engity-com · blaubaer · Aug 27, 2024 · Aug 30, 2024 · Aug 30, 2024 · Sep 1, 2024
diff --git a/.idea/watcherTasks.xml b/.idea/watcherTasks.xml
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Bifröst (spoken as "Bee-frest"), is an advanced SSH server. It can be used as a
 
 * [Use-cases](https://bifroest.engity.org/latest/usecases/)
 * [Features](#features)
-* [Getting started](#getting-started)
+* [Getting started](https://bifroest.engity.org/latest/setup/)
 * [Configuration](https://bifroest.engity.org/latest/reference/configuration/)
 * [Status](#status)
 * [License](LICENSE)
@@ -20,8 +20,9 @@ Bifröst (spoken as "Bee-frest"), is an advanced SSH server. It can be used as a
 
 1. [SSH protocol compliant](#ssh-protocol-compliant)
 2. [OpenID Connect](#openid-connect)
-3. [Remember me](#remember-me)
-4. [Automatic user provisioning](#automatic-user-provisioning)
+3. [Docker environments](#docker-environments)
+4. [Remember me](#remember-me)
+5. [Automatic user provisioning](#automatic-user-provisioning)
 
 #### SSH protocol compliant
 
@@ -32,6 +33,10 @@ You can connect via your **SSH keys**, as usually. And so on...
 
 ...but you can also use **[OpenID Connect](https://openid.net/)** (or OAuth2) identity provider. The best thing about this is: In contrast to the other SSH servers with OpenID Connect, you don't need any other client locally installed, than your regular SSH Client ([OpenSSH](https://www.openssh.com/), [PuTTy](https://www.putty.org/), ...).
 
+#### Docker environments
+
+You can execute your users into individual Docker containers, with custom images, network settings, ...
+
 #### Remember me
 
 If authorized via another authentication token then a Public Key, it can store (temporally) your provided Public Key, for faster reconnect, while the session is still alive.
@@ -44,57 +49,17 @@ It can also automatically clean up these users as they're no longer needed, for
 
 #### More to come...
 
-## Getting started
-
-1. Download the latest version of Bifröst (see [releases page](https://github.com/engity-com/bifroest/releases)):
-   ```shell
-   # Syntax
-   curl -sSLf https://github.com/engity-com/bifroest/releases/download/<version>/bifroest-<os>-<arch>-<edition>.tgz | sudo tar -zxv -C /usr/bin bifroest
-
-   # Example
-   curl -sSLf https://github.com/engity-com/bifroest/releases/download/v1.2.3/bifroest-linux-amd64-extended.tgz | sudo tar -zxv -C /usr/bin bifroest
-   ```
-2. Configure Bifröst. For example, download the demo configuration and adjust it to your needs (see [documentation of configuration](doc/configuration.md) for more details):
-   ```shell
-   sudo mkdir -p /etc/engity/bifroest/
-   sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/contrib/configurations/sshd-dropin-replacement.yaml -o /etc/engity/bifroest/configuration.yaml
-   # Adjust it to your needs
-   sudo vi /etc/engity/bifroest/configuration.yaml
-   ```
-3. Run Bifröst:
-   ```shell
-   sudo bifroest run
-   ```
-
-### Let it run automatically
-
-#### systemd
-
-To enable Bifröst to run at every server start where [systemd](https://wiki.archlinux.org/title/Systemd) is available, simply:
-1. Download [our example service configuration](contrib/systemd/bifroest.service):
-   ```shell
-   sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/contrib/systemd/bifroest.service -o /etc/systemd/system/bifroest.service
-   ```
-2. Reload the systemd daemon:
-   ```shell
-   sudo systemctl daemon-reload
-   ```
-3. Enable and start Bifröst:
-   ```shell
-   sudo systemctl enable bifroest.service
-   sudo systemctl start bifroest.service
-   ```
-
-### What's next?
-
-Read [Use-Cases](https://bifroest.engity.org/latest/usecases/) and [the configuration documentation](https://bifroest.engity.org/latest/reference/configuration/) to see what else you can do with Bifröst.
+## What's next?
+
+Read [Use-Cases](https://bifroest.engity.org/latest/usecases/), our [Getting starting guide](https://bifroest.engity.org/latest/setup/) and [the configuration documentation](https://bifroest.engity.org/latest/reference/configuration/) to see what else you can do with Bifröst.
 
 ## Status
 
 This project is currently under development. The application is stable ([file a bug if you find one](https://github.com/engity-com/bifroest/issues/new/choose)), but the configuration/command/API structure needs improvement.
 
 ## More topics
 * [Use-Cases](https://bifroest.engity.org/latest/usecases/)
+* [Getting started](https://bifroest.engity.org/latest/setup/)
 * [Configuration](https://bifroest.engity.org/latest/reference/configuration/)
 * [License](LICENSE)
 * [Code of Conduct](CODE_OF_CONDUCT.md)

diff --git a/cmd/bifroest/dummy-server.go b/cmd/bifroest/dummy-server.go
@@ -10,29 +10,27 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/alecthomas/kingpin"
+	"github.com/alecthomas/kingpin/v2"
 	log "github.com/echocat/slf4g"
 
 	"github.com/engity-com/bifroest/pkg/common"
 	"github.com/engity-com/bifroest/pkg/errors"
 )
 
-var (
-	addr = ":8783"
-)
-
 var _ = registerCommand(func(app *kingpin.Application) {
+	addr := ":8783"
 	cmd := app.Command("dummy-server", "This is a supporting command which simply runs forever until it receives a interrupt signal.").
 		Hidden().
 		Action(func(*kingpin.ParseContext) error {
-			return doDummyServer()
+			return doDummyServer(addr)
 		})
-	cmd.Flag("addr", "Address to bind to. Default: "+addr).
+	cmd.Flag("addr", "Address to bind to.").
+		Default(addr).
 		PlaceHolder("[<host>]:<port>").
 		StringVar(&addr)
 })
 
-func doDummyServer() (rErr error) {
+func doDummyServer(addr string) (rErr error) {
 	ln, err := net.Listen("tcp", addr)
 	if err != nil {
 		return fmt.Errorf("failed to listen to address %q: %w", addr, err)

diff --git a/cmd/bifroest/forever.go b/cmd/bifroest/forever.go
@@ -1,10 +1,11 @@
 package main
 
 import (
-	"github.com/alecthomas/kingpin"
 	"os"
 	"os/signal"
 	"syscall"
+
+	"github.com/alecthomas/kingpin/v2"
 )
 
 var _ = registerCommand(func(app *kingpin.Application) {

diff --git a/cmd/bifroest/imp.go b/cmd/bifroest/imp.go
@@ -0,0 +1,74 @@
+package main
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/alecthomas/kingpin/v2"
+	log "github.com/echocat/slf4g"
+
+	"github.com/engity-com/bifroest/pkg/common"
+	"github.com/engity-com/bifroest/pkg/crypto"
+	"github.com/engity-com/bifroest/pkg/errors"
+	"github.com/engity-com/bifroest/pkg/imp"
+)
+
+var _ = registerCommand(func(app *kingpin.Application) {
+	addr := fmt.Sprintf(":%d", imp.ServicePort)
+	var encodecMasterPublicKey string
+
+	cmd := app.Command("imp", "Runs the imp service.").
+		Hidden().
+		Action(func(*kingpin.ParseContext) error {
+			return doImp(encodecMasterPublicKey, addr)
+		})
+	cmd.Flag("addr", "Address to bind to.").
+		Default(addr).
+		PlaceHolder("[<host>]:<port>").
+		StringVar(&addr)
+	cmd.Flag("master-public-key", "Public SSH key of the master service which is accessing this imp instance.").
+		Envar("BIFROEST_MASTER_PUBLIC_KEY").
+		PlaceHolder("<base64 std raw encoded ssh public key>").
+		Required().
+		StringVar(&encodecMasterPublicKey)
+})
+
+func doImp(encodecMasterPublicKey, addr string) error {
+	service := imp.Service{
+		Version: versionV,
+		Addr:    addr,
+	}
+
+	if b, err := base64.RawStdEncoding.DecodeString(encodecMasterPublicKey); err != nil {
+		return errors.System.Newf("cannot decode imp master's public key: %w", err)
+	} else if service.MasterPublicKey, err = crypto.ParsePublicKeyBytes(b); err != nil {
+		return errors.System.Newf("cannot decode imp master's public key: %w", err)
+	}
+
+	ctx, cancelFunc := context.WithCancel(context.Background())
+	defer cancelFunc()
+
+	sigs := make(chan os.Signal, 1)
+	defer close(sigs)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	go func() {
+		sig := <-sigs
+		log.With("signal", sig).Info("received signal")
+		cancelFunc()
+	}()
+
+	log.WithAll(common.VersionToMap(versionV)).
+		Info("Engity's Bifröst imp running...")
+
+	if err := service.Serve(ctx); err != nil {
+		log.WithError(err).Error()
+		os.Exit(1)
+	}
+
+	log.Info("bye!")
+	return nil
+}
diff --git a/cmd/bifroest/main.go b/cmd/bifroest/main.go
@@ -1,21 +1,17 @@
 package main
 
 import (
-	log "github.com/echocat/slf4g"
-	"github.com/echocat/slf4g/level"
-	"github.com/echocat/slf4g/native/consumer"
-	"github.com/engity-com/bifroest/pkg/common"
-	"github.com/engity-com/bifroest/pkg/configuration"
 	"os"
-	"strings"
 
-	"github.com/alecthomas/kingpin"
+	log "github.com/echocat/slf4g"
+
+	"github.com/engity-com/bifroest/pkg/logging"
+
+	"github.com/alecthomas/kingpin/v2"
 	"github.com/echocat/slf4g/native"
-	"github.com/echocat/slf4g/native/facade/value"
 )
 
 var (
-	configurationRef configuration.ConfigurationRef
 	registerCommands []func(*kingpin.Application)
 )
 
@@ -33,7 +29,7 @@ func main() {
 			os.Exit(code)
 		})
 
-	configureLog(app, native.DefaultProvider)
+	logging.ConfigureLoggingForFlags(app, native.DefaultProvider)
 
 	for _, rc := range registerCommands {
 		rc(app)
@@ -44,48 +40,3 @@ func main() {
 		os.Exit(1)
 	}
 }
-
-type logProvider interface {
-	log.Provider
-	value.ProviderTarget
-	level.NamesAware
-}
-
-func configureLog(app *kingpin.Application, of logProvider) {
-	native.DefaultProvider.Consumer = consumer.NewWriter(os.Stdout)
-
-	lv := value.NewProvider(of)
-	app.Flag("log.level", "Defines the minimum level at which the log messages will be logged. Default: "+lv.Level.String()).
-		PlaceHolder("<" + strings.Join(logLevelStrings(of), "|") + ">").
-		SetValue(lv.Level)
-	app.Flag("log.format", "In which format the log output should be printed. Default: "+lv.Consumer.Formatter.String()).
-		PlaceHolder("<" + strings.Join(logFormatStrings(), "|") + ">").
-		SetValue(lv.Consumer.Formatter)
-	app.Flag("log.colorMode", "Tells if to log in color or not. Default: "+lv.Consumer.Formatter.ColorMode.String()).
-		PlaceHolder("<auto|always|never>").
-		SetValue(lv.Consumer.Formatter.ColorMode)
-}
-
-func logLevelStrings(of logProvider) []string {
-	names := of.GetLevelNames()
-
-	lvls := of.GetAllLevels()
-	all := make([]string, len(lvls))
-	for i, lvl := range lvls {
-		name, err := names.ToName(lvl)
-		common.Must(err)
-		all[i] = name
-	}
-	return all
-}
-
-func logFormatStrings() []string {
-	codecs := value.DefaultFormatterCodec.(value.MappingFormatterCodec)
-	all := make([]string, len(codecs))
-	var i int
-	for k := range codecs {
-		all[i] = k
-		i++
-	}
-	return all
-}
diff --git a/cmd/bifroest/main_unix.go b/cmd/bifroest/main_unix.go
diff --git a/cmd/bifroest/main_windows.go b/cmd/bifroest/main_windows.go
diff --git a/cmd/bifroest/run.go b/cmd/bifroest/run.go
@@ -6,27 +6,20 @@ import (
 	"os/signal"
 	"syscall"
 
-	"github.com/alecthomas/kingpin"
+	"github.com/alecthomas/kingpin/v2"
 	log "github.com/echocat/slf4g"
 
+	"github.com/engity-com/bifroest/pkg/configuration"
 	"github.com/engity-com/bifroest/pkg/service"
 )
 
 var _ = registerCommand(func(app *kingpin.Application) {
-	cmd := app.Command("run", "Runs the service.").
-		Action(func(*kingpin.ParseContext) error {
-			return doRun()
-		})
-	cmd.Flag("configuration", "Configuration which should be used to serve the service. Default: "+defaultConfigurationRef).
-		Short('c').
-		Default(defaultConfigurationRef).
-		PlaceHolder("<path>").
-		SetValue(&configurationRef)
+	configureRunCmd(app)
 })
 
-func doRun() error {
+func doRunDefault(conf configuration.ConfigurationRef) error {
 	svc := service.Service{
-		Configuration: *configurationRef.Get(),
+		Configuration: *conf.Get(),
 		Version:       versionV,
 	}