install go2rtc on bob

installs_on_host/go2rtc/pkg/xnet/net.go

@@ -0,0 +1,64 @@
+package xnet
+
+import (
+	"net"
+	"strconv"
+)
+
+// Docker has common docker addresses (class B):
+// https://en.wikipedia.org/wiki/Private_network
+// - docker0 172.17.0.1/16
+// - br-xxxx 172.18.0.1/16
+// - hassio  172.30.32.1/23
+var Docker = net.IPNet{
+	IP:   []byte{172, 16, 0, 0},
+	Mask: []byte{255, 240, 0, 0},
+}
+
+// ParseUnspecifiedPort will return port if address is unspecified
+// ex. ":8555" or "0.0.0.0:8555"
+func ParseUnspecifiedPort(address string) int {
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return 0
+	}
+
+	if host != "" && host != "0.0.0.0" && host != "[::]" {
+		return 0
+	}
+
+	i, _ := strconv.Atoi(port)
+	return i
+}
+
+func IPNets(ipFilter func(ip net.IP) bool) ([]*net.IPNet, error) {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return nil, err
+	}
+
+	var nets []*net.IPNet
+
+	for _, iface := range ifaces {
+		if iface.Flags&net.FlagUp == 0 || iface.Flags&net.FlagLoopback != 0 {
+			continue
+		}
+
+		addrs, _ := iface.Addrs() // range on nil slice is OK
+		for _, addr := range addrs {
+			switch v := addr.(type) {
+			case *net.IPNet:
+				ip := v.IP.To4()
+				if ip == nil {
+					continue
+				}
+				if ipFilter != nil && !ipFilter(ip) {
+					continue
+				}
+				nets = append(nets, v)
+			}
+		}
+	}
+
+	return nets, nil
+}

installs_on_host/go2rtc/pkg/xnet/tls/tls.go

@@ -0,0 +1,63 @@
+package tls
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"time"
+)
+
+func CreateCertificate() (*tls.Certificate, error) {
+	// 1. Generate an RSA private key
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, err
+	}
+
+	// 2. Define the certificate template
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, err
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"home"},
+			CommonName:   "localhost",
+		},
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().Add(365 * 24 * time.Hour), // Valid for 1 year
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+
+		// Add localhost as a valid IP and DNS name
+		IPAddresses: []net.IP{[]byte{127, 0, 0, 1}},
+		DNSNames:    []string{"localhost"},
+	}
+
+	// 3. Create a self-signed certificate
+	// The parent is the template itself, and we use the generated public and private keys.
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	derBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	keyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
+
+	cert, err := tls.X509KeyPair(derBytes, keyBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cert, nil
+}