🐛 use echo, lib log not loaded

💄 use alert boxes for notes
🥅 catch file disappearing right before reading
2024-09-12 20:12:08 +02:00 · 2024-09-07 13:25:07 +02:00 · 2024-09-02 21:53:44 +02:00 · 2024-08-27 22:39:12 +02:00 · 2024-08-27 20:45:04 +02:00 · 2024-08-27 20:29:30 +02:00
4 changed files with 35 additions and 12 deletions
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -68,9 +68,8 @@ jobs:
    - name: Generate Release Notes
      run: |
        touch release-notes.md
-        echo "< CHANGELOG >" >> release-notes.md
-        echo >> release-notes.md
-        echo "< SETUP INSTRUCTIONS >" >> release-notes.md
+        echo "### Changelog" >> release-notes.md
+        echo "<!-- CHANGELOG -->" >> release-notes.md
    
    - uses: ncipollo/release-action@v1
      with:
--- a/README.md
+++ b/README.md
@ -25,7 +25,8 @@ services:
 $ docker compose up -d
 ```

-> ▶️&ensp;For both variants, persistent config and key files will be stored in the `./data` directory. Feel free to change this to your needs.
+> [!TIP]
+> For both variants, persistent config and key files will be stored in the `./data` directory. Feel free to change this to your needs.

 ## Client Management
 Generate new client keys and output its config:
@ -43,4 +44,5 @@ Revoke a client's keys:
 $ docker compose exec main clientmgmt revoke
 ```

-> ▶️&ensp;If you are using docker run, replace `docker compose exec main` with `docker exec -it openvpn`.
+> [!NOTE]
+> If you are using docker run, replace `docker compose exec main` with `docker exec -it openvpn`.
--- a/19
+++ b/19
@ -96,14 +96,14 @@ clientmgmt_add(){
 	# ask whether auto-detection should be used
 	local answer="x"
 	local first=0
-	until [[ -z "$answer" || "$answer" =~ ^Y|y|N|n$ ]]; do
+	until [[ -z "$answer" || "$answer" =~ ^(Y|y|N|n)$ ]]; do
 		[[ "$first" -le 0 ]] && first=1 || echo "Invalid answer '$answer'"
 		read -ep "Auto-detect public IP-Address using icanhazip.com? [Y/n]: " answer
 	done
 	
 	# maybe do auto-detection
 	local public_ip=""
-	if [[ ! "$answer" =~ ^N|n$ ]]; then
+	if [[ ! "$answer" =~ ^(N|n)$ ]]; then
 		local exit=0
 		local icanhazip
 		icanhazip=$(wget -O - -q icanhazip.com) || exit=$?
@ -307,7 +307,7 @@ clientmgmt_askname(){
 	
 	## VALIDATE ##
 	# check for reserved names
-	if [[ "$answer" =~ ^ca|server$ ]]; then
+	if [[ "$answer" =~ ^(ca|server)$ ]]; then
 		log_error "Name is reserved for internal use: '$answer'"
 	fi
 	
@ -363,19 +363,32 @@ clientmgmt_clientlist(){



+#
+# HELPER: Make sure config and key files have been fully initialized.
+#
+clientmgmt_check_init_done(){
+	[[ -f "${DATA_SERVER_DIR}/server.conf" ]] && return 0
+	log_error "Server is still initializing config and key files; try again in a few seconds"
+}
+
+
+
 ## MAIN ##
 case ${1:-""} in
 	add)
+		clientmgmt_check_init_done
 		clientmgmt_add
 		exit 0
 	;;
 	
 	list)
+		clientmgmt_check_init_done
 		clientmgmt_list
 		exit 0
 	;;
 	
 	revoke)
+		clientmgmt_check_init_done
 		clientmgmt_revoke
 		exit 0
 	;;
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -19,7 +19,7 @@ trap_exit(){
 			q=$(( q + 1 ))
 			snore 1
 			if [[ "$q" -ge 15 ]]; then
-				log_warn "Sending kill to OpenVPN"
+				echo "Sending kill to OpenVPN" 1>&2
 				kill -s KILL -- $openvpn_pid 2> /dev/null || true
 				break
 			fi
@ -53,7 +53,8 @@ proc_running(){
 	# try reading state
 	local state_path="/proc/$1/stat"
 	[[ ! -f "$state_path" ]] && return 1
-	local state=$(cat "$state_path" | cut -d ' ' -f3)
+	local state
+	state=$(cat "$state_path" 2> /dev/null | cut -d ' ' -f3) || return 1
 	
 	# parse state
 	case "$state" in
@ -103,6 +104,7 @@ easyrsa_server_keys_create(){
 	
 	# new pki
 	/usr/bin/easyrsa --batch init-pki
+	chmod 755 pki
 	
 	# create ca
 	/usr/bin/easyrsa --batch --days=7300 build-ca nopass
@ -122,8 +124,15 @@ easyrsa_server_keys_create(){
 	
 	
 	## OTHER KEYS ##
-	# dh parameters
-	openssl dhparam -out "${DATA_SERVER_DIR}/dh2048.pem" 2048
+	# dh parameters from `IETF RFC 7919`
+	echo "-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----" > "${DATA_SERVER_DIR}/dh2048.pem"
 	
 	# tls-crypt key
 	openvpn --genkey secret "${DATA_SERVER_DIR}/tls-crypt.key"
Author	SHA1	Message	Date
DrMaxNix	b662d82ae3	🐛 use echo, lib log not loaded	2024-09-12 20:12:08 +02:00
DrMaxNix	bad40c1d1a	💄 use alert boxes for notes	2024-09-07 13:25:07 +02:00
DrMaxNix	bd099af12f	🥅 catch file disappearing right before reading	2024-09-02 21:53:44 +02:00
DrMaxNix	c794049d19	🐛 fix regex precedence (fix #1 ) All checks were successful Release / Build and publish Docker images (push) Successful in 1m8s Details Release / Create Gitea release (push) Successful in 6s Details	2024-08-27 22:39:12 +02:00
DrMaxNix	061225e9e3	🐛 fix "Failed to stat CRL file" All checks were successful Release / Build and publish Docker images (push) Successful in 1m6s Details Release / Create Gitea release (push) Successful in 6s Details	2024-08-27 20:45:04 +02:00
DrMaxNix	8cfb7784fb	🔨 improve release notes template All checks were successful Release / Build and publish Docker images (push) Successful in 1m7s Details Release / Create Gitea release (push) Successful in 6s Details	2024-08-27 20:29:30 +02:00
DrMaxNix	9ef9efb1a6	🐛 prohibit clientmgmt commands before init is done	2024-08-27 20:26:28 +02:00
DrMaxNix	49a12e960c	⚡ ship pre-generated dh parameters	2024-08-27 20:17:53 +02:00