trust

package

v1.1.4 Latest Latest Go to latest Published: May 21, 2026 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nself-org/cli

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func CheckDNSDarwin() (dnsConfigured bool, resolverConfigured bool)
func CheckDNSLinux() bool
func CheckMkcert(cfg TrustConfig) (installed bool, caInstalled bool, certsValid bool)
func CheckPortsDarwin(_ TrustConfig) bool
func CheckPortsLinux(cfg TrustConfig) bool
func MkcertCAPath() (string, error)
func SetupDNSDarwin(_ TrustConfig) (dnsAlreadyDone bool, resolverAlreadyDone bool, err error)
func SetupDNSLinux(cfg TrustConfig) (alreadyDone bool, err error)
func SetupMkcert(cfg TrustConfig) (alreadyDone bool, err error)
func SetupPortsDarwin(_ TrustConfig) (alreadyDone bool, err error)
func SetupPortsLinux(cfg TrustConfig) (alreadyDone bool, err error)
type TrustConfig
type TrustResult
- func Setup(cfg TrustConfig) (*TrustResult, error)
type TrustStatus
- func CheckStatus(cfg TrustConfig) TrustStatus

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckDNSDarwin ¶

func CheckDNSDarwin() (dnsConfigured bool, resolverConfigured bool)

CheckDNSDarwin is not supported on this platform.

func CheckDNSLinux ¶

func CheckDNSLinux() bool

CheckDNSLinux returns true if DNS is already configured for .local wildcard resolution on this Linux system.

func CheckMkcert ¶

func CheckMkcert(cfg TrustConfig) (installed bool, caInstalled bool, certsValid bool)

CheckMkcert checks the current state of mkcert, its CA, and project certs. Returns (installed, caInstalled, certsValid).

func CheckPortsDarwin ¶

func CheckPortsDarwin(_ TrustConfig) bool

CheckPortsDarwin is not supported on this platform.

func CheckPortsLinux ¶

func CheckPortsLinux(cfg TrustConfig) bool

CheckPortsLinux returns true if the iptables OUTPUT redirect rules are already in place for the configured Nginx ports.

func MkcertCAPath ¶

func MkcertCAPath() (string, error)

MkcertCAPath returns the path to the mkcert root CA certificate. Returns an error if mkcert is not installed or CAROOT is unavailable.

func SetupDNSDarwin ¶

func SetupDNSDarwin(_ TrustConfig) (dnsAlreadyDone bool, resolverAlreadyDone bool, err error)

SetupDNSDarwin is not supported on this platform.

func SetupDNSLinux ¶

func SetupDNSLinux(cfg TrustConfig) (alreadyDone bool, err error)

SetupDNSLinux configures DNS resolution for .local wildcard domains on Linux. Returns alreadyDone=true when DNS was already configured.

func SetupMkcert ¶

func SetupMkcert(cfg TrustConfig) (alreadyDone bool, err error)

SetupMkcert ensures mkcert is installed, the CA is trusted, and wildcard certificates are generated for the project's base domain. Returns alreadyDone=true when both the CA is trusted AND the certs exist and are valid (>30 days remaining) — i.e. nothing was done.

Idempotency: each sub-step (CA trust, cert generation) is checked independently before any admin-privilege operation is attempted.

func SetupPortsDarwin ¶

func SetupPortsDarwin(_ TrustConfig) (alreadyDone bool, err error)

SetupPortsDarwin is not supported on this platform.

func SetupPortsLinux ¶

func SetupPortsLinux(cfg TrustConfig) (alreadyDone bool, err error)

SetupPortsLinux adds iptables NAT OUTPUT rules to redirect ports 80 and 443 to the configured Nginx ports. Returns alreadyDone=true if rules already exist.

Types ¶

type TrustConfig ¶

type TrustConfig struct {
	WorkDir           string   // project root directory
	BaseDomain        string   // e.g. "ummat.local"
	NginxSSLPort      int      // e.g. 8443
	NginxHTTPPort     int      // e.g. 8080
	ExtraSSLDomains   []string // from EXTRA_SSL_DOMAINS
	NamespacePrefixes []string // subdomain namespaces extracted from ROUTES (e.g. "pro", "app", "dev")
	SkipDNS           bool
	SkipSSL           bool
	SkipPorts         bool
}

TrustConfig holds runtime options for the trust setup.

type TrustResult ¶

type TrustResult struct {
	DNSConfigured       bool
	DNSAlreadyDone      bool
	ResolverConfigured  bool
	ResolverAlreadyDone bool
	CertsGenerated      bool
	CertsAlreadyDone    bool
	PortsConfigured     bool
	PortsAlreadyDone    bool
	Errors              []error
}

TrustResult holds the outcome of each setup step.

func Setup ¶

func Setup(cfg TrustConfig) (*TrustResult, error)

Setup orchestrates the full local dev trust setup for the current OS. Steps run in order: DNS → SSL → Ports. Each step is skipped if the corresponding SkipXxx flag is set in cfg. Steps are idempotent — already-configured state is recorded in TrustResult but not treated as an error.

type TrustStatus ¶

type TrustStatus struct {
	MkcertInstalled    bool // mkcert binary available on PATH
	CAInstalled        bool // mkcert CA in system keychain / trusted store
	CertsExist         bool // ssl/fullchain.pem + ssl/privkey.pem exist
	CertsValid         bool // certs not expired (>30 days remaining)
	DNSInstalled       bool // dnsmasq installed / systemd-resolved config present
	DNSRunning         bool // dnsmasq conf has .local wildcard line configured
	ResolverConfigured bool // /etc/resolver/local or systemd-resolved drop-in present
	PortsForwarding    bool // 443→NginxSSLPort, 80→NginxHTTPPort active
}

TrustStatus holds the current state of all trust components.

func CheckStatus ¶

func CheckStatus(cfg TrustConfig) TrustStatus

CheckStatus checks the current state of all trust components for the given TrustConfig and returns a TrustStatus summary.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL