af7c8dde32
The `bootstrap/creator` package is gone, almost as quickly as it arrived. The `Bootstrap` type is now able to write its own tgz file, and the two places where bootstrap files are being created pull the data down to do so and create the `Bootstrap` structs directly. The structure of the bootstrap file itself has been changed, now there's just a single `hosts` directory which contains files which are yaml encodings of the `Host` type, rather than having it be split into `nebula` and `garage` directories. This makes creating bootstrap files a lot easier.
135 lines
2.7 KiB
Go
135 lines
2.7 KiB
Go
package nebula_entrypoint
|
|
|
|
import (
|
|
"cryptic-net/yamlutil"
|
|
"log"
|
|
"net"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"syscall"
|
|
|
|
crypticnet "cryptic-net"
|
|
)
|
|
|
|
func Main() {
|
|
|
|
env, err := crypticnet.ReadEnv()
|
|
|
|
if err != nil {
|
|
log.Fatalf("reading envvars: %v", err)
|
|
}
|
|
|
|
var (
|
|
lighthouseHostIPs []string
|
|
staticHostMap = map[string][]string{}
|
|
)
|
|
|
|
for _, host := range env.Bootstrap.Hosts {
|
|
|
|
if host.Nebula.PublicAddr == "" {
|
|
continue
|
|
}
|
|
|
|
lighthouseHostIPs = append(lighthouseHostIPs, host.Nebula.IP)
|
|
staticHostMap[host.Nebula.IP] = []string{host.Nebula.PublicAddr}
|
|
}
|
|
|
|
config := map[string]interface{}{
|
|
"pki": map[string]string{
|
|
"ca": env.Bootstrap.NebulaCertsCACert,
|
|
"cert": env.Bootstrap.NebulaCertsHostCert,
|
|
"key": env.Bootstrap.NebulaCertsHostKey,
|
|
},
|
|
"static_host_map": staticHostMap,
|
|
"punchy": map[string]bool{
|
|
"punch": true,
|
|
"respond": true,
|
|
},
|
|
"tun": map[string]interface{}{
|
|
"dev": "cryptic-nebula1",
|
|
},
|
|
}
|
|
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
if publicAddr := env.ThisDaemon().VPN.PublicAddr; publicAddr == "" {
|
|
|
|
config["listen"] = map[string]string{
|
|
"host": "0.0.0.0",
|
|
"port": "0",
|
|
}
|
|
|
|
config["lighthouse"] = map[string]interface{}{
|
|
"hosts": lighthouseHostIPs,
|
|
}
|
|
|
|
} else {
|
|
|
|
_, port, err := net.SplitHostPort(publicAddr)
|
|
|
|
if err != nil {
|
|
log.Fatalf("parsing public address %q: %v", publicAddr, err)
|
|
}
|
|
|
|
config["listen"] = map[string]string{
|
|
"host": "0.0.0.0",
|
|
"port": port,
|
|
}
|
|
|
|
config["lighthouse"] = map[string]interface{}{
|
|
"hosts": []string{},
|
|
"am_lighthouse": true,
|
|
}
|
|
}
|
|
|
|
thisDaemon := env.ThisDaemon()
|
|
|
|
var firewallInbound []crypticnet.ConfigFirewallRule
|
|
|
|
for _, alloc := range thisDaemon.Storage.Allocations {
|
|
firewallInbound = append(
|
|
firewallInbound,
|
|
crypticnet.ConfigFirewallRule{
|
|
Port: strconv.Itoa(alloc.S3APIPort),
|
|
Proto: "tcp",
|
|
Host: "any",
|
|
},
|
|
crypticnet.ConfigFirewallRule{
|
|
Port: strconv.Itoa(alloc.RPCPort),
|
|
Proto: "tcp",
|
|
Host: "any",
|
|
},
|
|
crypticnet.ConfigFirewallRule{
|
|
Port: strconv.Itoa(alloc.WebPort),
|
|
Proto: "tcp",
|
|
Host: "any",
|
|
},
|
|
)
|
|
}
|
|
|
|
firewall := thisDaemon.VPN.Firewall
|
|
|
|
firewall.Inbound = append(firewallInbound, firewall.Inbound...)
|
|
|
|
config["firewall"] = firewall
|
|
|
|
nebulaYmlPath := filepath.Join(env.RuntimeDirPath, "nebula.yml")
|
|
|
|
if err := yamlutil.WriteYamlFile(config, nebulaYmlPath); err != nil {
|
|
log.Fatalf("writing nebula.yml to %q: %v", nebulaYmlPath, err)
|
|
}
|
|
|
|
var (
|
|
binPath = env.BinPath("nebula")
|
|
args = []string{"nebula", "-config", nebulaYmlPath}
|
|
cliEnv = os.Environ()
|
|
)
|
|
|
|
if err := syscall.Exec(binPath, args, cliEnv); err != nil {
|
|
log.Fatalf("calling exec(%q, %#v, %#v)", binPath, args, cliEnv)
|
|
}
|
|
}
|