isle/go/cmd/entrypoint/nebula_util.go
Brian Picciano 3d6ed8604a Add ability to sign nebula public keys, and show nebula network info
The new commands are:

- `isle admin create-nebula-cert`
- `isle nebula show`

Between these two commands it's possible, with some effort, to get a
nebula mobile client hooked up to an isle server.
2023-08-27 16:09:03 +02:00

118 lines
2.7 KiB
Go

package main
import (
"context"
"fmt"
"isle/bootstrap"
"isle/daemon"
"isle/yamlutil"
"net"
"path/filepath"
"code.betamike.com/micropelago/pmux/pmuxlib"
)
// waitForNebula waits for the nebula interface to have been started up. It does
// this by attempting to create a UDP connection which has the nebula IP set as
// its source. If this succeeds we can assume that at the very least the nebula
// interface has been initialized.
func waitForNebula(ctx context.Context, hostBootstrap bootstrap.Bootstrap) error {
ip := hostBootstrap.ThisHost().IP()
lUdpAddr := &net.UDPAddr{IP: ip, Port: 0}
rUdpAddr := &net.UDPAddr{IP: ip, Port: 45535}
return doOnce(ctx, func(context.Context) error {
conn, err := net.DialUDP("udp", lUdpAddr, rUdpAddr)
if err != nil {
return err
}
conn.Close()
return nil
})
}
func nebulaPmuxProcConfig(
hostBootstrap bootstrap.Bootstrap,
daemonConfig daemon.Config,
) (
pmuxlib.ProcessConfig, error,
) {
var (
lighthouseHostIPs []string
staticHostMap = map[string][]string{}
)
for _, host := range hostBootstrap.Hosts {
if host.Nebula.PublicAddr == "" {
continue
}
ip := host.IP().String()
lighthouseHostIPs = append(lighthouseHostIPs, ip)
staticHostMap[ip] = []string{host.Nebula.PublicAddr}
}
config := map[string]interface{}{
"pki": map[string]string{
"ca": hostBootstrap.Nebula.CAPublicCredentials.CertPEM,
"cert": hostBootstrap.Nebula.HostCredentials.Public.CertPEM,
"key": hostBootstrap.Nebula.HostCredentials.PrivateKeyPEM,
},
"static_host_map": staticHostMap,
"punchy": map[string]bool{
"punch": true,
"respond": true,
},
"tun": map[string]interface{}{
"dev": "isle-tun",
},
"firewall": daemonConfig.VPN.Firewall,
}
if publicAddr := daemonConfig.VPN.PublicAddr; publicAddr == "" {
config["listen"] = map[string]string{
"host": "0.0.0.0",
"port": "0",
}
config["lighthouse"] = map[string]interface{}{
"hosts": lighthouseHostIPs,
}
} else {
_, port, err := net.SplitHostPort(publicAddr)
if err != nil {
return pmuxlib.ProcessConfig{}, fmt.Errorf("parsing public address %q: %w", publicAddr, err)
}
config["listen"] = map[string]string{
"host": "0.0.0.0",
"port": port,
}
config["lighthouse"] = map[string]interface{}{
"hosts": []string{},
"am_lighthouse": true,
}
}
nebulaYmlPath := filepath.Join(envRuntimeDirPath, "nebula.yml")
if err := yamlutil.WriteYamlFile(config, nebulaYmlPath); err != nil {
return pmuxlib.ProcessConfig{}, fmt.Errorf("writing nebula.yml to %q: %w", nebulaYmlPath, err)
}
return pmuxlib.ProcessConfig{
Name: "nebula",
Cmd: binPath("nebula"),
Args: []string{"-config", nebulaYmlPath},
}, nil
}