add -N flag to wget command

Adds support for generating certificates using Let's Encrypt or other ACME providers

See merge request idk/reseed-tools!5

.dockerignore

@@ -0,0 +1,8 @@
+.idea
+.git
+.gitlab-ci.yml
+.vscode
+
+# CI cache folder storing docker images
+ci-exports
+

.gitignore

@@ -7,3 +7,9 @@ i2pseeds.su3
 onion.key
 tmp/
 i2p-tools-*
+*.crl
+*.crt
+*.pem
+plugin
+reseed-tools*
+data-dir*

.gitlab-ci.yml

@@ -0,0 +1,106 @@
+image: docker:19.03.12
+
+stages:
+  - docker_test
+  - docker_push
+
+variables:
+  # When using dind service, we need to instruct docker to talk with
+  # the daemon started inside of the service. The daemon is available
+  # with a network connection instead of the default
+  # /var/run/docker.sock socket. Docker 19.03 does this automatically
+  # by setting the DOCKER_HOST in
+  # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
+  #
+  # The 'docker' hostname is the alias of the service container as described at
+  # https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
+  #
+  # Specify to Docker where to create the certificates, Docker will
+  # create them automatically on boot, and will create
+  # `/certs/client` that will be shared between the service and job
+  # container, thanks to volume mount from config.toml
+  DOCKER_TLS_CERTDIR: "/certs"
+  # Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
+  DOCKER_HOST: tcp://docker:2376
+
+services:
+  - docker:19.03.12-dind
+
+.docker_cache:
+  cache:
+    # The same key should be used across branches
+    key: "$CI_COMMIT_REF_SLUG"
+    paths:
+      - ci-exports/*.tar
+
+# Make sure we can build a docker image
+# It's cached for later jobs
+build_docker:
+  extends:
+    - .docker_cache
+  stage: docker_test
+  script:
+    # Try to load latest branch image from local tar or from registry
+    - docker load ci-exports/$CI_COMMIT_REF_SLUG.tar || docker pull $CI_REGISTRY_IMAGE:latest || true
+    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:latest .
+    - mkdir -p ci-exports/
+    - docker save $CI_REGISTRY_IMAGE:latest > ci-exports/$CI_COMMIT_REF_SLUG.tar
+
+# Publishes the configured CI registry (by default that's gitlab's registry)
+push_ci_registry:
+  extends:
+    - .docker_cache
+  stage: docker_push
+  cache:
+    policy: pull
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
+    - docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - docker push $CI_REGISTRY_IMAGE:latest
+  only:
+    refs:
+      # Make sure to protect these tags!
+      - /^v(\d+\.){2,3}\d+$/
+      - /.+-release$/
+    variables:
+      - $CI_REGISTRY
+      - $CI_REGISTRY_USER
+      - $CI_REGISTRY_PASSWORD
+      - $CI_REGISTRY_IMAGE
+
+# Publishes the cached image to docker
+push_dockerhub_registry:
+  extends:
+    - .docker_cache
+  stage: docker_push
+  cache:
+    policy: pull
+  before_script:
+    - docker login -u $DOCKERHUB_REGISTRY_USER -p $DOCKERHUB_REGISTRY_PASSWORD $DOCKERHUB_REGISTRY
+  script:
+    - cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
+    - docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:latest
+    - docker push $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - docker push $DOCKERHUB_REGISTRY_IMAGE:latest
+    # Push the readme to dockerhub
+    - >-
+      docker run -v $PWD:/workspace
+      -e DOCKERHUB_USERNAME="$DOCKERHUB_REGISTRY_USER"
+      -e DOCKERHUB_PASSWORD="$DOCKERHUB_REGISTRY_PASSWORD"
+      -e DOCKERHUB_REPOSITORY="$DOCKERHUB_REGISTRY_IMAGE"
+      -e README_FILEPATH='/workspace/README.md'
+      peterevans/dockerhub-description:2
+  only:
+    refs:
+      # Make sure to protect these tags!
+      - /^v(\d+\.){2,3}\d+$/
+      - /.+-release$/
+    variables:
+      - $DOCKERHUB_REGISTRY
+      - $DOCKERHUB_REGISTRY_USER
+      - $DOCKERHUB_REGISTRY_PASSWORD
+      - $DOCKERHUB_REGISTRY_IMAGE

CHANGELOG.md

@@ -31,4 +31,4 @@
  * numRi per su3 file: 75 --> 77
 
 2016-01
- * fork from https://github.com/eyedeekay/i2p-tools-1
+ * fork from https://i2pgit.org/idk/reseed-tools

DOCKER.md

@@ -0,0 +1,57 @@
+### Docker
+
+To make it easier to deploy reseeds, it is possible to run this software as a
+Docker image. Because the software requires access to a network database to host
+a reseed, you will need to mount the netDb as a volume inside your docker
+container to provide access to it, and you will need to run it as the same user
+and group inside the container as I2P.
+
+When you run a reseed under Docker in this fashion, it will automatically
+generate a self-signed certificate for your reseed server in a Docker volume
+mamed reseed-keys. *Back up this directory*, if it is lost it is impossible
+to reproduce.
+
+Please note that Docker is not currently compatible with .onion reseeds unless
+you pass the --network=host tag.
+
+#### If I2P is running as your user, do this:
+
+        docker run -itd \
+            --name reseed \
+            --publish 443:8443 \
+            --restart always \
+            --volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
+            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+            eyedeekay/reseed \
+                --signer $YOUR_EMAIL_HERE
+
+#### If I2P is running as another user, do this:
+
+        docker run -itd \
+            --name reseed \
+            --user $(I2P_UID) \
+            --group-add $(I2P_GID) \
+            --publish 443:8443 \
+            --restart always \
+            --volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
+            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+            eyedeekay/reseed \
+                --signer $YOUR_EMAIL_HERE
+
+#### **Debian/Ubuntu and Docker**
+
+In many cases I2P will be running as the Debian system user ```i2psvc```. This
+is the case for all installs where Debian's Advanced Packaging Tool(apt) was
+used to peform the task. If you used ```apt-get install``` this command will
+work for you. In that case, just copy-and-paste:
+
+        docker run -itd \
+            --name reseed \
+            --user $(id -u i2psvc) \
+            --group-add $(id -g i2psvc) \
+            --publish 443:8443 \
+            --restart always \
+            --volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
+            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+            eyedeekay/reseed \
+                --signer $YOUR_EMAIL_HERE

Dockerfile

@@ -1,14 +1,14 @@
 FROM debian:stable-backports
 ARG I2P_GID=1000
 ARG I2P_UID=1000
-COPY . /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
-WORKDIR /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
+COPY . /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
+WORKDIR /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
 RUN apt-get update && \
     apt-get dist-upgrade -y && \
-    apt-get install -y git golang-1.13-go make && \
+    apt-get install -y git golang-go make && \
     mkdir -p /var/lib/i2p/i2p-config/reseed && \
     chown -R $I2P_UID:$I2P_GID /var/lib/i2p && chmod -R o+rwx /var/lib/i2p
-RUN /usr/lib/go-1.13/bin/go build -v -tags netgo -ldflags '-w -extldflags "-static"'
+RUN go build -v -tags netgo -ldflags '-w -extldflags "-static"'
 USER $I2P_UID
 WORKDIR /var/lib/i2p/i2p-config/reseed
-ENTRYPOINT [ "/var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1/entrypoint.sh" ]
+ENTRYPOINT [ "/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/entrypoint.sh" ]

EXAMPLES.md

@@ -0,0 +1,46 @@
+
+## Example Commands:
+
+### Without a webserver, standalone, automatic OnionV3 with TLS support
+
+```
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
+```
+
+### Without a webserver, standalone, serve P2P with LibP2P
+
+```
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
+```
+
+### Without a webserver, standalone, upload a single signed .su3 to github
+
+* This one isn't working yet, I'll get to it eventually, I've got a cooler idea now.
+
+```
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=reseed-tools --ghuser=eyedeekay
+```
+
+### Without a webserver, standalone, in-network reseed
+
+```
+./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
+```
+
+### Without a webserver, standalone, Regular TLS, OnionV3 with TLS
+
+```
+./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
+```
+
+### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, and LibP2P
+
+```
+./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
+```
+
+### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, I2P In-Network reseed, and LibP2P, self-supervising
+
+```
+./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --littleboss=start
+```

Makefile

@@ -1,6 +1,6 @@
 
-VERSION=0.0.4
-APP=i2p-tools-1
+VERSION=0.2.1
+APP=reseed-tools
 USER_GH=eyedeekay
 
 GOOS?=$(shell uname -s | tr A-Z a-z)
@@ -8,8 +8,8 @@ GOARCH?="amd64"
 
 ARG=-v -tags netgo -ldflags '-w -extldflags "-static"'
 
-MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
-MIN_GO_VERSION?=1.13
+#MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
+MIN_GO_VERSION?=1.15
 
 I2P_UID=$(shell id -u i2psvc)
 I2P_GID=$(shell id -g i2psvc)
@@ -19,55 +19,75 @@ WHOAMI=$(shell whoami)
 echo:
 	@echo "type make version to do release $(APP) $(VERSION) $(GOOS) $(GOARCH) $(MIN_GO_VERSION) $(I2P_UID) $(I2P_GID)"
 
-version:
-	cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
+index:
+	@echo "<!DOCTYPE html>" > index.html
+	@echo "<html>" >> index.html
+	@echo "<head>" >> index.html
+	@echo "  <title>Reseed Tools</title>" >> index.html
+	@echo "  <link rel=\"stylesheet\" type=\"text/css\" href =\"/style.css\" />" >> index.html
+	@echo "</head>" >> index.html
+	@echo "<body>" >> index.html
+	pandoc README.md >> index.html
+	@echo "</body>" >> index.html
+	@echo "</html>" >> index.html
 
-edit:
-	cat README.md | gothub edit -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
+build:
+	go build $(ARG) -o reseed-tools-$(GOOS)-$(GOARCH)
 
-upload: binary tar
-	gothub upload -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../i2p-tools.tar.xz -n "i2p-tools.tar.xz"
-
-build: gofmt
-	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o i2p-tools-$(GOOS)-$(GOARCH)
+1.15-build: gofmt
+	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o reseed-tools-$(GOOS)-$(GOARCH)
 
 clean:
-	rm i2p-tools-* *.key *.i2pKeys *.crt *.crl *.pem tmp -rf
-
-binary:
-	GOOS=darwin GOARCH=amd64 make build
-	GOOS=linux GOARCH=386 make build
-	GOOS=linux GOARCH=amd64 make build
-	GOOS=linux GOARCH=arm make build
-	GOOS=linux GOARCH=arm64 make build
-	GOOS=openbsd GOARCH=amd64 make build
-	GOOS=freebsd GOARCH=386 make build
-	GOOS=freebsd GOARCH=amd64 make build
+	rm reseed-tools-* tmp -rfv
 
 tar:
-	tar --exclude="./.git" --exclude="./tmp"  -cvf ../i2p-tools.tar.xz .
+	tar --exclude="./.git" --exclude="./tmp"  -cvf ../reseed-tools.tar.xz .
 
 install:
-	install -m755 i2p-tools-$(GOOS)-$(GOARCH) /usr/local/bin/i2p-tools
+	install -m755 reseed-tools-$(GOOS)-$(GOARCH) /usr/bin/reseed-tools
+	install -m644 etc/default/reseed /etc/default/reseed
 	install -m755 etc/init.d/reseed /etc/init.d/reseed
+	mkdir -p /etc/systemd/system/reseed.d/
+	mkdir -p /var/lib/i2p
+	install -g i2psvc -o i2psvc -d /var/lib/i2p/i2p-config/reseed/
+	install -m644 etc/systemd/system/reseed.d/reseed.conf /etc/systemd/system/reseed.d/reseed.conf
+	install -m644 etc/systemd/system/reseed.d/reseed.service /etc/systemd/system/reseed.d/reseed.service
+
+checkinstall: build
+	fakeroot checkinstall \
+		--default \
+		--install=no \
+		--fstrans=yes \
+		--pkgname=reseed-tools \
+		--pkgversion=$(VERSION) \
+		--pkggroup=net \
+		--pkgrelease=1 \
+		--pkgsource="https://i2pgit.org/idk/reseed-tools" \
+		--maintainer="$(SIGNER)" \
+		--requires="i2p,i2p-router" \
+		--suggests="i2p,i2p-router,syndie,tor,tsocks" \
+		--nodoc \
+		--deldoc=yes \
+		--deldesc=yes \
+		--backup=no
 
 ### You shouldn't need to use these now that the go mod require rule is fixed,
 ## but I'm leaving them in here because it made it easier to test that both
 ## versions behaved the same way. -idk
 
 build-fork:
-	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-idk
+	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-idk
 
 build-unfork:
-	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-md
+	/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-md
 
 fork:
-	sed -i 's|eyedeekay/i2p-tools-1|eyedeekay/i2p-tools-1|g' main.go cmd/*.go reseed/*.go su3/*.go
+	sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
 	make gofmt build-fork
 
 unfork:
-	sed -i 's|eyedeekay/i2p-tools-1|eyedeekay/i2p-tools-1|g' main.go cmd/*.go reseed/*.go su3/*.go
-	sed -i 's|RTradeLtd/i2p-tools-1|eyedeekay/i2p-tools-1|g' main.go cmd/*.go reseed/*.go su3/*.go
+	sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
+	sed -i 's|RTradeLtd/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
 	make gofmt build-unfork
 
 gofmt:
@@ -76,12 +96,12 @@ gofmt:
 try:
 	mkdir -p tmp && \
 		cd tmp && \
-		../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
+		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
 
 stop:
 	mkdir -p tmp && \
 		cd tmp && \
-		../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
+		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
 
 docker:
 	docker build -t eyedeekay/reseed .
@@ -109,7 +129,7 @@ docker-server:
 		--publish 8443:8443 \
 		--restart=always \
 		--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
-		--volume reseed-keyss:/var/lib/i2p/i2p-config/reseed \
+		--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
 		eyedeekay/reseed \
 			--signer=hankhill19580@gmail.com
 	docker logs -f reseed
@@ -134,4 +154,141 @@ docker-homerun:
 		--volume $(HOME)/i2p/netDb:/var/lib/i2p/i2p-config/netDb:z \
 		--volume reseed-keys:/var/lib/i2p/i2p-config/reseed:z \
 		eyedeekay/reseed \
-			--signer=hankhill19580@gmail.com
+			--signer=hankhill19580@gmail.com
+
+export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre/
+export CGO_CFLAGS=-I/usr/lib/jvm/java-8-openjdk-amd64/include/ -I/usr/lib/jvm/java-8-openjdk-amd64/include/linux/
+
+gojava:
+	go get -u -v github.com/sridharv/gojava
+	cp -v ~/go/bin/gojava ./gojava
+
+jar: gojava
+	echo $(JAVA_HOME)
+	./gojava -v -o reseed.jar -s . build ./reseed
+
+release: version upload checkinstall upload-single-deb plugins upload-su3s upload-bin 
+
+version:
+	cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
+
+delete-version:
+	gothub delete -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION)
+
+edit:
+	cat README.md | gothub edit -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
+
+upload: tar
+	gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../reseed-tools.tar.xz -n "reseed-tools.tar.xz"
+
+binary:
+	GOOS=darwin GOARCH=amd64 make build
+	GOOS=darwin GOARCH=arm64 make build
+	GOOS=linux GOARCH=386 make build
+	GOOS=linux GOARCH=amd64 make build
+	GOOS=linux GOARCH=arm make build
+	GOOS=linux GOARCH=arm64 make build
+	GOOS=openbsd GOARCH=amd64 make build
+	GOOS=freebsd GOARCH=386 make build
+	GOOS=freebsd GOARCH=amd64 make build
+	GOOS=windows GOARCH=amd64 make build
+	GOOS=windows GOARCH=386 make build
+
+plugins: binary
+	GOOS=darwin GOARCH=amd64 make su3s
+	GOOS=darwin GOARCH=arm64 make su3s
+	GOOS=linux GOARCH=386 make su3s
+	GOOS=linux GOARCH=amd64 make su3s
+	GOOS=linux GOARCH=arm make su3s
+	GOOS=linux GOARCH=arm64 make su3s
+	GOOS=openbsd GOARCH=amd64 make su3s
+	GOOS=freebsd GOARCH=386 make su3s
+	GOOS=freebsd GOARCH=amd64 make su3s
+	GOOS=windows GOARCH=amd64 make su3s
+	GOOS=windows GOARCH=386 make su3s
+
+upload-bin:
+	GOOS=darwin GOARCH=amd64 make upload-single-bin
+	GOOS=darwin GOARCH=arm64 make upload-single-bin
+	GOOS=linux GOARCH=386 make upload-single-bin
+	GOOS=linux GOARCH=amd64 make upload-single-bin
+	GOOS=linux GOARCH=arm make upload-single-bin
+	GOOS=linux GOARCH=arm64 make upload-single-bin
+	GOOS=openbsd GOARCH=amd64 make upload-single-bin
+	GOOS=freebsd GOARCH=386 make upload-single-bin
+	GOOS=freebsd GOARCH=amd64 make upload-single-bin
+	GOOS=windows GOARCH=amd64 make upload-single-bin
+	GOOS=windows GOARCH=386 make upload-single-bin
+
+rm-su3s:
+	rm *.su3 -f
+
+download-su3s: rm-su3s
+	GOOS=darwin GOARCH=amd64 make download-single-su3
+	GOOS=darwin GOARCH=arm64 make download-single-su3
+	GOOS=linux GOARCH=386 make download-single-su3
+	GOOS=linux GOARCH=amd64 make download-single-su3
+	GOOS=linux GOARCH=arm make download-single-su3
+	GOOS=linux GOARCH=arm64 make download-single-su3
+	GOOS=openbsd GOARCH=amd64 make download-single-su3
+	GOOS=freebsd GOARCH=386 make download-single-su3
+	GOOS=freebsd GOARCH=amd64 make download-single-su3
+	GOOS=windows GOARCH=amd64 make download-single-su3
+	GOOS=windows GOARCH=386 make download-single-su3
+
+upload-su3s:
+	GOOS=darwin GOARCH=amd64 make upload-single-su3
+	GOOS=darwin GOARCH=arm64 make upload-single-su3
+	GOOS=linux GOARCH=386 make upload-single-su3
+	GOOS=linux GOARCH=amd64 make upload-single-su3
+	GOOS=linux GOARCH=arm make upload-single-su3
+	GOOS=linux GOARCH=arm64 make upload-single-su3
+	GOOS=openbsd GOARCH=amd64 make upload-single-su3
+	GOOS=freebsd GOARCH=386 make upload-single-su3
+	GOOS=freebsd GOARCH=amd64 make upload-single-su3
+	GOOS=windows GOARCH=amd64 make upload-single-su3
+	GOOS=windows GOARCH=386 make upload-single-su3
+
+download-single-su3:
+	wget -N -c "https://github.com/eyedeekay/reseed-tools/releases/download/v$(VERSION)/reseed-tools-$(GOOS)-$(GOARCH).su3"
+
+upload-single-deb:
+	gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools_$(VERSION)-1_amd64.deb -l "`sha256sum reseed-tools_$(VERSION)-1_amd64.deb`" -n "reseed-tools_$(VERSION)-1_amd64.deb"
+
+upload-single-bin:
+	gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools-"$(GOOS)"-"$(GOARCH)" -l "`sha256sum reseed-tools-$(GOOS)-$(GOARCH)`" -n "reseed-tools-$(GOOS)"-"$(GOARCH)"
+
+upload-single-su3:
+	gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools-"$(GOOS)"-"$(GOARCH).su3" -l "`sha256sum reseed-tools-$(GOOS)-$(GOARCH).su3`" -n "reseed-tools-$(GOOS)"-"$(GOARCH).su3"
+
+tmp/content:
+	mkdir -p tmp
+	cp -rv content tmp/content
+
+tmp/lib:
+	mkdir -p tmp/lib
+	cp "$(HOME)/Workspace/GIT_WORK/i2p.i2p/build/shellservice.jar" tmp/lib/shellservice.jar
+
+su3s: tmp/content tmp/lib
+	i2p.plugin.native -name=reseed-tools-$(GOOS)-$(GOARCH) \
+		-signer=hankhill19580@gmail.com \
+		-version "$(VERSION)" \
+		-author=hankhill19580@gmail.com \
+		-autostart=true \
+		-clientname=reseed-tools-$(GOOS)-$(GOARCH) \
+		-command="reseed-tools-$(GOOS)-$(GOARCH) reseed --yes --signer=you@mail.i2p --netdb=\$$CONFIG/netDb" \
+		-consolename="Reseed Tools" \
+		-consoleurl="http://127.0.0.1:8443" \
+		-updateurl="http://idk.i2p/reseed-tools/reseed-tools-$(GOOS)-$(GOARCH).su3" \
+		-website="http://idk.i2p/reseed-tools/" \
+		-icondata="content/images/reseed-icon.png" \
+		-delaystart="3" \
+		-desc="`cat description-pak`" \
+		-exename=reseed-tools-$(GOOS)-$(GOARCH) \
+		-targetos="$(GOOS)" \
+		-res=tmp/ \
+		-license=MIT
+	unzip -o reseed-tools-$(GOOS)-$(GOARCH).zip -d reseed-tools-$(GOOS)-$(GOARCH)-zip
+
+#export sumbblinux=`sha256sum "../reseed-tools-linux.su3"`
+#export sumbbwindows=`sha256sum "../reseed-tools-windows.su3"`

README.md

@@ -1,157 +1,117 @@
 I2P Reseed Tools
 ==================
 
-This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to
-create, sign, and validate SU3 files. Please note that this requires at least Go version 1.13, and uses Go Modules.
+This tool provides a secure and efficient reseed server for the I2P network.
+There are several utility commands to create, sign, and validate SU3 files.
+Please note that this requires at least Go version 1.13, and uses Go Modules.
+
+## Dependencies
+
+`go`, `git`, and optionally `make` are required to build the project.
+Precompiled binaries for most platforms are available at my github mirror
+https://github.com/eyedeekay/i2p-tools-1.
+
+In order to install the build-dependencies on Ubuntu or Debian, you may use:
+
+```sh
+sudo apt-get install golang-go git make
+```
 
 ## Installation
 
-If you have go installed you can download, build, and install this tool with `go get`
+Reseed-tools can be run as a user, as a freestanding service, or be installed
+as an I2P Plugin. It will attempt to configure itself automatically. You should
+make sure to set the `--signer` flag or the `RESEED_EMAIL` environment variable
+to configure your signing keys/contact info.
+
+#### Plugin install URL's
+
+Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/
+and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases.
+These can be installed by adding them on the 
+[http://127.0.0.1:7657/configplugins](http://127.0.0.1:7657/configplugins).
+
+- darwin/amd64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3)
+- darwin/arm64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3)
+- linux/386: [http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3)
+- linux/amd64: [http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3)
+- linux/arm: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3)
+- linux/arm64: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3)
+- openbsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3)
+- freebsd/386: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3)
+- freebsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3)
+- windows/amd64: [http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3)
+- windows/386: [http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3)
+
+### Installation(From Source)
 
 ```
-go get github.com/eyedeekay/i2p-tools-1
-i2p-tools -h
+git clone https://i2pgit.org/idk/reseed-tools
+cd reseed-tools
+make build
+# Optionally, if you want to install to /usr/bin/reseed-tools
+sudo make install
 ```
 
 ## Usage
 
-### Docker!
+#### Debian/Ubuntu note:
 
-To make it easier to deploy reseeds, it is possible to run this software as a
-Docker image. Because the software requires access to a network database to host
-a reseed, you will need to mount the netDb as a volume inside your docker
-container to provide access to it, and you will need to run it as the same user
-and group inside the container as I2P.
+Debian users who are running I2P as a system service must also run the 
+`reseed-tools` as the same user. This is so that the reseed-tools can access
+the I2P service's netDb directory. On Debian and Ubuntu, that user is `i2psvc`
+and the netDb directory is: `/var/lib/i2p/i2p-config/netDb`.
 
-When you run a reseed under Docker in this fashion, it will automatically
-generate a self-signed certificate for your reseed server in a Docker volume
-mamed reseed-keys. *Back up this directory*, if it is lost it is impossible
-to reproduce.
+##### Systemd Service
 
-Please note that Docker is not currently compatible with .onion reseeds unless
-you pass the --network=host tag.
+A systemd service is provided which should work with the I2P Debian package
+when reseed-tools is installed in `/usr/bin/reseed-tools`. If you install with
+`make install` this service is also installed. This service will cause the
+bundles to regenerate every 12 hours.
 
-#### If I2P is running as your user, do this:
+The contact email for your reseed should be added in:
+`/etc/systemd/system/reseed.d/reseed.conf`.
 
-        docker run -itd \
-            --name reseed \
-            --publish 443:8443 \
-            --restart always \
-            --volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
-            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
-            eyedeekay/reseed \
-                --signer $YOUR_EMAIL_HERE
+Self-signed certificates will be auto-generated for these services. To change
+this you should edit the `/etc/systemd/system/reseed.d/reseed.service`.
 
-#### If I2P is running as another user, do this:
+- To enable starting the reseed service automatically with the system: `sudo systemctl enable reseed.service`
+- To run the service manually: `sudo sysctl start reseed.service`  
+- To reload the systemd services: `sudo systemctl daemon-reload`
+- To view the status/logs: `sudo journalctl -u reseed.service`
 
-        docker run -itd \
-            --name reseed \
-            --user $(I2P_UID) \
-            --group-add $(I2P_GID) \
-            --publish 443:8443 \
-            --restart always \
-            --volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
-            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
-            eyedeekay/reseed \
-                --signer $YOUR_EMAIL_HERE
+##### SysV Service
 
-#### **Debian/Ubuntu and Docker**
+An initscript is also provided. The initscript, unlike the systemd service,
+cannot schedule itself to restart. You should restart the service roughly once
+a day to ensure that the information does not expire.
 
-In many cases I2P will be running as the Debian system user ```i2psvc```. This
-is the case for all installs where Debian's Advanced Packaging Tool(apt) was
-used to peform the task. If you used ```apt-get install``` this command will
-work for you. In that case, just copy-and-paste:
+The contact email for your reseed should be added in:
+`/etc/init.d/reseed`.
 
-        docker run -itd \
-            --name reseed \
-            --user $(id -u i2psvc) \
-            --group-add $(id -g i2psvc) \
-            --publish 443:8443 \
-            --restart always \
-            --volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
-            --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
-            eyedeekay/reseed \
-                --signer $YOUR_EMAIL_HERE
+Self-signed certificates will be auto-generated for these services. To change
+this you should edit the `/etc/init.d/reseed`.
 
-### Locally behind a webserver (reverse proxy setup), preferred:
-
-```
-i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
-```
+## Example Commands:
 
 ### Without a webserver, standalone with TLS support
 
-```
-i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
-```
-
 If this is your first time running a reseed server (ie. you don't have any existing keys),
 you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates.
 Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory
 (a TLS key, certificate and crl, and a su3-file signing key, certificate and crl).
 
-Get the source code here on github or a pre-build binary anonymously on
-
-http://reseed.i2p/
-http://j7xszhsjy7orrnbdys7yykrssv5imkn4eid7n5ikcnxuhpaaw6cq.b32.i2p/
-
-also a short guide and complete tech info.
-
-## Experimental, currently only available from eyedeekay/i2p-tools-1 fork
-
-Requires ```go mod``` and at least go 1.13. To build the eyedeekay/i2p-tools-1
-fork, from anywhere:
-
-        git clone https://github.com/eyedeekay/i2p-tools-1
-        cd i2p-tools-1
-        make build
-
-### Without a webserver, standalone, self-supervising(Automatic restarts)
-
 ```
-./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --littleboss=start
+reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
 ```
 
-### Without a webserver, standalone, automatic OnionV3 with TLS support
+### Locally behind a webserver (reverse proxy setup), preferred:
+
+If you are using a reverse proxy server it may provide the TLS certificate instead.
 
 ```
-./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
+reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
 ```
 
-### Without a webserver, standalone, serve P2P with LibP2P
-
-```
-./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
-```
-
-### Without a webserver, standalone, upload a single signed .su3 to github
-
-* This one isn't working yet, I'll get to it eventually, I've got a cooler idea now.
-
-```
-./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=i2p-tools-1 --ghuser=eyedeekay
-```
-
-### Without a webserver, standalone, in-network reseed
-
-```
-./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
-```
-
-### Without a webserver, standalone, Regular TLS, OnionV3 with TLS
-
-```
-./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
-```
-
-### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, and LibP2P
-
-```
-./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
-```
-
-### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, I2P In-Network reseed, and LibP2P, self-supervising
-
-```
-./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --littleboss=start
-```
+- **Usage** [More examples can be found here.](EXAMPLES.md)
+- **Docker** [Eocker examples can be found here](DOCKER.md)

cmd/reseed.go

@@ -12,19 +12,44 @@ import (
 	"strconv"
 	"time"
 
-	//"crawshaw.io/littleboss"
 	"github.com/cretz/bine/tor"
 	"github.com/cretz/bine/torutil"
 	"github.com/cretz/bine/torutil/ed25519"
-	"github.com/eyedeekay/i2p-tools-1/reseed"
 	"github.com/eyedeekay/sam3"
 	"github.com/eyedeekay/sam3/i2pkeys"
 	"github.com/libp2p/go-libp2p"
 	"github.com/libp2p/go-libp2p-core/host"
 	"github.com/urfave/cli"
+	"i2pgit.org/idk/reseed-tools/reseed"
+
+	"github.com/eyedeekay/checki2cp/getmeanetdb"
 )
 
+func getDefaultSigner() string {
+	intentionalsigner := os.Getenv("RESEED_EMAIL")
+	if intentionalsigner == "" {
+		adminsigner := os.Getenv("MAILTO")
+		if adminsigner != "" {
+			return adminsigner
+		}
+		return ""
+	}
+	return intentionalsigner
+}
+
+func getHostName() string {
+	hostname := os.Getenv("RESEED_HOSTNAME")
+	if hostname == "" {
+		hostname, _ = os.Hostname()
+	}
+	return hostname
+}
+
 func NewReseedCommand() cli.Command {
+	ndb, err := getmeanetdb.WhereIstheNetDB()
+	if err != nil {
+		log.Fatal(err)
+	}
 	return cli.Command{
 		Name:   "reseed",
 		Usage:  "Start a reseed server",
@@ -32,10 +57,12 @@ func NewReseedCommand() cli.Command {
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "signer",
+				Value: getDefaultSigner(),
 				Usage: "Your su3 signing ID (ex. something@mail.i2p)",
 			},
 			cli.StringFlag{
 				Name:  "tlsHost",
+				Value: getHostName(),
 				Usage: "The public hostname used on your TLS certificate",
 			},
 			cli.BoolFlag{
@@ -57,6 +84,7 @@ func NewReseedCommand() cli.Command {
 			},
 			cli.StringFlag{
 				Name:  "netdb",
+				Value: ndb,
 				Usage: "Path to NetDB directory containing routerInfos",
 			},
 			cli.StringFlag{
@@ -84,7 +112,7 @@ func NewReseedCommand() cli.Command {
 			},
 			cli.IntFlag{
 				Name:  "numSu3",
-				Value: 0,
+				Value: 50,
 				Usage: "Number of su3 files to build (0 = automatic based on size of netdb)",
 			},
 			cli.StringFlag{
@@ -128,10 +156,14 @@ func NewReseedCommand() cli.Command {
 				Value: "127.0.0.1:7656",
 				Usage: "Use this SAM address to set up I2P connections for in-network reseed",
 			},
+			cli.BoolFlag{
+				Name:  "acme",
+				Usage: "Automatically generate a TLS certificate with the ACME protocol, defaults to Let's Encrypt",
+			},
 			cli.StringFlag{
-				Name:  "littleboss",
-				Value: "start",
-				Usage: "Self-Supervise this application",
+				Name:  "acmeserver",
+				Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
+				Usage: "Use this server to issue a certificate with the ACME protocol",
 			},
 		},
 	}
@@ -183,11 +215,6 @@ func LoadKeys(keysPath string, c *cli.Context) (i2pkeys.I2PKeys, error) {
 }
 
 func reseedAction(c *cli.Context) {
-	// validate flags
-	if c.String("littleboss") != "start" {
-		log.Println("--littleboss", c.String("littleboss"))
-		return
-	}
 	netdbDir := c.String("netdb")
 	if netdbDir == "" {
 		fmt.Println("--netdb is required")
@@ -208,13 +235,53 @@ func reseedAction(c *cli.Context) {
 	var i2pTlsCert, i2pTlsKey string
 	var i2pkey i2pkeys.I2PKeys
 
+	if tlsHost != "" {
+		onionTlsHost = tlsHost
+		i2pTlsHost = tlsHost
+		tlsKey = c.String("tlsKey")
+		// if no key is specified, default to the host.pem in the current dir
+		if tlsKey == "" {
+			tlsKey = tlsHost + ".pem"
+			onionTlsKey = tlsHost + ".pem"
+			i2pTlsKey = tlsHost + ".pem"
+		}
+
+		tlsCert = c.String("tlsCert")
+		// if no certificate is specified, default to the host.crt in the current dir
+		if tlsCert == "" {
+			tlsCert = tlsHost + ".crt"
+			onionTlsCert = tlsHost + ".crt"
+			i2pTlsCert = tlsHost + ".crt"
+		}
+
+		// prompt to create tls keys if they don't exist?
+		auto := c.Bool("yes")
+		// use ACME?
+		acme := c.Bool("acme")
+		if acme {
+			acmeserver := c.String("acmeserver")
+			err := checkUseAcmeCert(tlsHost, signerID, acmeserver, &tlsCert, &tlsKey, auto)
+			if nil != err {
+				log.Fatalln(err)
+			}
+		} else {
+			err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
+			if nil != err {
+				log.Fatalln(err)
+			}
+		}
+
+	}
+
 	if c.Bool("i2p") {
 		var err error
 		i2pkey, err = LoadKeys("reseed.i2pkeys", c)
 		if err != nil {
 			log.Fatalln(err)
 		}
-		i2pTlsHost = i2pkey.Addr().Base32()
+		if i2pTlsHost == "" {
+			i2pTlsHost = i2pkey.Addr().Base32()
+		}
 		if i2pTlsHost != "" {
 			// if no key is specified, default to the host.pem in the current dir
 			if i2pTlsKey == "" {
@@ -250,7 +317,9 @@ func reseedAction(c *cli.Context) {
 			}
 			ok = []byte(key.PrivateKey())
 		}
-		onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
+		if onionTlsHost == "" {
+			onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
+		}
 		err = ioutil.WriteFile(c.String("onionKey"), ok, 0644)
 		if err != nil {
 			log.Fatalln(err.Error())
@@ -275,27 +344,6 @@ func reseedAction(c *cli.Context) {
 		}
 	}
 
-	if tlsHost != "" {
-		tlsKey = c.String("tlsKey")
-		// if no key is specified, default to the host.pem in the current dir
-		if tlsKey == "" {
-			tlsKey = tlsHost + ".pem"
-		}
-
-		tlsCert = c.String("tlsCert")
-		// if no certificate is specified, default to the host.crt in the current dir
-		if tlsCert == "" {
-			tlsCert = tlsHost + ".crt"
-		}
-
-		// prompt to create tls keys if they don't exist?
-		auto := c.Bool("yes")
-		err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
-		if nil != err {
-			log.Fatalln(err)
-		}
-	}
-
 	reloadIntvl, err := time.ParseDuration(c.String("interval"))
 	if nil != err {
 		fmt.Printf("'%s' is not a valid time interval.\n", reloadIntvl)
@@ -362,7 +410,7 @@ func reseedAction(c *cli.Context) {
 	}
 }
 
-func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder reseed.Reseeder) {
+func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder *reseed.ReseederImpl) {
 	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -391,7 +439,7 @@ func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder reseed.Reseede
 	}
 }
 
-func reseedHTTP(c *cli.Context, reseeder reseed.Reseeder) {
+func reseedHTTP(c *cli.Context, reseeder *reseed.ReseederImpl) {
 	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -428,7 +476,7 @@ func makeRandomHost(port int) (host.Host, error) {
 	return host, nil
 }
 
-func reseedP2P(c *cli.Context, reseeder reseed.Reseeder) {
+func reseedP2P(c *cli.Context, reseeder *reseed.ReseederImpl) {
 	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -466,7 +514,7 @@ func reseedP2P(c *cli.Context, reseeder reseed.Reseeder) {
 	}
 }
 
-func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder reseed.Reseeder) {
+func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder *reseed.ReseederImpl) {
 	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -541,7 +589,7 @@ func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder rese
 	log.Printf("Onion server started on %s\n", server.Addr)
 }
 
-func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder reseed.Reseeder) {
+func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder *reseed.ReseederImpl) {
 	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))

cmd/utils.go

@@ -2,10 +2,12 @@ package cmd
 
 import (
 	"bufio"
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
@@ -16,8 +18,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/eyedeekay/i2p-tools-1/reseed"
-	"github.com/eyedeekay/i2p-tools-1/su3"
+	"i2pgit.org/idk/reseed-tools/reseed"
+	"i2pgit.org/idk/reseed-tools/su3"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/challenge/http01"
+	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
+	"github.com/go-acme/lego/v4/lego"
+	"github.com/go-acme/lego/v4/registration"
 )
 
 func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
@@ -35,6 +44,24 @@ func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
 	return privKey, nil
 }
 
+// Taken directly from the lego example, since we need very minimal support
+// https://go-acme.github.io/lego/usage/library/
+type MyUser struct {
+	Email        string
+	Registration *registration.Resource
+	key          crypto.PrivateKey
+}
+
+func (u *MyUser) GetEmail() string {
+	return u.Email
+}
+func (u MyUser) GetRegistration() *registration.Resource {
+	return u.Registration
+}
+func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
+	return u.key
+}
+
 func signerFile(signerID string) string {
 	return strings.Replace(signerID, "@", "_at_", 1)
 }
@@ -60,6 +87,165 @@ func getOrNewSigningCert(signerKey *string, signerID string, auto bool) (*rsa.Pr
 	return loadPrivateKey(*signerKey)
 }
 
+func checkUseAcmeCert(tlsHost, signer, cadirurl string, tlsCert, tlsKey *string, auto bool) error {
+	_, certErr := os.Stat(*tlsCert)
+	_, keyErr := os.Stat(*tlsKey)
+	if certErr != nil || keyErr != nil {
+		if certErr != nil {
+			fmt.Printf("Unable to read TLS certificate '%s'\n", *tlsCert)
+		}
+		if keyErr != nil {
+			fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
+		}
+
+		if !auto {
+			fmt.Printf("Would you like to generate a new certificate with Let's Encrypt or a custom ACME server? '%s'? (y or n): ", tlsHost)
+			reader := bufio.NewReader(os.Stdin)
+			input, _ := reader.ReadString('\n')
+			if []byte(input)[0] != 'y' {
+				fmt.Println("Continuing without TLS")
+				return nil
+			}
+		}
+	} else {
+		TLSConfig := &tls.Config{}
+		TLSConfig.NextProtos = []string{"http/1.1"}
+		TLSConfig.Certificates = make([]tls.Certificate, 1)
+		var err error
+		TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(*tlsCert, *tlsKey)
+		if err != nil {
+			return err
+		}
+		if time.Now().Sub(TLSConfig.Certificates[0].Leaf.NotAfter) < (time.Hour * 48) {
+			ecder, err := ioutil.ReadFile(tlsHost + signer + ".acme.key")
+			if err != nil {
+				return err
+			}
+			privateKey, err := x509.ParseECPrivateKey(ecder)
+			if err != nil {
+				return err
+			}
+			user := MyUser{
+				Email: signer,
+				key:   privateKey,
+			}
+			config := lego.NewConfig(&user)
+			config.CADirURL = cadirurl
+			config.Certificate.KeyType = certcrypto.RSA2048
+			client, err := lego.NewClient(config)
+			if err != nil {
+				return err
+			}
+			renewAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
+		} else {
+			return nil
+		}
+	}
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return err
+	}
+	ecder, err := x509.MarshalECPrivateKey(privateKey)
+	if err != nil {
+		return err
+	}
+	filename := tlsHost + signer + ".acme.key"
+	keypem, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return err
+	}
+	defer keypem.Close()
+	err = pem.Encode(keypem, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecder})
+	if err != nil {
+		return err
+	}
+	user := MyUser{
+		Email: signer,
+		key:   privateKey,
+	}
+	config := lego.NewConfig(&user)
+	config.CADirURL = cadirurl
+	config.Certificate.KeyType = certcrypto.RSA2048
+	client, err := lego.NewClient(config)
+	if err != nil {
+		return err
+	}
+	return newAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
+}
+
+func renewAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
+	var err error
+	err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
+	if err != nil {
+		return err
+	}
+	err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
+	if err != nil {
+		return err
+	}
+
+	// New users will need to register
+	if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
+		reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return err
+		}
+		user.Registration = reg
+	}
+	resource, err := client.Certificate.Get(tlsHost, true)
+	if err != nil {
+		return err
+	}
+	certificates, err := client.Certificate.Renew(*resource, true, false, "")
+	if err != nil {
+		return err
+	}
+
+	ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
+	ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
+	//	ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
+	*tlsCert = tlsHost + ".crt"
+	*tlsKey = tlsHost + ".pem"
+	return nil
+}
+
+func newAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
+	var err error
+	err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
+	if err != nil {
+		return err
+	}
+	err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
+	if err != nil {
+		return err
+	}
+
+	// New users will need to register
+	if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
+		reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return err
+		}
+		user.Registration = reg
+	}
+
+	request := certificate.ObtainRequest{
+		Domains: []string{tlsHost},
+		Bundle:  true,
+	}
+	certificates, err := client.Certificate.Obtain(request)
+	if err != nil {
+		return err
+	}
+
+	ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
+	ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
+	//	ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
+	*tlsCert = tlsHost + ".crt"
+	*tlsKey = tlsHost + ".pem"
+	return nil
+}
+
 func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error {
 	_, certErr := os.Stat(*tlsCert)
 	_, keyErr := os.Stat(*tlsKey)
@@ -71,7 +257,7 @@ func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error
 			fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
 		}
 
-		if auto {
+		if !auto {
 			fmt.Printf("Would you like to generate a new self-signed certificate for '%s'? (y or n): ", tlsHost)
 			reader := bufio.NewReader(os.Stdin)
 			input, _ := reader.ReadString('\n')

cmd/verify.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"io/ioutil"
 
-	"github.com/eyedeekay/i2p-tools-1/reseed"
-	"github.com/eyedeekay/i2p-tools-1/su3"
 	"github.com/urfave/cli"
+	"i2pgit.org/idk/reseed-tools/reseed"
+	"i2pgit.org/idk/reseed-tools/su3"
 )
 
 func NewSu3VerifyCommand() cli.Command {

content/index.html

@@ -0,0 +1,10 @@
+<h1 id="you-have-found-an-i2p-reseed">You have found an I2P Reseed</h1>
+<p>Maybe it was by accident, or maybe you visited the URL because you saw it in the software somewhere. While we’ve got your attention, we’re going to take this opportunity to tell you a little about what we do here. I2P is a peer-to-peer network which uses “Garlic Routing” to maintain privacy. Reseed nodes help you get connected to I2P for the first time, and even though you should only have to use them once in a great while, they are very important services.</p>
+<h2 id="to-learn-more-about-i2p-visit"><a href="https://geti2p.net">To learn more about I2P, visit</a></h2>
+<p><a href="https://geti2p.net"><img src="images/reseed.png" alt="Help reseed" /></a></p>
+<ul>
+<li><a href="https://geti2p.net/en/docs/reseed">Learn more about reseeds here:</a></li>
+<li><a href="https://geti2p.net/en/get-involved/guides/reseed">Learn how to run a reseed here:</a></li>
+<li><a href="https://i2pgit.org/idk/reseed-tools">Read the reseed server code and learn about more reseed options here:</a></li>
+</ul>
+<p>Here on purpose? Here’s a one-time link to a reseed bundle for you.</p>

content/lang/en/homepage.md

@@ -6,4 +6,13 @@ your attention, we're going to take this opportunity to tell you a little about
 network which uses "Garlic Routing" to maintain privacy. Reseed nodes help you get connected to I2P for the first time,
 and even though you should only have to use them once in a great while, they are very important services.
 
-![Help reseed](images/reseed.png)
+[To learn more about I2P, visit the project website](https://geti2p.net)
+------------------------------------------------------------------------
+
+[![Help reseed](images/reseed.png)](https://geti2p.net)
+
+ - [Learn more about reseeds here:](https://geti2p.net/en/docs/reseed)
+ - [Learn how to run a reseed here:](https://geti2p.net/en/get-involved/guides/reseed)
+ - [Read the reseed server code and learn about more reseed options here:](https://i2pgit.org/idk/reseed-tools)
+
+### Here on purpose? Here's a one-time link to a reseed bundle for you.

content/style.css

@@ -8,8 +8,30 @@ h1 {
 }
 
 img {
-  display: block;
-  margin-left: auto;
-  margin-right: auto;
-  width: 50%;
+	display: block;
+	margin-left: auto;
+	margin-right: auto;
+	width: 50%;
+}
+
+.inline {
+	display: inline;
+}
+
+.link-button {
+	background: none;
+	border: none;
+	color: blue;
+	text-decoration: underline;
+	cursor: pointer;
+	font-size: 1em;
+	font-family: serif;
+}
+
+.link-button:focus {
+	outline: none;
+}
+
+.link-button:active {
+	color:red;
 }

description-pak

@@ -0,0 +1,2 @@
+Reseed tools is a self-contained, easy-to-configure I2P reseed service
+ which can be run on any OS.

entrypoint.sh

@@ -1,5 +1,5 @@
 #! /usr/bin/env sh
 
-cp -r /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1/content ./content
+cp -r /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/content ./content
 
-/var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1/i2p-tools-1 reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb $@
+/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb $@

etc/default/reseed

@@ -0,0 +1,2 @@
+#Edit the contact/signing email used by your reseed server here
+export RESEED_EMAIL=""

etc/init.d/reseed

@@ -8,42 +8,31 @@
 # Description:       <DESCRIPTION>
 ### END INIT INFO
 
-SCRIPT='/usr/local/bin/i2p-tools'
+SCRIPT='/usr/bin/reseed-tools'
 RUNAS=i2psvc
 NETDBDIR=/var/lib/i2p/i2p-config/netDb
 RUNDIR=/var/lib/i2p/i2p-config/reseed
-SIGNER=you@mail.i2p
 MORE_OPTIONS=""
 if [ -f /etc/default/reseed ]; then
-    source /etc/default/reseed
+    . /etc/default/reseed
 fi
-RUNOPTS=" reseed --signer=$SIGNER --netdb=$NETDBDIR $MORE_OPTIONS "
-
-rundir(){
-    if [ !-d $RUNDIR ]; then
-        install -d -oi2psvc -m2770 $RUNDIR
-    fi
-    cd $RUNDIR
-}
+RUNOPTS=" reseed --yes=true --netdb=$NETDBDIR $MORE_OPTIONS "
 
 start() {
-    rundir
-    su - $RUNAS $SCRIPT $RUNOPTS --restart=start
+    start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --make-pidfile $RUNDIR/reseed.pid --start -- $RUNOPTS
 }
 
 stop() {
-    rundir
-    su - $RUNAS $SCRIPT $RUNOPTS --restart=stop
-}
-
-start() {
-    rundir
-    su - $RUNAS $SCRIPT $RUNOPTS --restart=restart
+    start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile $RUNDIR/reseed.pid --stop
 }
 
 status() {
-    rundir
-    su - $RUNAS $SCRIPT $RUNOPTS --restart=status
+    start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile $RUNDIR/reseed.pid --status
+}
+
+restart() {
+    stop
+    start
 }
 
 uninstall() {

etc/systemd/system/reseed.d/reseed.conf

@@ -0,0 +1,5 @@
+# Use this file to configure the contact/signer email used for the reseed service.
+# without it the reseed will fail to start.
+
+[Service]
+Environment="RESEED_EMAIL="

etc/systemd/system/reseed.d/reseed.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=I2P reseed service
+After=network.target
+StartLimitIntervalSec=0
+Requires=i2p.service
+
+[Service]
+User=i2psvc
+RuntimeDirectory=/var/lib/i2p/i2p-config/reseed
+WorkingDirectory=/var/lib/i2p/i2p-config/reseed
+ExecStart=/usr/bin/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb
+Restart=always
+RestartSec=10
+RuntimeMaxSec=43200
+
+[Install]
+WantedBy=multi-user.target

go.mod

@@ -3,36 +3,18 @@ module i2pgit.org/idk/reseed-tools
 go 1.13
 
 require (
-	github.com/btcsuite/btcd v0.21.0-beta // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/cretz/bine v0.1.0
-	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
-	github.com/eyedeekay/ramp v0.0.0-20190429201811-305b382042ab // indirect
+	github.com/eyedeekay/checki2cp v0.0.21 // indirect
 	github.com/eyedeekay/sam3 v0.32.32
-	github.com/gomodule/redigo v1.8.3 // indirect
-	github.com/google/gopacket v1.1.19 // indirect
-	github.com/google/uuid v1.1.2 // indirect
+	github.com/go-acme/lego/v4 v4.3.1
 	github.com/gorilla/handlers v1.5.1
-	github.com/jackpal/gateway v1.0.6 // indirect
 	github.com/justinas/alice v1.2.0
-	github.com/koron/go-ssdp v0.0.2 // indirect
 	github.com/libp2p/go-libp2p v0.13.0
 	github.com/libp2p/go-libp2p-core v0.8.0
-	github.com/libp2p/go-libp2p-gostream v0.3.0
+	github.com/libp2p/go-libp2p-gostream v0.3.1
 	github.com/libp2p/go-libp2p-http v0.2.0
-	github.com/libp2p/go-libp2p-noise v0.1.2 // indirect
-	github.com/libp2p/go-netroute v0.1.4 // indirect
-	github.com/libp2p/go-sockaddr v0.1.0 // indirect
-	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/throttled/throttled v2.2.4+incompatible
+	github.com/throttled/throttled/v2 v2.7.1
 	github.com/urfave/cli v1.22.5
-	gitlab.com/golang-commonmark/linkify v0.0.0-20200225224916-64bca66f6ad3 // indirect
 	gitlab.com/golang-commonmark/markdown v0.0.0-20191127184510-91b5b3c99c19
-	go.opencensus.io v0.22.5 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.16.0 // indirect
-	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad // indirect
-	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
-	golang.org/x/sys v0.0.0-20201223074533-0d417f636930 // indirect
-	golang.org/x/text v0.3.4
+	golang.org/x/text v0.3.5
 )

history.txt

@@ -41,4 +41,4 @@
  * numRi per su3 file: 75 --> 77
 
 2016-01
- * fork from https://github.com/eyedeekay/i2p-tools-1
+ * fork from https://i2pgit.org/idk/reseed-tools

index.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Reseed Tools</title>
+  <link rel="stylesheet" type="text/css" href ="/style.css" />
+</head>
+<body>
+<h1 id="i2p-reseed-tools">I2P Reseed Tools</h1>
+<p>This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files. Please note that this requires at least Go version 1.13, and uses Go Modules.</p>
+<h2 id="dependencies">Dependencies</h2>
+<p><code>go</code>, <code>git</code>, and optionally <code>make</code> are required to build the project. Precompiled binaries for most platforms are available at my github mirror https://github.com/eyedeekay/i2p-tools-1.</p>
+<p>In order to install the build-dependencies on Ubuntu or Debian, you may use:</p>
+<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true"></a><span class="fu">sudo</span> apt-get install golang-go git make</span></code></pre></div>
+<h2 id="installation">Installation</h2>
+<p>Reseed-tools can be run as a user, as a freestanding service, or be installed as an I2P Plugin. It will attempt to configure itself automatically. You should make sure to set the <code>--signer</code> flag or the <code>RESEED_EMAIL</code> environment variable to configure your signing keys/contact info.</p>
+<h4 id="plugin-install-urls">Plugin install URL’s</h4>
+<p>Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/ and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases. These can be installed by adding them on the <a href="http://127.0.0.1:7657/configplugins">http://127.0.0.1:7657/configplugins</a>.</p>
+<ul>
+<li>darwin/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3</a></li>
+<li>darwin/arm64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3</a></li>
+<li>linux/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3</a></li>
+<li>linux/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3</a></li>
+<li>linux/arm: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3</a></li>
+<li>linux/arm64: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3</a></li>
+<li>openbsd/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3</a></li>
+<li>freebsd/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3">http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3</a></li>
+<li>freebsd/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3</a></li>
+<li>windows/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3</a></li>
+<li>windows/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3">http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3</a></li>
+</ul>
+<h3 id="installationfrom-source">Installation(From Source)</h3>
+<pre><code>git clone https://i2pgit.org/idk/reseed-tools
+cd reseed-tools
+make build
+# Optionally, if you want to install to /usr/bin/reseed-tools
+sudo make install</code></pre>
+<h2 id="usage">Usage</h2>
+<h4 id="debianubuntu-note">Debian/Ubuntu note:</h4>
+<p>Debian users who are running I2P as a system service must also run the <code>reseed-tools</code> as the same user. This is so that the reseed-tools can access the I2P service’s netDb directory. On Debian and Ubuntu, that user is <code>i2psvc</code> and the netDb directory is: <code>/var/lib/i2p/i2p-config/netDb</code>.</p>
+<h5 id="systemd-service">Systemd Service</h5>
+<p>A systemd service is provided which should work with the I2P Debian package when reseed-tools is installed in <code>/usr/bin/reseed-tools</code>. If you install with <code>make install</code> this service is also installed. This service will cause the bundles to regenerate every 12 hours.</p>
+<p>The contact email for your reseed should be added in: <code>/etc/systemd/system/reseed.d/reseed.conf</code>.</p>
+<p>Self-signed certificates will be auto-generated for these services. To change this you should edit the <code>/etc/systemd/system/reseed.d/reseed.service</code>.</p>
+<ul>
+<li>To enable starting the reseed service automatically with the system: <code>sudo systemctl enable reseed.service</code></li>
+<li>To run the service manually: <code>sudo sysctl start reseed.service</code><br />
+</li>
+<li>To reload the systemd services: <code>sudo systemctl daemon-reload</code></li>
+<li>To view the status/logs: <code>sudo journalctl -u reseed.service</code></li>
+</ul>
+<h5 id="sysv-service">SysV Service</h5>
+<p>An initscript is also provided. The initscript, unlike the systemd service, cannot schedule itself to restart. You should restart the service roughly once a day to ensure that the information does not expire.</p>
+<p>The contact email for your reseed should be added in: <code>/etc/init.d/reseed</code>.</p>
+<p>Self-signed certificates will be auto-generated for these services. To change this you should edit the <code>/etc/init.d/reseed</code>.</p>
+<h2 id="example-commands">Example Commands:</h2>
+<h3 id="without-a-webserver-standalone-with-tls-support">Without a webserver, standalone with TLS support</h3>
+<p>If this is your first time running a reseed server (ie. you don’t have any existing keys), you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates. Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory (a TLS key, certificate and crl, and a su3-file signing key, certificate and crl).</p>
+<pre><code>reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld</code></pre>
+<h3 id="locally-behind-a-webserver-reverse-proxy-setup-preferred">Locally behind a webserver (reverse proxy setup), preferred:</h3>
+<p>If you are using a reverse proxy server it may provide the TLS certificate instead.</p>
+<pre><code>reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy</code></pre>
+<ul>
+<li><strong>Usage</strong> <a href="EXAMPLES.md">More examples can be found here.</a></li>
+<li><strong>Docker</strong> <a href="DOCKER.md">Eocker examples can be found here</a></li>
+</ul>
+</body>
+</html>

main.go

@@ -4,8 +4,8 @@ import (
 	"os"
 	"runtime"
 
-	"github.com/eyedeekay/i2p-tools-1/cmd"
 	"github.com/urfave/cli"
+	"i2pgit.org/idk/reseed-tools/cmd"
 )
 
 func main() {
@@ -18,8 +18,8 @@ func main() {
 	runtime.GOMAXPROCS(runtime.NumCPU() / 2)
 
 	app := cli.NewApp()
-	app.Name = "i2p-tools-1"
-	app.Version = "0.1.7"
+	app.Name = "reseed-tools"
+	app.Version = "0.1.9"
 	app.Usage = "I2P tools and reseed server"
 	app.Author = "eyedeekay"
 	app.Email = "hankhill19580@gmail.com"

postinstall-pak

@@ -0,0 +1,35 @@
+#! /usr/bin/env sh
+RESEED_MESSAGE="Reseed Tools requires you to set an email for contact purposes.
+This is in case your reseed goes down.
+Please enter your email below."
+
+RESEED_CONF="# Use this file to configure the contact/signer email used for the reseed service.
+# without it the reseed will fail to start.
+
+[Service]
+Environment=\"RESEED_EMAIL="
+
+RESEED_DEFAULT="#Edit the contact/signing email used by your reseed server here
+export RESEED_EMAIL=\""
+
+mkdir -p /etc/systemd/system/reseed.d/
+
+if [ -f /usr/bin/zenity ]; then
+    RESEED_EMAIL=$(zenity --entry --title "Reseed Configuration" --text "$RESEED_MESSAGE" 10 30 3>&1 1>&2 2>&3)
+    echo "$RESEED_DEFAULT$RESEED_EMAIL\"" >> /etc/default/reseed
+    echo "$RESEED_CONF$RESEED_EMAIL\"" >> /etc/systemd/system/reseed.d/reseed.conf
+    exit 0
+fi
+
+if [ -t 1 ] ; then 
+    echo "proceeding with terminal"; 
+else 
+    exit 0
+fi
+
+if [ -f /usr/bin/whiptail ]; then    
+    RESEED_EMAIL=$(whiptail --inputbox "$RESEED_MESSAGE" 10 30 3>&1 1>&2 2>&3)
+    echo "$RESEED_DEFAULT$RESEED_EMAIL\"" >> /etc/default/reseed
+    echo "$RESEED_CONF$RESEED_EMAIL\"" >> /etc/systemd/system/reseed.d/reseed.conf
+    exit 0
+fi

reseed/homepage.go

@@ -47,7 +47,7 @@ func ContentPath() (string, error) {
 	return filepath.Join(exPath, "content"), nil
 }
 
-func HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
+func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 	if ContentPathError != nil {
 		http.Error(w, "403 Forbidden", http.StatusForbidden)
 		return
@@ -73,6 +73,12 @@ func HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set("Content-Type", "text/html")
 			w.Write([]byte(header))
 			HandleALocalizedFile(w, base.String())
+			w.Write([]byte(`<ul><li><form method="post" action="/i2pseeds" class="inline">
+			<input type="hidden" name="onetime" value="` + srv.Acceptable() + `">
+			<button type="submit" name="submit_param" value="submit_value" class="link-button">
+			Bundle
+			</button>
+			</form></li></ul>`))
 			w.Write([]byte(footer))
 		}
 	}
@@ -84,7 +90,7 @@ func HandleAFile(w http.ResponseWriter, dirPath, file string) {
 		path := filepath.Join(BaseContentPath, file)
 		f, err := ioutil.ReadFile(path)
 		if err != nil {
-			w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://github.com/eyedeekay/i2p-tools-1\n\t" + err.Error()))
+			w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
 			return
 		}
 		CachedDataPages[file] = f
@@ -99,7 +105,7 @@ func HandleALocalizedFile(w http.ResponseWriter, dirPath string) {
 		dir := filepath.Join(BaseContentPath, "lang", dirPath)
 		files, err := ioutil.ReadDir(dir)
 		if err != nil {
-			w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://github.com/eyedeekay/i2p-tools-1\n\t" + err.Error()))
+			w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
 		}
 		var f []byte
 		for _, file := range files {
@@ -110,12 +116,13 @@ func HandleALocalizedFile(w http.ResponseWriter, dirPath string) {
 			path := filepath.Join(dir, file.Name())
 			b, err := ioutil.ReadFile(path)
 			if err != nil {
-				w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://github.com/eyedeekay/i2p-tools-1\n\t" + err.Error()))
+				w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
 				return
 			}
 			f = append(f, []byte(`<div id="`+trimmedName+`">`)...)
 			f = append(f, []byte(md.RenderToString(b))...)
 			f = append(f, []byte(`</div>`)...)
+
 		}
 		CachedLanguagePages[dirPath] = string(f)
 		w.Write([]byte(CachedLanguagePages[dirPath]))

reseed/server.go

@@ -3,6 +3,7 @@ package reseed
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"crypto/tls"
 	"io"
 	"log"
@@ -20,8 +21,8 @@ import (
 	"github.com/libp2p/go-libp2p-core/host"
 	gostream "github.com/libp2p/go-libp2p-gostream"
 	p2phttp "github.com/libp2p/go-libp2p-http"
-	"github.com/throttled/throttled"
-	"github.com/throttled/throttled/store"
+	throttled "github.com/throttled/throttled/v2"
+	"github.com/throttled/throttled/v2/store"
 )
 
 const (
@@ -34,9 +35,10 @@ type Server struct {
 	I2PSession    *sam3.StreamSession
 	I2PListener   *sam3.StreamListener
 	I2PKeys       i2pkeys.I2PKeys
-	Reseeder      Reseeder
+	Reseeder      *ReseederImpl
 	Blacklist     *Blacklist
 	OnionListener *tor.OnionService
+	acceptables   map[string]time.Time
 }
 
 func NewServer(prefix string, trustProxy bool) *Server {
@@ -65,6 +67,7 @@ func NewServer(prefix string, trustProxy bool) *Server {
 	server := Server{Server: h, Reseeder: nil}
 
 	th := throttled.RateLimit(throttled.PerHour(4), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
+	thw := throttled.RateLimit(throttled.PerHour(30), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
 
 	middlewareChain := alice.New()
 	if trustProxy {
@@ -79,13 +82,85 @@ func NewServer(prefix string, trustProxy bool) *Server {
 	})
 
 	mux := http.NewServeMux()
-	mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, browsingMiddleware).Then(errorHandler))
+	mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, thw.Throttle, server.browsingMiddleware).Then(errorHandler))
 	mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle).Then(http.HandlerFunc(server.reseedHandler)))
 	server.Handler = mux
 
 	return &server
 }
 
+// See use of crypto/rand on:
+// https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-go
+const (
+	letterBytes   = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" // 52 possibilities
+	letterIdxBits = 6                                                      // 6 bits to represent 64 possibilities / indexes
+	letterIdxMask = 1<<letterIdxBits - 1                                   // All 1-bits, as many as letterIdxBits
+)
+
+func SecureRandomAlphaString() string {
+	length := 16
+	result := make([]byte, length)
+	bufferSize := int(float64(length) * 1.3)
+	for i, j, randomBytes := 0, 0, []byte{}; i < length; j++ {
+		if j%bufferSize == 0 {
+			randomBytes = SecureRandomBytes(bufferSize)
+		}
+		if idx := int(randomBytes[j%length] & letterIdxMask); idx < len(letterBytes) {
+			result[i] = letterBytes[idx]
+			i++
+		}
+	}
+	return string(result)
+}
+
+// SecureRandomBytes returns the requested number of bytes using crypto/rand
+func SecureRandomBytes(length int) []byte {
+	var randomBytes = make([]byte, length)
+	_, err := rand.Read(randomBytes)
+	if err != nil {
+		log.Fatal("Unable to generate random bytes")
+	}
+	return randomBytes
+}
+
+//
+
+func (srv *Server) Acceptable() string {
+	if srv.acceptables == nil {
+		srv.acceptables = make(map[string]time.Time)
+	}
+	if len(srv.acceptables) > 50 {
+		for val := range srv.acceptables {
+			srv.CheckAcceptable(val)
+		}
+		for val := range srv.acceptables {
+			if len(srv.acceptables) < 50 {
+				break
+			}
+			delete(srv.acceptables, val)
+		}
+	}
+	acceptme := SecureRandomAlphaString()
+	srv.acceptables[acceptme] = time.Now()
+	return acceptme
+}
+
+func (srv *Server) CheckAcceptable(val string) bool {
+	if srv.acceptables == nil {
+		srv.acceptables = make(map[string]time.Time)
+	}
+	if timeout, ok := srv.acceptables[val]; ok {
+		checktime := time.Now().Sub(timeout)
+		if checktime > (4 * time.Minute) {
+			delete(srv.acceptables, val)
+			return false
+		}
+		delete(srv.acceptables, val)
+		return true
+	}
+	return false
+}
+
 func (srv *Server) ListenAndServe() error {
 	addr := srv.Addr
 	if addr == "" {
@@ -245,7 +320,7 @@ func (srv *Server) ListenAndServeI2P(samaddr string, I2PKeys i2pkeys.I2PKeys) er
 	if err != nil {
 		return err
 	}
-	log.Printf("I2P server started on http://%v.onion\n", srv.OnionListener.ID)
+	log.Printf("I2P server started on http://%v.b32.i2p\n", srv.I2PListener.Addr().(i2pkeys.I2PAddr).Base32())
 	return srv.Serve(srv.I2PListener)
 }
 
@@ -291,10 +366,13 @@ func loggingMiddleware(next http.Handler) http.Handler {
 	return handlers.CombinedLoggingHandler(os.Stdout, next)
 }
 
-func browsingMiddleware(next http.Handler) http.Handler {
+func (srv *Server) browsingMiddleware(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
+		if srv.CheckAcceptable(r.FormValue("onetime")) {
+			srv.reseedHandler(w, r)
+		}
 		if i2pUserAgent != r.UserAgent() {
-			HandleARealBrowser(w, r)
+			srv.HandleARealBrowser(w, r)
 			return
 		}
 		next.ServeHTTP(w, r)

reseed/service.go

@@ -15,7 +15,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/eyedeekay/i2p-tools-1/su3"
+	"i2pgit.org/idk/reseed-tools/su3"
 )
 
 type routerInfo struct {
@@ -33,13 +33,13 @@ func (p Peer) Hash() int {
 	return int(crc32.ChecksumIEEE(c))
 }
 
-type Reseeder interface {
+/*type Reseeder interface {
 	// get an su3 file (bytes) for a peer
 	PeerSu3Bytes(peer Peer) ([]byte, error)
-}
+}*/
 
 type ReseederImpl struct {
-	netdb NetDbProvider
+	netdb *LocalNetDbImpl
 	su3s  chan [][]byte
 
 	SigningKey      *rsa.PrivateKey
@@ -49,7 +49,7 @@ type ReseederImpl struct {
 	NumSu3          int
 }
 
-func NewReseeder(netdb NetDbProvider) *ReseederImpl {
+func NewReseeder(netdb *LocalNetDbImpl) *ReseederImpl {
 	return &ReseederImpl{
 		netdb:           netdb,
 		su3s:            make(chan [][]byte),
@@ -224,10 +224,10 @@ func (rs *ReseederImpl) createSu3(seeds []routerInfo) (*su3.File, error) {
 	return su3File, nil
 }
 
-type NetDbProvider interface {
+/*type NetDbProvider interface {
 	// Get all router infos
 	RouterInfos() ([]routerInfo, error)
-}
+}*/
 
 type LocalNetDbImpl struct {
 	Path string

su3/su3.go

@@ -23,16 +23,20 @@ const (
 	SigTypeRSAWithSHA384   = uint16(5)
 	SigTypeRSAWithSHA512   = uint16(6)
 
-	ContentTypeUnknown = uint8(0)
-	ContentTypeRouter  = uint8(1)
-	ContentTypePlugin  = uint8(2)
-	ContentTypeReseed  = uint8(3)
-	ContentTypeNews    = uint8(4)
+	ContentTypeUnknown   = uint8(0)
+	ContentTypeRouter    = uint8(1)
+	ContentTypePlugin    = uint8(2)
+	ContentTypeReseed    = uint8(3)
+	ContentTypeNews      = uint8(4)
+	ContentTypeBlocklist = uint8(5)
 
 	FileTypeZIP   = uint8(0)
 	FileTypeXML   = uint8(1)
 	FileTypeHTML  = uint8(2)
 	FileTypeXMLGZ = uint8(3)
+	FileTypeTXTGZ = uint8(4)
+	FileTypeDMG   = uint8(5)
+	FileTypeEXE   = uint8(6)
 
 	magicBytes = "I2Psu3"
 )