provider-kairos/internal/provider/vpn.go

package provider

import (
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strings"

	"github.com/kairos-io/kairos/pkg/machine"
	"github.com/kairos-io/kairos/pkg/machine/systemd"
	"github.com/kairos-io/kairos/pkg/utils"
	providerConfig "github.com/kairos-io/provider-kairos/internal/provider/config"
	"github.com/kairos-io/provider-kairos/internal/services"
	"gopkg.in/yaml.v3"

	yip "github.com/mudler/yip/pkg/schema"
)

func SaveOEMCloudConfig(name string, yc yip.YipConfig) error {
	dnsYAML, err := yaml.Marshal(yc)
	if err != nil {
		return err
	}
	return ioutil.WriteFile(filepath.Join("oem", fmt.Sprintf("100_%s.yaml", name)), dnsYAML, 0700)
}
func SetupVPN(instance, apiAddress, rootDir string, start bool, c *providerConfig.Config) error {

	if c.Kairos == nil || c.Kairos.NetworkToken == "" {
		return fmt.Errorf("no network token defined")
	}

	svc, err := services.EdgeVPN(instance, rootDir)
	if err != nil {
		return fmt.Errorf("could not create svc: %w", err)
	}

	apiAddress = strings.ReplaceAll(apiAddress, "https://", "")
	apiAddress = strings.ReplaceAll(apiAddress, "http://", "")

	vpnOpts := map[string]string{
		"EDGEVPNTOKEN": c.Kairos.NetworkToken,
		"API":          "true",
		"APILISTEN":    apiAddress,
		"DHCP":         "true",
		"DHCPLEASEDIR": "/usr/local/.kairos/lease",
	}
	// Override opts with user-supplied
	for k, v := range c.VPN {
		vpnOpts[k] = v
	}

	if c.Kairos.DNS {
		vpnOpts["DNSADDRESS"] = "127.0.0.1:53"
		vpnOpts["DNSFORWARD"] = "true"

		dnsConfig := yip.YipConfig{
			Name: "DNS Configuration",
			Stages: map[string][]yip.Stage{
				"initramfs": {
					{
						Files: []yip.File{{
							Permissions: 0644,
							Path:        "/etc/systemd/resolved.conf", Content: `
[Resolve]
DNS=127.0.0.1`,
						}},
					},
					{
						Dns: yip.DNS{Nameservers: []string{"127.0.0.1"}}},
				}},
		}

		dat, _ := yaml.Marshal(&dnsConfig)
		_ = machine.ExecuteInlineCloudConfig(string(dat), "initramfs")
		if !utils.IsOpenRCBased() {
			svc, err := systemd.NewService(
				systemd.WithName("systemd-resolved"),
			)
			if err == nil {
				_ = svc.Restart()
			}
		}

		if err := SaveOEMCloudConfig("vpn_dns", dnsConfig); err != nil {
			return fmt.Errorf("could not create dns config: %w", err)
		}
	}

	os.MkdirAll("/etc/systemd/system.conf.d/", 0600) //nolint:errcheck
	// Setup edgevpn instance
	err = utils.WriteEnv(filepath.Join(rootDir, "/etc/systemd/system.conf.d/edgevpn-kairos.env"), vpnOpts)
	if err != nil {
		return fmt.Errorf("could not create write env file: %w", err)
	}

	err = svc.WriteUnit()
	if err != nil {
		return fmt.Errorf("could not create write unit file: %w", err)
	}

	if start {
		err = svc.Start()
		if err != nil {
			return fmt.Errorf("could not start svc: %w", err)
		}

		return svc.Enable()
	}
	return nil
}
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`package provider`

			`import (`
			`"fmt"`
:gear: Save to /oem Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-21 16:52:41 +00:00			`"io/ioutil"`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`"os"`
			`"path/filepath"`
			`"strings"`

:sparkles: Generically configure dns Fixes https://github.com/kairos-io/provider-kairos/issues/36 Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-20 21:01:41 +00:00			`"github.com/kairos-io/kairos/pkg/machine"`
:seedling: Execute the cc and restart DNS service Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-11-07 11:41:46 +00:00			`"github.com/kairos-io/kairos/pkg/machine/systemd"`
:art: Rebrand See: https://github.com/c3os-io/c3os/issues/88 2022-09-16 15:42:45 +00:00			`"github.com/kairos-io/kairos/pkg/utils"`
			`providerConfig "github.com/kairos-io/provider-kairos/internal/provider/config"`
			`"github.com/kairos-io/provider-kairos/internal/services"`
:sparkles: Generically configure dns Fixes https://github.com/kairos-io/provider-kairos/issues/36 Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-20 21:01:41 +00:00			`"gopkg.in/yaml.v3"`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00
			`yip "github.com/mudler/yip/pkg/schema"`
			`)`

:gear: Save to /oem Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-21 16:52:41 +00:00			`func SaveOEMCloudConfig(name string, yc yip.YipConfig) error {`
			`dnsYAML, err := yaml.Marshal(yc)`
			`if err != nil {`
			`return err`
			`}`
			`return ioutil.WriteFile(filepath.Join("oem", fmt.Sprintf("100_%s.yaml", name)), dnsYAML, 0700)`
			`}`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`func SetupVPN(instance, apiAddress, rootDir string, start bool, c *providerConfig.Config) error {`

:art: Finalize rebranding there were few places that still had c3OS references. 2022-09-19 09:59:28 +00:00			`if c.Kairos == nil \|\| c.Kairos.NetworkToken == "" {`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`return fmt.Errorf("no network token defined")`
			`}`

:art: Move vpn services here 2022-08-12 07:51:59 +00:00			`svc, err := services.EdgeVPN(instance, rootDir)`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`if err != nil {`
			`return fmt.Errorf("could not create svc: %w", err)`
			`}`

			`apiAddress = strings.ReplaceAll(apiAddress, "https://", "")`
			`apiAddress = strings.ReplaceAll(apiAddress, "http://", "")`

			`vpnOpts := map[string]string{`
:gear: Do not set low profile automatically 2022-10-30 14:44:09 +00:00			`"EDGEVPNTOKEN": c.Kairos.NetworkToken,`
			`"API": "true",`
			`"APILISTEN": apiAddress,`
			`"DHCP": "true",`
			`"DHCPLEASEDIR": "/usr/local/.kairos/lease",`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`}`
			`// Override opts with user-supplied`
			`for k, v := range c.VPN {`
			`vpnOpts[k] = v`
			`}`

:art: Finalize rebranding there were few places that still had c3OS references. 2022-09-19 09:59:28 +00:00			`if c.Kairos.DNS {`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`vpnOpts["DNSADDRESS"] = "127.0.0.1:53"`
			`vpnOpts["DNSFORWARD"] = "true"`
:sparkles: Generically configure dns Fixes https://github.com/kairos-io/provider-kairos/issues/36 Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-20 21:01:41 +00:00
			`dnsConfig := yip.YipConfig{`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`Name: "DNS Configuration",`
			`Stages: map[string][]yip.Stage{`
:gear: Save to /oem Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-21 16:52:41 +00:00			`"initramfs": {`
			`{`
			`Files: []yip.File{{`
Set permissions Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-12-03 19:56:19 +00:00			`Permissions: 0644,`
			Path: "/etc/systemd/resolved.conf", Content: `
:gear: Save to /oem Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-21 16:52:41 +00:00			`[Resolve]`
			DNS=127.0.0.1`,
			`}},`
			`},`
			`{`
			`Dns: yip.DNS{Nameservers: []string{"127.0.0.1"}}},`
			`}},`
:sparkles: Generically configure dns Fixes https://github.com/kairos-io/provider-kairos/issues/36 Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-20 21:01:41 +00:00			`}`

:seedling: Execute the cc and restart DNS service Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-11-07 11:41:46 +00:00			`dat, _ := yaml.Marshal(&dnsConfig)`
Set permissions Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-12-03 19:56:19 +00:00			`_ = machine.ExecuteInlineCloudConfig(string(dat), "initramfs")`
:seedling: Execute the cc and restart DNS service Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-11-07 11:41:46 +00:00			`if !utils.IsOpenRCBased() {`
			`svc, err := systemd.NewService(`
			`systemd.WithName("systemd-resolved"),`
			`)`
			`if err == nil {`
Set permissions Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-12-03 19:56:19 +00:00			`_ = svc.Restart()`
:seedling: Execute the cc and restart DNS service Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-11-07 11:41:46 +00:00			`}`
:sparkles: Generically configure dns Fixes https://github.com/kairos-io/provider-kairos/issues/36 Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-20 21:01:41 +00:00			`}`

:gear: Save to /oem Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com> 2022-10-21 16:52:41 +00:00			`if err := SaveOEMCloudConfig("vpn_dns", dnsConfig); err != nil {`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`return fmt.Errorf("could not create dns config: %w", err)`
			`}`
			`}`

			`os.MkdirAll("/etc/systemd/system.conf.d/", 0600) //nolint:errcheck`
			`// Setup edgevpn instance`
:art: Rebrand See: https://github.com/c3os-io/c3os/issues/88 2022-09-16 15:42:45 +00:00			`err = utils.WriteEnv(filepath.Join(rootDir, "/etc/systemd/system.conf.d/edgevpn-kairos.env"), vpnOpts)`
:art: Initial import of provider code 2022-08-10 16:55:20 +00:00			`if err != nil {`
			`return fmt.Errorf("could not create write env file: %w", err)`
			`}`

			`err = svc.WriteUnit()`
			`if err != nil {`
			`return fmt.Errorf("could not create write unit file: %w", err)`
			`}`

			`if start {`
			`err = svc.Start()`
			`if err != nil {`
			`return fmt.Errorf("could not start svc: %w", err)`
			`}`

			`return svc.Enable()`
			`}`
			`return nil`
			`}`