trust

package

v1.0.2 Latest Latest Go to latest Published: Mar 30, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nself-org/cli

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func CheckDNSDarwin() (dnsConfigured bool, resolverConfigured bool)
func CheckDNSLinux() bool
func CheckMkcert(cfg TrustConfig) (installed bool, caInstalled bool, certsValid bool)
func CheckPortsDarwin(cfg TrustConfig) bool
func CheckPortsLinux(cfg TrustConfig) bool
func MkcertCAPath() (string, error)
func SetupDNSDarwin(cfg TrustConfig) (dnsAlreadyDone bool, resolverAlreadyDone bool, err error)
func SetupDNSLinux(cfg TrustConfig) (alreadyDone bool, err error)
func SetupMkcert(cfg TrustConfig) (alreadyDone bool, err error)
func SetupPortsDarwin(cfg TrustConfig) (alreadyDone bool, err error)
func SetupPortsLinux(cfg TrustConfig) (alreadyDone bool, err error)
type TrustConfig
type TrustResult
- func Setup(cfg TrustConfig) (*TrustResult, error)
type TrustStatus
- func CheckStatus(cfg TrustConfig) TrustStatus

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckDNSDarwin ¶

func CheckDNSDarwin() (dnsConfigured bool, resolverConfigured bool)

CheckDNSDarwin checks whether dnsmasq is configured for .local resolution and whether /etc/resolver/local is present with the correct nameserver.

func CheckDNSLinux ¶

func CheckDNSLinux() bool

CheckDNSLinux returns true if DNS is already configured for .local wildcard resolution on this Linux system.

func CheckMkcert ¶

func CheckMkcert(cfg TrustConfig) (installed bool, caInstalled bool, certsValid bool)

CheckMkcert checks the current state of mkcert, its CA, and project certs. Returns (installed, caInstalled, certsValid).

func CheckPortsDarwin ¶

func CheckPortsDarwin(cfg TrustConfig) bool

CheckPortsDarwin returns true if the pf anchor rules are already loaded with the expected port forwarding configuration.

func CheckPortsLinux ¶

func CheckPortsLinux(cfg TrustConfig) bool

CheckPortsLinux returns true if the iptables OUTPUT redirect rules are already in place for the configured Nginx ports.

func MkcertCAPath ¶

func MkcertCAPath() (string, error)

MkcertCAPath returns the path to the mkcert root CA certificate. Returns an error if mkcert is not installed or CAROOT is unavailable.

func SetupDNSDarwin ¶

func SetupDNSDarwin(cfg TrustConfig) (dnsAlreadyDone bool, resolverAlreadyDone bool, err error)

SetupDNSDarwin configures dnsmasq and /etc/resolver/local for .local wildcard DNS resolution on macOS. Returns dnsAlreadyDone=true and resolverAlreadyDone=true when each respective component was already configured.

func SetupDNSLinux ¶

func SetupDNSLinux(cfg TrustConfig) (alreadyDone bool, err error)

SetupDNSLinux configures DNS resolution for .local wildcard domains on Linux. Returns alreadyDone=true when DNS was already configured.

func SetupMkcert ¶

func SetupMkcert(cfg TrustConfig) (alreadyDone bool, err error)

SetupMkcert ensures mkcert is installed, the CA is trusted, and wildcard certificates are generated for the project's base domain. Returns alreadyDone=true when certs exist and are valid (>30 days remaining).

func SetupPortsDarwin ¶

func SetupPortsDarwin(cfg TrustConfig) (alreadyDone bool, err error)

SetupPortsDarwin configures pfctl port forwarding on macOS so that ports 80 and 443 are redirected to the Nginx HTTP and SSL ports. Returns alreadyDone=true when the rules were already active.

func SetupPortsLinux ¶

func SetupPortsLinux(cfg TrustConfig) (alreadyDone bool, err error)

SetupPortsLinux adds iptables NAT OUTPUT rules to redirect ports 80 and 443 to the configured Nginx ports. Returns alreadyDone=true if rules already exist.

Types ¶

type TrustConfig ¶

type TrustConfig struct {
	WorkDir         string   // project root directory
	BaseDomain      string   // e.g. "ummat.local"
	NginxSSLPort    int      // e.g. 8443
	NginxHTTPPort   int      // e.g. 8080
	ExtraSSLDomains []string // from EXTRA_SSL_DOMAINS
	SkipDNS         bool
	SkipSSL         bool
	SkipPorts       bool
}

TrustConfig holds runtime options for the trust setup.

type TrustResult ¶

type TrustResult struct {
	DNSConfigured       bool
	DNSAlreadyDone      bool
	ResolverConfigured  bool
	ResolverAlreadyDone bool
	CertsGenerated      bool
	CertsAlreadyDone    bool
	PortsConfigured     bool
	PortsAlreadyDone    bool
	Errors              []error
}

TrustResult holds the outcome of each setup step.

func Setup ¶

func Setup(cfg TrustConfig) (*TrustResult, error)

Setup orchestrates the full local dev trust setup for the current OS. Steps run in order: DNS → SSL → Ports. Each step is skipped if the corresponding SkipXxx flag is set in cfg. Steps are idempotent — already-configured state is recorded in TrustResult but not treated as an error.

type TrustStatus ¶

type TrustStatus struct {
	MkcertInstalled    bool // mkcert binary available on PATH
	CAInstalled        bool // mkcert CA in system keychain / trusted store
	CertsExist         bool // ssl/fullchain.pem + ssl/privkey.pem exist
	CertsValid         bool // certs not expired (>30 days remaining)
	DNSInstalled       bool // dnsmasq installed / systemd-resolved config present
	DNSRunning         bool // dnsmasq conf has .local wildcard line configured
	ResolverConfigured bool // /etc/resolver/local or systemd-resolved drop-in present
	PortsForwarding    bool // 443→NginxSSLPort, 80→NginxHTTPPort active
}

TrustStatus holds the current state of all trust components.

func CheckStatus ¶

func CheckStatus(cfg TrustConfig) TrustStatus

CheckStatus checks the current state of all trust components for the given TrustConfig and returns a TrustStatus summary.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL