chore(config): upgrade to gosettings v0.4.0

- drop qdm12/govalid dependency
- upgrade qdm12/ss-server to v0.6.0
- do not unset sensitive config settings (makes no sense to me)

cmd/gluetun/main.go

@@ -17,9 +17,7 @@ import (
 	"github.com/qdm12/gluetun/internal/alpine"
 	"github.com/qdm12/gluetun/internal/cli"
 	"github.com/qdm12/gluetun/internal/configuration/settings"
-	"github.com/qdm12/gluetun/internal/configuration/sources/env"
 	"github.com/qdm12/gluetun/internal/configuration/sources/files"
-	mux "github.com/qdm12/gluetun/internal/configuration/sources/merge"
 	"github.com/qdm12/gluetun/internal/configuration/sources/secrets"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/dns"
@@ -45,6 +43,8 @@ import (
 	"github.com/qdm12/gluetun/internal/updater/unzip"
 	"github.com/qdm12/gluetun/internal/vpn"
 	"github.com/qdm12/golibs/command"
+	"github.com/qdm12/gosettings/reader"
+	"github.com/qdm12/gosettings/reader/sources/env"
 	"github.com/qdm12/goshutdown"
 	"github.com/qdm12/goshutdown/goroutine"
 	"github.com/qdm12/goshutdown/group"
@@ -82,14 +82,21 @@ func main() {
 	cli := cli.New()
 	cmder := command.NewCmder()
 
-	secretsReader := secrets.New()
-	filesReader := files.New()
-	envReader := env.New(logger)
-	muxReader := mux.New(secretsReader, filesReader, envReader)
+	reader := reader.New(reader.Settings{
+		Sources: []reader.Source{
+			secrets.New(logger),
+			files.New(logger),
+			env.New(env.Settings{}),
+		},
+		HandleDeprecatedKey: func(source, deprecatedKey, currentKey string) {
+			logger.Warn("You are using the old " + source + " " + deprecatedKey +
+				", please consider changing it to " + currentKey)
+		},
+	})
 
 	errorCh := make(chan error)
 	go func() {
-		errorCh <- _main(ctx, buildInfo, args, logger, muxReader, tun, netLinker, cmder, cli)
+		errorCh <- _main(ctx, buildInfo, args, logger, reader, tun, netLinker, cmder, cli)
 	}()
 
 	var err error
@@ -139,17 +146,17 @@ var (
 
 //nolint:gocognit,gocyclo,maintidx
 func _main(ctx context.Context, buildInfo models.BuildInformation,
-	args []string, logger log.LoggerInterface, source Source,
+	args []string, logger log.LoggerInterface, reader *reader.Reader,
 	tun Tun, netLinker netLinker, cmder command.RunStarter,
 	cli clier) error {
 	if len(args) > 1 { // cli operation
 		switch args[1] {
 		case "healthcheck":
-			return cli.HealthCheck(ctx, source, logger)
+			return cli.HealthCheck(ctx, reader, logger)
 		case "clientkey":
 			return cli.ClientKey(args[2:])
 		case "openvpnconfig":
-			return cli.OpenvpnConfig(logger, source, netLinker)
+			return cli.OpenvpnConfig(logger, reader, netLinker)
 		case "update":
 			return cli.Update(ctx, args[2:], logger)
 		case "format-servers":
@@ -180,17 +187,22 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		fmt.Println(line)
 	}
 
-	allSettings, err := source.Read()
+	var allSettings settings.Settings
+	err = allSettings.Read(reader)
 	if err != nil {
 		return err
 	}
+	allSettings.SetDefaults()
 
 	// Note: no need to validate minimal settings for the firewall:
-	// - global log level is parsed from source
+	// - global log level is parsed below
 	// - firewall Debug and Enabled are booleans parsed from source
-
-	logger.Patch(log.SetLevel(*allSettings.Log.Level))
-	netLinker.PatchLoggerLevel(*allSettings.Log.Level)
+	logLevel, err := log.ParseLevel(allSettings.Log.Level)
+	if err != nil {
+		return fmt.Errorf("log level: %w", err)
+	}
+	logger.Patch(log.SetLevel(logLevel))
+	netLinker.PatchLoggerLevel(logLevel)
 
 	routingLogger := logger.New(log.SetComponent("routing"))
 	if *allSettings.Firewall.Debug { // To remove in v4
@@ -578,18 +590,12 @@ type Linker interface {
 type clier interface {
 	ClientKey(args []string) error
 	FormatServers(args []string) error
-	OpenvpnConfig(logger cli.OpenvpnConfigLogger, source cli.Source, ipv6Checker cli.IPv6Checker) error
-	HealthCheck(ctx context.Context, source cli.Source, warner cli.Warner) error
+	OpenvpnConfig(logger cli.OpenvpnConfigLogger, reader *reader.Reader, ipv6Checker cli.IPv6Checker) error
+	HealthCheck(ctx context.Context, reader *reader.Reader, warner cli.Warner) error
 	Update(ctx context.Context, args []string, logger cli.UpdaterLogger) error
 }
 
 type Tun interface {
 	Check(tunDevice string) error
 	Create(tunDevice string) error
 }
-
-type Source interface {
-	Read() (settings settings.Settings, err error)
-	ReadHealth() (health settings.Health, err error)
-	String() string
-}

go.mod

@@ -10,13 +10,12 @@ require (
 	github.com/klauspost/pgzip v1.2.6
 	github.com/qdm12/dns v1.11.0
 	github.com/qdm12/golibs v0.0.0-20210822203818-5c568b0777b6
-	github.com/qdm12/gosettings v0.4.0-rc1
+	github.com/qdm12/gosettings v0.4.0-rc9.0.20240323143821-6cc9afe3e4a0
 	github.com/qdm12/goshutdown v0.3.0
 	github.com/qdm12/gosplash v0.1.0
 	github.com/qdm12/gotree v0.2.0
-	github.com/qdm12/govalid v0.2.0-rc1
 	github.com/qdm12/log v0.1.0
-	github.com/qdm12/ss-server v0.5.0
+	github.com/qdm12/ss-server v0.6.0
 	github.com/qdm12/updated v0.0.0-20210603204757-205acfe6937e
 	github.com/stretchr/testify v1.9.0
 	github.com/ulikunitz/xz v0.5.11
@@ -48,8 +47,10 @@ require (
 	go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
+	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
 	golang.org/x/sync v0.1.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	kernel.org/pub/linux/libs/security/libcap/cap v1.2.69 // indirect
+	kernel.org/pub/linux/libs/security/libcap/psx v1.2.69 // indirect
 )

go.sum

@@ -97,20 +97,18 @@ github.com/qdm12/golibs v0.0.0-20210603202746-e5494e9c2ebb/go.mod h1:15RBzkun0i8
 github.com/qdm12/golibs v0.0.0-20210723175634-a75ca7fd74c2/go.mod h1:6aRbg4Z/bTbm9JfxsGXfWKHi7zsOvPfUTK1S5HuAFKg=
 github.com/qdm12/golibs v0.0.0-20210822203818-5c568b0777b6 h1:bge5AL7cjHJMPz+5IOz5yF01q/l8No6+lIEBieA8gMg=
 github.com/qdm12/golibs v0.0.0-20210822203818-5c568b0777b6/go.mod h1:6aRbg4Z/bTbm9JfxsGXfWKHi7zsOvPfUTK1S5HuAFKg=
-github.com/qdm12/gosettings v0.4.0-rc1 h1:UYA92yyeDPbmZysIuG65yrpZVPtdIoRmtEHft/AyI38=
-github.com/qdm12/gosettings v0.4.0-rc1/go.mod h1:JRV3opOpHvnKlIA29lKQMdYw1WSMVMfHYLLHPHol5ME=
+github.com/qdm12/gosettings v0.4.0-rc9.0.20240323143821-6cc9afe3e4a0 h1:ocCLeoHvSD5ZSA1J0H1VyCzBeUzSJil4HvnhjHdceEc=
+github.com/qdm12/gosettings v0.4.0-rc9.0.20240323143821-6cc9afe3e4a0/go.mod h1:uItKwGXibJp2pQ0am6MBKilpjfvYTGiH+zXHd10jFj8=
 github.com/qdm12/goshutdown v0.3.0 h1:pqBpJkdwlZlfTEx4QHtS8u8CXx6pG0fVo6S1N0MpSEM=
 github.com/qdm12/goshutdown v0.3.0/go.mod h1:EqZ46No00kCTZ5qzdd3qIzY6ayhMt24QI8Mh8LVQYmM=
 github.com/qdm12/gosplash v0.1.0 h1:Sfl+zIjFZFP7b0iqf2l5UkmEY97XBnaKkH3FNY6Gf7g=
 github.com/qdm12/gosplash v0.1.0/go.mod h1:+A3fWW4/rUeDXhY3ieBzwghKdnIPFJgD8K3qQkenJlw=
 github.com/qdm12/gotree v0.2.0 h1:+58ltxkNLUyHtATFereAcOjBVfY6ETqRex8XK90Fb/c=
 github.com/qdm12/gotree v0.2.0/go.mod h1:1SdFaqKZuI46U1apbXIf25pDMNnrPuYLEqMF/qL4lY4=
-github.com/qdm12/govalid v0.2.0-rc1 h1:4iYQvU4ibrASgzelsEgZX4JyKX3UTB/DcHObzQ7BXtw=
-github.com/qdm12/govalid v0.2.0-rc1/go.mod h1:/uWzVWMuS71wmbsVnlUxpQiy6EAXqm8eQ2RbyA72roQ=
 github.com/qdm12/log v0.1.0 h1:jYBd/xscHYpblzZAd2kjZp2YmuYHjAAfbTViJWxoPTw=
 github.com/qdm12/log v0.1.0/go.mod h1:Vchi5M8uBvHfPNIblN4mjXn/oSbiWguQIbsgF1zdQPI=
-github.com/qdm12/ss-server v0.5.0 h1:ARAqJayohDM51BmJ/R5Yplkpo+Qxgp7xizBF1HWd7uQ=
-github.com/qdm12/ss-server v0.5.0/go.mod h1:eFd8PL/uy0ZvJ4KeSUzToruJctVQoYqXk+LRy9vcOiI=
+github.com/qdm12/ss-server v0.6.0 h1:OaOdCIBXx0z3DGHPT6Th0v88vGa3MtAS4oRgUsDHGZE=
+github.com/qdm12/ss-server v0.6.0/go.mod h1:0BO/zEmtTiLDlmQEcjtoHTC+w+cWxwItjBuGP6TWM78=
 github.com/qdm12/updated v0.0.0-20210603204757-205acfe6937e h1:4q+uFLawkaQRq3yARYLsjJPZd2wYwxn4g6G/5v0xW1g=
 github.com/qdm12/updated v0.0.0-20210603204757-205acfe6937e/go.mod h1:UvJRGkZ9XL3/D7e7JiTTVLm1F3Cymd3/gFpD6frEpBo=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
@@ -156,8 +154,8 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -252,3 +250,7 @@ gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0/go.mod h1:Dn5idtptoW1dIos9U
 inet.af/netaddr v0.0.0-20210511181906-37180328850c/go.mod h1:z0nx+Dh+7N7CC8V5ayHtHGpZpxLQZZxkIaaz6HN65Ls=
 inet.af/netaddr v0.0.0-20220811202034-502d2d690317 h1:U2fwK6P2EqmopP/hFLTOAjWTki0qgd4GMJn5X8wOleU=
 inet.af/netaddr v0.0.0-20220811202034-502d2d690317/go.mod h1:OIezDfdzOgFhuw4HuWapWq2e9l0H9tK4F1j+ETRtF3k=
+kernel.org/pub/linux/libs/security/libcap/cap v1.2.69 h1:N0m3tKYbkRMmDobh/47ngz+AWeV7PcfXMDi8xu3Vrag=
+kernel.org/pub/linux/libs/security/libcap/cap v1.2.69/go.mod h1:Tk5Ip2TuxaWGpccL7//rAsLRH6RQ/jfqTGxuN/+i/FQ=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.69 h1:IdrOs1ZgwGw5CI+BH6GgVVlOt+LAXoPyh7enr8lfaXs=
+kernel.org/pub/linux/libs/security/libcap/psx v1.2.69/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=

internal/cli/clientkey.go

@@ -6,13 +6,12 @@ import (
 	"io"
 	"os"
 	"strings"
-
-	"github.com/qdm12/gluetun/internal/configuration/sources/files"
 )
 
 func (c *CLI) ClientKey(args []string) error {
 	flagSet := flag.NewFlagSet("clientkey", flag.ExitOnError)
-	filepath := flagSet.String("path", files.OpenVPNClientKeyPath, "file path to the client.key file")
+	const openVPNClientKeyPath = "/gluetun/client.key" // TODO deduplicate?
+	filepath := flagSet.String("path", openVPNClientKeyPath, "file path to the client.key file")
 	if err := flagSet.Parse(args); err != nil {
 		return err
 	}

internal/cli/healthcheck.go

@@ -6,12 +6,15 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/qdm12/gluetun/internal/configuration/settings"
 	"github.com/qdm12/gluetun/internal/healthcheck"
+	"github.com/qdm12/gosettings/reader"
 )
 
-func (c *CLI) HealthCheck(ctx context.Context, source Source, _ Warner) error {
+func (c *CLI) HealthCheck(ctx context.Context, reader *reader.Reader, _ Warner) (err error) {
 	// Extract the health server port from the configuration.
-	config, err := source.ReadHealth()
+	var config settings.Health
+	err = config.Read(reader)
 	if err != nil {
 		return err
 	}

internal/cli/openvpnconfig.go

@@ -8,12 +8,14 @@ import (
 	"strings"
 	"time"
 
+	"github.com/qdm12/gluetun/internal/configuration/settings"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/openvpn/extract"
 	"github.com/qdm12/gluetun/internal/provider"
 	"github.com/qdm12/gluetun/internal/storage"
 	"github.com/qdm12/gluetun/internal/updater/resolver"
+	"github.com/qdm12/gosettings/reader"
 )
 
 type OpenvpnConfigLogger interface {
@@ -39,14 +41,15 @@ type IPv6Checker interface {
 	IsIPv6Supported() (supported bool, err error)
 }
 
-func (c *CLI) OpenvpnConfig(logger OpenvpnConfigLogger, source Source,
+func (c *CLI) OpenvpnConfig(logger OpenvpnConfigLogger, reader *reader.Reader,
 	ipv6Checker IPv6Checker) error {
 	storage, err := storage.New(logger, constants.ServersData)
 	if err != nil {
 		return err
 	}
 
-	allSettings, err := source.Read()
+	var allSettings settings.Settings
+	err = allSettings.Read(reader)
 	if err != nil {
 		return err
 	}

internal/configuration/settings/dns.go

@@ -5,6 +5,7 @@ import (
 	"net/netip"
 
 	"github.com/qdm12/gosettings"
+	"github.com/qdm12/gosettings/reader"
 	"github.com/qdm12/gotree"
 )
 
@@ -49,14 +50,6 @@ func (d *DNS) Copy() (copied DNS) {
 	}
 }
 
-// mergeWith merges the other settings into any
-// unset field of the receiver settings object.
-func (d *DNS) mergeWith(other DNS) {
-	d.ServerAddress = gosettings.MergeWithValidator(d.ServerAddress, other.ServerAddress)
-	d.KeepNameserver = gosettings.MergeWithPointer(d.KeepNameserver, other.KeepNameserver)
-	d.DoT.mergeWith(other.DoT)
-}
-
 // overrideWith overrides fields of the receiver
 // settings object with any field set in the other
 // settings.
@@ -87,3 +80,22 @@ func (d DNS) toLinesNode() (node *gotree.Node) {
 	node.AppendNode(d.DoT.toLinesNode())
 	return node
 }
+
+func (d *DNS) read(r *reader.Reader) (err error) {
+	d.ServerAddress, err = r.NetipAddr("DNS_ADDRESS", reader.RetroKeys("DNS_PLAINTEXT_ADDRESS"))
+	if err != nil {
+		return err
+	}
+
+	d.KeepNameserver, err = r.BoolPtr("DNS_KEEP_NAMESERVER")
+	if err != nil {
+		return err
+	}
+
+	err = d.DoT.read(r)
+	if err != nil {
+		return fmt.Errorf("DNS over TLS settings: %w", err)
+	}
+
+	return nil
+}

internal/configuration/settings/dnsblacklist.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/qdm12/dns/pkg/blacklist"
 	"github.com/qdm12/gosettings"
+	"github.com/qdm12/gosettings/reader"
 	"github.com/qdm12/gotree"
 )
 
@@ -63,16 +64,6 @@ func (b DNSBlacklist) copy() (copied DNSBlacklist) {
 	}
 }
 
-func (b *DNSBlacklist) mergeWith(other DNSBlacklist) {
-	b.BlockMalicious = gosettings.MergeWithPointer(b.BlockMalicious, other.BlockMalicious)
-	b.BlockAds = gosettings.MergeWithPointer(b.BlockAds, other.BlockAds)
-	b.BlockSurveillance = gosettings.MergeWithPointer(b.BlockSurveillance, other.BlockSurveillance)
-	b.AllowedHosts = gosettings.MergeWithSlice(b.AllowedHosts, other.AllowedHosts)
-	b.AddBlockedHosts = gosettings.MergeWithSlice(b.AddBlockedHosts, other.AddBlockedHosts)
-	b.AddBlockedIPs = gosettings.MergeWithSlice(b.AddBlockedIPs, other.AddBlockedIPs)
-	b.AddBlockedIPPrefixes = gosettings.MergeWithSlice(b.AddBlockedIPPrefixes, other.AddBlockedIPPrefixes)
-}
-
 func (b *DNSBlacklist) overrideWith(other DNSBlacklist) {
 	b.BlockMalicious = gosettings.OverrideWithPointer(b.BlockMalicious, other.BlockMalicious)
 	b.BlockAds = gosettings.OverrideWithPointer(b.BlockAds, other.BlockAds)
@@ -136,3 +127,66 @@ func (b DNSBlacklist) toLinesNode() (node *gotree.Node) {
 
 	return node
 }
+
+func (b *DNSBlacklist) read(r *reader.Reader) (err error) {
+	b.BlockMalicious, err = r.BoolPtr("BLOCK_MALICIOUS")
+	if err != nil {
+		return err
+	}
+
+	b.BlockSurveillance, err = r.BoolPtr("BLOCK_SURVEILLANCE",
+		reader.RetroKeys("BLOCK_NSA"))
+	if err != nil {
+		return err
+	}
+
+	b.BlockAds, err = r.BoolPtr("BLOCK_ADS")
+	if err != nil {
+		return err
+	}
+
+	b.AddBlockedIPs, b.AddBlockedIPPrefixes,
+		err = readDoTPrivateAddresses(r) // TODO v4 split in 2
+	if err != nil {
+		return err
+	}
+
+	b.AllowedHosts = r.CSV("UNBLOCK") // TODO v4 change name
+
+	return nil
+}
+
+var (
+	ErrPrivateAddressNotValid = errors.New("private address is not a valid IP or CIDR range")
+)
+
+func readDoTPrivateAddresses(reader *reader.Reader) (ips []netip.Addr,
+	ipPrefixes []netip.Prefix, err error) {
+	privateAddresses := reader.CSV("DOT_PRIVATE_ADDRESS")
+	if len(privateAddresses) == 0 {
+		return nil, nil, nil
+	}
+
+	ips = make([]netip.Addr, 0, len(privateAddresses))
+	ipPrefixes = make([]netip.Prefix, 0, len(privateAddresses))
+
+	for _, privateAddress := range privateAddresses {
+		ip, err := netip.ParseAddr(privateAddress)
+		if err == nil {
+			ips = append(ips, ip)
+			continue
+		}
+
+		ipPrefix, err := netip.ParsePrefix(privateAddress)
+		if err == nil {
+			ipPrefixes = append(ipPrefixes, ipPrefix)
+			continue
+		}
+
+		return nil, nil, fmt.Errorf(
+			"environment variable DOT_PRIVATE_ADDRESS: %w: %s",
+			ErrPrivateAddressNotValid, privateAddress)
+	}
+
+	return ips, ipPrefixes, nil
+}