feat: added options for static-ip & custom root CA

[normanre]

Hello everyone,

I added these two options to configure a http.Client for the cli:

1. static-ip: With this option a static ip is used and DNS resolution is skipped but still the host of endpoint is used
2. root-ca: With this option someone can define a custom root ca

I did this because DNS and certificates resolution does not work as expected on Termux for Android. With these two additions this cli can be used for Android.

One quirk with Termux is that export HCLOUD_CONFIG="$HOME/.config/hcloud/cli.toml" has to be set (for example in .bashrc)

I hope this helps also someone else.

[phm07]

hcloud already allows configuring the API endpoint using the endpoint option. Why would it be necessary do add another option?
Also, would it not be possible to install the root CA locally?

[jooola]

You might also be able to leverage SSL_CERT_DIR or SSL_CERT_FILE to set custom root CAs.

See https://pkg.go.dev/crypto/x509#SystemCertPool

[normanre]

Yeah this is correct normally. But when using hcloud on an Android device it behaves differently.
Firstly, the problem is hcloud tries to resolve the endpoint api.hetzner.cloud using the dns server on 127.0.0.1#53 and as i understand it on android there is no dns running there. Therefore no endpoint can be set via the --endpoint-config because the dns resolution is not working. Furthermore, setting a IP in the endpoint would invalidate any server side certificates.

Secondly, the root ca also does not work, because the android system certificates are not correctly exposed to the Termux shell or at least using go. And without a rooted phone you cannot installed locally. Therefore a root CA has to be set another way. I did not know about the SSL_CERT_FILE option and will try it if it works. If so, I will revert the --root-ca parameter.

[phm07]

Where did you install hcloud from?

Termux already offers an unofficial hcloud build that should work with their distro:
https://github.com/termux/termux-packages/blob/master/packages/hcloud/build.sh
You should be able to install it using pkg install hcloud.

Their build does not set CGO_ENABLED=0 as this apparently causes DNS issues in termux, see termux/termux-packages#14332.

[normanre]

OMG. I just installed the binary straight. Sorry, for the disturbance.