
		)
		if err != nil {
			return fmt.Errorf("calling CreateNebulaCertificate: %w", err)
		}

		nebulaHostCertPEM, err := res.Unwrap().MarshalToPEM()
		if err != nil {
			return fmt.Errorf("marshaling cert to PEM: %w", err)
		}

		if _, err := os.Stdout.Write([]byte(nebulaHostCertPEM)); err != nil {
			return fmt.Errorf("writing to stdout: %w", err)
		}

		return nil
	},
}

var subCmdVPN = subCmd{
	name:  "vpn",
	descr: "Sub-commands related to this host's VPN, which connects it to other hosts in the network",
	do: func(ctx subCmdCtx) error {
		return ctx.doSubCmd(
			subCmdVPNCreateCert,
			subCmdVPNFirewall,
			subCmdVPNPublicAddress,
		)
	},
}