multi: add basic SSH tunnel support

Author: torkelrogstad

Diff for: Dockerfile

@@ -14,7 +14,14 @@ COPY . .
 
 RUN go build -v -o ./btc-buf .
 
-FROM alpine 
+FROM debian:bullseye-slim
+RUN apt-get update && \
+    apt-get install -y openssh-client && \
+    rm -rf /var/lib/apt/lists/*
+
+# Setup SSH directory
+RUN mkdir -p /root/.ssh && \
+    chmod 700 /root/.ssh
 
 COPY --from=builder /work/grpc-health-probe /usr/bin/grpc-health-probe
 COPY --from=builder /work/btc-buf /usr/bin/btc-buf

Diff for: config.go

@@ -18,6 +18,14 @@ type config struct {
 	JsonLog  bool           `long:"logging.json" description:"log to JSON format (default human readable)"`
 	LogLevel string         `long:"logging.level" description:"log level" default:"debug"`
 	Bitcoind bitcoindConfig `group:"bitcoind" namespace:"bitcoind"`
+	SSH      sshConfig      `group:"ssh" namespace:"ssh"`
+}
+
+type sshConfig struct {
+	Host       string   `long:"host" description:"host to connect to"`
+	LocalPort  int      `long:"local-port" description:"local port to connect to"`
+	RemotePort int      `long:"remote-port" description:"remote port to connect to"`
+	KnownHosts []string `long:"known-hosts"`
 }
 
 type bitcoindConfig struct {

Diff for: main.go

@@ -3,7 +3,9 @@ package main
 import (
 	"context"
 	"fmt"
+	"net"
 	"os"
+	"os/exec"
 	"os/signal"
 	"runtime/debug"
 	"time"
@@ -28,6 +30,17 @@ func realMain(cfg *config) error {
 		cancel(fmt.Errorf("received %s signal", signal))
 	}()
 
+	errs := make(chan error)
+	if cfg.SSH.Host != "" {
+		zerolog.Ctx(ctx).Info().
+			Msgf("setting up SSH tunnel: %d:localhost:%d -> %s",
+				cfg.SSH.LocalPort, cfg.SSH.RemotePort, cfg.SSH.Host,
+			)
+		if err := setupSSHTunnel(ctx, cfg.SSH, errs); err != nil {
+			return fmt.Errorf("setup SSH tunnel: %w", err)
+		}
+	}
+
 	clientCtx, clientCancel := context.WithTimeout(ctx, time.Second*10)
 	defer clientCancel()
 
@@ -38,8 +51,6 @@ func realMain(cfg *config) error {
 		return fmt.Errorf("new server: %w", err)
 	}
 
-	errs := make(chan error)
-
 	go func() {
 		if err := bitcoind.Listen(ctx, cfg.Listen); err != nil {
 			errs <- err
@@ -90,3 +101,61 @@ func findSetting(key string, settings []debug.BuildSetting) string {
 
 	return "unknown"
 }
+
+// setupSSHTunnel creates an SSH tunnel by running the ssh command
+func setupSSHTunnel(ctx context.Context, conf sshConfig, out chan<- error) error {
+	args := []string{
+		"-N",
+		"-L", fmt.Sprintf("%d:localhost:%d", conf.LocalPort, conf.RemotePort),
+		conf.Host,
+	}
+	if conf.KnownHosts != nil {
+		tempFile, err := os.CreateTemp("", "")
+		if err != nil {
+			return fmt.Errorf("create temp file: %w", err)
+		}
+
+		for _, host := range conf.KnownHosts {
+			fmt.Fprintln(tempFile, host)
+		}
+		if err := tempFile.Close(); err != nil {
+			return fmt.Errorf("close temp file: %w", err)
+		}
+
+		args = append(args, "-o", "UserKnownHostsFile="+tempFile.Name())
+	}
+	// Build SSH command with port forwarding
+	// -N: Don't execute remote command (forward only)
+	// -L: Local port forwarding
+	cmd := exec.CommandContext(ctx, "ssh", args...)
+
+	// Start the SSH tunnel
+	if err := cmd.Start(); err != nil {
+		return fmt.Errorf("starting SSH tunnel: %w", err)
+	}
+
+	// Monitor the tunnel process in background
+	go func() {
+		if err := cmd.Wait(); err != nil {
+			zerolog.Ctx(ctx).Error().
+				Err(err).
+				Msg("SSH tunnel exited unexpectedly")
+			out <- fmt.Errorf("SSH tunnel exited unexpectedly: %w", err)
+		}
+	}()
+
+	// Wait for the tunnel to be established
+	for i := 0; i < 10; i++ {
+		if conn, err := net.Dial("tcp", fmt.Sprintf("localhost:%d", conf.LocalPort)); err == nil {
+			conn.Close()
+			return nil
+		}
+		select {
+		case <-ctx.Done():
+			return fmt.Errorf("wait for SSH tunnel: %w", ctx.Err())
+		case <-time.After(time.Second):
+		}
+	}
+
+	return fmt.Errorf("timeout waiting for SSH tunnel")
+}