Compare commits
2 commits
ae5a5b84b9
...
fc2361614e
| Author | SHA1 | Date | |
|---|---|---|---|
fc2361614e
|
|||
|
23ceeffcfa
|
3 changed files with 43 additions and 4 deletions
|
|
@ -30,5 +30,8 @@ strip = "symbols"
|
||||||
lto = "thin"
|
lto = "thin"
|
||||||
codegen-units = 1
|
codegen-units = 1
|
||||||
|
|
||||||
|
[package.metadata.deb]
|
||||||
|
name = "cloudflare-ddns-rs"
|
||||||
|
|
||||||
[package.metadata.deb.systemd-units]
|
[package.metadata.deb.systemd-units]
|
||||||
unit-scripts = "systemd/"
|
unit-scripts = "systemd/"
|
||||||
|
|
|
||||||
24
README.md
24
README.md
|
|
@ -29,8 +29,15 @@ different IP address.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
First, create an initial file at `/etc/cloudflare-ddns.toml`. Populate it with
|
First, create an initial file at `/etc/cloudflare-ddns.toml`. Set the permissions
|
||||||
the following:
|
so that it is readable and writable by `root` only:
|
||||||
|
|
||||||
|
```
|
||||||
|
# sudo touch /etc/cloudflare-ddns.toml
|
||||||
|
# chmod 600 /etc/cloudflare-ddns.toml
|
||||||
|
```
|
||||||
|
|
||||||
|
Populate it with the following:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[account]
|
[account]
|
||||||
|
|
@ -129,3 +136,16 @@ successful, installation is complete.
|
||||||
A `.deb` package is created via [`cargo-deb`].
|
A `.deb` package is created via [`cargo-deb`].
|
||||||
|
|
||||||
[`cargo-deb`]: https://github.com/kornelski/cargo-deb
|
[`cargo-deb`]: https://github.com/kornelski/cargo-deb
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
This project attempts to take security seriously. Please note the following
|
||||||
|
hardening notes applied by default.
|
||||||
|
|
||||||
|
### Hardened `systemd` service configuration
|
||||||
|
|
||||||
|
In principle, this service needs very little access to a host, and needs access
|
||||||
|
to the internet. As a result, the default `systemd` service configuration
|
||||||
|
aggressively restricts the capabilities of the binary to a minimum set of
|
||||||
|
features, namely access to the internet and dependency to do so. If you believe
|
||||||
|
more directives could be provided, please create a PR.
|
||||||
18
src/main.rs
18
src/main.rs
|
|
@ -264,6 +264,22 @@ async fn handle_run(conf: Config, run: Run) -> Result<()> {
|
||||||
cache_file.0.insert(record.id, addr);
|
cache_file.0.insert(record.id, addr);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for message in resp.messages {
|
||||||
|
info!(
|
||||||
|
code = message.code,
|
||||||
|
message = message.message,
|
||||||
|
"Cloudflare API returned message"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
for error in resp.errors {
|
||||||
|
warn!(
|
||||||
|
code = error.code,
|
||||||
|
message = error.message,
|
||||||
|
"Cloudflare API returned error"
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -312,7 +328,7 @@ fn ip_cache_path(cache_dir: Option<PathBuf>) -> Result<PathBuf> {
|
||||||
#[derive(Deserialize, Debug)]
|
#[derive(Deserialize, Debug)]
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
struct Message {
|
struct Message {
|
||||||
code: u16,
|
code: u32,
|
||||||
message: String,
|
message: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue