diff options
-rw-r--r-- | src/acme_actor.rs | 70 | ||||
-rw-r--r-- | src/config/options.rs | 2 | ||||
-rw-r--r-- | src/config/runtime.rs | 4 | ||||
-rw-r--r-- | src/consul_actor.rs | 29 | ||||
-rw-r--r-- | src/diplonat.rs | 22 | ||||
-rw-r--r-- | src/fw.rs | 11 | ||||
-rw-r--r-- | src/fw_actor.rs | 3 | ||||
-rw-r--r-- | src/main.rs | 1 | ||||
-rw-r--r-- | src/messages.rs | 6 |
9 files changed, 126 insertions, 22 deletions
diff --git a/src/acme_actor.rs b/src/acme_actor.rs new file mode 100644 index 0000000..3b6aa50 --- /dev/null +++ b/src/acme_actor.rs @@ -0,0 +1,70 @@ +use anyhow::Result; +use log::*; +use tokio::{ + select, + sync::watch, + time::{ + Duration, + self, +}}; + +use crate::config::RuntimeConfigAcme; +use crate::messages; + +pub struct AcmeActor { + email: String, + last_ports: messages::PublicExposedPorts, + refresh: Duration, + + rx_ports: watch::Receiver<messages::PublicExposedPorts>, +} + +impl AcmeActor { + pub async fn new( + config: Option<RuntimeConfigAcme>, + rxp: &watch::Receiver<messages::PublicExposedPorts> + ) -> Result<Option<Self>> { + + if config.is_none() { + return Ok(None); + } + let config = config.unwrap(); + + let ctx = Self { + email: config.email, + last_ports: messages::PublicExposedPorts::new(), + refresh: config.refresh_time, + rx_ports: rxp.clone(), + }; + + Ok(Some(ctx)) + } + + pub async fn listen(&mut self) -> Result<()> { + let mut interval = time::interval(self.refresh); + loop { + // 1. Wait for an event + let new_ports = select! { + Some(ports) = self.rx_ports.recv() => Some(ports), + _ = interval.tick() => None, + else => return Ok(()) // Sender dropped, terminate loop. + }; + + // 2. Update last ports if needed + if let Some(p) = new_ports { self.last_ports = p; } + + // 3. Flush IGD requests + match self.do_acme().await { + Ok(()) => debug!("Successfully updated ACME"), + Err(e) => error!("An error occured while updating ACME. {}", e), + } + } + } + + pub async fn do_acme(&self) -> Result<()> { + debug!("Doing ACME!!!"); + debug!("{:#?}", self.last_ports); + + Ok(()) + } +}
\ No newline at end of file diff --git a/src/config/options.rs b/src/config/options.rs index b3a63b0..54e948d 100644 --- a/src/config/options.rs +++ b/src/config/options.rs @@ -34,6 +34,8 @@ pub struct ConfigOptsAcme { /// The default domain holder's e-mail [default: None] pub email: Option<String>, + /// Refresh time for firewall rules [default: 300] + pub refresh_time: Option<u16>, } /// Firewall configuration options diff --git a/src/config/runtime.rs b/src/config/runtime.rs index f83a6b5..ee7f682 100644 --- a/src/config/runtime.rs +++ b/src/config/runtime.rs @@ -20,6 +20,7 @@ pub struct RuntimeConfigConsul { #[derive(Debug)] pub struct RuntimeConfigAcme { pub email: String, + pub refresh_time: Duration, } #[derive(Debug)] @@ -79,9 +80,12 @@ impl RuntimeConfigAcme { let email = opts.email.expect( "'DIPLONAT_ACME_EMAIL' is required if ACME is enabled"); + let refresh_time = Duration::from_secs( + opts.refresh_time.unwrap_or(super::REFRESH_TIME).into()); Ok(Some(Self { email, + refresh_time, })) } } diff --git a/src/consul_actor.rs b/src/consul_actor.rs index dcbd79e..fd4d05f 100644 --- a/src/consul_actor.rs +++ b/src/consul_actor.rs @@ -14,9 +14,11 @@ use crate::consul; use crate::messages; #[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] pub enum DiplonatParameter { - tcp_port(HashSet<u16>), - udp_port(HashSet<u16>) + TcpPort(HashSet<u16>), + UdpPort(HashSet<u16>), + Acme(HashSet<String>) } #[derive(Serialize, Deserialize, Debug)] @@ -57,17 +59,19 @@ fn to_parameters(catalog: &consul::CatalogNode) -> Vec<DiplonatConsul> { } fn to_open_ports(params: &Vec<DiplonatConsul>) -> messages::PublicExposedPorts { - let mut op = messages::PublicExposedPorts { - tcp_ports: HashSet::new(), - udp_ports: HashSet::new() - }; + // let mut op = messages::PublicExposedPorts { + // tcp_ports: HashSet::new(), + // udp_ports: HashSet::new() + // }; + let mut op = messages::PublicExposedPorts::new(); for conf in params { let DiplonatConsul::diplonat(c) = conf; for parameter in c { match parameter { - DiplonatParameter::tcp_port(p) => op.tcp_ports.extend(p), - DiplonatParameter::udp_port(p) => op.udp_ports.extend(p), + DiplonatParameter::TcpPort(p) => op.tcp_ports.extend(p), + DiplonatParameter::UdpPort(p) => op.udp_ports.extend(p), + DiplonatParameter::Acme(urls) => op.acme.extend(urls.clone()), }; } } @@ -77,10 +81,11 @@ fn to_open_ports(params: &Vec<DiplonatConsul>) -> messages::PublicExposedPorts { impl ConsulActor { pub fn new(config: RuntimeConfigConsul) -> Self { - let (tx, rx) = watch::channel(messages::PublicExposedPorts{ - tcp_ports: HashSet::new(), - udp_ports: HashSet::new() - }); + let (tx, rx) = watch::channel(messages::PublicExposedPorts::new()); + // let (tx, rx) = watch::channel(messages::PublicExposedPorts{ + // tcp_ports: HashSet::new(), + // udp_ports: HashSet::new() + // }); return Self { consul: consul::Consul::new(&config.url), diff --git a/src/diplonat.rs b/src/diplonat.rs index 6334e5b..b2310f9 100644 --- a/src/diplonat.rs +++ b/src/diplonat.rs @@ -1,14 +1,17 @@ use anyhow::{Result, anyhow}; +use log::debug; use tokio::try_join; use crate::config::ConfigOpts; use crate::consul_actor::ConsulActor; +use crate::acme_actor::AcmeActor; use crate::fw_actor::FirewallActor; use crate::igd_actor::IgdActor; pub struct Diplonat { consul: ConsulActor, + acme: Option<AcmeActor>, firewall: Option<FirewallActor>, igd: Option<IgdActor>, } @@ -16,10 +19,15 @@ pub struct Diplonat { impl Diplonat { pub async fn new() -> Result<Self> { let config = ConfigOpts::from_env()?; - println!("{:#?}", config); + debug!("{:#?}", config); let consul_actor = ConsulActor::new(config.consul); + let acme_actor = AcmeActor::new( + config.acme, + &consul_actor.rx_open_ports + ).await?; + let firewall_actor = FirewallActor::new( config.firewall, &consul_actor.rx_open_ports @@ -30,13 +38,16 @@ impl Diplonat { &consul_actor.rx_open_ports ).await?; - if firewall_actor.is_none() && igd_actor.is_none() { + if acme_actor.is_none() && + firewall_actor.is_none() && + igd_actor.is_none() { return Err(anyhow!( "At least enable *one* module, otherwise it's boring!")); } let ctx = Self { consul: consul_actor, + acme: acme_actor, firewall: firewall_actor, igd: igd_actor, }; @@ -45,12 +56,19 @@ impl Diplonat { } pub async fn listen(&mut self) -> Result<()> { + let acme = &mut self.acme; let firewall = &mut self.firewall; let igd = &mut self.igd; try_join!( self.consul.listen(), async { + match acme { + Some(x) => x.listen().await, + None => Ok(()) + } + }, + async { match firewall { Some(x) => x.listen().await, None => Ok(()) @@ -1,4 +1,4 @@ -use std::collections::HashSet; +// use std::collections::HashSet; use anyhow::{Result,Context}; use iptables; @@ -31,10 +31,11 @@ pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) } pub fn get_opened_ports(ipt: &iptables::IPTables) -> Result<messages::PublicExposedPorts> { - let mut ports = messages::PublicExposedPorts { - tcp_ports: HashSet::new(), - udp_ports: HashSet::new() - }; + let mut ports = messages::PublicExposedPorts::new(); + // let mut ports = messages::PublicExposedPorts { + // tcp_ports: HashSet::new(), + // udp_ports: HashSet::new() + // }; let list = ipt.list("filter", "DIPLONAT")?; let re = Regex::new(r"\-A.*? \-p (\w+).*\-\-dport (\d+).*?\-j ACCEPT").context("Regex matching open ports encountered an unexpected rule")?; diff --git a/src/fw_actor.rs b/src/fw_actor.rs index 29e6473..9000048 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -73,7 +73,8 @@ impl FirewallActor { let ports_to_open = messages::PublicExposedPorts { tcp_ports: diff_tcp, - udp_ports: diff_udp + udp_ports: diff_udp, + acme: HashSet::new() }; fw::open_ports(&self.ipt, ports_to_open)?; diff --git a/src/main.rs b/src/main.rs index 720edf8..48467d6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,3 +1,4 @@ +mod acme_actor; mod config; mod consul; mod consul_actor; diff --git a/src/messages.rs b/src/messages.rs index 09a7c14..86ba1b2 100644 --- a/src/messages.rs +++ b/src/messages.rs @@ -3,14 +3,16 @@ use std::collections::HashSet; #[derive(Debug, Clone, PartialEq, Eq)] pub struct PublicExposedPorts { pub tcp_ports: HashSet<u16>, - pub udp_ports: HashSet<u16> + pub udp_ports: HashSet<u16>, + pub acme: HashSet<String> } impl PublicExposedPorts { pub fn new() -> Self { return Self { tcp_ports: HashSet::new(), - udp_ports: HashSet::new() + udp_ports: HashSet::new(), + acme: HashSet::new() } } } |