3d6ed8604a
The new commands are: - `isle admin create-nebula-cert` - `isle nebula show` Between these two commands it's possible, with some effort, to get a nebula mobile client hooked up to an isle server.
118 lines
2.7 KiB
Go
118 lines
2.7 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"isle/bootstrap"
|
|
"isle/daemon"
|
|
"isle/yamlutil"
|
|
"net"
|
|
"path/filepath"
|
|
|
|
"code.betamike.com/micropelago/pmux/pmuxlib"
|
|
)
|
|
|
|
// waitForNebula waits for the nebula interface to have been started up. It does
|
|
// this by attempting to create a UDP connection which has the nebula IP set as
|
|
// its source. If this succeeds we can assume that at the very least the nebula
|
|
// interface has been initialized.
|
|
func waitForNebula(ctx context.Context, hostBootstrap bootstrap.Bootstrap) error {
|
|
|
|
ip := hostBootstrap.ThisHost().IP()
|
|
|
|
lUdpAddr := &net.UDPAddr{IP: ip, Port: 0}
|
|
rUdpAddr := &net.UDPAddr{IP: ip, Port: 45535}
|
|
|
|
return doOnce(ctx, func(context.Context) error {
|
|
conn, err := net.DialUDP("udp", lUdpAddr, rUdpAddr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
conn.Close()
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func nebulaPmuxProcConfig(
|
|
hostBootstrap bootstrap.Bootstrap,
|
|
daemonConfig daemon.Config,
|
|
) (
|
|
pmuxlib.ProcessConfig, error,
|
|
) {
|
|
|
|
var (
|
|
lighthouseHostIPs []string
|
|
staticHostMap = map[string][]string{}
|
|
)
|
|
|
|
for _, host := range hostBootstrap.Hosts {
|
|
|
|
if host.Nebula.PublicAddr == "" {
|
|
continue
|
|
}
|
|
|
|
ip := host.IP().String()
|
|
lighthouseHostIPs = append(lighthouseHostIPs, ip)
|
|
staticHostMap[ip] = []string{host.Nebula.PublicAddr}
|
|
}
|
|
|
|
config := map[string]interface{}{
|
|
"pki": map[string]string{
|
|
"ca": hostBootstrap.Nebula.CAPublicCredentials.CertPEM,
|
|
"cert": hostBootstrap.Nebula.HostCredentials.Public.CertPEM,
|
|
"key": hostBootstrap.Nebula.HostCredentials.PrivateKeyPEM,
|
|
},
|
|
"static_host_map": staticHostMap,
|
|
"punchy": map[string]bool{
|
|
"punch": true,
|
|
"respond": true,
|
|
},
|
|
"tun": map[string]interface{}{
|
|
"dev": "isle-tun",
|
|
},
|
|
"firewall": daemonConfig.VPN.Firewall,
|
|
}
|
|
|
|
if publicAddr := daemonConfig.VPN.PublicAddr; publicAddr == "" {
|
|
|
|
config["listen"] = map[string]string{
|
|
"host": "0.0.0.0",
|
|
"port": "0",
|
|
}
|
|
|
|
config["lighthouse"] = map[string]interface{}{
|
|
"hosts": lighthouseHostIPs,
|
|
}
|
|
|
|
} else {
|
|
|
|
_, port, err := net.SplitHostPort(publicAddr)
|
|
|
|
if err != nil {
|
|
return pmuxlib.ProcessConfig{}, fmt.Errorf("parsing public address %q: %w", publicAddr, err)
|
|
}
|
|
|
|
config["listen"] = map[string]string{
|
|
"host": "0.0.0.0",
|
|
"port": port,
|
|
}
|
|
|
|
config["lighthouse"] = map[string]interface{}{
|
|
"hosts": []string{},
|
|
"am_lighthouse": true,
|
|
}
|
|
}
|
|
|
|
nebulaYmlPath := filepath.Join(envRuntimeDirPath, "nebula.yml")
|
|
|
|
if err := yamlutil.WriteYamlFile(config, nebulaYmlPath); err != nil {
|
|
return pmuxlib.ProcessConfig{}, fmt.Errorf("writing nebula.yml to %q: %w", nebulaYmlPath, err)
|
|
}
|
|
|
|
return pmuxlib.ProcessConfig{
|
|
Name: "nebula",
|
|
Cmd: binPath("nebula"),
|
|
Args: []string{"-config", nebulaYmlPath},
|
|
}, nil
|
|
}
|