add optional TLS binding for bootnode

reddec · Sep 23, 2019 · 884c98c · 884c98c
1 parent adabe9c
commit 884c98c
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/cmd/tinc-boot/node/main.go b/cmd/tinc-boot/node/main.go
@@ -28,13 +28,16 @@ type Cmd struct {
 	Binding string `long:"binding" env:"BINDING" description:"Public binding address" default:":8655"`
 	Token   string `long:"token" env:"TOKEN" description:"Authorization token (used as a encryption key)"`
 	Service bool   `long:"service" env:"SERVICE" description:"Generate service file to /etc/systemd/system/tinc-boot-{net}.service"`
+	TLSKey  string `long:"tls-key" env:"TLS_KEY" description:"Path to private TLS key"`
+	TLSCert string `long:"tls-cert" env:"TLS_CERT" description:"Path to public TLS certificate"`
 }
 
 func (cmd *Cmd) Hosts() string              { return filepath.Join(cmd.Dir, "hosts") }
 func (cmd *Cmd) HostFile() string           { return filepath.Join(cmd.Hosts(), cmd.Name) }
 func (cmd *Cmd) Network() string            { return filepath.Base(cmd.Dir) }
 func (cmd *Cmd) Bin() (string, error)       { return exec.LookPath(os.Args[0]) }
 func (cmd *Cmd) Directory() (string, error) { return filepath.Abs(cmd.Dir) }
+func (cmd *Cmd) TLS() bool                  { return cmd.TLSKey != "" && cmd.TLSCert != "" }
 
 func (cmd *Cmd) Execute(args []string) error {
 	gin.SetMode(gin.ReleaseMode)
@@ -112,9 +115,13 @@ func (cmd *Cmd) Execute(args []string) error {
 	if cmd.Service {
 		return cmd.installService()
 	}
-
-	log.Println("bootnode on", cmd.Binding)
-	return engine.Run(cmd.Binding)
+	if cmd.TLS() {
+		log.Println("bootnode on", cmd.Binding, "(TLS)")
+		return engine.RunTLS(cmd.Binding, cmd.TLSCert, cmd.TLSKey)
+	} else {
+		log.Println("bootnode on", cmd.Binding)
+		return engine.Run(cmd.Binding)
+	}
 }
 
 func (cmd *Cmd) installService() error {