alihan/arc-evilsocket
1
0
Fork 0
mirror of https://github.com/evilsocket/arc.git synced 2024-05-26 22:37:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: fixed Dockerfile and documentation.

Browse Source
This commit is contained in:
Simone Margaritelli
2024-04-06 17:19:48 -04:00
parent d4f359eecc
commit ad0b0e7573
5 changed files with 31 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/buildx.yml vendored
View File

@@ -23,6 +23,6 @@ jobs:
- name: Build and push
uses: docker/build-push-action@v5
with:
platforms: linux/amd64, linux/arm64, linux/arm, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64
platforms: linux/amd64, linux/arm64, linux/arm
push: true
tags: evilsocket/arc:latest

4
Dockerfile
View File

@@ -3,7 +3,7 @@ FROM golang:1.22.2
ADD . /go/src/github.com/evilsocket/arc
WORKDIR /go/src/github.com/evilsocket/arc
RUN go build -o build/arc cmd/arc/*.go
RUN go build -o /bin/arc cmd/arc/*.go
EXPOSE 8443
EXPOSE 443
ENTRYPOINT ./build/arc -config /config.toml
ENTRYPOINT ["/bin/arc"]

108
README.md
View File

@@ -44,105 +44,35 @@ The idea is to use Arc as a single storage and manager for your passwords, encry
## Usage
You can find binary releases of Arc [here](https://github.com/evilsocket/arc/releases), if instead you want to build it from source, make sure you have Go >= 1.22.x installed and configured correctly, then clone this repository, install the dependencies and compile the `arc` server component:
The simplest way to run `arc` is as a Docker container. First, make sure to copy `sample_config.toml` into your own `config.toml`.
go install github.com/evilsocket/arc/cmd/arc@latest
The most important fields to change are the `secret` ( a key used for token authentication ), the `username` and the `password`, which is the `bcrypt` hash of the authentication password you want to use, you can generate a new one with:
Once you either extracted the release archive or compiled it yourself, copy `sample_config.toml` to a new `config.toml` file and customize it. The most important fields to change are the `secret` ( a key used for token authentication ), the `username` and the `password`, which is the `bcrypt` hash of the authentication password you want to use, you can generate a new one with:
arc password "your-new-password" <optional-cost>
Once everything is ready, youn can finally start the `arc` server:
arc -config config.toml -app arc
Now browse `https://localhost:8443/` ( or the address and port you configured ) and login with the configured credentials (make sure to add the generated HTTPS certificate as an exception in your browser).
```sh
docker run -it evilsocket/arc:latest password "your-new-password" <optional-cost>
```
**NOTE**
Other than the username and the password, during login you need to specify an additional encryption key. This second key is not used to login to the system itself but to encrypt and decrypt your records client side. You can specify different keys each time you login, as long as you remember which key you used to encrypt which record :)
## Configuration
Once everything is ready and you updated the configuration file, you can finally start the `arc` server:
This is the example configuration file you need to customize the first time.
```toml
##
# Core configuration.
##
# address and port to bind the API to
# NOTE: if tailscale is enabled, the address will be ignored.
address = "0.0.0.0"
port = 8443
# Secret key to use for authentication token signing and verification.
secret = ""
# HTTPS certificate PEM file (if it does not exist, it will be automatically generated).
certificate = "~/arc-certificate.pem"
# HTTPS private key PEM file (if it does not exist, it will be automatically generated).
key = "~/arc-key.pem"
# API access username.
username = "arc"
# API access password `bcrypt` hash.
password = "$2a$10$RuOcSEwPNNFlA/lxjpRY3.3J0tR0LG/FyfG/IXolgdDxPh7.urgGe"
# Database root directory.
database = "~/db"
# Validity in minutes of a JWT API token after it's being generated.
token_duration = 60
# If true, records bigger than 1024 bytes will be asynchronously gzipped and served as compressed streams to the client.
compression = true
# Tailscale specific configuration.
[tailscale]
# If true, will run this as a tailscale server node and won't be visible outside the tailscale network.
# In order to authenticate the node, set the TS_AUTHKEY environment variable or follow the onscreen instructions.
enabled = false
# Tailscale hostname, if left empty the system hostname will be used.
# NOTE: Make sure that HTTPS certificates are enabled for this tailscale host and that the hostname
# matches the certificate.
hostname = "stevie"
# Periodic tasks.
[scheduler]
# Scheduler is enabled by default.
enabled = true
# Period in seconds of the scheduler.
period = 10
# Report system events.
[scheduler.reports]
enabled = false
rate_limit = 60
filter = ["login_ok", "login_ko", "token_ko", "update", "record_expired"]
to = "youremail@gmail.com"
# If reports are enabled, this SMTP configuration is required for email notifications.
[scheduler.reports.smtp]
address = "smtp.gmail.com"
port = 587
username = "youremail@gmail.com"
password = "your smtp password"
# Email notifications can be optionally encrypted with PGP.
[scheduler.reports.pgp]
enabled = true
# PGP Keys.
[scheduler.reports.pgp.keys]
# The ARC server PGP private key.
private = "~/server.private.key.asc"
# The emails recipient PGP public key.
public = "~/my.public.key.asc"
# Backup configuration.
[backups]
enabled = false
# Every 1800 run the command on that folder.
period = 1800
run = "scp arc-backup.tar user@backup-server:/media/arc_backup/"
folder = "/some/backup/path/"
```sh
docker run -it --network host \
-v /path/to/your/config.toml:/etc/arc/config.toml \
-v /path/to/data:/arc \
-v $HOME/.config/tsnet-arc:/root/.config/tsnet-arc \
evilsocket/arc:latest
```
It is necessary to change only the `secret`, `username` and `password` access parameters of Arc, while the others can be left to their default values.
Now browse `https://localhost:8443/` ( or the address and port you configured ) and login with the configured credentials (make sure to add the generated HTTPS certificate as an exception in your browser).
Alternatively, you can find binary releases of Arc [here](https://github.com/evilsocket/arc/releases).
If instead you want to build it from source, make sure you have Go >= 1.22.x installed and configured correctly, then clone this repository, install the dependencies and compile the `arc` server component:
go install github.com/evilsocket/arc/cmd/arc@latest
## Tailscale / Headscale Integration

2
cmd/arc/setup.go
View File

@@ -42,7 +42,7 @@ var (
)
func init() {
flag.StringVar(&confFile, "config", "", "JSON configuration file.")
flag.StringVar(&confFile, "config", "/etc/arc/config.toml", "Configuration file.")
flag.BoolVar(&noAuth, "no-auth", noAuth, "Disable authentication.")
flag.BoolVar(&noUpdates, "no-updates", noUpdates, "Disable updates check.")

16
sample_config.toml
View File

@@ -6,17 +6,17 @@
address = "0.0.0.0"
port = 8443
# Secret key to use for authentication token signing and verification.
secret = ""
secret = "p9ry34908fh34890fgh8934ghr8934hgr9834r9h8349hf9348hf94h"
# HTTPS certificate PEM file (if it does not exist, it will be automatically generated).
certificate = "~/arc-certificate.pem"
certificate = "/arc/arc-certificate.pem"
# HTTPS private key PEM file (if it does not exist, it will be automatically generated).
key = "~/arc-key.pem"
key = "/arc/arc-key.pem"
# API access username.
username = "arc"
# API access password `bcrypt` hash.
password = "$2a$10$RuOcSEwPNNFlA/lxjpRY3.3J0tR0LG/FyfG/IXolgdDxPh7.urgGe"
# API access password `bcrypt` hash. CHANGE THIS.
password = "$2a$10$LxGzW9Nrp9PHQFd6ijtP5O0XGHr61Yj6jhCBDmBCfe/PETnxAVZVq"
# Database root directory.
database = "~/db"
database = "/arc/db"
# Validity in minutes of a JWT API token after it's being generated.
token_duration = 60
# If true, records bigger than 1024 bytes will be asynchronously gzipped and served as compressed streams to the client.
@@ -62,9 +62,9 @@ enabled = true
# PGP Keys.
[scheduler.reports.pgp.keys]
# The ARC server PGP private key.
private = "~/server.private.key.asc"
private = "/arc/pgp-server.private.key.asc"
# The emails recipient PGP public key.
public = "~/my.public.key.asc"
public = "/arc/pgp-my.public.key.asc"
# Backup configuration.
[backups]