add source

Author: reddec

.gitignore

@@ -0,0 +1,5 @@
+.idea
+/sample
+/build
+/test
+/dist

.goreleaser.yml

@@ -0,0 +1,36 @@
+project_name: tinc-boot
+builds:
+- main: ./cmd/tinc-boot/main.go
+  binary: tinc-boot
+  env:
+  - CGO_ENABLED=0
+  goarch:
+    - amd64
+    - 386
+    - arm
+    - arm64
+  goarm:
+    - 5
+    - 6
+    - 7
+  goos:
+    - linux
+  gcflags:
+    - all=-trimpath={{.Env.GOPATH}}
+  flags:
+    - -trimpath
+archives:
+- replacements:
+    Linux: linux
+    386: i386
+  format: tar.gz
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'

README.md

@@ -0,0 +1,126 @@
+# Overview
+
+Idea to create a easy-to-use wrapper over [tinc vpn](https://www.tinc-vpn.org).
+
+Tinc VPN - is full-mesh, auto-healing, time-proofed VPN system without single point of failure, with high-throughput and
+serious cryptography. 
+All nodes in a Tinc network are fully equal. New nodes discovering full topology through any entry point. 
+Node may interact with each other even if they don't have direct connections.
+
+Tinc is a great and have a lot of features. It's ideal for a complicated situations (China, Russia and others). 
+I really admire the project.
+
+![transit](https://user-images.githubusercontent.com/6597086/65304801-1b4ae480-dbb4-11e9-933f-b890242358ab.png)
+
+**But...** it's pain to configure and maintain.
+
+Pain to create a new node. Pain to add new node to network.
+
+Minimal configuration for a first public node: 
+
+* 2 files (tinc.conf, hostfile), 
+* 1 script (tinc-up), 
+* 2 directories (net, hosts), 
+* 1 command execution (key generation).
+
+(let's not count service initialization and other common stuff)
+
+Second node adds key exchange (+1 operation if we will use `rsync`, or +2 operations if manually).
+
+![second_node](https://user-images.githubusercontent.com/6597086/65304124-72e85080-dbb2-11e9-939f-6359095dbe54.png)
+
+Next new public nodes require increasing number of additional operations (+N operations, where N is a number of public nodes).
+
+![third_node](https://user-images.githubusercontent.com/6597086/65304303-df634f80-dbb2-11e9-8b9a-32bd4c6b9c46.png)
+
+
+> To be honest, to just to connect to the network an only single key exchange operation required: with any public node. 
+> Than tincd will discover all other nodes.
+>
+> **But** after your node disconnect/reboot and in case of death of your entry node you will be no more able to connect 
+> to other alive nodes (because they don't know your key and your node don't know theirs).
+
+
+
+**Tinc-boot** - is a all-in-one tool with zero dependency (except `tinc` of course), that aims to achieve:
+
+1. one-line node initialization
+2. automatic keys distribution
+3. simplified procedure to add new node to existent net
+
+
+## Installation
+
+* (recommended) look at releases page and download
+* build from source `go get -v github.com/reddec/tinc-boot/cmd/...`
+
+### Build requirements
+
+* go 1.13+
+
+## Runtime requirements
+
+* Linux
+* `tincd 1.10.xx`
+* `bash`
+* (recommended) `systemd`
+
+## Tested operation systems
+
+* Ubuntu 18.04 x64
+* Archlinux (Q1 2019) x64
+* Manjaro (Q1 2019) x64
+
+Should work on all major linux systems, except generated helpers useful only for systemd-based OS. 
+
+
+# Quick start
+
+Download/build binary to `/usr/local/bin/tinc-boot`.
+
+## First node
+
+```
+sudo tinc-boot gen --standalone -a <PUBLIC ADDRESS>
+```
+
+and follow recommendations
+
+### Explanation
+
+* `--standalone` means that it's a first node, no need for keys exchange
+* `-a <address>` sets public address of node (if exists); could be used several times 
+
+Will generate all required files under `/etc/tinc/dnet`.
+
+## Turn node to boot node
+
+```
+sudo tinc-boot bootnode --service --dir /etc/tinc/dnet --token <SECRETTOKEN>
+```
+
+and follow recommendations
+
+### Explanation
+
+* `--service` generates systemd file to `/etc/systemd/system/tinc-boot-{net}.service`
+* `--dir` location of tinc configuration
+* `--token` set's authorization token that will be used by clients 
+
+## Create another node and join to net
+
+```
+sudo tinc-boot gen --token <SECRETTOKEN> <PUBLIC ADDRESS>:8655
+```
+
+> Don't forget add `-a <NODE ADDRESS>` if applicable
+
+and follow recommendations
+
+# How it works
+
+TBD
+
+# TODO
+
+* generate script with token to redistribute all-in-one to end-users

_docs/diagrams/second_node.drawio

@@ -0,0 +1 @@
+<mxfile modified="2019-09-20T06:24:34.057Z" host="www.draw.io" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36" etag="o2XcR6PpeDW3ecr9oysl" version="11.2.9" type="device" pages="1"><diagram id="n3g4DslWbVnhe9REuUzu" name="Page-1">zZVNb9swDIZ/jY8rYjtp1mvd9APYhg05tD0KFmerlU1DoWu7v35STH8tc9AORbZLID4kJZHUG3thlNU3RhTpV5SgvWAhay+88oJguVraXweaFqzDixYkRskW+QPYqldguGBaKgm7SSAhalLFFMaY5xDThAljsJqG/UQ9PbUQCRyAbSz0Ib1XklKm/vnF4LgFlaR89Odg3Toy0QVzJbtUSKxGKNx4YWQQqV1ldQTa9a7rS5t3PePtL2Ygp7ckXIrvrw/LmziX6ttdtCqiH1vzKWx3eRG65IJzO0GHnqHhe1PTNQOk7Q2baCjFBHOhNwO9NFjmEtyJC2sNMV8QCwt9C5+AqOFBi5LQopQyzV6oFT249LMVW4+8mVtf1WOj6YycTDNKcubj2Dek7a0ur63PFTXbUkY7LE0MR/rYPU1hEqAjcUE/eCsYwAzsfWyeAS1IvUzvIfjpJn3cMF274AG/Y9j+3LB/H7PWVl5unFWqCLaF2NdeWYFPh8X7gSGoj7fwsGRO6IXO/w+9XKpBbWtG6UhnHfvwJi3/2CT/f1OE/1eK8E+niOCNiph5HqdRRDA37H+oiPBkgrDm8PnZ+0bf8HDzCw==</diagram></mxfile>

_docs/diagrams/third_node.drawio

@@ -0,0 +1 @@
+<mxfile modified="2019-09-20T06:27:46.755Z" host="www.draw.io" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36" etag="hdCTx4tFTckrNGlkylh3" version="11.2.9" type="device" pages="1"><diagram id="n3g4DslWbVnhe9REuUzu" name="Page-1">1VfBctowEP0ajmFkC0N9bAhJO9N20uFQctTgxVYqLI8Qwc7XV8ZryyKYBKYFemG8T6vV6uk9YffoeJk/KJYl32UEoueTKO/Ru57vD4KB+S2BogKGIamAWPGogjwLTPkrIFinrXkEKydRSyk0z1xwLtMU5trBmFJy46YtpHBXzVgMb4DpnIm36C8e6QRRbxjagS/A4wSX/uSPqoElq5NxJ6uERXLTguikR8dKSl09LfMxiJK7mpdq3n3HaNOYglR/ZMIte3ydDR7macR/fB0H2fjnVN1gsy9MrHHDqTnBEvoNBfati5oMiAw3GEqlExnLlImJRW+VXKcRlCsSE9mcb1JmBvQM+AxaF3jQbK2lgRK9FDgKOdezcno/wOipNXKXY+VtUNRBqlUxq9PK4MlWKEM7bRvV86r9lZvqpBShlVyrORzgsZYmUzHoA3lBc/DGMCCXYPox89AtpE+DEZZCv3hBFSoQTPMXt1OG4o6bSk3xR8nNHmyKXCxWprOWQMxDqwcLbWVzhIS8LgntikcIY9pSJJuEa5hmbMvoxlwbrgSwHigN+eGD6SSyuT6QxcaEG+vhEUJJy701to9Yh7ejSdrPknd5o3nH24w4Njufyfy/ZLJh6FNXHuQUk31WihWthKy03GqPB3Hh0NUkHZIdWVUFz25gv0uaFzQwvTL/hns5otdlX3KCfb3z2Tf4oH0PK+OG9ElIQtdKJ/n3rH+S5FoFRNoCal663pOQfbe6UhH574ko+M9es4IuAV3wlvZ2rmka/LNr2oT2U6ni1H5v0skf</diagram></mxfile>

_docs/diagrams/transit.drawio

@@ -0,0 +1 @@
+<mxfile modified="2019-09-20T06:36:35.539Z" host="www.draw.io" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36" etag="7nU4MMjqwcQ3Rq4wiZzN" version="11.2.9" type="device" pages="1"><diagram id="n3g4DslWbVnhe9REuUzu" name="Page-1">7Vlbb9s6DP41eUxgW3Yuj01abwO2gx70Ydujaiu2VsUyZKVJ+utH2fJVXi5t0mbAArQRKYqS+JEUpQzQYrX9JHAaf+MhYQPHCrcDdDtwHNdz4b9i7ArGeGYVjEjQsGDZNeOBvhDNLMXWNCRZS1ByziRN28yAJwkJZIuHheCbttiSs/asKY6IwXgIMDO532koY821x7O64zOhUaynnjqTomOFS2G9kyzGId80WOhugBaCc1m0VtsFYcp2pV2Kcf4fequFCZLIYwbM8f3LD/dTkIT0vy8LL138/yCGWsszZmu94QQQRHrFcleaAVSBxYGYb2IqyUOKA9WzAcyBF8sVA8qGptZHhCTbPy7UrrYPbkP4ikixAxE9ACFtMe0ytqfpTQ3ARLPihulLHtaQR5Xm2irQ0IY5xUjIsFJIhfI2w0whOI8muZAxj3iC2V3NnQu+TkKiZrOAqmW+cp5qE/4iUu50JOC15G0Dky2VP9Twkaepn1qZat9um8SuJBIwQ2OQIn+W+hRRD8upclwmsZA3KoqAETCcZTQo2T5lbczV3vcjDqbiaxGQPaZ2dIhjERG5R87r9yBBGJb0ub2O8/vDxPCHR8aDJ4D1Ax3CbrpD5Rz9DtEGVvAs68BaCAn+RBaccZFvBvm+NbUKLwm7g4HVGPoBHrE/pwytkT0ea9yO9hKt7p5TWHUtwpfLjEjDjapZX+9ZTm86tk23esd0bE/b6RjZH52O3StMx6dEX52Om8m4kZuvJh17bwu+90nHXm/QOFcVNB9fw5hW+hc0lwka++8oYsZX6BDnKGqtv9ch3ppG86GwNbxrCKSqesl6yhmdqsZeO1PZnWtkRxztl4dGsYCz1kWlBa+qMLq6a+rUMJJhnyzGqWrSVf7u0bSIsgUNMLthNEqAJ1XsVtyv+JGwe55RSbnqfeRS8hUIMNUxx8FTlGeBxnVhmX9AJJ/sJkuL9xkVg7gklnSr8sZcr+c2llI97NwoSzh+ECZoRAOeLCnkFzEKYEbHD7HE8KX44Nb+kuEoGyKo7X0EtxMYFdMEDxOsVorZcMMFC8GDpqM0ic4Cuztqh4Azcw3kPdtE3rtYLp+djvw5gO13mX5wW/g34a7QZruArFejR/oCxCYdAr5SYeL465RxHCqwHUtdvn0LDO6Lp2ToetYW/nJozxTUXXSR65noTnrQnVwI3fIBsYGuFDgBxAyQg7V4zs9hu3NLr465RsAb93sLPr5//BHZW8btPbPPeKg6/TA2QepJviXvtU8A2ksqPd07camiWL4ete80ddqKHKujqKgZDEWnHvLdBRuPxYfk3RPlD1QRzrR/3xetIkqcrzaQrKMDqSp+qyfcY0rfc4ff60va9wlT4+nKeWWYulan1nMvE6b27LSw627wUNjZ6Ej9ZT86EMZtdbMD0rZ3ijhyT9KOuk8ub7uYqAKj+m2uEK9/4ER3vwE=</diagram></mxfile>

cmd/tinc-boot/forget/main.go

@@ -0,0 +1,55 @@
+package forget
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"github.com/reddec/tinc-boot/types"
+	"net"
+	"net/http"
+	"strconv"
+)
+
+type Cmd struct {
+	Iface  string `long:"iface" env:"INTERFACE" description:"RPC interface" required:"yes"`
+	Port   int    `long:"port" env:"PORT" description:"RPC port" default:"1655"`
+	Subnet string `long:"subnet" env:"SUBNET" description:"Subnet address to watch" required:"yes"`
+	Node   string `long:"node" env:"NODE" description:"Subnet owner name" required:"yes"`
+}
+
+func (cmd *Cmd) Execute(args []string) error {
+	rpcAddr, err := cmd.binding()
+	if err != nil {
+		return err
+	}
+	var subnet = types.Subnet{
+		Subnet: cmd.Subnet,
+		Node:   cmd.Node,
+	}
+	data, err := json.Marshal(subnet)
+	if err != nil {
+		return err
+	}
+	res, err := http.Post("http://"+rpcAddr+"/rpc/forget", "application/json", bytes.NewBuffer(data))
+	if err != nil {
+		return err
+	}
+
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusNoContent {
+		return errors.New(res.Status)
+	}
+	return nil
+}
+
+func (cmd *Cmd) binding() (string, error) {
+	ief, err := net.InterfaceByName(cmd.Iface)
+	if err != nil {
+		return "", err
+	}
+	addrs, err := ief.Addrs()
+	if err != nil {
+		return "", err
+	}
+	return addrs[0].(*net.IPNet).IP.String() + ":" + strconv.Itoa(cmd.Port), nil
+}