Rewrite of the entrypoint in Golang (#71)

- General improvements - Parallel download of only needed files at start - Prettier console output with all streams merged (openvpn, unbound, shadowsocks etc.) - Simplified Docker final image - Faster bootup - DNS over TLS - Finer grain blocking at DNS level: malicious, ads and surveillance - Choose your DNS over TLS providers - Ability to use multiple DNS over TLS providers for DNS split horizon - Environment variables for DNS logging - DNS block lists needed are downloaded and built automatically at start, in parallel - PIA - A random region is selected if the REGION parameter is left empty (thanks @rorph for your PR) - Routing and iptables adjusted so it can work as a Kubernetes pod sidecar (thanks @rorph for your PR)
2020-02-06 20:42:46 -05:00
parent 3de4ffcf66
commit 64649039d9
74 changed files with 4598 additions and 1019 deletions
--- a/internal/constants/dns.go
+++ b/internal/constants/dns.go
@@ -0,0 +1,63 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	// Cloudflare is a DNS over TLS provider
+	Cloudflare models.DNSProvider = "cloudflare"
+	// Google is a DNS over TLS provider
+	Google models.DNSProvider = "google"
+	// Quad9 is a DNS over TLS provider
+	Quad9 models.DNSProvider = "quad9"
+	// Quadrant is a DNS over TLS provider
+	Quadrant models.DNSProvider = "quadrant"
+	// CleanBrowsing is a DNS over TLS provider
+	CleanBrowsing models.DNSProvider = "cleanbrowsing"
+	// SecureDNS is a DNS over TLS provider
+	SecureDNS models.DNSProvider = "securedns"
+	// LibreDNS is a DNS over TLS provider
+	LibreDNS models.DNSProvider = "libredns"
+)
+
+const (
+	CloudflareAddress1    models.DNSForwardAddress = "1.1.1.1@853#cloudflare-dns.com"
+	CloudflareAddress2    models.DNSForwardAddress = "1.0.0.1@853#cloudflare-dns.com"
+	GoogleAddress1        models.DNSForwardAddress = "8.8.8.8@853#dns.google"
+	GoogleAddress2        models.DNSForwardAddress = "8.8.4.4@853#dns.google"
+	Quad9Address1         models.DNSForwardAddress = "9.9.9.9@853#dns.quad9.net"
+	Quad9Address2         models.DNSForwardAddress = "149.112.112.112@853#dns.quad9.net"
+	QuadrantAddress       models.DNSForwardAddress = "12.159.2.159@853#dns-tls.qis.io"
+	CleanBrowsingAddress1 models.DNSForwardAddress = "185.228.168.9@853#security-filter-dns.cleanbrowsing.org"
+	CleanBrowsingAddress2 models.DNSForwardAddress = "185.228.169.9@853#security-filter-dns.cleanbrowsing.org"
+	SecureDNSAddress      models.DNSForwardAddress = "146.185.167.43@853#dot.securedns.eu"
+	LibreDNSAddress       models.DNSForwardAddress = "116.203.115.192@853#dot.libredns.gr"
+)
+
+var DNSAddressesMapping = map[models.DNSProvider][]models.DNSForwardAddress{
+	Cloudflare:    []models.DNSForwardAddress{CloudflareAddress1, CloudflareAddress2},
+	Google:        []models.DNSForwardAddress{GoogleAddress1, GoogleAddress2},
+	Quad9:         []models.DNSForwardAddress{Quad9Address1, Quad9Address2},
+	Quadrant:      []models.DNSForwardAddress{QuadrantAddress},
+	CleanBrowsing: []models.DNSForwardAddress{CleanBrowsingAddress1, CleanBrowsingAddress2},
+	SecureDNS:     []models.DNSForwardAddress{SecureDNSAddress},
+	LibreDNS:      []models.DNSForwardAddress{LibreDNSAddress},
+}
+
+// Block lists URLs
+const (
+	AdsBlockListHostnamesURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-hostnames.updated"
+	AdsBlockListIPsURL                models.URL = "https://raw.githubusercontent.com/qdm12/files/master/ads-ips.updated"
+	MaliciousBlockListHostnamesURL    models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated"
+	MaliciousBlockListIPsURL          models.URL = "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated"
+	SurveillanceBlockListHostnamesURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-hostnames.updated"
+	SurveillanceBlockListIPsURL       models.URL = "https://raw.githubusercontent.com/qdm12/files/master/surveillance-ips.updated"
+)
+
+// DNS certificates to fetch
+// TODO obtain from source directly, see qdm12/updated)
+const (
+	NamedRootURL models.URL = "https://raw.githubusercontent.com/qdm12/files/master/named.root.updated"
+	RootKeyURL   models.URL = "https://raw.githubusercontent.com/qdm12/files/master/root.key.updated"
+)
--- a/internal/constants/openvpn.go
+++ b/internal/constants/openvpn.go
@@ -0,0 +1,10 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	TUN models.VPNDevice = "tun0"
+	TAP models.VPNDevice = "tap0"
+)
--- a/internal/constants/paths.go
+++ b/internal/constants/paths.go
@@ -0,0 +1,28 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	// UnboundConf is the file path to the Unbound configuration file
+	UnboundConf models.Filepath = "/etc/unbound/unbound.conf"
+	// ResolvConf is the file path to the system resolv.conf file
+	ResolvConf models.Filepath = "/etc/resolv.conf"
+	// OpenVPNAuthConf is the file path to the OpenVPN auth file
+	OpenVPNAuthConf models.Filepath = "/etc/openvpn/auth.conf"
+	// OpenVPNConf is the file path to the OpenVPN client configuration file
+	OpenVPNConf models.Filepath = "/etc/openvpn/target.ovpn"
+	// TunnelDevice is the file path to tun device
+	TunnelDevice models.Filepath = "/dev/net/tun"
+	// NetRoute is the path to the file containing information on the network route
+	NetRoute models.Filepath = "/proc/net/route"
+	// TinyProxyConf is the filepath to the tinyproxy configuration file
+	TinyProxyConf models.Filepath = "/etc/tinyproxy/tinyproxy.conf"
+	// ShadowsocksConf is the filepath to the shadowsocks configuration file
+	ShadowsocksConf models.Filepath = "/etc/shadowsocks.json"
+	// RootHints is the filepath to the root.hints file used by Unbound
+	RootHints models.Filepath = "/etc/unbound/root.hints"
+	// RootKey is the filepath to the root.key file used by Unbound
+	RootKey models.Filepath = "/etc/unbound/root.key"
+)
--- a/internal/constants/pia.go
+++ b/internal/constants/pia.go
@@ -0,0 +1,70 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	// PIAEncryptionNormal is the normal level of encryption for communication with PIA servers
+	PIAEncryptionNormal models.PIAEncryption = "normal"
+	// PIAEncryptionStrong is the strong level of encryption for communication with PIA servers
+	PIAEncryptionStrong models.PIAEncryption = "strong"
+)
+
+const (
+	AUMelbourne     models.PIARegion = "AU Melbourne"
+	AUPerth         models.PIARegion = "AU Perth"
+	AUSydney        models.PIARegion = "AU Sydney"
+	Austria         models.PIARegion = "Austria"
+	Belgium         models.PIARegion = "Belgium"
+	CAMontreal      models.PIARegion = "CA Montreal"
+	CAToronto       models.PIARegion = "CA Toronto"
+	CAVancouver     models.PIARegion = "CA Vancouver"
+	CzechRepublic   models.PIARegion = "Czech Republic"
+	DEBerlin        models.PIARegion = "DE Berlin"
+	DEFrankfurt     models.PIARegion = "DE Frankfurt"
+	Denmark         models.PIARegion = "Denmark"
+	Finland         models.PIARegion = "Finland"
+	France          models.PIARegion = "France"
+	HongKong        models.PIARegion = "Hong Kong"
+	Hungary         models.PIARegion = "Hungary"
+	India           models.PIARegion = "India"
+	Ireland         models.PIARegion = "Ireland"
+	Israel          models.PIARegion = "Israel"
+	Italy           models.PIARegion = "Italy"
+	Japan           models.PIARegion = "Japan"
+	Luxembourg      models.PIARegion = "Luxembourg"
+	Mexico          models.PIARegion = "Mexico"
+	Netherlands     models.PIARegion = "Netherlands"
+	NewZealand      models.PIARegion = "New Zealand"
+	Norway          models.PIARegion = "Norway"
+	Poland          models.PIARegion = "Poland"
+	Romania         models.PIARegion = "Romania"
+	Singapore       models.PIARegion = "Singapore"
+	Spain           models.PIARegion = "Spain"
+	Sweden          models.PIARegion = "Sweden"
+	Switzerland     models.PIARegion = "Switzerland"
+	UAE             models.PIARegion = "UAE"
+	UKLondon        models.PIARegion = "UK London"
+	UKManchester    models.PIARegion = "UK Manchester"
+	UKSouthampton   models.PIARegion = "UK Southampton"
+	USAtlanta       models.PIARegion = "US Atlanta"
+	USCalifornia    models.PIARegion = "US California"
+	USChicago       models.PIARegion = "US Chicago"
+	USDenver        models.PIARegion = "US Denver"
+	USEast          models.PIARegion = "US East"
+	USFlorida       models.PIARegion = "US Florida"
+	USHouston       models.PIARegion = "US Houston"
+	USLasVegas      models.PIARegion = "US Las Vegas"
+	USNewYorkCity   models.PIARegion = "US New York City"
+	USSeattle       models.PIARegion = "US Seattle"
+	USSiliconValley models.PIARegion = "US Silicon Valley"
+	USTexas         models.PIARegion = "US Texas"
+	USWashingtonDC  models.PIARegion = "US Washington DC"
+	USWest          models.PIARegion = "US West"
+)
+
+const (
+	PIAOpenVPNURL     models.URL = "https://www.privateinternetaccess.com/openvpn"
+	PIAPortForwardURL models.URL = "http://209.222.18.222:2000"
+)
--- a/internal/constants/splash.go
+++ b/internal/constants/splash.go
@@ -0,0 +1,13 @@
+package constants
+
+const (
+	// Annoucement is a message annoucement
+	Annoucement = "Total rewrite in Go with many new features"
+	// AnnoucementExpiration is the expiration time of the annoucement in unix timestamp
+	AnnoucementExpiration = 1582761600
+)
+
+const (
+	// IssueLink is the link for users to use to create issues
+	IssueLink = "https://github.com/qdm12/private-internet-access-docker/issues/new"
+)
--- a/internal/constants/tinyproxy.go
+++ b/internal/constants/tinyproxy.go
@@ -0,0 +1,16 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	// TinyProxyInfoLevel is the info log level for TinyProxy
+	TinyProxyInfoLevel models.TinyProxyLogLevel = "Info"
+	// TinyProxyWarnLevel is the warning log level for TinyProxy
+	TinyProxyWarnLevel models.TinyProxyLogLevel = "Warning"
+	// TinyProxyErrorLevel is the error log level for TinyProxy
+	TinyProxyErrorLevel models.TinyProxyLogLevel = "Error"
+	// TinyProxyCriticalLevel is the critical log level for TinyProxy
+	TinyProxyCriticalLevel models.TinyProxyLogLevel = "Critical"
+)
--- a/internal/constants/vpn.go
+++ b/internal/constants/vpn.go
@@ -0,0 +1,21 @@
+package constants
+
+import (
+	"github.com/qdm12/private-internet-access-docker/internal/models"
+)
+
+const (
+	// PrivateInternetAccess is a VPN provider
+	PrivateInternetAccess models.VPNProvider = "private internet access"
+	// Mullvad is a VPN provider
+	Mullvad models.VPNProvider = "mullvad"
+	// Windscribe is a VPN provider
+	Windscribe models.VPNProvider = "windscribe"
+)
+
+const (
+	// TCP is a network protocol (reliable and slower than UDP)
+	TCP models.NetworkProtocol = "tcp"
+	// UDP is a network protocol (unreliable and faster than TCP)
+	UDP models.NetworkProtocol = "udp"
+)