826cca39

feat: wire up CA and scanner in nono-proxy main

a73x   2026-03-29 16:42

---

diff --git a/cmd/nono-proxy/main.go b/cmd/nono-proxy/main.go
index d85b0b6..9b3c61e 100644
--- a/cmd/nono-proxy/main.go
+++ b/cmd/nono-proxy/main.go
@@ -7,16 +7,20 @@ import (
	"os"
	"path/filepath"

	"github.com/xanderle/nono/ca"
	"github.com/xanderle/nono/proxy"
	"github.com/xanderle/nono/scanner"
)

func main() {
	store := storePath()

	if len(os.Args) > 1 && os.Args[1] == "allow" {
		if len(os.Args) < 3 {
			fmt.Fprintln(os.Stderr, "usage: nono-proxy allow <host>")
			os.Exit(1)
		}
		hostsFile := approvedHostsPath()
		hostsFile := filepath.Join(store, "approved_hosts")
		if err := proxy.Allow(hostsFile, os.Args[2]); err != nil {
			log.Fatalf("failed to allow host: %v", err)
		}
@@ -25,20 +29,36 @@ func main() {
	}

	addr := ":9854"
	hostsFile := approvedHostsPath()
	os.MkdirAll(store, 0755)

	hostsFile := filepath.Join(store, "approved_hosts")
	rulesPath := filepath.Join(store, "rules.yaml")

	if err := scanner.WriteDefaultRules(rulesPath); err != nil {
		log.Fatalf("failed to write default rules: %v", err)
	}

	os.MkdirAll(filepath.Dir(hostsFile), 0755)
	caCert, caKey, err := ca.LoadOrCreate(store)
	if err != nil {
		log.Fatalf("failed to load/create CA: %v", err)
	}
	log.Printf("CA cert: %s/ca.pem", store)

	opts := []proxy.Option{
		proxy.WithRules(rulesPath),
		proxy.WithCA(caCert, caKey),
	}

	p := proxy.New(hostsFile)
	log.Printf("nono-proxy listening on %s (hosts: %s)", addr, hostsFile)
	p := proxy.New(hostsFile, opts...)
	log.Printf("nono-proxy listening on %s (hosts: %s, rules: %s)", addr, hostsFile, rulesPath)
	log.Fatal(http.ListenAndServe(addr, p))
}

func approvedHostsPath() string {
func storePath() string {
	store := os.Getenv("NONO_STORE")
	if store == "" {
		home, _ := os.UserHomeDir()
		store = filepath.Join(home, ".local", "share", "nono")
	}
	return filepath.Join(store, "approved_hosts")
	return store
}