chore(config): refactor (#36)

- **remove activation based settings**: these were inherited from grimd.
In my opinion they are a liability, as it allows one user to disable
leng globally - so an attacker could disable tracking for your devices
simply by reaching your nameserver on a publicly exposed port

- **group some settings in config**: for more readability

activation.go

@@ -1,9 +1,5 @@
 package main
 
-import (
-	"time"
-)
-
 // ToggleData type
 type ToggleData struct {
 	Mode uint
@@ -17,9 +13,7 @@ type ActivationHandler struct {
 	setChannel    chan bool
 }
 
-func startActivation(actChannel chan *ActivationHandler, quit chan bool, reactivationDelay uint) {
-	var reactivate time.Time
-	var reactivatePending bool
+func startActivation(actChannel chan *ActivationHandler, quit chan bool) {
 	a := &ActivationHandler{}
 
 	a.queryChannel = make(chan bool)
@@ -30,10 +24,6 @@ func startActivation(actChannel chan *ActivationHandler, quit chan bool, reactiv
 	// then continue to the loop
 	actChannel <- a
 
-	ticker := time.Tick(1 * time.Second)
-
-	var nextToggleTime = time.Now()
-
 forever:
 	for {
 		select {
@@ -42,35 +32,15 @@ forever:
 		case <-a.queryChannel:
 			a.queryChannel <- lengActive
 		case v := <-a.toggleChannel:
-			// Firefox is sending 2 queries in a row, so debouncing is needed.
-			if v.Mode == 1 && nextToggleTime.After(time.Now()) {
-				logger.Warning("Toggle is too close: wait 10 seconds\n")
+			if v.Mode == 1 {
+				lengActive = !lengActive
 			} else {
-				if v.Mode == 1 {
-					lengActive = !lengActive
-				} else {
-					lengActive = false
-				}
-				nextToggleTime = time.Now().Add(time.Duration(10) * time.Second)
-				if !lengActive && reactivationDelay > 0 {
-					reactivate = time.Now().Add(time.Duration(v.Data) * time.Second)
-					reactivatePending = true
-				} else {
-					reactivatePending = false
-				}
-				a.queryChannel <- lengActive
+				lengActive = false
 			}
+			a.queryChannel <- lengActive
 		case v := <-a.setChannel:
 			lengActive = v
-			reactivatePending = false
 			a.setChannel <- lengActive
-		case <-ticker:
-			now := time.Now()
-			if reactivatePending && now.After(reactivate) {
-				logger.Notice("Reactivating leng (timer)")
-				lengActive = true
-				reactivatePending = false
-			}
 		}
 	}
 	logger.Debugf("Activation goroutine exiting")

config.go

@@ -22,33 +22,40 @@ var ConfigVersion = "1.3.0"
 // Config holds the configuration parameters
 type Config struct {
 	Version           string
-	Sources           []string
-	SourceDirs        []string
 	LogConfig         string
 	Bind              string
 	API               string
-	NXDomain          bool
-	Nullroute         string
-	Nullroutev6       string
-	Nameservers       []string
 	Interval          int
 	Timeout           int
-	Expire            uint32
-	Maxcount          int
 	QuestionCacheCap  int
 	TTL               uint32
-	Blocklist         []string
-	Whitelist         []string
 	CustomDNSRecords  []string
-	ToggleName        string
-	ReactivationDelay uint
 	APIDebug          bool
-	DoH               string
+	Blocking          Blocking
+	Upstream          Upstream
 	Metrics           Metrics `toml:"metrics"`
 	DnsOverHttpServer DnsOverHttpServer
 	FollowCnameDepth  uint32
 }
 
+type Blocking struct {
+	Sources     []string
+	SourceDirs  []string
+	Blocklist   []string
+	Whitelist   []string
+	NXDomain    bool
+	Nullroute   string
+	Nullroutev6 string
+}
+
+type Upstream struct {
+	DoH         string
+	Nameservers []string
+	TimeoutS    int `toml:"timeout_s"`
+	Expire      uint32
+	Maxcount    int
+}
+
 type Metrics struct {
 	Enabled bool
 	Path    string
@@ -78,21 +85,6 @@ var defaultConfig = `
 # version this config was generated from
 version = "%s"
 
-# list of sources to pull blocklists from, stores them in ./sources
-sources = [
-	"https://mirror1.malwaredomains.com/files/justdomains",
-	"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
-	"https://sysctl.org/cameleon/hosts",
-	"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
-	"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
-	"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
-]
-
-# list of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
-sourcedirs = [
-	"sources"
-]
-
 # log configuration
 # format: comma separated list of options, where options is one of 
 #   file:<filename>@<loglevel>
@@ -111,36 +103,12 @@ bind = "0.0.0.0:53"
 # address to bind to for the API server
 api = "127.0.0.1:8080"
 
-# response to blocked queries with a NXDOMAIN
-nxdomain = false
-
-# ipv4 address to forward blocked queries to
-nullroute = "0.0.0.0"
-
-# ipv6 address to forward blocked queries to
-nullroutev6 = "0:0:0:0:0:0:0:0"
-
-# nameservers to forward queries to
-nameservers = ["1.1.1.1:53", "1.0.0.1:53"]
-
-# concurrency interval for lookups in miliseconds
+# concurrency interval for lookups in milliseconds
 interval = 200
 
-# query timeout for dns lookups in seconds
-timeout = 5
-
-# cache entry lifespan in seconds
-expire = 600
-
-# cache capacity, 0 for infinite
-maxcount = 0
-
 # question cache capacity, 0 for infinite but not recommended (this is used for storing logs)
 questioncachecap = 5000
 
-# manual blocklist entries
-blocklist = []
-
 # manual whitelist entries - comments for reference
 whitelist = [
 	# "getsentry.com",
@@ -153,26 +121,50 @@ customdnsrecords = [
     # "example.other.tld          IN CNAME   wikipedia.org"
 ]
 
-# When this string is queried, toggle leng on and off
-togglename = ""
-
-# If not zero, the delay in seconds before leng automaticall reactivates after
-# having been turned off.
-reactivationdelay = 300
-
-# Dns over HTTPS upstream provider to use
-DoH = "https://cloudflare-dns.com/dns-query"
-
 # How deep to follow chains of CNAME records
 # set to 0 to disable CNAME-following entirely
 # (anything more than 10 should be more than plenty)
 # see https://github.com/Cottand/leng/wiki/CNAME%E2%80%90following-DNS
 followCnameDepth = 12
 
+[Blocking]
+	# response to blocked queries with a NXDOMAIN
+	nxdomain = false
+	# ipv4 address to forward blocked queries to
+	nullroute = "0.0.0.0"
+	# ipv6 address to forward blocked queries to
+	nullroutev6 = "0:0:0:0:0:0:0:0"
+	# manual blocklist entries
+	blocklist = []
+	# list of sources to pull blocklists from, stores them in ./sources
+	sources = [
+		"https://mirror1.malwaredomains.com/files/justdomains",
+		"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
+		"https://sysctl.org/cameleon/hosts",
+		"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
+		"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
+		"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
+	]
+	# list of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
+	sourcedirs = ["sources"]
+
+
+[Upstream]
+	# Dns over HTTPS provider to use.
+	DoH = "https://cloudflare-dns.com/dns-query"
+	# nameservers to forward queries to
+	nameservers = ["1.1.1.1:53", "1.0.0.1:53"]
+	# query timeout for dns lookups in seconds
+	timeout_s = 5
+	# cache entry lifespan in seconds
+	expire = 600
+	# cache capacity, 0 for infinite
+	maxcount = 0
+
 # Prometheus metrics - disabled by default
 [Metrics]
-  enabled = false
-  path = "/metrics"
+	enabled = false
+	path = "/metrics"
 
 [DnsOverHttpServer]
 	enabled = false

doc/src/Configuration.md

@@ -3,21 +3,6 @@ If leng.toml is not found the default configuration will be used. If it is found
 Here is the default configuration:
 
 ```toml
-# list of sources to pull blocklists from, stores them in ./sources
-sources = [
-	"https://mirror1.malwaredomains.com/files/justdomains",
-	"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
-	"https://sysctl.org/cameleon/hosts",
-	"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
-	"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
-	"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
-]
-
-# list of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
-sourcedirs = [
-	"sources"
-]
-
 # log configuration
 # format: comma separated list of options, where options is one of 
 #   file:<filename>@<loglevel>
@@ -36,69 +21,77 @@ bind = "0.0.0.0:53"
 # address to bind to for the API server
 api = "127.0.0.1:8080"
 
-# response to blocked queries with a NXDOMAIN
-nxdomain = false
-
-# ipv4 address to forward blocked queries to
-nullroute = "0.0.0.0"
-
-# ipv6 address to forward blocked queries to
-nullroutev6 = "0:0:0:0:0:0:0:0"
-
-# nameservers to forward queries to
-nameservers = ["1.1.1.1:53", "1.0.0.1:53"]
-
 # concurrency interval for lookups in miliseconds
 interval = 200
 
-# query timeout for dns lookups in seconds
-timeout = 5
-
-# cache entry lifespan in seconds
-expire = 600
-
-# cache capacity, 0 for infinite
-maxcount = 0
-
 # question cache capacity, 0 for infinite but not recommended (this is used for storing logs)
 questioncachecap = 5000
 
-# manual blocklist entries
-blocklist = []
-
-# Drbl related settings
-usedrbl = 0
-drblpeersfilename = "drblpeers.yaml"
-drblblockweight = 128
-drbltimeout = 30
-drbldebug = 0
-
-# manual whitelist entries - comments for reference
-whitelist = [
-	# "getsentry.com",
-	# "www.getsentry.com"
-]
-
 # manual custom dns entries - comments for reference
 customdnsrecords = [
     # "example.mywebsite.tld      IN A       10.0.0.1"
     # "example.other.tld          IN CNAME   wikipedia.org"
 ]
 
-# When this string is queried, toggle leng on and off
-togglename = ""
-
-# If not zero, the delay in seconds before leng automaticall reactivates after
-# having been turned off.
-reactivationdelay = 300
-
-#Dns over HTTPS provider to use.
-DoH = "https://cloudflare-dns.com/dns-query"
+[Blocking]
+    # response to blocked queries with a NXDOMAIN
+    nxdomain = false
+    # ipv4 address to forward blocked queries to
+    nullroute = "0.0.0.0"
+    # ipv6 address to forward blocked queries to
+    nullroutev6 = "0:0:0:0:0:0:0:0"
+    # manual blocklist entries
+    blocklist = []
+    # list of sources to pull blocklists from, stores them in ./sources
+    sources = [
+        "https://mirror1.malwaredomains.com/files/justdomains",
+        "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
+        "https://sysctl.org/cameleon/hosts",
+        "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
+        "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
+        "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
+    ]
+    # list of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
+    sourcedirs = ["sources"]
+    # manual blocklist entries
+    blocklist = []
+    # manual whitelist entries - comments for reference
+    whitelist = [
+        # "getsentry.com",
+        # "www.getsentry.com"
+    ]
+
+
+
+[Upstream]
+    # Dns over HTTPS provider to use.
+    DoH = "https://cloudflare-dns.com/dns-query"
+    # nameservers to forward queries to
+    nameservers = ["1.1.1.1:53", "1.0.0.1:53"]
+    # query timeout for dns lookups in seconds
+    timeout_s = 5
+    # cache entry lifespan in seconds
+    expire = 600
+    # cache capacity, 0 for infinite
+    maxcount = 0
 
 # Prometheus metrics - enable 
 [Metrics]
-  enabled = false
-  path = "/metrics"
+    enabled = false
+    path = "/metrics"
+
+[DnsOverHttpServer]
+    enabled = false
+    bind = "0.0.0.0:80"
+    timeoutMs = 5000
+
+# TLS config is not required for DoH if you have some proxy (ie, caddy, nginx, traefik...) manage HTTPS for you
+    [DnsOverHttpServer.TLS]
+        enabled = false
+        certPath = ""
+        keyPath = ""
+        # if empty, system CAs will be used
+        caPath = ""
 ```
 
 The most up-to-date version can be found on [config.go](https://github.com/Cottand/leng/blob/master/config.go)