-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathroot.go
More file actions
129 lines (108 loc) · 6.88 KB
/
root.go
File metadata and controls
129 lines (108 loc) · 6.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package cmd
import (
"fmt"
"os"
"strings"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
var cfgFile string
var rootCmd = &cobra.Command{
Use: "bootimus",
Short: "A PXE and HTTP boot server with MAC address access control",
Long: `Bootimus is a network boot server that provides:
- TFTP server for PXE boot
- HTTP server for iPXE and ISO serving
- Database-backed MAC address and image access control (SQLite or PostgreSQL)
- Auto-generated boot menus based on client permissions`,
}
func Execute() {
if err := rootCmd.Execute(); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
}
func init() {
cobra.OnInitialize(initConfig)
rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is ./bootimus.yaml)")
rootCmd.PersistentFlags().Int("tftp-port", 69, "TFTP server port")
rootCmd.PersistentFlags().Bool("tftp-single-port", false, "Enable TFTP single port")
rootCmd.PersistentFlags().Int("http-port", 8080, "HTTP server port")
rootCmd.PersistentFlags().Int("admin-port", 8081, "Admin interface port")
rootCmd.PersistentFlags().Bool("nbd-enabled", true, "Enable NBD server for network block device ISO mounting")
rootCmd.PersistentFlags().Int("nbd-port", 10809, "NBD server port")
rootCmd.PersistentFlags().String("data-dir", "./data", "Base data directory (subdirs: isos/, bootloaders/)")
rootCmd.PersistentFlags().String("server-addr", "", "Server IP address (auto-detected if not specified)")
rootCmd.PersistentFlags().String("db-host", "", "PostgreSQL host (if empty, uses SQLite)")
rootCmd.PersistentFlags().Int("db-port", 5432, "PostgreSQL port")
rootCmd.PersistentFlags().String("db-user", "bootimus", "PostgreSQL user")
rootCmd.PersistentFlags().String("db-password", "", "PostgreSQL password")
rootCmd.PersistentFlags().String("db-name", "bootimus", "PostgreSQL database name")
rootCmd.PersistentFlags().String("db-sslmode", "disable", "PostgreSQL SSL mode")
rootCmd.PersistentFlags().String("ldap-host", "", "LDAP server hostname (enables LDAP auth)")
rootCmd.PersistentFlags().Int("ldap-port", 389, "LDAP server port")
rootCmd.PersistentFlags().Bool("ldap-tls", false, "Use LDAPS (TLS)")
rootCmd.PersistentFlags().Bool("ldap-starttls", false, "Use StartTLS")
rootCmd.PersistentFlags().Bool("ldap-skip-verify", false, "Skip TLS certificate verification")
rootCmd.PersistentFlags().String("ldap-bind-dn", "", "LDAP bind DN for search")
rootCmd.PersistentFlags().String("ldap-bind-password", "", "LDAP bind password")
rootCmd.PersistentFlags().String("ldap-base-dn", "", "LDAP base DN for user search")
rootCmd.PersistentFlags().String("ldap-user-filter", "(sAMAccountName=%s)", "LDAP user search filter (%s = username)")
rootCmd.PersistentFlags().String("ldap-group-filter", "", "LDAP group filter for admin access (optional)")
rootCmd.PersistentFlags().String("ldap-group-base-dn", "", "LDAP base DN for group search")
rootCmd.PersistentFlags().Bool("disable-remote-profiles", false, "Disable remote distro profile updates")
rootCmd.PersistentFlags().Bool("proxy-dhcp", false, "Enable in-process proxyDHCP server (answers PXE requests without handing out IPs; requires root or CAP_NET_BIND_SERVICE)")
rootCmd.PersistentFlags().String("proxy-dhcp-bootfile-bios", "undionly.kpxe", "Bootfile advertised to legacy BIOS PXE clients")
rootCmd.PersistentFlags().String("proxy-dhcp-bootfile-uefi", "bootimus.efi", "Bootfile advertised to UEFI x64 PXE clients")
rootCmd.PersistentFlags().String("proxy-dhcp-bootfile-arm64", "bootimus-arm64.efi", "Bootfile advertised to UEFI ARM64 PXE clients")
rootCmd.PersistentFlags().Bool("windows-smb", false, "Enable Samba share for unattended Windows PXE installs (requires smbd in PATH)")
rootCmd.PersistentFlags().Int("windows-smb-port", 445, "SMB port (Windows 'net use' always uses 445; override only for testing)")
viper.BindPFlag("tftp_port", rootCmd.PersistentFlags().Lookup("tftp-port"))
viper.BindPFlag("tftp_single_port", rootCmd.PersistentFlags().Lookup("tftp-single-port"))
viper.BindPFlag("http_port", rootCmd.PersistentFlags().Lookup("http-port"))
viper.BindPFlag("admin_port", rootCmd.PersistentFlags().Lookup("admin-port"))
viper.BindPFlag("nbd_enabled", rootCmd.PersistentFlags().Lookup("nbd-enabled"))
viper.BindPFlag("nbd_port", rootCmd.PersistentFlags().Lookup("nbd-port"))
viper.BindPFlag("data_dir", rootCmd.PersistentFlags().Lookup("data-dir"))
viper.BindPFlag("server_addr", rootCmd.PersistentFlags().Lookup("server-addr"))
viper.BindPFlag("db.host", rootCmd.PersistentFlags().Lookup("db-host"))
viper.BindPFlag("db.port", rootCmd.PersistentFlags().Lookup("db-port"))
viper.BindPFlag("db.user", rootCmd.PersistentFlags().Lookup("db-user"))
viper.BindPFlag("db.password", rootCmd.PersistentFlags().Lookup("db-password"))
viper.BindPFlag("db.name", rootCmd.PersistentFlags().Lookup("db-name"))
viper.BindPFlag("db.sslmode", rootCmd.PersistentFlags().Lookup("db-sslmode"))
viper.BindPFlag("ldap.host", rootCmd.PersistentFlags().Lookup("ldap-host"))
viper.BindPFlag("ldap.port", rootCmd.PersistentFlags().Lookup("ldap-port"))
viper.BindPFlag("ldap.tls", rootCmd.PersistentFlags().Lookup("ldap-tls"))
viper.BindPFlag("ldap.starttls", rootCmd.PersistentFlags().Lookup("ldap-starttls"))
viper.BindPFlag("ldap.skip_verify", rootCmd.PersistentFlags().Lookup("ldap-skip-verify"))
viper.BindPFlag("ldap.bind_dn", rootCmd.PersistentFlags().Lookup("ldap-bind-dn"))
viper.BindPFlag("ldap.bind_password", rootCmd.PersistentFlags().Lookup("ldap-bind-password"))
viper.BindPFlag("ldap.base_dn", rootCmd.PersistentFlags().Lookup("ldap-base-dn"))
viper.BindPFlag("ldap.user_filter", rootCmd.PersistentFlags().Lookup("ldap-user-filter"))
viper.BindPFlag("ldap.group_filter", rootCmd.PersistentFlags().Lookup("ldap-group-filter"))
viper.BindPFlag("ldap.group_base_dn", rootCmd.PersistentFlags().Lookup("ldap-group-base-dn"))
viper.BindPFlag("disable_remote_profiles", rootCmd.PersistentFlags().Lookup("disable-remote-profiles"))
viper.BindPFlag("proxy_dhcp.enabled", rootCmd.PersistentFlags().Lookup("proxy-dhcp"))
viper.BindPFlag("proxy_dhcp.bootfile_bios", rootCmd.PersistentFlags().Lookup("proxy-dhcp-bootfile-bios"))
viper.BindPFlag("proxy_dhcp.bootfile_uefi", rootCmd.PersistentFlags().Lookup("proxy-dhcp-bootfile-uefi"))
viper.BindPFlag("proxy_dhcp.bootfile_arm64", rootCmd.PersistentFlags().Lookup("proxy-dhcp-bootfile-arm64"))
viper.BindPFlag("windows_smb.enabled", rootCmd.PersistentFlags().Lookup("windows-smb"))
viper.BindPFlag("windows_smb.port", rootCmd.PersistentFlags().Lookup("windows-smb-port"))
}
func initConfig() {
if cfgFile != "" {
viper.SetConfigFile(cfgFile)
} else {
viper.AddConfigPath(".")
viper.AddConfigPath("/etc/bootimus/")
viper.SetConfigType("yaml")
viper.SetConfigName("bootimus")
}
viper.SetEnvPrefix("BOOTIMUS")
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
viper.AutomaticEnv()
if err := viper.ReadInConfig(); err == nil {
fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())
}
}