diff --git a/README.md b/README.md index 82ff42a..413d353 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ When Newt receives WireGuard control messages, it will use the information encod - `interface` (optional): Name of the WireGuard interface. Default: newt - `keep-interface` (optional): Keep the WireGuard interface. Default: false - `blueprint-file` (optional): Path to blueprint file to define Pangolin resources and configurations. +- `no-cloud` (optional): Don't fail over to the cloud when using managed nodes in Pangolin Cloud. Default: false ## Environment Variables @@ -86,6 +87,7 @@ All CLI arguments can be set using environment variables as an alternative to co - `KEEP_INTERFACE`: Keep the WireGuard interface after shutdown. Default: false (equivalent to `--keep-interface`) - `CONFIG_FILE`: Load the config json from this file instead of in the home folder. - `BLUEPRINT_FILE`: Path to blueprint file to define Pangolin resources and configurations. (equivalent to `--blueprint-file`) +- `NO_CLOUD`: Don't fail over to the cloud when using managed nodes in Pangolin Cloud. Default: false (equivalent to `--no-cloud`) ## Loading secrets from files diff --git a/main.go b/main.go index fb31cfe..b6ccc94 100644 --- a/main.go +++ b/main.go @@ -121,6 +121,7 @@ var ( healthMonitor *healthcheck.Monitor enforceHealthcheckCert bool blueprintFile string + noCloud bool // New mTLS configuration variables tlsClientCert string @@ -143,15 +144,13 @@ func main() { interfaceName = os.Getenv("INTERFACE") generateAndSaveKeyTo = os.Getenv("GENERATE_AND_SAVE_KEY_TO") keepInterfaceEnv := os.Getenv("KEEP_INTERFACE") - acceptClientsEnv := os.Getenv("ACCEPT_CLIENTS") - useNativeInterfaceEnv := os.Getenv("USE_NATIVE_INTERFACE") - enforceHealthcheckCertEnv := os.Getenv("ENFORCE_HC_CERT") - keepInterface = keepInterfaceEnv == "true" + acceptClientsEnv := os.Getenv("ACCEPT_CLIENTS") acceptClients = acceptClientsEnv == "true" + useNativeInterfaceEnv := os.Getenv("USE_NATIVE_INTERFACE") useNativeInterface = useNativeInterfaceEnv == "true" + enforceHealthcheckCertEnv := os.Getenv("ENFORCE_HC_CERT") enforceHealthcheckCert = enforceHealthcheckCertEnv == "true" - dockerSocket = os.Getenv("DOCKER_SOCKET") pingIntervalStr := os.Getenv("PING_INTERVAL") pingTimeoutStr := os.Getenv("PING_TIMEOUT") @@ -179,6 +178,8 @@ func main() { tlsPrivateKey = os.Getenv("TLS_CLIENT_CERT") } blueprintFile = os.Getenv("BLUEPRINT_FILE") + noCloudEnv := os.Getenv("NO_CLOUD") + noCloud = noCloudEnv == "true" if endpoint == "" { flag.StringVar(&endpoint, "endpoint", "", "Endpoint of your pangolin server") @@ -281,6 +282,9 @@ func main() { if blueprintFile == "" { flag.StringVar(&blueprintFile, "blueprint-file", "", "Path to blueprint file (if unset, no blueprint will be applied)") } + if noCloudEnv == "" { + flag.BoolVar(&noCloud, "no-cloud", false, "Disable cloud failover") + } // do a --version check version := flag.Bool("version", false, "Print the version") @@ -635,7 +639,9 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub } // Request exit nodes from the server - stopFunc = client.SendMessageInterval("newt/ping/request", map[string]interface{}{}, 3*time.Second) + stopFunc = client.SendMessageInterval("newt/ping/request", map[string]interface{}{ + "noCloud": noCloud, + }, 3*time.Second) logger.Info("Tunnel destroyed, ready for reconnection") }) @@ -1237,8 +1243,10 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub if stopFunc != nil { stopFunc() } - // request from the server the list of nodes to ping at newt/ping/request - stopFunc = client.SendMessageInterval("newt/ping/request", map[string]interface{}{}, 3*time.Second) + // request from the server the list of nodes to ping + stopFunc = client.SendMessageInterval("newt/ping/request", map[string]interface{}{ + "noCloud": noCloud, + }, 3*time.Second) logger.Debug("Requesting exit nodes from server") clientsOnConnect() }