This is a monorepo containing all software infrastructures of Rundong's home-lab. Projects include:
- conf-gen: Generating Clash and Quantumult-X configuration files for various deployment scenarios (PC clients, home routers, mobile apps, etc.) from one single unified source configuration file
- conf-cookbook: Boilerplate configurations for secured internet services (e.g., shadowsocks-rust, V2Ray + Nginx WebSocket)
- openwrt-builder: Build OpenWRT image with custom configurations and packages, include scripts to archive transparent proxy
- util-cookbook: Handy utilities for daily home-lab maintaining, e.g., DDNS, router LED scheduling etc.
Confidential information such as API keys, subscription URLs, and user ids is mandatory for services such as Clash config generation. To safely include such information in this monorepo, we symmetrically encrypt them via the Fernet construction (a time-tested AEAD cipher) and write the corresponding ciphertext to boilerplate code and configurations. Specifically, the encryption process comprises:
- Inputs:
master_password
: Any unicode stringsalt
: Any unicode stringplain_text
orcypher_text
: Any unsigned byte string to be encrypted or decrypted
- Encode strings to bytes:
master_password_byes
<- Encodemaster_password
in UTF-8salt_bytes
<- Encodesalt
in UTF-8
- Derive
key_bytes
<- PBKDF2HMAC algorithm frommaster_password_bytes
andsalt_bytes
using the following parameters:- algorithm: SHA256
- length: 32
- iterations: 100000
- Construct
fernet
<- Fernet cypher fromkey_bytes
- Encrypt
plain_text
or decryptcypher_text
byfernet
If you are intending to fork/reuse this monorepo and incorporate your own confidential information, please remember: It's safe to use cypher_text
anywhere, however, NEVER EVER WRITE plain_text
OR master_password
TO ANY CODE/CONFIG/FILES!
This work is distributed under the MIT License, see LICENSE for details.