From 11ca86028c35ba5bfde5bac1e24a7200861783d1 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Thu, 9 Jan 2020 13:49:36 -0500 Subject: [PATCH] fix #741 --- irc/cloaks/cloaks.go | 21 +++++++++++++++------ oragono.yaml | 4 ++++ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/irc/cloaks/cloaks.go b/irc/cloaks/cloaks.go index 4557a85a..b8e5f931 100644 --- a/irc/cloaks/cloaks.go +++ b/irc/cloaks/cloaks.go @@ -5,6 +5,7 @@ package cloaks import ( "fmt" "net" + "os" "golang.org/x/crypto/sha3" @@ -12,12 +13,13 @@ import ( ) type CloakConfig struct { - Enabled bool - Netname string - Secret string - CidrLenIPv4 int `yaml:"cidr-len-ipv4"` - CidrLenIPv6 int `yaml:"cidr-len-ipv6"` - NumBits int `yaml:"num-bits"` + Enabled bool + Netname string + Secret string + SecretEnvVar string `yaml:"secret-environment-variable"` + CidrLenIPv4 int `yaml:"cidr-len-ipv4"` + CidrLenIPv6 int `yaml:"cidr-len-ipv6"` + NumBits int `yaml:"num-bits"` numBytes int ipv4Mask net.IPMask @@ -25,6 +27,13 @@ type CloakConfig struct { } func (cloakConfig *CloakConfig) Initialize() { + if cloakConfig.SecretEnvVar != "" { + envSecret := os.Getenv(cloakConfig.SecretEnvVar) + if envSecret != "" { + cloakConfig.Secret = envSecret + } + } + // sanity checks: numBits := cloakConfig.NumBits if 0 == numBits { diff --git a/oragono.yaml b/oragono.yaml index dd60e7db..70f24754 100644 --- a/oragono.yaml +++ b/oragono.yaml @@ -226,6 +226,10 @@ server: # note that rotating this key will invalidate all existing ban masks. secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" + # name of an environment variable to pull the secret from, for use with + # k8s secret distribution: + # secret-environment-variable: "ORAGONO_CLOAKING_SECRET" + # the cloaked hostname is derived only from the CIDR (most significant bits # of the IP address), up to a configurable number of bits. this is the # granularity at which bans will take effect for IPv4. Note that changing