Compare commits

..

6 Commits

23 changed files with 1671 additions and 47 deletions

3
.gitignore vendored
View File

@ -8,4 +8,5 @@ dist/
/.gitea-release
/agent-key.json
/apps
/server-key.json
/server-key.json
/.emissary-token

View File

@ -2,6 +2,7 @@ project_name: emissary
before:
hooks:
- go mod tidy
- go generate ./...
builds:
- id: emissary-server
env:

View File

@ -137,4 +137,7 @@ gitea-release: tools/gitea-release/bin/gitea-release.sh goreleaser
tools/gitea-release/bin/gitea-release.sh:
mkdir -p tools/gitea-release/bin
curl --output tools/gitea-release/bin/gitea-release.sh https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/gitea/gitea-release.sh
chmod +x tools/gitea-release/bin/gitea-release.sh
chmod +x tools/gitea-release/bin/gitea-release.sh
.emissary-token:
$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token > .emissary-token"

1
go.mod
View File

@ -16,6 +16,7 @@ require (
github.com/jackc/pgx/v5 v5.3.1
github.com/jedib0t/go-pretty/v6 v6.4.4
github.com/lestrrat-go/jwx/v2 v2.0.8
github.com/lithammer/shortuuid/v4 v4.0.0
github.com/mitchellh/mapstructure v1.5.0
github.com/pkg/errors v0.9.1
github.com/qri-io/jsonschema v0.2.1

2
go.sum
View File

@ -913,6 +913,8 @@ github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
github.com/lithammer/shortuuid/v4 v4.0.0 h1:QRbbVkfgNippHOS8PXDkti4NaWeyYfcBTHtw7k08o4c=
github.com/lithammer/shortuuid/v4 v4.0.0/go.mod h1:Zs8puNcrvf2rV9rTH51ZLLcj7ZXqQI3lv67aw4KiB1Y=
github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=

View File

@ -13,7 +13,7 @@ type User struct {
// Subject implements auth.User
func (u *User) Subject() string {
return fmt.Sprintf("agent#%d", u.agent.ID)
return fmt.Sprintf("agent-%d", u.agent.ID)
}
func (u *User) Agent() *datastore.Agent {

View File

@ -29,10 +29,7 @@ func CtxUser(ctx context.Context) (*User, error) {
return user, nil
}
var (
ErrUnauthenticated = errors.New("unauthenticated")
ErrForbidden = errors.New("forbidden")
)
var ErrUnauthenticated = errors.New("unauthenticated")
type User interface {
Subject() string
@ -55,7 +52,7 @@ func Middleware(authenticators ...Authenticator) func(http.Handler) http.Handler
for _, auth := range authenticators {
user, err = auth.Authenticate(ctx, r)
if err != nil {
logger.Warn(ctx, "could not authenticate request", logger.E(errors.WithStack(err)))
logger.Debug(ctx, "could not authenticate request", logger.E(errors.WithStack(err)))
continue
}
@ -71,6 +68,7 @@ func Middleware(authenticators ...Authenticator) func(http.Handler) http.Handler
return
}
ctx = logger.With(ctx, logger.F("user", user.Subject()))
ctx = context.WithValue(ctx, contextKeyUser, user)
h.ServeHTTP(w, r.WithContext(ctx))

View File

@ -27,9 +27,17 @@ func parseToken(ctx context.Context, keys jwk.Set, issuer string, rawToken strin
return token, nil
}
func GenerateToken(ctx context.Context, key jwk.Key, role Role) (string, error) {
func GenerateToken(ctx context.Context, key jwk.Key, issuer, subject string, role Role) (string, error) {
token := jwt.New()
if err := token.Set(jwt.SubjectKey, subject); err != nil {
return "", errors.WithStack(err)
}
if err := token.Set(jwt.IssuerKey, issuer); err != nil {
return "", errors.WithStack(err)
}
if err := token.Set(keyRole, role); err != nil {
return "", errors.WithStack(err)
}

View File

@ -17,7 +17,6 @@ import (
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"forge.cadoles.com/Cadoles/emissary/internal/machineid"
"github.com/pkg/errors"
_ "github.com/santhosh-tekuri/jsonschema/v5/httploader"
"github.com/urfave/cli/v2"
"gitlab.com/wpetit/goweb/logger"
)

View File

@ -18,7 +18,13 @@ func CountCommand() *cli.Command {
Flags: clientFlag.ComposeFlags(),
Action: func(ctx *cli.Context) error {
baseFlags := clientFlag.GetBaseFlags(ctx)
client := client.New(baseFlags.ServerURL)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
client := client.New(baseFlags.ServerURL, client.WithToken(token))
_, total, err := client.QueryAgents(ctx.Context)
if err != nil {

View File

@ -20,12 +20,17 @@ func GetCommand() *cli.Command {
Action: func(ctx *cli.Context) error {
baseFlags := clientFlag.GetBaseFlags(ctx)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
agentID, err := agentFlag.AssertAgentID(ctx)
if err != nil {
return errors.WithStack(err)
}
client := client.New(baseFlags.ServerURL)
client := client.New(baseFlags.ServerURL, client.WithToken(token))
agent, err := client.GetAgent(ctx.Context, agentID)
if err != nil {

View File

@ -18,7 +18,13 @@ func QueryCommand() *cli.Command {
Flags: clientFlag.ComposeFlags(),
Action: func(ctx *cli.Context) error {
baseFlags := clientFlag.GetBaseFlags(ctx)
client := client.New(baseFlags.ServerURL)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
client := client.New(baseFlags.ServerURL, client.WithToken(token))
agents, _, err := client.QueryAgents(ctx.Context)
if err != nil {

View File

@ -24,7 +24,12 @@ func GetCommand() *cli.Command {
return errors.WithStack(err)
}
client := client.New(baseFlags.ServerURL)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
client := client.New(baseFlags.ServerURL, client.WithToken(token))
specs, err := client.GetAgentSpecs(ctx.Context, agentID)
if err != nil {

View File

@ -61,7 +61,12 @@ func UpdateCommand() *cli.Command {
noPatch := ctx.Bool("no-patch")
client := client.New(baseFlags.ServerURL)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
client := client.New(baseFlags.ServerURL, client.WithToken(token))
specs, err := client.GetAgentSpecs(ctx.Context, agentID)
if err != nil {

View File

@ -26,6 +26,11 @@ func UpdateCommand() *cli.Command {
Action: func(ctx *cli.Context) error {
baseFlags := clientFlag.GetBaseFlags(ctx)
token, err := clientFlag.GetToken(baseFlags)
if err != nil {
return errors.WithStack(apierr.Wrap(err))
}
agentID, err := agentFlag.AssertAgentID(ctx)
if err != nil {
return errors.WithStack(err)
@ -38,7 +43,7 @@ func UpdateCommand() *cli.Command {
options = append(options, client.WithAgentStatus(status))
}
client := client.New(baseFlags.ServerURL)
client := client.New(baseFlags.ServerURL, client.WithToken(token))
agent, err := client.UpdateAgent(ctx.Context, agentID, options...)
if err != nil {

View File

@ -2,9 +2,13 @@ package flag
import (
"fmt"
"io/ioutil"
"os"
"strings"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/internal/format/table"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)
@ -28,6 +32,17 @@ func ComposeFlags(flags ...cli.Flag) []cli.Flag {
Usage: fmt.Sprintf("use `MODE` as output mode (available: %s)", []format.OutputMode{format.OutputModeCompact, format.OutputModeWide}),
Value: string(format.OutputModeCompact),
},
&cli.StringFlag{
Name: "token",
Aliases: []string{"t"},
Usage: "use `TOKEN` as authentification token",
},
&cli.StringFlag{
Name: "token-file",
Usage: "use `TOKEN_FILE` as file containing the authentification token",
Value: ".emissary-token",
TakesFile: true,
},
}
flags = append(flags, baseFlags...)
@ -39,16 +54,43 @@ type BaseFlags struct {
ServerURL string
Format format.Format
OutputMode format.OutputMode
Token string
TokenFile string
}
func GetBaseFlags(ctx *cli.Context) *BaseFlags {
serverURL := ctx.String("server")
rawFormat := ctx.String("format")
rawOutputMode := ctx.String("output-mode")
tokenFile := ctx.String("token-file")
token := ctx.String("token")
return &BaseFlags{
ServerURL: serverURL,
Format: format.Format(rawFormat),
OutputMode: format.OutputMode(rawOutputMode),
Token: token,
TokenFile: tokenFile,
}
}
func GetToken(flags *BaseFlags) (string, error) {
if flags.Token != "" {
return flags.Token, nil
}
if flags.TokenFile == "" {
return "", nil
}
rawToken, err := ioutil.ReadFile(flags.TokenFile)
if err != nil && !errors.Is(err, os.ErrNotExist) {
return "", errors.WithStack(err)
}
if rawToken == nil {
return "", nil
}
return strings.TrimSpace(string(rawToken)), nil
}

View File

@ -0,0 +1,54 @@
package auth
import (
"fmt"
"forge.cadoles.com/Cadoles/emissary/internal/auth/user"
"forge.cadoles.com/Cadoles/emissary/internal/command/common"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"github.com/lithammer/shortuuid/v4"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)
func CreateTokenCommand() *cli.Command {
return &cli.Command{
Name: "create-token",
Usage: "Create a new authentification token",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "role",
Usage: fmt.Sprintf("associate `ROLE` to the token (available: %v)", []user.Role{user.RoleReader, user.RoleWriter}),
Value: string(user.RoleReader),
},
&cli.StringFlag{
Name: "subject",
Usage: "associate `SUBJECT` to the token",
Value: fmt.Sprintf("user-%s", shortuuid.New()),
},
},
Action: func(ctx *cli.Context) error {
conf, err := common.LoadConfig(ctx)
if err != nil {
return errors.Wrap(err, "Could not load configuration")
}
subject := ctx.String("subject")
role := ctx.String("role")
key, err := jwk.LoadOrGenerate(string(conf.Server.PrivateKeyPath), jwk.DefaultKeySize)
if err != nil {
return errors.WithStack(err)
}
token, err := user.GenerateToken(ctx.Context, key, string(conf.Server.Issuer), subject, user.Role(role))
if err != nil {
return errors.WithStack(err)
}
fmt.Println(token)
return nil
},
}
}

View File

@ -6,8 +6,10 @@ import (
func Root() *cli.Command {
return &cli.Command{
Name: "auth",
Usage: "Authentication related commands",
Subcommands: []*cli.Command{},
Name: "auth",
Usage: "Authentication related commands",
Subcommands: []*cli.Command{
CreateTokenCommand(),
},
}
}

View File

@ -67,13 +67,18 @@
"type": "string"
},
"options": {
"type": "array",
"items": {
"$ref": "#/$defs/option"
}
"anyOf": [
{
"type": "array",
"items": {
"$ref": "#/$defs/option"
}
},
{ "type": "null" }
]
}
},
"required": ["name", "section", "options"],
"required": ["name"],
"additionalProperties": false
},
"option": {

View File

@ -3,6 +3,1475 @@
"data": {
"config": {
"packages": [
{
"name": "dhcp",
"configs": [
{
"name": "dnsmasq",
"options": [
{
"type": "option",
"name": "domainneeded",
"value": "1"
},
{
"type": "option",
"name": "boguspriv",
"value": "1"
},
{
"type": "option",
"name": "filterwin2k",
"value": "0"
},
{
"type": "option",
"name": "localise_queries",
"value": "1"
},
{
"type": "option",
"name": "rebind_protection",
"value": "1"
},
{
"type": "option",
"name": "rebind_localhost",
"value": "1"
},
{
"type": "option",
"name": "local",
"value": "/lan/"
},
{
"type": "option",
"name": "domain",
"value": "lan"
},
{
"type": "option",
"name": "expandhosts",
"value": "1"
},
{
"type": "option",
"name": "nonegcache",
"value": "0"
},
{
"type": "option",
"name": "authoritative",
"value": "1"
},
{
"type": "option",
"name": "readethers",
"value": "1"
},
{
"type": "option",
"name": "leasefile",
"value": "/tmp/dhcp.leases"
},
{
"type": "option",
"name": "resolvfile",
"value": "/tmp/resolv.conf.d/resolv.conf.auto"
},
{
"type": "option",
"name": "nonwildcard",
"value": "1"
},
{
"type": "option",
"name": "localservice",
"value": "1"
},
{
"type": "option",
"name": "ednspacket_max",
"value": "1232"
}
]
},
{
"name": "dhcp",
"section": "lan",
"options": [
{
"type": "option",
"name": "interface",
"value": "lan"
},
{
"type": "option",
"name": "start",
"value": "100"
},
{
"type": "option",
"name": "limit",
"value": "150"
},
{
"type": "option",
"name": "leasetime",
"value": "12h"
},
{
"type": "option",
"name": "dhcpv4",
"value": "server"
},
{
"type": "option",
"name": "dhcpv6",
"value": "server"
},
{
"type": "option",
"name": "ra",
"value": "server"
},
{
"type": "option",
"name": "ra_slaac",
"value": "1"
},
{
"type": "list",
"name": "ra_flags",
"value": "managed-config"
},
{
"type": "list",
"name": "ra_flags",
"value": "other-config"
}
]
},
{
"name": "dhcp",
"section": "wan",
"options": [
{
"type": "option",
"name": "interface",
"value": "wan"
},
{
"type": "option",
"name": "ignore",
"value": "1"
}
]
},
{
"name": "odhcpd",
"section": "odhcpd",
"options": [
{
"type": "option",
"name": "maindhcp",
"value": "0"
},
{
"type": "option",
"name": "leasefile",
"value": "/tmp/hosts/odhcpd"
},
{
"type": "option",
"name": "leasetrigger",
"value": "/usr/sbin/odhcpd-update"
},
{
"type": "option",
"name": "loglevel",
"value": "4"
}
]
}
]
},
{
"name": "dropbear",
"configs": [
{
"name": "dropbear",
"options": [
{
"type": "option",
"name": "PasswordAuth",
"value": "on"
},
{
"type": "option",
"name": "RootPasswordAuth",
"value": "on"
},
{
"type": "option",
"name": "Port",
"value": "22"
}
]
}
]
},
{
"name": "emissary",
"configs": [
{
"name": "main",
"section": "agent",
"options": [
{
"type": "option",
"name": "server_url",
"value": "http://192.168.30.15:3000"
},
{
"type": "option",
"name": "reconciliation_interval",
"value": "30"
}
]
}
]
},
{
"name": "firewall",
"configs": [
{
"name": "defaults",
"options": [
{
"type": "option",
"name": "syn_flood",
"value": "1"
},
{
"type": "option",
"name": "input",
"value": "ACCEPT"
},
{
"type": "option",
"name": "output",
"value": "ACCEPT"
},
{
"type": "option",
"name": "forward",
"value": "REJECT"
}
]
},
{
"name": "zone",
"options": [
{
"type": "option",
"name": "name",
"value": "lan"
},
{
"type": "list",
"name": "network",
"value": "lan"
},
{
"type": "option",
"name": "input",
"value": "ACCEPT"
},
{
"type": "option",
"name": "output",
"value": "ACCEPT"
},
{
"type": "option",
"name": "forward",
"value": "ACCEPT"
}
]
},
{
"name": "zone",
"options": [
{
"type": "option",
"name": "name",
"value": "wan"
},
{
"type": "list",
"name": "network",
"value": "wan"
},
{
"type": "list",
"name": "network",
"value": "wan6"
},
{
"type": "option",
"name": "input",
"value": "REJECT"
},
{
"type": "option",
"name": "output",
"value": "ACCEPT"
},
{
"type": "option",
"name": "forward",
"value": "REJECT"
},
{
"type": "option",
"name": "masq",
"value": "1"
},
{
"type": "option",
"name": "mtu_fix",
"value": "1"
}
]
},
{
"name": "forwarding",
"options": [
{
"type": "option",
"name": "src",
"value": "lan"
},
{
"type": "option",
"name": "dest",
"value": "wan"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-DHCP-Renew"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "udp"
},
{
"type": "option",
"name": "dest_port",
"value": "68"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
},
{
"type": "option",
"name": "family",
"value": "ipv4"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-Ping"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "icmp"
},
{
"type": "option",
"name": "icmp_type",
"value": "echo-request"
},
{
"type": "option",
"name": "family",
"value": "ipv4"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-IGMP"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "igmp"
},
{
"type": "option",
"name": "family",
"value": "ipv4"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-DHCPv6"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "udp"
},
{
"type": "option",
"name": "dest_port",
"value": "546"
},
{
"type": "option",
"name": "family",
"value": "ipv6"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-MLD"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "icmp"
},
{
"type": "option",
"name": "src_ip",
"value": "fe80::/10"
},
{
"type": "list",
"name": "icmp_type",
"value": "130/0"
},
{
"type": "list",
"name": "icmp_type",
"value": "131/0"
},
{
"type": "list",
"name": "icmp_type",
"value": "132/0"
},
{
"type": "list",
"name": "icmp_type",
"value": "143/0"
},
{
"type": "option",
"name": "family",
"value": "ipv6"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-ICMPv6-Input"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "icmp"
},
{
"type": "list",
"name": "icmp_type",
"value": "echo-request"
},
{
"type": "list",
"name": "icmp_type",
"value": "echo-reply"
},
{
"type": "list",
"name": "icmp_type",
"value": "destination-unreachable"
},
{
"type": "list",
"name": "icmp_type",
"value": "packet-too-big"
},
{
"type": "list",
"name": "icmp_type",
"value": "time-exceeded"
},
{
"type": "list",
"name": "icmp_type",
"value": "bad-header"
},
{
"type": "list",
"name": "icmp_type",
"value": "unknown-header-type"
},
{
"type": "list",
"name": "icmp_type",
"value": "router-solicitation"
},
{
"type": "list",
"name": "icmp_type",
"value": "neighbour-solicitation"
},
{
"type": "list",
"name": "icmp_type",
"value": "router-advertisement"
},
{
"type": "list",
"name": "icmp_type",
"value": "neighbour-advertisement"
},
{
"type": "option",
"name": "limit",
"value": "1000/sec"
},
{
"type": "option",
"name": "family",
"value": "ipv6"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-ICMPv6-Forward"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "dest",
"value": "*"
},
{
"type": "option",
"name": "proto",
"value": "icmp"
},
{
"type": "list",
"name": "icmp_type",
"value": "echo-request"
},
{
"type": "list",
"name": "icmp_type",
"value": "echo-reply"
},
{
"type": "list",
"name": "icmp_type",
"value": "destination-unreachable"
},
{
"type": "list",
"name": "icmp_type",
"value": "packet-too-big"
},
{
"type": "list",
"name": "icmp_type",
"value": "time-exceeded"
},
{
"type": "list",
"name": "icmp_type",
"value": "bad-header"
},
{
"type": "list",
"name": "icmp_type",
"value": "unknown-header-type"
},
{
"type": "option",
"name": "limit",
"value": "1000/sec"
},
{
"type": "option",
"name": "family",
"value": "ipv6"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-IPSec-ESP"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "dest",
"value": "lan"
},
{
"type": "option",
"name": "proto",
"value": "esp"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow-ISAKMP"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "dest",
"value": "lan"
},
{
"type": "option",
"name": "dest_port",
"value": "500"
},
{
"type": "option",
"name": "proto",
"value": "udp"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow SSH on WAN"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "tcp"
},
{
"type": "option",
"name": "dest_port",
"value": "22"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow HTTP on WAN"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "tcp"
},
{
"type": "option",
"name": "dest_port",
"value": "80"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow HTTPS on WAN"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "tcp"
},
{
"type": "option",
"name": "dest_port",
"value": "443"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow 8080 on WAN"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "tcp"
},
{
"type": "option",
"name": "dest_port",
"value": "8080"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
},
{
"name": "rule",
"options": [
{
"type": "option",
"name": "name",
"value": "Allow 8443 on WAN"
},
{
"type": "option",
"name": "src",
"value": "wan"
},
{
"type": "option",
"name": "proto",
"value": "tcp"
},
{
"type": "option",
"name": "dest_port",
"value": "8443"
},
{
"type": "option",
"name": "target",
"value": "ACCEPT"
}
]
}
]
},
{
"name": "luci",
"configs": [
{
"name": "core",
"section": "main",
"options": [
{
"type": "option",
"name": "lang",
"value": "auto"
},
{
"type": "option",
"name": "mediaurlbase",
"value": "/luci-static/bootstrap"
},
{
"type": "option",
"name": "resourcebase",
"value": "/luci-static/resources"
},
{
"type": "option",
"name": "ubuspath",
"value": "/ubus/"
}
]
},
{
"name": "extern",
"section": "flash_keep",
"options": [
{
"type": "option",
"name": "uci",
"value": "/etc/config/"
},
{
"type": "option",
"name": "dropbear",
"value": "/etc/dropbear/"
},
{
"type": "option",
"name": "openvpn",
"value": "/etc/openvpn/"
},
{
"type": "option",
"name": "passwd",
"value": "/etc/passwd"
},
{
"type": "option",
"name": "opkg",
"value": "/etc/opkg.conf"
},
{
"type": "option",
"name": "firewall",
"value": "/etc/firewall.user"
},
{
"type": "option",
"name": "uploads",
"value": "/lib/uci/upload/"
}
]
},
{
"name": "internal",
"section": "languages",
"options": null
},
{
"name": "internal",
"section": "sauth",
"options": [
{
"type": "option",
"name": "sessionpath",
"value": "/tmp/luci-sessions"
},
{
"type": "option",
"name": "sessiontime",
"value": "3600"
}
]
},
{
"name": "internal",
"section": "ccache",
"options": [
{
"type": "option",
"name": "enable",
"value": "1"
}
]
},
{
"name": "internal",
"section": "themes",
"options": [
{
"type": "option",
"name": "Bootstrap",
"value": "/luci-static/bootstrap"
},
{
"type": "option",
"name": "BootstrapDark",
"value": "/luci-static/bootstrap-dark"
},
{
"type": "option",
"name": "BootstrapLight",
"value": "/luci-static/bootstrap-light"
}
]
},
{
"name": "internal",
"section": "apply",
"options": [
{
"type": "option",
"name": "rollback",
"value": "90"
},
{
"type": "option",
"name": "holdoff",
"value": "4"
},
{
"type": "option",
"name": "timeout",
"value": "5"
},
{
"type": "option",
"name": "display",
"value": "1.5"
}
]
},
{
"name": "internal",
"section": "diag",
"options": [
{
"type": "option",
"name": "dns",
"value": "openwrt.org"
},
{
"type": "option",
"name": "ping",
"value": "openwrt.org"
},
{
"type": "option",
"name": "route",
"value": "openwrt.org"
}
]
}
]
},
{
"name": "network",
"configs": [
{
"name": "interface",
"section": "loopback",
"options": [
{
"type": "option",
"name": "ifname",
"value": "lo"
},
{
"type": "option",
"name": "proto",
"value": "static"
},
{
"type": "option",
"name": "ipaddr",
"value": "127.0.0.1"
},
{
"type": "option",
"name": "netmask",
"value": "255.0.0.0"
}
]
},
{
"name": "interface",
"section": "wan",
"options": [
{
"type": "option",
"name": "ifname",
"value": "eth0"
},
{
"type": "option",
"name": "proto",
"value": "dhcp"
}
]
}
]
},
{
"name": "rpcd",
"configs": [
{
"name": "rpcd",
"options": [
{
"type": "option",
"name": "socket",
"value": "/var/run/ubus/ubus.sock"
},
{
"type": "option",
"name": "timeout",
"value": "30"
}
]
},
{
"name": "login",
"options": [
{
"type": "option",
"name": "username",
"value": "root"
},
{
"type": "option",
"name": "password",
"value": "$p$root"
},
{
"type": "list",
"name": "read",
"value": "*"
},
{
"type": "list",
"name": "write",
"value": "*"
}
]
}
]
},
{
"name": "system",
"configs": [
{
"name": "system",
"options": [
{
"type": "option",
"name": "hostname",
"value": "OpenWrt"
},
{
"type": "option",
"name": "timezone",
"value": "UTC"
},
{
"type": "option",
"name": "ttylogin",
"value": "0"
},
{
"type": "option",
"name": "log_size",
"value": "64"
},
{
"type": "option",
"name": "urandom_seed",
"value": "0"
}
]
},
{
"name": "timeserver",
"section": "ntp",
"options": [
{
"type": "option",
"name": "enabled",
"value": "1"
},
{
"type": "option",
"name": "enable_server",
"value": "0"
},
{
"type": "list",
"name": "server",
"value": "0.openwrt.pool.ntp.org"
},
{
"type": "list",
"name": "server",
"value": "1.openwrt.pool.ntp.org"
},
{
"type": "list",
"name": "server",
"value": "2.openwrt.pool.ntp.org"
},
{
"type": "list",
"name": "server",
"value": "3.openwrt.pool.ntp.org"
}
]
}
]
},
{
"name": "ucitrack",
"configs": [
{
"name": "network",
"options": [
{
"type": "option",
"name": "init",
"value": "network"
},
{
"type": "list",
"name": "affects",
"value": "dhcp"
}
]
},
{
"name": "wireless",
"options": [
{
"type": "list",
"name": "affects",
"value": "network"
}
]
},
{
"name": "firewall",
"options": [
{
"type": "option",
"name": "init",
"value": "firewall"
},
{
"type": "list",
"name": "affects",
"value": "luci-splash"
},
{
"type": "list",
"name": "affects",
"value": "qos"
},
{
"type": "list",
"name": "affects",
"value": "miniupnpd"
}
]
},
{
"name": "olsr",
"options": [
{
"type": "option",
"name": "init",
"value": "olsrd"
}
]
},
{
"name": "dhcp",
"options": [
{
"type": "option",
"name": "init",
"value": "dnsmasq"
},
{
"type": "list",
"name": "affects",
"value": "odhcpd"
}
]
},
{
"name": "odhcpd",
"options": [
{
"type": "option",
"name": "init",
"value": "odhcpd"
}
]
},
{
"name": "dropbear",
"options": [
{
"type": "option",
"name": "init",
"value": "dropbear"
}
]
},
{
"name": "httpd",
"options": [
{
"type": "option",
"name": "init",
"value": "httpd"
}
]
},
{
"name": "fstab",
"options": [
{
"type": "option",
"name": "exec",
"value": "/sbin/block mount"
}
]
},
{
"name": "qos",
"options": [
{
"type": "option",
"name": "init",
"value": "qos"
}
]
},
{
"name": "system",
"options": [
{
"type": "option",
"name": "init",
"value": "led"
},
{
"type": "option",
"name": "exec",
"value": "/etc/init.d/log reload"
},
{
"type": "list",
"name": "affects",
"value": "luci_statistics"
},
{
"type": "list",
"name": "affects",
"value": "dhcp"
}
]
},
{
"name": "luci_splash",
"options": [
{
"type": "option",
"name": "init",
"value": "luci_splash"
}
]
},
{
"name": "upnpd",
"options": [
{
"type": "option",
"name": "init",
"value": "miniupnpd"
}
]
},
{
"name": "ntpclient",
"options": [
{
"type": "option",
"name": "init",
"value": "ntpclient"
}
]
},
{
"name": "samba",
"options": [
{
"type": "option",
"name": "init",
"value": "samba"
}
]
},
{
"name": "tinyproxy",
"options": [
{
"type": "option",
"name": "init",
"value": "tinyproxy"
}
]
}
]
},
{
"name": "uhttpd",
"configs": [
@ -23,12 +1492,12 @@
{
"type": "list",
"name": "listen_https",
"value": "0.0.0.0:8443"
"value": "0.0.0.0:4443"
},
{
"type": "list",
"name": "listen_https",
"value": "[::]:8443"
"value": "[::]:4443"
},
{
"type": "option",

View File

@ -1,3 +1,6 @@
logger:
level: 1
format: human
agent:
serverUrl: http://127.0.0.1:3000
privateKeyPath: /var/lib/emissary/agent-key.json

View File

@ -1,24 +1,27 @@
http:
host: 0.0.0.0
port: 3000
logger:
level: 1
format: human
database:
driver: sqlite
dsn: sqlite:///var/lib/emissary/data.sqlite
cors:
allowedOrigins: []
allowCredentials: true
allowMethods:
- POST
- GET
- PUT
- DELETE
allowedHeaders:
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
server:
privateKeyPath: /var/lib/emissary/server-key.json
issuer: http://127.0.0.1:3000
http:
host: 0.0.0.0
port: 3000
database:
driver: sqlite
dsn: sqlite:///var/lib/emissary/data.sqlite
cors:
allowedOrigins: []
allowCredentials: true
allowMethods:
- POST
- GET
- PUT
- DELETE
allowedHeaders:
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
debug: false

View File

@ -6,7 +6,8 @@ tmp/config.yml
prep: make build-emissary
prep: make tmp/server.yml
prep: make tmp/agent.yml
prep: make run-emissary-server EMISSARY_CMD="--debug --config tmp/agent.yml server database migrate"
prep: make run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server database migrate"
prep: make .emissary-token
daemon: make run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server run"
daemon: make run-emissary-agent EMISSARY_CMD="--debug --config tmp/agent.yml agent run"
}