This is a monorepo containing all software infrastructures of Rundong's home-lab. Projects include:
- conf-gen: Generating Clash, Quantumult-X, and sing-box configuration files for various deployment scenarios (PC clients, home routers, mobile apps, etc.) from one single unified source configuration file
- conf-cookbook: Boilerplate configurations for secured internet services (e.g., shadowsocks-rust, V2Ray + Nginx WebSocket)
- openwrt-builder: Build OpenWRT image with custom configurations and packages, include scripts to archive transparent proxy
- util-cookbook: Handy utilities for daily home-lab maintaining, e.g., DDNS, router LED scheduling etc.
Confidential information such as API keys, subscription URLs, and user ids is mandatory for services such as Clash config generation. To safely include such information in this monorepo, we symmetrically encrypt them via the Fernet construction (a time-tested AEAD cipher) and write the corresponding ciphertext to boilerplate code and configurations. Specifically, the encryption process comprises:
- Inputs:
master_password: Any unicode stringsalt: Any unicode stringplain_textorcypher_text: Any unsigned byte string to be encrypted or decrypted
- Encode strings to bytes:
master_password_byes<- Encodemaster_passwordin UTF-8salt_bytes<- Encodesaltin UTF-8
- Derive
key_bytes<- PBKDF2HMAC algorithm frommaster_password_bytesandsalt_bytesusing the following parameters:- algorithm: SHA256
- length: 32
- iterations: 100000
- Construct
fernet<- Fernet cypher fromkey_bytes - Encrypt
plain_textor decryptcypher_textbyfernet
If you are intending to fork/reuse this monorepo and incorporate your own confidential information, please remember: It's safe to use cypher_text anywhere, however, NEVER EVER WRITE plain_text OR master_password TO ANY CODE/CONFIG/FILES!
This work is distributed under the MIT License, see LICENSE for details.