From eb8a12f2906e0087501d73db2a2262d89710972d Mon Sep 17 00:00:00 2001 From: Owen Date: Thu, 5 Jun 2025 22:34:17 -0400 Subject: [PATCH 1/3] Make docker socket opt in --- main.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index c5dd080..f8c2f5b 100644 --- a/main.go +++ b/main.go @@ -392,7 +392,7 @@ func main() { flag.StringVar(&tlsPrivateKey, "tls-client-cert", "", "Path to client certificate used for mTLS") } if dockerSocket == "" { - flag.StringVar(&dockerSocket, "docker-socket", "/var/run/docker.sock", "Path to Docker socket") + flag.StringVar(&dockerSocket, "docker-socket", "", "Path to Docker socket (typically /var/run/docker.sock)") } // do a --version check @@ -636,6 +636,18 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub client.RegisterHandler("newt/socket/check", func(msg websocket.WSMessage) { logger.Info("Received Docker socket check request") + if dockerSocket == "" { + logger.Info("Docker socket path is not set") + err := client.SendMessage("newt/socket/status", map[string]interface{}{ + "available": false, + "socketPath": dockerSocket, + }) + if err != nil { + logger.Error("Failed to send Docker socket check response: %v", err) + } + return + } + // Check if Docker socket is available isAvailable := docker.CheckSocket(dockerSocket) @@ -655,6 +667,11 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub client.RegisterHandler("newt/socket/fetch", func(msg websocket.WSMessage) { logger.Info("Received Docker container fetch request") + if dockerSocket == "" { + logger.Info("Docker socket path is not set") + return + } + // List Docker containers containers, err := docker.ListContainers(dockerSocket) if err != nil { From ef2f25ef98ec9a8d28e11dd91b045f526b0971ba Mon Sep 17 00:00:00 2001 From: Owen Date: Thu, 5 Jun 2025 22:36:42 -0400 Subject: [PATCH 2/3] Update readme --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8756369..9cd2768 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ When Newt receives WireGuard control messages, it will use the information encod - `log-level` (optional): The log level to use. Default: INFO - `updown` (optional): A script to be called when targets are added or removed. - `tls-client-cert` (optional): Client certificate (p12 or pfx) for mTLS. See [mTLS](#mtls) -- `docker-socket` (optional): Override the Docker socket integration +- `docker-socket` (optional): Set the Docker socket to use the container discovery integration - Example: @@ -82,8 +82,7 @@ Newt can integrate with the Docker socket to provide remote inspection of Docker **Configuration:** -- By default, Newt will look for the Docker socket at `/var/run/docker.sock`. -- You can specify a custom socket path using the `--docker-socket` CLI argument or by setting the `DOCKER_SOCKET` environment variable. +You can specify the Docker socket path using the `--docker-socket` CLI argument or by setting the `DOCKER_SOCKET` environment variable. On most linux systems the socket is `/var/run/docker.sock` If the Docker socket is not available or accessible, Newt will gracefully disable Docker integration and continue normal operation. From 5280c7ccda2f2d5ee7a6dd73bb90a13c9cde9848 Mon Sep 17 00:00:00 2001 From: Owen Date: Thu, 5 Jun 2025 22:40:39 -0400 Subject: [PATCH 3/3] Add newt version on startup --- main.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index f8c2f5b..fdece97 100644 --- a/main.go +++ b/main.go @@ -400,9 +400,12 @@ func main() { flag.Parse() + newtVersion := "Newt version replaceme" if *version { - fmt.Println("Newt version replaceme") + fmt.Println(newtVersion) os.Exit(0) + } else { + logger.Info(newtVersion) } logger.Init()