mirror of https://0xacab.org/leap/bitmask-vpn
headless mode stub
atanarjuat
3 months ago
committed by
kali kaneko (leap communications)
parent
d7749dca00
commit
caaf48aa11
@ -0,0 +1,64 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"runtime"
|
||||
|
||||
"0xacab.org/leap/bitmask-vpn/pkg/backend"
|
||||
)
|
||||
|
||||
func main() {
|
||||
var c string
|
||||
var installHelpers bool
|
||||
|
||||
flag.StringVar(&c, "c", "", "Config file")
|
||||
flag.BoolVar(&installHelpers, "i", false, "Install helpers (asks for sudo)")
|
||||
flag.Parse()
|
||||
|
||||
if installHelpers {
|
||||
backend.InstallHelpers()
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
if len(c) == 0 {
|
||||
fmt.Println("Please setup a config file with -c")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if _, err := os.Stat(c); err == nil {
|
||||
log.Println("Loading config file from", c)
|
||||
// all good. we could validate the json.
|
||||
} else if errors.Is(err, os.ErrNotExist) {
|
||||
fmt.Println("Cannot find file:", c)
|
||||
os.Exit(1)
|
||||
} else {
|
||||
// Schrodinger: file may or may not exist.
|
||||
log.Println("Error:", err)
|
||||
}
|
||||
|
||||
providerDefinitionJSON, err := ioutil.ReadFile(c)
|
||||
if err != nil {
|
||||
fmt.Println("Error reading config file")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// TODO daemonize, or run in foreground to debug.
|
||||
log.Println("Starting bitmaskd...")
|
||||
|
||||
opts := backend.InitOptsFromJSON("riseup", string(providerDefinitionJSON))
|
||||
opts.DisableAutostart = true
|
||||
opts.Obfs4 = false
|
||||
opts.StartVPN = "off"
|
||||
backend.EnableWebAPI("8000")
|
||||
backend.InitializeBitmaskContext(opts)
|
||||
|
||||
log.Println("Backend initialized")
|
||||
|
||||
runtime.Goexit()
|
||||
fmt.Println("Exit")
|
||||
}
|
||||
@ -0,0 +1,50 @@
|
||||
# headless mode
|
||||
|
||||
As a wise person once said, "you don't want to struggle with Qt every day".
|
||||
|
||||
## backend
|
||||
|
||||
There's a barebones binary that launches the same backend that the qt5 client uses.
|
||||
|
||||
You will need a `providers.json` file containing the parameters for you own deployment. This is usually generated during the vendoring step, but you can manually edit the one for riseup:
|
||||
|
||||
```
|
||||
go build ./cmd/bitmaskd
|
||||
```
|
||||
|
||||
|
||||
You might need to install the helpers (bitmask-root, polkit policies etc...). Do it manually, or use the embedded files (It will ask for sudo).
|
||||
|
||||
```
|
||||
./bitmaskd -i
|
||||
```
|
||||
|
||||
|
||||
With the polkit files in place, you can now run bitmask backend in the foreground:
|
||||
|
||||
```
|
||||
./bitmaskd -d gui/providers/providers.json
|
||||
```
|
||||
|
||||
TODO: make it a proper daemon, logging etc.
|
||||
|
||||
If you find problems while running (like polkit asking for password every time), you probably need to debug your polkit installation. Every system has its quirks, and bitmask has mostly been tested in debian-based desktops. For arch, you might need to add your user to group wheel.
|
||||
|
||||
## firewall
|
||||
|
||||
While testing, you are likely to get the iptables firewall leaving you with blocked outgoing connections. You can control `bitmask-root` manually:
|
||||
|
||||
```
|
||||
sudo /usr/sbin/bitmask-root help
|
||||
sudo /usr/sbin/bitmask-root firewall stop
|
||||
```
|
||||
|
||||
## cli
|
||||
|
||||
There's no cli at the moment, but you can use the web api. To authenticate, you need to pass a token that is writen to a temporary file when the backend is initialized:
|
||||
|
||||
```
|
||||
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/status
|
||||
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/start
|
||||
curl -H "X-Auth-Token:`cat /tmp/bitmask-token`" http://localhost:8000/vpn/stop
|
||||
```
|
||||
Loading…
Reference in New Issue