Make Diplonat more modular (breaking changes) #7

Open
opened 2021-08-16 10:09:47 +00:00 by adrien · 2 comments
Owner

Currently, if one doesn't have an IGD-enabled gateway, Diplonat will fail with "Failed to find gateway".

I want to use Diplonat for ACME on Hammerhead, which is a Kimsufi server with a public IP and fully opened ports. I won't use the IGD part.

Since I plan on implementing ACME, Diplonat will soon be constituted of four modules:

  • Consul (mandatory; it feeds the other modules)
  • IGD (optional; negociates ports' mapping declared in Consul service tags)
  • Firewall (optional; opens the above ports in iptables)
  • ACME (optional; it generates TLS certificates for domain names declared in Consul service tags).

My plan is to modify the environment variables names as follows:

  • New DIPLONAT_IGD_ENABLE (bool), defaulting to false
  • New DIPLONAT_FIREWALL_ENABLE (bool), defaulting to false
  • DIPLONAT_EXPIRATION_TIME -> DIPLONAT_IGD_EXPIRATION_TIME
  • DIPLONAT_REFRESH_TIME -> DIPLONAT_IGD_REFRESH_TIME & DIPLONAT_FIREWALL_REFRESH_TIME (these two have no reason to be correlated, and the naming scheme will be cleaner this way).
  • DIPLONAT_PRIVATE_IP -> DIPLONAT_IGD_PRIVATE_IP
  • Add a bunch of DIPLONAT_ACME_* stuff as needed.
Currently, if one doesn't have an IGD-enabled gateway, Diplonat will fail with "Failed to find gateway". I want to use Diplonat for ACME on Hammerhead, which is a Kimsufi server with a public IP and fully opened ports. I won't use the IGD part. Since I plan on implementing ACME, Diplonat will soon be constituted of four modules: * Consul (mandatory; it feeds the other modules) * IGD (optional; negociates ports' mapping declared in Consul service tags) * Firewall (optional; opens the above ports in iptables) * ACME (optional; it generates TLS certificates for domain names declared in Consul service tags). **My plan is to modify the environment variables names** as follows: * New `DIPLONAT_IGD_ENABLE` (bool), defaulting to `false` * New `DIPLONAT_FIREWALL_ENABLE` (bool), defaulting to `false` * `DIPLONAT_EXPIRATION_TIME` -> `DIPLONAT_IGD_EXPIRATION_TIME` * `DIPLONAT_REFRESH_TIME` -> `DIPLONAT_IGD_REFRESH_TIME` & `DIPLONAT_FIREWALL_REFRESH_TIME` (these two have no reason to be correlated, and the naming scheme will be cleaner this way). * `DIPLONAT_PRIVATE_IP` -> `DIPLONAT_IGD_PRIVATE_IP` * Add a bunch of `DIPLONAT_ACME_*` stuff as needed.
adrien added the
enhancement
label 2021-08-16 10:10:25 +00:00
Owner

+1 to allow to allow to disable the IGD part. That's pretty annoying to test Diplonat in an environment without IGD.

+1 to allow to allow to disable the IGD part. That's pretty annoying to test Diplonat in an environment without IGD.
Author
Owner

Alright let's do this shit!

Alright let's do this shit!
adrien added a new dependency 2021-08-26 14:29:21 +00:00
adrien removed a dependency 2021-08-26 14:29:37 +00:00
adrien added a new dependency 2021-08-26 14:30:31 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference: Deuxfleurs/diplonat#7
No description provided.