mirror of
https://github.com/fosrl/newt.git
synced 2026-03-26 20:46:41 +00:00
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bad244d0ea | ||
|
|
0047b54e94 | ||
|
|
f0c8d2c7c7 | ||
|
|
151d0e38e6 | ||
|
|
3ccd755d55 | ||
|
|
a0f0b674e8 | ||
|
|
9e73aab21d | ||
|
|
e1ddad006a |
6
flake.lock
generated
6
flake.lock
generated
@@ -2,11 +2,11 @@
|
|||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1752308619,
|
"lastModified": 1753489912,
|
||||||
"narHash": "sha256-pzrVLKRQNPrii06Rm09Q0i0dq3wt2t2pciT/GNq5EZQ=",
|
"narHash": "sha256-uDCFHeXdRIgJpYmtcUxGEsZ+hYlLPBhR83fdU+vbC1s=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "650e572363c091045cdbc5b36b0f4c1f614d3058",
|
"rev": "13e8d35b7d6028b7198f8186bc0347c6abaa2701",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -27,11 +27,11 @@
|
|||||||
default = self.packages.${system}.pangolin-newt;
|
default = self.packages.${system}.pangolin-newt;
|
||||||
pangolin-newt = pkgs.buildGoModule {
|
pangolin-newt = pkgs.buildGoModule {
|
||||||
pname = "pangolin-newt";
|
pname = "pangolin-newt";
|
||||||
version = "1.3.4";
|
version = "1.4.0";
|
||||||
|
|
||||||
src = ./.;
|
src = ./.;
|
||||||
|
|
||||||
vendorHash = "sha256-Y/f7GCO7Kf1iQiDR32DIEIGJdcN+PKS0OrhBvXiHvwo=";
|
vendorHash = "sha256-V8sq7XD/HJFKjhggrDWPdEEq3hjz0IHzpybQXA8Z/pg=";
|
||||||
|
|
||||||
meta = with pkgs.lib; {
|
meta = with pkgs.lib; {
|
||||||
description = "A tunneling client for Pangolin";
|
description = "A tunneling client for Pangolin";
|
||||||
|
|||||||
2
go.mod
2
go.mod
@@ -3,7 +3,7 @@ module github.com/fosrl/newt
|
|||||||
go 1.24
|
go 1.24
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/docker/docker v28.3.2+incompatible
|
github.com/docker/docker v28.3.3+incompatible
|
||||||
github.com/google/gopacket v1.1.19
|
github.com/google/gopacket v1.1.19
|
||||||
github.com/gorilla/websocket v1.5.3
|
github.com/gorilla/websocket v1.5.3
|
||||||
github.com/vishvananda/netlink v1.3.1
|
github.com/vishvananda/netlink v1.3.1
|
||||||
|
|||||||
4
go.sum
4
go.sum
@@ -15,8 +15,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
|||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
|
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
|
||||||
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
|
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
|
||||||
github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA=
|
github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
|
||||||
github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||||
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
|
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
|
||||||
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
|
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
|
||||||
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
|
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
|
||||||
|
|||||||
31
main.go
31
main.go
@@ -112,15 +112,20 @@ func main() {
|
|||||||
updownScript = os.Getenv("UPDOWN_SCRIPT")
|
updownScript = os.Getenv("UPDOWN_SCRIPT")
|
||||||
interfaceName = os.Getenv("INTERFACE")
|
interfaceName = os.Getenv("INTERFACE")
|
||||||
generateAndSaveKeyTo = os.Getenv("GENERATE_AND_SAVE_KEY_TO")
|
generateAndSaveKeyTo = os.Getenv("GENERATE_AND_SAVE_KEY_TO")
|
||||||
keepInterface = os.Getenv("KEEP_INTERFACE") == "true"
|
keepInterfaceEnv := os.Getenv("KEEP_INTERFACE")
|
||||||
acceptClients = os.Getenv("ACCEPT_CLIENTS") == "true"
|
acceptClientsEnv := os.Getenv("ACCEPT_CLIENTS")
|
||||||
|
useNativeInterfaceEnv := os.Getenv("USE_NATIVE_INTERFACE")
|
||||||
|
|
||||||
|
keepInterface = keepInterfaceEnv == "true"
|
||||||
|
acceptClients = acceptClientsEnv == "true"
|
||||||
|
useNativeInterface = useNativeInterfaceEnv == "true"
|
||||||
|
|
||||||
tlsPrivateKey = os.Getenv("TLS_CLIENT_CERT")
|
tlsPrivateKey = os.Getenv("TLS_CLIENT_CERT")
|
||||||
dockerSocket = os.Getenv("DOCKER_SOCKET")
|
dockerSocket = os.Getenv("DOCKER_SOCKET")
|
||||||
pingIntervalStr := os.Getenv("PING_INTERVAL")
|
pingIntervalStr := os.Getenv("PING_INTERVAL")
|
||||||
pingTimeoutStr := os.Getenv("PING_TIMEOUT")
|
pingTimeoutStr := os.Getenv("PING_TIMEOUT")
|
||||||
dockerEnforceNetworkValidation = os.Getenv("DOCKER_ENFORCE_NETWORK_VALIDATION")
|
dockerEnforceNetworkValidation = os.Getenv("DOCKER_ENFORCE_NETWORK_VALIDATION")
|
||||||
healthFile = os.Getenv("HEALTH_FILE")
|
healthFile = os.Getenv("HEALTH_FILE")
|
||||||
useNativeInterface = os.Getenv("USE_NATIVE_INTERFACE") == "true"
|
|
||||||
// authorizedKeysFile = os.Getenv("AUTHORIZED_KEYS_FILE")
|
// authorizedKeysFile = os.Getenv("AUTHORIZED_KEYS_FILE")
|
||||||
authorizedKeysFile = ""
|
authorizedKeysFile = ""
|
||||||
|
|
||||||
@@ -151,9 +156,15 @@ func main() {
|
|||||||
if generateAndSaveKeyTo == "" {
|
if generateAndSaveKeyTo == "" {
|
||||||
flag.StringVar(&generateAndSaveKeyTo, "generateAndSaveKeyTo", "", "Path to save generated private key")
|
flag.StringVar(&generateAndSaveKeyTo, "generateAndSaveKeyTo", "", "Path to save generated private key")
|
||||||
}
|
}
|
||||||
flag.BoolVar(&keepInterface, "keep-interface", false, "Keep the WireGuard interface")
|
if keepInterfaceEnv == "" {
|
||||||
flag.BoolVar(&useNativeInterface, "native", false, "Use native WireGuard interface (requires WireGuard kernel module) and linux")
|
flag.BoolVar(&keepInterface, "keep-interface", false, "Keep the WireGuard interface")
|
||||||
flag.BoolVar(&acceptClients, "accept-clients", false, "Accept clients on the WireGuard interface")
|
}
|
||||||
|
if useNativeInterfaceEnv == "" {
|
||||||
|
flag.BoolVar(&useNativeInterface, "native", false, "Use native WireGuard interface (requires WireGuard kernel module) and linux")
|
||||||
|
}
|
||||||
|
if acceptClientsEnv == "" {
|
||||||
|
flag.BoolVar(&acceptClients, "accept-clients", false, "Accept clients on the WireGuard interface")
|
||||||
|
}
|
||||||
if tlsPrivateKey == "" {
|
if tlsPrivateKey == "" {
|
||||||
flag.StringVar(&tlsPrivateKey, "tls-client-cert", "", "Path to client certificate used for mTLS")
|
flag.StringVar(&tlsPrivateKey, "tls-client-cert", "", "Path to client certificate used for mTLS")
|
||||||
}
|
}
|
||||||
@@ -166,9 +177,6 @@ func main() {
|
|||||||
if pingTimeoutStr == "" {
|
if pingTimeoutStr == "" {
|
||||||
flag.StringVar(&pingTimeoutStr, "ping-timeout", "5s", " Timeout for each ping (default 5s)")
|
flag.StringVar(&pingTimeoutStr, "ping-timeout", "5s", " Timeout for each ping (default 5s)")
|
||||||
}
|
}
|
||||||
if pingTimeoutStr == "" {
|
|
||||||
flag.StringVar(&pingTimeoutStr, "ping-timeout", "5s", " Timeout for each ping (default 5s)")
|
|
||||||
}
|
|
||||||
// if authorizedKeysFile == "" {
|
// if authorizedKeysFile == "" {
|
||||||
// flag.StringVar(&authorizedKeysFile, "authorized-keys-file", "~/.ssh/authorized_keys", "Path to authorized keys file (if unset, no keys will be authorized)")
|
// flag.StringVar(&authorizedKeysFile, "authorized-keys-file", "~/.ssh/authorized_keys", "Path to authorized keys file (if unset, no keys will be authorized)")
|
||||||
// }
|
// }
|
||||||
@@ -479,6 +487,11 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub
|
|||||||
// Close the WireGuard device and TUN
|
// Close the WireGuard device and TUN
|
||||||
closeWgTunnel()
|
closeWgTunnel()
|
||||||
|
|
||||||
|
if stopFunc != nil {
|
||||||
|
stopFunc() // stop the ws from sending more requests
|
||||||
|
stopFunc = nil // reset stopFunc to nil to avoid double stopping
|
||||||
|
}
|
||||||
|
|
||||||
// Mark as disconnected
|
// Mark as disconnected
|
||||||
connected = false
|
connected = false
|
||||||
|
|
||||||
|
|||||||
2
wg/wg.go
2
wg/wg.go
@@ -170,7 +170,7 @@ func NewWireGuardService(interfaceName string, mtu int, generateAndSaveKeyTo str
|
|||||||
return nil, fmt.Errorf("failed to parse private key: %v", err)
|
return nil, fmt.Errorf("failed to parse private key: %v", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644)
|
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to save private key: %v", err)
|
return nil, fmt.Errorf("failed to save private key: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -196,7 +196,7 @@ func NewWireGuardService(interfaceName string, mtu int, generateAndSaveKeyTo str
|
|||||||
return nil, fmt.Errorf("failed to parse private key: %v", err)
|
return nil, fmt.Errorf("failed to parse private key: %v", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0644)
|
err = os.WriteFile(generateAndSaveKeyTo, []byte(key.String()), 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to save private key: %v", err)
|
return nil, fmt.Errorf("failed to save private key: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user