fix(portal): prefix privileged cmds with sudo (#10978)

The copy-paste functionality for these is broken if you are not already on a root shell. If you are, then prefixing with `sudo` is essentially a no-op and doesn't hurt. To reduce friction here with the vast majority of end-user VMs we prefix all privileged commands with `sudo` for them. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-27 02:18:47 +00:00 · 2025-11-26 20:14:51 -08:00
parent 05efcfe31a
commit 1a806f3399
1 changed files with 26 additions and 26 deletions
--- a/elixir/apps/web/lib/web/live/sites/new_token.ex
+++ b/elixir/apps/web/lib/web/live/sites/new_token.ex
@@ -98,18 +98,7 @@ defmodule Web.Sites.NewToken do
              ><%= debian_command_install() %></.code_block>

              <p class="p-6">
-                Step 3: Copy the token:
-              </p>
-
-              <.code_block
-                id="code-sample-debian3"
-                class="w-full text-xs whitespace-pre-line"
-                phx-no-format
-                phx-update="ignore"
-              ><%= token(@env) %></.code_block>
-
-              <p class="p-6">
-                Step 4: Configure the token:
+                Step 3: Configure a token:
              </p>

              <.code_block
@@ -119,6 +108,17 @@ defmodule Web.Sites.NewToken do
                phx-update="ignore"
              ><%= debian_command_authenticate() %></.code_block>

+              <p class="p-6">
+                Step 4: Use the below token when prompted:
+              </p>
+
+              <.code_block
+                id="code-sample-debian3"
+                class="w-full text-xs whitespace-pre-line"
+                phx-no-format
+                phx-update="ignore"
+              ><%= token(@env) %></.code_block>
+
              <p class="p-6">
                Step 5: You are now ready to manage the Gateway using the <code>firezone</code> CLI.
              </p>
@@ -312,22 +312,22 @@ defmodule Web.Sites.NewToken do

  defp debian_command_apt_repository do
    """
-    mkdir --parents /etc/apt/keyrings
-    wget -qO- https://artifacts.firezone.dev/apt/key.gpg | gpg --dearmor -o /etc/apt/keyrings/firezone.gpg
-    echo "deb [signed-by=/etc/apt/keyrings/firezone.gpg] https://artifacts.firezone.dev/apt/ stable main" > /etc/apt/sources.list.d/firezone.list
+    sudo mkdir --parents /etc/apt/keyrings
+    wget -qO- https://artifacts.firezone.dev/apt/key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/firezone.gpg
+    echo "deb [signed-by=/etc/apt/keyrings/firezone.gpg] https://artifacts.firezone.dev/apt/ stable main" | sudo tee /etc/apt/sources.list.d/firezone.list > /dev/null
    """
  end

  defp debian_command_install do
    """
-    apt update
-    apt install firezone-gateway
+    sudo apt update
+    sudo apt install firezone-gateway
    """
  end

  defp debian_command_authenticate do
    """
-    firezone gateway authenticate
+    sudo firezone gateway authenticate
    """
  end

@@ -365,14 +365,14 @@ defmodule Web.Sites.NewToken do

  defp manual_command_masquerading do
    """
-    iptables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i tun-firezone -j ACCEPT
-    iptables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o tun-firezone -j ACCEPT
-    iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
-    iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
-    ip6tables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i tun-firezone -j ACCEPT
-    ip6tables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o tun-firezone -j ACCEPT
-    ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
-    ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
+    sudo iptables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || sudo iptables -A FORWARD -i tun-firezone -j ACCEPT
+    sudo iptables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || sudo iptables -A FORWARD -o tun-firezone -j ACCEPT
+    sudo iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || sudo iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
+    sudo iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || sudo iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
+    sudo ip6tables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || sudo ip6tables -A FORWARD -i tun-firezone -j ACCEPT
+    sudo ip6tables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || sudo ip6tables -A FORWARD -o tun-firezone -j ACCEPT
+    sudo ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || sudo ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
+    sudo ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || sudo ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
    """
  end