README
¶
sequenceDiagram
nerf (GUI)->>nerf (GUI): Download Nebula to /opt/nebula/nebula
nerf (GUI)->>GitHub: Authorize
GitHub-->>nerf (GUI): Authorized
nerf (GUI)->>nerf-api: Connect (gRPC over UNIX socket)
nerf-api->>nerf-server: Connect (gRPC over TCP socket)
nerf-api->>nerf-api: Autodiscover all VPN endpoints through DNS SRV record
nerf-api->>nerf-api: Probe all VPN endpoints via gRPC to find the fastest endpoint
nerf-api->>nerf-server: Get generated config.yml for Nebula with appropriate IP and Groups
nerf-server->>nerf-server: Generate config.yml
nerf-server-->>nerf-api: Send config.yml
nerf-api->>nebula: Start Nebul
nerf (GUI)->>nerf-api: Disconnect
nerf-api->>nerf-server: Disconnect
nerf (GUI)->>nerf-api: Quit
nerf-api->>nerf-server: Disconnect
Compile
Server
export OAUTH_MASTER_TOKEN=<masterToken> # OAuth token with 'read:org' scope
export OAUTH_ORGANIZATION=<githubOrganization> # Github organization
make check # Run linters, formatters, etc.
make server # For Linux amd64 only
Client
sudo apt install libappindicator3-dev gir1.2-appindicator3-0.1
export OAUTH_CLIENT_ID=<clientID> # OAuth application client id with 'user:email' scope
export OAUTH_CLIENT_SECRET=<clientSecret> # OAuth application client secret
export DNS_AUTODISCOVER_ZONE=<dnsZone> # DNS zone to discover VPN endpoints. E.g.: example.org
make check # Run linters, formatters, etc.
make darwin-client # For MacOS
make linux-client # For Linux
make deb # Build Ubuntu/Debian .deb package
Start
Server
Usage of ./nerf-server:
-gaidysUrl string
Set URL for Gaidys service (IPAM)
-help
Print command line usage
-lighthouse string
Set the lighthouse. E.g.: <NebulaIP>:<PublicIP>
-log-level string
Set the logging level - values are 'debug', 'info', 'warn', and 'error' (default "info")
The server is needed to generate config.yml for Nebula. To start a server type:
./nerf-server -lighthouse 172.16.0.1:193.219.12.13
Client
API for GUI
This is the gRPC API for GUI to talk
sudo chown root ./nerf-api
sudo chmod +s ./nerf-api
./nerf-api -log-level debug
Start GUI
./nerf
Building application for OSX
To build an application for OSX it's recommended to use Packages application (easiest).
After running make darwin-client, the binary is copied to osx/Nerf.app/Contents/MacOS/nerf, and the whole structure is created for the app.
In payload section right click on Applications and Add files. Add osx/Nerf.app.
Also add osx/LaunchDaemons/com.ton31337.nerf.app.launchd.plist under /Library/LaunchDaemons.
Below, under /Library, create a new directory Services/Nerf and put ./nerf-api.
It's IMPORTANT to set SetUID bit for the owner (root:wheel).
Put pre-install and post-install scripts located in osx/scripts accordingly.
Installing a package
./osx/scripts/install.sh
Uninstall a package
./osx/scripts/uninstall.sh
Documentation
¶
Overview ¶
Package nerf is a generated protocol buffer package.
It is generated from these files:
nerf.proto
It has these top-level messages:
PingRequest PingResponse Request Response ApiResponse Notify
Index ¶
- Variables
- func Auth()
- func NebulaAddLightHouseStaticRoute(e *Endpoint) error
- func NebulaClientIP() (net.IPNet, error)
- func NebulaDir() string
- func NebulaDownload() (err error)
- func NebulaExecutable() string
- func NebulaGenerateCertificate(userTeams []string)
- func NebulaGenerateConfig(userTeams []string) (string, error)
- func NebulaSetNameServers(e *Endpoint, NameServers []string, save bool) error
- func NebulaStart() (int, error)
- func RegisterApiServer(s *grpc.Server, srv ApiServer)
- func RegisterServerServer(s *grpc.Server, srv ServerServer)
- func StopApi()
- func StringToLogLevel(level string) zapcore.Level
- type Api
- type ApiClient
- type ApiResponse
- type ApiServer
- type Certificate
- type Config
- type Endpoint
- type GaidysResponse
- type LightHouse
- type Nebula
- type NerfMutex
- type Notify
- type PingRequest
- type PingResponse
- type Request
- type Response
- func (*Response) Descriptor() ([]byte, []int)
- func (m *Response) GetClientIP() string
- func (m *Response) GetConfig() string
- func (m *Response) GetLightHouseIP() string
- func (m *Response) GetTeams() []string
- func (*Response) ProtoMessage()
- func (m *Response) Reset()
- func (m *Response) String() string
- type Server
- type ServerClient
- type ServerConfig
- type ServerServer
- type Teams
- type TokenSource
Constants ¶
This section is empty.
Variables ¶
var DNSAutoDiscoverZone string
DNSAutoDiscoverZone compile-time derived from -Xgithub.com/ton31337/nerf.DNSAutoDiscoverZone E.g.: example.com which will be combined to _vpn._udp.example.com SRV query
var OauthClientID string
OauthClientID compile-time derived from -X github.com/ton31337/nerf.OauthClientID
var OauthClientSecret string
OauthClientSecret compile-time derived from -X github.com/ton31337/nerf.OauthClientSecret
var OauthMasterToken string
OauthMasterToken compile-time derived from -X github.com/ton31337/nerf.OauthMasterToken
var OauthOrganization string
OauthOrganization compile-time derived from -X github.com/ton31337/nerf.OauthOrganization E.g.: example which will be used to retrieve teams by username from GitHub in this org.
Functions ¶
func NebulaAddLightHouseStaticRoute ¶
NebulaAddLightHouseStaticRoute add static route towards fastest gRPC server via default route
func NebulaClientIP ¶
NebulaClientIP returns client's IP from IPAM
func NebulaDir ¶
func NebulaDir() string
NebulaDir absolute paths to the directory of Nebula configurations and binaries
func NebulaDownload ¶
func NebulaDownload() (err error)
NebulaDownload used to download Nebula binary
func NebulaExecutable ¶
func NebulaExecutable() string
NebulaExecutable show full path of Nebula executable
func NebulaGenerateCertificate ¶
func NebulaGenerateCertificate(userTeams []string)
NebulaGenerateCertificate generate ca.crt, client.crt, client.key for Nebula
func NebulaGenerateConfig ¶
NebulaGenerateConfig generate config.yml
func NebulaSetNameServers ¶
NebulaSetNameServers set name server for the client to self
func RegisterApiServer ¶
func RegisterServerServer ¶
func RegisterServerServer(s *grpc.Server, srv ServerServer)
func StopApi ¶
func StopApi()
StopApi handled for disconnect and quit. Or even nerf-api crash interruption.
func StringToLogLevel ¶
StringToLogLevel convert loglevel string into zapCore.Level enum
Types ¶
type Api ¶
type Api struct {
}
Api interface for Protobuf service
func (*Api) Disconnect ¶
Disconnect used to notify API about initiated disconnect
func (*Api) Ping ¶
func (s *Api) Ping(ctx context.Context, in *PingRequest) (*PingResponse, error)
type ApiClient ¶
type ApiClient interface {
Connect(ctx context.Context, in *Request, opts ...grpc.CallOption) (*ApiResponse, error)
Disconnect(ctx context.Context, in *Notify, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error)
}
func NewApiClient ¶
func NewApiClient(cc *grpc.ClientConn) ApiClient
type ApiResponse ¶
type ApiResponse struct {
ClientIP string `protobuf:"bytes,1,opt,name=clientIP" json:"clientIP,omitempty"`
RemoteIP string `protobuf:"bytes,2,opt,name=remoteIP" json:"remoteIP,omitempty"`
}
func (*ApiResponse) Descriptor ¶
func (*ApiResponse) Descriptor() ([]byte, []int)
func (*ApiResponse) GetClientIP ¶
func (m *ApiResponse) GetClientIP() string
func (*ApiResponse) GetRemoteIP ¶
func (m *ApiResponse) GetRemoteIP() string
func (*ApiResponse) ProtoMessage ¶
func (*ApiResponse) ProtoMessage()
func (*ApiResponse) Reset ¶
func (m *ApiResponse) Reset()
func (*ApiResponse) String ¶
func (m *ApiResponse) String() string
type ApiServer ¶
type ApiServer interface {
Connect(context.Context, *Request) (*ApiResponse, error)
Disconnect(context.Context, *Notify) (*google_protobuf.Empty, error)
Ping(context.Context, *PingRequest) (*PingResponse, error)
}
type Certificate ¶
Certificate struct for certificates generated for Nebula
func NewCertificate ¶
func NewCertificate(Ca string, Crt string, Key string) *Certificate
NewCertificate stores ca.crt, client.crt, client.key
type Config ¶
type Config struct {
Logger *zap.Logger
OAuth *oauth2.Config
Token string
ListenAddr string
Login string
Endpoints map[string]Endpoint
CurrentEndpoint *Endpoint
SavedNameServers []string
NebulaPid *int
Connected bool
ClientIP string
}
Config struct to store all the relevant data for a client
var Cfg Config
Cfg is a global configuration for Nerf client
type Endpoint ¶
Endpoint struct to store all the relevant data about gRPC server, which generates and returns data for Nebula.
func GetFastestEndpoint ¶
func GetFastestEndpoint() Endpoint
GetFastestEndpoint returns fastest gRPC endpoint
type GaidysResponse ¶
type LightHouse ¶
LightHouse struct to define Nebula internal (overlay) IP address, and public (how to reach the real host in the mesh) IP address.
type Nebula ¶
type Nebula struct {
Certificate *Certificate
LightHouse *LightHouse
}
Nebula struct to store all the relevant data to generate config.yml for Nebula
type Notify ¶
type Notify struct {
Login string `protobuf:"bytes,1,opt,name=login" json:"login,omitempty"`
}
func (*Notify) Descriptor ¶
func (*Notify) ProtoMessage ¶
func (*Notify) ProtoMessage()
type PingRequest ¶
type PingRequest struct {
Data int64 `protobuf:"varint,1,opt,name=data" json:"data,omitempty"`
Login string `protobuf:"bytes,2,opt,name=login" json:"login,omitempty"`
}
func (*PingRequest) Descriptor ¶
func (*PingRequest) Descriptor() ([]byte, []int)
func (*PingRequest) GetData ¶
func (m *PingRequest) GetData() int64
func (*PingRequest) GetLogin ¶
func (m *PingRequest) GetLogin() string
func (*PingRequest) ProtoMessage ¶
func (*PingRequest) ProtoMessage()
func (*PingRequest) Reset ¶
func (m *PingRequest) Reset()
func (*PingRequest) String ¶
func (m *PingRequest) String() string
type PingResponse ¶
type PingResponse struct {
Data int64 `protobuf:"varint,1,opt,name=data" json:"data,omitempty"`
}
func (*PingResponse) Descriptor ¶
func (*PingResponse) Descriptor() ([]byte, []int)
func (*PingResponse) GetData ¶
func (m *PingResponse) GetData() int64
func (*PingResponse) ProtoMessage ¶
func (*PingResponse) ProtoMessage()
func (*PingResponse) Reset ¶
func (m *PingResponse) Reset()
func (*PingResponse) String ¶
func (m *PingResponse) String() string
type Request ¶
type Request struct {
Login string `protobuf:"bytes,1,opt,name=login" json:"login,omitempty"`
Token string `protobuf:"bytes,2,opt,name=token" json:"token,omitempty"`
}
func (*Request) Descriptor ¶
func (*Request) ProtoMessage ¶
func (*Request) ProtoMessage()
type Response ¶
type Response struct {
Config string `protobuf:"bytes,1,opt,name=config" json:"config,omitempty"`
ClientIP string `protobuf:"bytes,2,opt,name=clientIP" json:"clientIP,omitempty"`
Teams []string `protobuf:"bytes,3,rep,name=teams" json:"teams,omitempty"`
LightHouseIP string `protobuf:"bytes,4,opt,name=lightHouseIP" json:"lightHouseIP,omitempty"`
}
func (*Response) Descriptor ¶
func (*Response) GetClientIP ¶
func (*Response) GetLightHouseIP ¶
func (*Response) ProtoMessage ¶
func (*Response) ProtoMessage()
type Server ¶
type Server struct {
}
Server interface for Protobuf service
func (*Server) Disconnect ¶
Disconnect - notify the server about disconnection
func (*Server) Ping ¶
func (s *Server) Ping(ctx context.Context, in *PingRequest) (*PingResponse, error)
Ping get timestamp in milliseconds
type ServerClient ¶
type ServerClient interface {
Connect(ctx context.Context, in *Request, opts ...grpc.CallOption) (*Response, error)
Disconnect(ctx context.Context, in *Notify, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error)
}
func NewServerClient ¶
func NewServerClient(cc *grpc.ClientConn) ServerClient
type ServerConfig ¶
type ServerConfig struct {
Logger *zap.Logger
Login string
Nebula *Nebula
Teams *Teams
GaidysUrl string
}
ServerConfig struct to store all the relevant data for a server
var ServerCfg ServerConfig
ServerCfg is a global configuration for Nerf server
func NewServerConfig ¶
func NewServerConfig() ServerConfig
type ServerServer ¶
type Teams ¶
Teams struct to store all the relevant data about Github Teams.
type TokenSource ¶
type TokenSource struct {
AccessToken string
}
TokenSource defines Access Token for Github
Source Files
Directories