feat: sync tls config (#651)

bakito · web-flow · commit 20fe83745f70 · 2025-09-14T18:25:36.000+02:00
* feat: implement tls config sync * feat: implement workaround for #633 * extend feature test * add tests
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -164,6 +164,8 @@ linters:
           disabled: true
         - name: var-naming
           disabled: true
+        - name: enforce-switch-style
+          disabled: true
     staticcheck:
       checks:
        - 'all'
diff --git a/Makefile b/Makefile
@@ -15,6 +15,10 @@ deepcopy-gen: tb.controller-gen
 	@touch ./tmp/deepcopy-gen-boilerplate.go.txt
 	$(TB_CONTROLLER_GEN) paths=./pkg/types object
 
+.PHONY: docs
+docs:
+	go run docs/main.go
+
 # Run tests
 test: generate lint test-ci
 
diff --git a/README.md b/README.md
@@ -185,58 +185,60 @@ services:
 
 ## Config via environment variables
 
-For Replicas replace `#` with the index number for the replica. E.g: `REPLICA#_URL` -> `REPLICA1_URL`
-
-| Name                                 | Type   | Description                                               |
-|:-------------------------------------|--------|:----------------------------------------------------------|
-| ORIGIN_URL (string)                  | string | URL of adguardhome instance                               |
-| ORIGIN_WEB_URL (string)              | string | Web URL of adguardhome instance                           |
-| ORIGIN_API_PATH (string)             | string | API Path                                                  |
-| ORIGIN_USERNAME (string)             | string | Adguardhome username                                      |
-| ORIGIN_PASSWORD (string)             | string | Adguardhome password                                      |
-| ORIGIN_COOKIE (string)               | string | Adguardhome cookie                                        |
-| ORIGIN_REQUEST_HEADERS (map)         | map    | Request Headers 'key1:value1,key2:value2'                 |
-| ORIGIN_INSECURE_SKIP_VERIFY (bool)   | bool   | Skip TLS verification                                     |
-| ORIGIN_AUTO_SETUP (bool)             | bool   | Automatically setup the instance if it is not initialized |
-| ORIGIN_INTERFACE_NAME (string)       | string | Network interface name                                    |
-| ORIGIN_DHCP_SERVER_ENABLED (bool)    | bool   | Enable DHCP server                                        |
-| REPLICA#_URL (string)                | string | URL of adguardhome instance                               |
-| REPLICA#_WEB_URL (string)            | string | Web URL of adguardhome instance                           |
-| REPLICA#_API_PATH (string)           | string | API Path                                                  |
-| REPLICA#_USERNAME (string)           | string | Adguardhome username                                      |
-| REPLICA#_PASSWORD (string)           | string | Adguardhome password                                      |
-| REPLICA#_COOKIE (string)             | string | Adguardhome cookie                                        |
-| REPLICA#_REQUEST_HEADERS (map)       | map    | Request Headers 'key1:value1,key2:value2'                 |
-| REPLICA#_INSECURE_SKIP_VERIFY (bool) | bool   | Skip TLS verification                                     |
-| REPLICA#_AUTO_SETUP (bool)           | bool   | Automatically setup the instance if it is not initialized |
-| REPLICA#_INTERFACE_NAME (string)     | string | Network interface name                                    |
-| REPLICA#_DHCP_SERVER_ENABLED (bool)  | bool   | Enable DHCP server                                        |
-| CRON (string)                        | string | Cron expression for the sync interval                     |
-| RUN_ON_START (bool)                  | bool   | Run the sung on startup                                   |
-| PRINT_CONFIG_ONLY (bool)             | bool   | Print current config only and stop the application        |
-| CONTINUE_ON_ERROR (bool)             | bool   | Continue sync on errors                                   |
-| API_PORT (int)                       | int    | API port                                                  |
-| API_USERNAME (string)                | string | API username                                              |
-| API_PASSWORD (string)                | string | API password                                              |
-| API_DARK_MODE (bool)                 | bool   | API dark mode                                             |
-| API_METRICS_ENABLED (bool)           | bool   | Enable metrics                                            |
-| API_METRICS_SCRAPE_INTERVAL (int64)  | int64  | Interval for metrics scraping                             |
-| API_METRICS_QUERY_LOG_LIMIT (int)    | int    | Metrics log query limit                                   |
-| API_TLS_CERT_DIR (string)            | string | API TLS certificate directory                             |
-| API_TLS_CERT_NAME (string)           | string | API TLS certificate file name                             |
-| API_TLS_KEY_NAME (string)            | string | API TLS key file name                                     |
-| FEATURES_DNS_ACCESS_LISTS (bool)     | bool   | Sync DNS access lists                                     |
-| FEATURES_DNS_SERVER_CONFIG (bool)    | bool   | Sync DNS server config                                    |
-| FEATURES_DNS_REWRITES (bool)         | bool   | Sync DNS rewrites                                         |
-| FEATURES_DHCP_SERVER_CONFIG (bool)   | bool   | Sync DHCP server config                                   |
-| FEATURES_DHCP_STATIC_LEASES (bool)   | bool   | Sync DHCP static leases                                   |
-| FEATURES_GENERAL_SETTINGS (bool)     | bool   | Sync general settings                                     |
-| FEATURES_QUERY_LOG_CONFIG (bool)     | bool   | Sync query log config                                     |
-| FEATURES_STATS_CONFIG (bool)         | bool   | Sync stats config                                         |
-| FEATURES_CLIENT_SETTINGS (bool)      | bool   | Sync client settings                                      |
-| FEATURES_SERVICES (bool)             | bool   | Sync services                                             |
-| FEATURES_FILTERS (bool)              | bool   | Sync filters                                              |
-| FEATURES_THEME (bool)                | bool   | Sync the weg UI theme                                     |
+For Replicas replace `#` with the index number for the replica. E.g.: `REPLICA#_URL` -> `REPLICA1_URL`
+<!-- env-doc-start -->
+| Name | Type | Description |
+| :--- | ---- |:----------- |
+| ORIGIN_URL (string) | string | URL of adguardhome instance |
+| ORIGIN_WEB_URL (string) | string | Web URL of adguardhome instance |
+| ORIGIN_API_PATH (string) | string | API Path |
+| ORIGIN_USERNAME (string) | string | Adguardhome username |
+| ORIGIN_PASSWORD (string) | string | Adguardhome password |
+| ORIGIN_COOKIE (string) | string | Adguardhome cookie |
+| ORIGIN_REQUEST_HEADERS (map) | map | Request Headers 'key1:value1,key2:value2' |
+| ORIGIN_INSECURE_SKIP_VERIFY (bool) | bool | Skip TLS verification |
+| ORIGIN_AUTO_SETUP (bool) | bool | Automatically setup the instance if it is not initialized |
+| ORIGIN_INTERFACE_NAME (string) | string | Network interface name |
+| ORIGIN_DHCP_SERVER_ENABLED (bool) | bool | Enable DHCP server |
+| REPLICA#_URL (string) | string | URL of adguardhome instance |
+| REPLICA#_WEB_URL (string) | string | Web URL of adguardhome instance |
+| REPLICA#_API_PATH (string) | string | API Path |
+| REPLICA#_USERNAME (string) | string | Adguardhome username |
+| REPLICA#_PASSWORD (string) | string | Adguardhome password |
+| REPLICA#_COOKIE (string) | string | Adguardhome cookie |
+| REPLICA#_REQUEST_HEADERS (map) | map | Request Headers 'key1:value1,key2:value2' |
+| REPLICA#_INSECURE_SKIP_VERIFY (bool) | bool | Skip TLS verification |
+| REPLICA#_AUTO_SETUP (bool) | bool | Automatically setup the instance if it is not initialized |
+| REPLICA#_INTERFACE_NAME (string) | string | Network interface name |
+| REPLICA#_DHCP_SERVER_ENABLED (bool) | bool | Enable DHCP server |
+| CRON (string) | string | Cron expression for the sync interval |
+| RUN_ON_START (bool) | bool | Run the sung on startup |
+| PRINT_CONFIG_ONLY (bool) | bool | Print current config only and stop the application |
+| CONTINUE_ON_ERROR (bool) | bool | Continue sync on errors |
+| API_PORT (int) | int | API port |
+| API_USERNAME (string) | string | API username |
+| API_PASSWORD (string) | string | API password |
+| API_DARK_MODE (bool) | bool | API dark mode |
+| API_METRICS_ENABLED (bool) | bool | Enable metrics |
+| API_METRICS_SCRAPE_INTERVAL (int64) | int64 | Interval for metrics scraping |
+| API_METRICS_QUERY_LOG_LIMIT (int) | int | Metrics log query limit |
+| API_TLS_CERT_DIR (string) | string | API TLS certificate directory |
+| API_TLS_CERT_NAME (string) | string | API TLS certificate file name |
+| API_TLS_KEY_NAME (string) | string | API TLS key file name |
+| FEATURES_DNS_ACCESS_LISTS (bool) | bool | Sync DNS access lists |
+| FEATURES_DNS_SERVER_CONFIG (bool) | bool | Sync DNS server config |
+| FEATURES_DNS_REWRITES (bool) | bool | Sync DNS rewrites |
+| FEATURES_DHCP_SERVER_CONFIG (bool) | bool | Sync DHCP server config |
+| FEATURES_DHCP_STATIC_LEASES (bool) | bool | Sync DHCP static leases |
+| FEATURES_GENERAL_SETTINGS (bool) | bool | Sync general settings |
+| FEATURES_QUERY_LOG_CONFIG (bool) | bool | Sync query log config |
+| FEATURES_STATS_CONFIG (bool) | bool | Sync stats config |
+| FEATURES_CLIENT_SETTINGS (bool) | bool | Sync client settings |
+| FEATURES_SERVICES (bool) | bool | Sync services |
+| FEATURES_FILTERS (bool) | bool | Sync filters |
+| FEATURES_THEME (bool) | bool | Sync the web UI theme |
+| FEATURES_TLS_CONFIG (bool) | bool | Sync the TLS config |
+<!-- env-doc-end -->
 
 ### Unraid
 
diff --git a/cmd/run.go b/cmd/run.go
@@ -67,6 +67,7 @@ func init() {
 	doCmd.PersistentFlags().Bool(config.FlagFeatureClient, true, "Enable client settings feature")
 	doCmd.PersistentFlags().Bool(config.FlagFeatureServices, true, "Enable services sync feature")
 	doCmd.PersistentFlags().Bool(config.FlagFeatureFilters, true, "Enable filters sync feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureTLSConfig, true, "Enable TLS config sync feature")
 
 	doCmd.PersistentFlags().String(config.FlagOriginURL, "", "Origin instance url")
 	doCmd.PersistentFlags().
diff --git a/docs/main.go b/docs/main.go
@@ -3,16 +3,57 @@ package main
 
 import (
 	"fmt"
+	"io"
+	"log"
+	"os"
 	"reflect"
 	"strings"
 
 	"github.com/bakito/adguardhome-sync/pkg/types"
 )
 
 func main() {
-	_, _ = fmt.Println("| Name | Type | Description |")
-	_, _ = fmt.Println("| :--- | ---- |:----------- |")
+	// Read the README.md file
+	content, err := os.ReadFile("README.md")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Convert to string for easier manipulation
+	fileContent := string(content)
+
+	// Generate the environment variables documentation
+	var buf strings.Builder
+	_, _ = buf.WriteString("| Name | Type | Description |\n")
+	_, _ = buf.WriteString("| :--- | ---- |:----------- |\n")
+	oldStdout := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
 	printEnvTags(reflect.TypeOf(types.Config{}), "")
+	_ = w.Close()
+	envDoc, _ := io.ReadAll(r)
+	os.Stdout = oldStdout
+	_, _ = buf.Write(envDoc)
+
+	// Find the markers and replace content between them
+	startMarker := "<!-- env-doc-start -->"
+	endMarker := "<!-- env-doc-end -->"
+
+	start := strings.Index(fileContent, startMarker)
+	end := strings.Index(fileContent, endMarker)
+
+	if start == -1 || end == -1 {
+		log.Fatal("Could not find markers in README.md")
+	}
+
+	// Construct new content
+	newContent := fileContent[:start+len(startMarker)] + "\n" + buf.String() + fileContent[end:]
+
+	// Write back to README.md
+	err = os.WriteFile("README.md", []byte(newContent), 0o644)
+	if err != nil {
+		log.Fatal(err)
+	}
 }
 
 // printEnvTags recursively prints all fields with `env` tags.
@@ -36,8 +77,6 @@ func printEnvTags(t reflect.Type, prefix string) {
 				envTag = "ORIGIN"
 			case "Replica":
 				envTag = "REPLICA#"
-			default:
-				continue
 			}
 		}
 		combinedTag := envTag
diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -147,6 +147,8 @@ type Client interface {
 	SetDhcpConfig(status *model.DhcpStatus) error
 	AddDHCPStaticLease(lease model.DhcpStaticLease) error
 	DeleteDHCPStaticLease(lease model.DhcpStaticLease) error
+	TLSConfig() (*model.TlsConfig, error)
+	SetTLSConfig(tls *model.TlsConfig) error
 }
 
 type client struct {
@@ -466,3 +468,14 @@ func (cl *client) SetProfileInfo(profile *model.ProfileInfo) error {
 	cl.log.With("language", profile.Language, "theme", profile.Theme).Info("Set profile")
 	return cl.doPut(cl.client.R().EnableTrace().SetBody(profile), "/profile/update")
 }
+
+func (cl *client) TLSConfig() (*model.TlsConfig, error) {
+	tlsc := &model.TlsConfig{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(tlsc), "/tls/status")
+	return tlsc, err
+}
+
+func (cl *client) SetTLSConfig(tlsc *model.TlsConfig) error {
+	cl.log.With("enabled", tlsc.Enabled).Info("Set TLS config")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(tlsc), "/tls/configure")
+}
diff --git a/pkg/client/model/model-functions.go b/pkg/client/model/model-functions.go
@@ -490,3 +490,7 @@ func sumUp(t, o *[]int) *[]int {
 	}
 	return t
 }
+
+func (c *TlsConfig) Equals(config *TlsConfig) bool {
+	return utils.JSONEquals(c, config)
+}
diff --git a/pkg/config/config-schema.json b/pkg/config/config-schema.json
@@ -150,6 +150,9 @@
         },
         "theme": {
           "type": "boolean"
+        },
+        "tlsConfig": {
+          "type": "boolean"
         }
       },
       "type": "object"
diff --git a/pkg/config/flag-names.go b/pkg/config/flag-names.go
@@ -22,6 +22,7 @@ const (
 	FlagFeatureClient           = "feature-client-settings"
 	FlagFeatureServices         = "feature-services"
 	FlagFeatureFilters          = "feature-filters"
+	FlagFeatureTLSConfig        = "feature-tls-config"
 
 	FlagOriginURL      = "origin-url"
 	FlagOriginWebURL   = "origin-web-url"
diff --git a/pkg/config/flags.go b/pkg/config/flags.go
@@ -173,8 +173,13 @@ func (fr *flagReader) readFeatureFlags() error {
 	}); err != nil {
 		return err
 	}
-	return fr.setBoolFlag(FlagFeatureFilters, func(cgf *types.Config, value bool) {
+	if err := fr.setBoolFlag(FlagFeatureFilters, func(cgf *types.Config, value bool) {
 		fr.cfg.Features.Filters = value
+	}); err != nil {
+		return err
+	}
+	return fr.setBoolFlag(FlagFeatureTLSConfig, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.TLSConfig = value
 	})
 }
 
diff --git a/pkg/mocks/client/mock.go b/pkg/mocks/client/mock.go
diff --git a/pkg/sync/action-general.go b/pkg/sync/action-general.go
@@ -236,6 +236,22 @@ var (
 		}
 		return nil
 	}
+	tlsConfig = func(ac *actionContext) error {
+		tlsc, err := ac.client.TLSConfig()
+		if err != nil {
+			return err
+		}
+
+		if !tlsc.Equals(ac.origin.tlsConfig) {
+			if err := ac.client.SetTLSConfig(ac.origin.tlsConfig); err != nil {
+				ac.rl.With("enabled", ac.origin.tlsConfig.Enabled, "error", err).Error("error setting tls config")
+				if !ac.cfg.ContinueOnError {
+					return err
+				}
+			}
+		}
+		return nil
+	}
 )
 
 func syncFilterType(
diff --git a/pkg/sync/action.go b/pkg/sync/action.go
@@ -68,6 +68,11 @@ func setupActions(cfg *types.Config) (actions []syncAction) {
 			action("DHCP static leases", actionDHCPStaticLeases),
 		)
 	}
+	if cfg.Features.TLSConfig {
+		actions = append(actions,
+			action("TLS config", tlsConfig),
+		)
+	}
 	return actions
 }
 
diff --git a/pkg/sync/sync.go b/pkg/sync/sync.go
@@ -264,6 +264,14 @@ func (w *worker) sync() {
 		}
 	}
 
+	if w.cfg.Features.TLSConfig {
+		o.tlsConfig, err = oc.TLSConfig()
+		if err != nil {
+			sl.With("error", err).Error("Error getting tls config")
+			return
+		}
+	}
+
 	w.actions = setupActions(w.cfg)
 
 	replicas := w.cfg.UniqueReplicas()
@@ -369,4 +377,5 @@ type origin struct {
 	safeSearch              *model.SafeSearchConfig
 	profileInfo             *model.ProfileInfo
 	safeBrowsing            bool
+	tlsConfig               *model.TlsConfig
 }
diff --git a/pkg/sync/sync_test.go b/pkg/sync/sync_test.go
diff --git a/pkg/types/features.go b/pkg/types/features.go
diff --git a/pkg/types/types_test.go b/pkg/types/types_test.go

Original file line number	Diff line number	Diff line change
`@@ -490,3 +490,7 @@ func sumUp(t, o []int) []int {`
`490`	`490`	`}`
`491`	`491`	`return t`
`492`	`492`	`}`
	`493`	`+`
	`494`	`+func (c TlsConfig) Equals(config TlsConfig) bool {`
	`495`	`+ return utils.JSONEquals(c, config)`
	`496`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -173,8 +173,13 @@ func (fr *flagReader) readFeatureFlags() error {`
`173`	`173`	`}); err != nil {`
`174`	`174`	`return err`
`175`	`175`	`}`
`176`		`- return fr.setBoolFlag(FlagFeatureFilters, func(cgf *types.Config, value bool) {`
	`176`	`+ if err := fr.setBoolFlag(FlagFeatureFilters, func(cgf *types.Config, value bool) {`
`177`	`177`	`fr.cfg.Features.Filters = value`
	`178`	`+ }); err != nil {`
	`179`	`+ return err`
	`180`	`+ }`
	`181`	`+ return fr.setBoolFlag(FlagFeatureTLSConfig, func(cgf *types.Config, value bool) {`
	`182`	`+ fr.cfg.Features.TLSConfig = value`
`178`	`183`	`})`
`179`	`184`	`}`
`180`	`185`