Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: initial implementation #1

Merged
merged 61 commits into from
Oct 30, 2024
Merged
Show file tree
Hide file tree
Changes from 59 commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
83323ca
feat: initial implementation
aschmahmann Aug 16, 2024
0ddd505
ci: add workflows
aschmahmann Aug 16, 2024
6566eb5
feat: add acme client hook for libp2p
aschmahmann Aug 22, 2024
d1a0b6e
test: add more complete e2e testing
aschmahmann Aug 28, 2024
c7e5892
fix: add HTTP 2 and 1.1 ALPNs
aschmahmann Aug 29, 2024
bc873f6
chore: update go-libp2p
aschmahmann Aug 30, 2024
4b96c4a
chore: switch from net.ParseIP to netip.ParseAddr
aschmahmann Sep 3, 2024
5f36c1a
fix: explicitly close test hosts
aschmahmann Sep 3, 2024
77c9330
fix: rename constructor to NewP2PForgeCertMgr
aschmahmann Sep 3, 2024
999ba3c
feat: add options
aschmahmann Sep 3, 2024
fab0c5b
feat: switch to http peerID auth
aschmahmann Sep 4, 2024
308b83a
chore: tidy up dependency imports
aschmahmann Sep 4, 2024
00b6c7c
docs: add more clarification that base64url does not include padding
aschmahmann Sep 5, 2024
f4b98ac
docs: clarify requirements for libp2p clients requesting certs
aschmahmann Sep 5, 2024
66744f1
feat: allow TLS termination and certificate management for registrati…
aschmahmann Sep 5, 2024
e03e370
Update go-libp2p http peer id auth
MarcoPolo Sep 6, 2024
26046df
feat: change syntax for Corefile, and add ability to declare external…
aschmahmann Sep 6, 2024
f2942d8
docs: add Corefile config docs
aschmahmann Sep 9, 2024
c34b6bb
Split Cert mgr apart from libp2p Host
MarcoPolo Sep 10, 2024
f494051
Don't require fx option
MarcoPolo Sep 10, 2024
c6feb2a
Fix check
MarcoPolo Sep 10, 2024
1e262a8
feat: expose tls.Config explicitly rather than as a WebSocket option
aschmahmann Sep 11, 2024
c55d539
feat: expose an AddrsFactory function explicitly rather than as a lib…
aschmahmann Sep 11, 2024
2d2f576
chore: update go-ds-dynamodb
aschmahmann Sep 11, 2024
e91c9c0
ws option
aschmahmann Sep 11, 2024
0d9c6f8
addrsfactory option
aschmahmann Sep 11, 2024
9779c7c
feat: only expose forge addresses once we have certificates available
aschmahmann Sep 11, 2024
4c9dc3e
fix: return an error if we can't write out the DNS response message
aschmahmann Sep 11, 2024
65b05b8
feat: add Forge-Authorization header as a guard on setting ACME
aschmahmann Sep 11, 2024
02e34f0
chore: remove unused code
aschmahmann Sep 11, 2024
db86cf2
feat: enable use of all default plugins
aschmahmann Sep 12, 2024
2020f9c
feat: client only sends the forge public addresses
aschmahmann Sep 12, 2024
6fff08e
fix: return server fail if failed to write response
aschmahmann Sep 13, 2024
6b008c3
fix: propagate WithAllowPrivateForgeAddrs correctly
aschmahmann Sep 13, 2024
39a5308
fix: apply p2pforge before file plugin
lidel Sep 13, 2024
b06ddb0
refactor: p2p-forge cli and docker support
lidel Sep 14, 2024
c9b535f
chore: reset version.json
lidel Sep 14, 2024
5011943
chore: switch SOA to ns1.p2p-forge.dwebops.net
lidel Sep 16, 2024
d25be74
chore: simplify zone and bump soa ttl
lidel Sep 16, 2024
ae0139e
fix: block ANY queries
lidel Sep 16, 2024
eef1770
tmp(acme-writer): force use of authentication env var
aschmahmann Sep 16, 2024
7fd1cfb
fix(acme-reader): handle subsequent plugins correctly
aschmahmann Sep 16, 2024
a0ee13f
chore: switch soa to ns1.libp2p.direct
lidel Sep 17, 2024
709fad7
chore: separate ip4 from ip6
lidel Sep 17, 2024
f9d8f07
respond with no answer but a successful query on peerID.forge and val…
aschmahmann Sep 18, 2024
d060dac
fix: normalize DNS names to lowercase
aschmahmann Sep 18, 2024
4c9cc8a
respond with no answer but a successful query on _acme-challenge.peer…
aschmahmann Sep 18, 2024
587c7fa
fix: escape arbitrary bytes before writing to log
lidel Sep 18, 2024
dbeb701
fix(client): handle when our certificate is loaded even if no custom …
aschmahmann Sep 18, 2024
2ecd19a
refactor: expose client defaults
lidel Sep 18, 2024
11dda24
feat(client): WithUserAgent + WithForgeAuth
lidel Sep 20, 2024
4db6b55
feat: prometheus metrics + docs
lidel Sep 24, 2024
65145f8
feat(metrics): forge_acme_registrations_total
lidel Oct 11, 2024
d6c1f74
feat: WithLogger(log *zap.SugaredLogger)
lidel Oct 18, 2024
97f25ad
chore: go-libp2p v0.37.0 and go 1.23
lidel Oct 28, 2024
f599f48
fix(client): use dedicated cert cache
lidel Oct 28, 2024
2595bf8
chore: remove requirement for FORGE_ACCESS_TOKEN
lidel Oct 28, 2024
1360e56
chore: typo
lidel Oct 28, 2024
78c3ae0
fix(test): go-libp2p v0.37
lidel Oct 28, 2024
688ddf7
chore(lint): redundant return statement (S1023)
lidel Oct 29, 2024
4468ad5
docs(readme): apply suggestions from code review
lidel Oct 30, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/docker/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/sh

set -e
user=p2pforge

if [ -n "$DOCKER_DEBUG" ]; then
set -x
fi

if [ `id -u` -eq 0 ]; then
echo "Changing user to $user"
exec su-exec "$user" "$0" $@
fi

# Only supported user can get here
p2p-forge --version

exec p2p-forge $@
55 changes: 55 additions & 0 deletions .github/docker/get-docker-tags.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# get-docker-tags.sh produces Docker tags for the current build
#
# Usage:
# ./get-docker-tags.sh <build number> <git commit sha1> <git branch name> [git tag name]
#
# Example:
#
# # get tag for the main branch
# ./get-docker-tags.sh $(date -u +%F) testingsha main
#
# # get tag for a release tag
# ./get-docker-tags.sh $(date -u +%F) testingsha release v0.5.0
#
# # Serving suggestion in CI
# ./get-docker-tags.sh $(date -u +%F) "$CI_SHA1" "$CI_BRANCH" "$CI_TAG"
#
set -euo pipefail

if [[ $# -lt 1 ]] ; then
echo 'At least 1 arg required.'
echo 'Usage:'
echo './get-docker-tags.sh <build number> [git commit sha1] [git branch name] [git tag name]'
exit 1
fi

BUILD_NUM=$1
GIT_SHA1=${2:-$(git rev-parse HEAD)}
GIT_SHA1_SHORT=$(echo "$GIT_SHA1" | cut -c 1-7)
GIT_BRANCH=${3:-$(git symbolic-ref -q --short HEAD || echo "unknown")}
GIT_TAG=${4:-$(git describe --tags --exact-match 2> /dev/null || echo "")}

IMAGE_NAME=${IMAGE_NAME:-ipshipyard/p2p-forge}

echoImageName () {
local IMAGE_TAG=$1
echo "$IMAGE_NAME:$IMAGE_TAG"
}

if [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc ]]; then
echoImageName "$GIT_TAG"

elif [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echoImageName "$GIT_TAG"
echoImageName "latest"

elif [ "$GIT_BRANCH" = "main" ] || [ "$GIT_BRANCH" = "staging" ]; then
echoImageName "${GIT_BRANCH}-${BUILD_NUM}-${GIT_SHA1_SHORT}"
echoImageName "${GIT_BRANCH}-latest"

else
echo "Nothing to do. No docker tag defined for branch: $GIT_BRANCH, tag: $GIT_TAG"

fi
69 changes: 69 additions & 0 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Create and publish a Docker image

on:
workflow_dispatch:
push:
branches: ['main', 'staging']
tags: ['v*']

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get tags
id: tags
env:
IMAGE_NAME: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
run: |
echo "value<<EOF" >> $GITHUB_OUTPUT
./.github/docker/get-docker-tags.sh "$(date -u +%F)" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
shell: bash
- name: Build Docker image and publish to Docker Hub
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
context: .
push: true
file: ./Dockerfile
tags: "${{ steps.tags.outputs.value }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new

# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache to limit growth
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
18 changes: 18 additions & 0 deletions .github/workflows/go-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Go Checks

on:
pull_request:
push:
branches: ["main"]
workflow_dispatch:

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
cancel-in-progress: true

jobs:
go-check:
uses: ipdxco/unified-github-workflows/.github/workflows/[email protected]
3 changes: 3 additions & 0 deletions .github/workflows/go-test-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"skip32bit": true
}
22 changes: 22 additions & 0 deletions .github/workflows/go-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Go Test

on:
pull_request:
push:
branches: ["main"]
workflow_dispatch:

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
cancel-in-progress: true

jobs:
go-test:
uses: ipdxco/unified-github-workflows/.github/workflows/[email protected]
with:
go-versions: '["this"]'
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
19 changes: 19 additions & 0 deletions .github/workflows/release-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Release Checker

on:
pull_request_target:
paths: [ 'version.json' ]
types: [ opened, synchronize, reopened, labeled, unlabeled ]
workflow_dispatch:

permissions:
contents: write
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
release-check:
uses: ipdxco/unified-github-workflows/.github/workflows/[email protected]
17 changes: 17 additions & 0 deletions .github/workflows/releaser.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Releaser

on:
push:
paths: [ 'version.json' ]
workflow_dispatch:

permissions:
contents: write

concurrency:
group: ${{ github.workflow }}-${{ github.sha }}
cancel-in-progress: true

jobs:
releaser:
uses: ipdxco/unified-github-workflows/.github/workflows/[email protected]
18 changes: 18 additions & 0 deletions .github/workflows/tagpush.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Tag Push Checker

on:
push:
tags:
- v*

permissions:
contents: read
issues: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
releaser:
uses: ipdxco/unified-github-workflows/.github/workflows/[email protected]
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
cmd/db.*
cmd/Corefile
cmd/cmd
p2p-forge
p2p-forge-certs/
badger.libp2p-direct-challenges/
8 changes: 8 additions & 0 deletions Corefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
libp2p.direct {
log
errors
any # RFC 8482
prometheus localhost:9253
ipparser libp2p.direct
file zones/libp2p.direct
}
61 changes: 61 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23-bookworm AS builder

LABEL org.opencontainers.image.source=https://github.com/ipshipyard/p2p-forge
LABEL org.opencontainers.image.documentation=https://github.com/ipshipyard/p2p-forge#docker
LABEL org.opencontainers.image.description="An Authoritative DNS server for distributing DNS subdomains to libp2p peers"
# TODO: decide license: LABEL org.opencontainers.image.licenses=MIT+APACHE_2.0


# This builds p2p-forge

ARG TARGETPLATFORM TARGETOS TARGETARCH

ENV GOPATH="/go"
ENV SRC_PATH="$GOPATH/src/github.com/ipshipyard/p2p-forge"
ENV GO111MODULE=on
ENV GOPROXY="https://proxy.golang.org"

COPY go.* $SRC_PATH/
WORKDIR $SRC_PATH
RUN go mod download

COPY . $SRC_PATH
RUN git config --global --add safe.directory /go/src/github.com/ipshipyard/p2p-forge

RUN --mount=target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg \
CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o $GOPATH/bin/p2p-forge

#------------------------------------------------------
FROM debian:bookworm-slim

# Instal binaries for $TARGETARCH
RUN apt-get update && \
apt-get install --no-install-recommends -y tini ca-certificates libcap2-bin && \
rm -rf /var/lib/apt/lists/*

ENV GOPATH="/go"
ENV SRC_PATH="$GOPATH/src/github.com/ipshipyard/p2p-forge"
ENV P2P_FORGE_PATH="/p2p-forge"

COPY --from=builder $GOPATH/bin/p2p-forge /usr/local/bin/p2p-forge
COPY --from=builder $SRC_PATH/.github/docker/entrypoint.sh /usr/local/bin/entrypoint.sh

# TODO: for now we bundle configuration, but can be customized by
# mounting custom files on top of ones from image
COPY --from=builder $SRC_PATH/Corefile $P2P_FORGE_PATH/Corefile
COPY --from=builder $SRC_PATH/zones $P2P_FORGE_PATH/zones

RUN mkdir -p $P2P_FORGE_PATH && \
useradd -d $P2P_FORGE_PATH -u 1000 -G users p2pforge && \
chown p2pforge:users $P2P_FORGE_PATH && \
setcap cap_net_bind_service=+ep /usr/local/bin/p2p-forge

VOLUME $P2P_FORGE_PATH
WORKDIR $P2P_FORGE_PATH
USER p2pforge
EXPOSE 53 53/udp
EXPOSE 443
EXPOSE 9253
ENTRYPOINT ["tini", "--", "/usr/local/bin/entrypoint.sh"]
Loading
Loading