github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 10:18:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #252 from firezone/more-readme-polish

Browse Source 
More readme polish; Make FireZone -> Firezone consistent
This commit is contained in:
Jamil
2021-09-27 13:07:57 -07:00
committed by GitHub
parent 9391c014f5 07b0594269
commit 2a779cacc6
43 changed files with 198 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View File

@@ -86,7 +86,7 @@ jobs:
cd omnibus
bundle install --binstubs
sudo mkdir -p /opt/firezone
sudo chown vagrant:vagrant /opt/firezone
sudo chown -R vagrant:vagrant /opt/firezone
bin/omnibus build firezone
- name: Functional Test
run: |
@@ -100,7 +100,7 @@ jobs:
- name: Cleanup
if: always()
run: |
scripts/uninstall.sh
sudo scripts/uninstall.sh
rm -rf omnibus/pkg/*
publish:

188
README.md
View File

@@ -19,64 +19,155 @@
</p>
Firezone is a simple [WireGuard](https://www.wireguard.com/) based VPN server and firewall for Linux designed to be secure, easy to manage, and quick to set up.
<p align="center">
<strong>A self-managed <a href="https://www.wireguard.com/">WireGuard</a>-based VPN server and Linux firewall designed for simplicity and security.</strong>
</p>
<hr>
![Architecture](https://user-images.githubusercontent.com/167144/134593363-870c982d-921b-4f0c-b210-e77c8860d9ca.png)
# Table of Contents
* [What is Firezone?](#what-is-firezone)
* [Features](#features)
* [Anti-features](#anti-features)
* [Deploying and Configuring](#deploying-and-configuring)
* [Supported Linux Distributions](#supported-linux-distributions)
* [Installation Instructions](#installation-instructions)
* [Configuration File](#configuration-file)
* [Using Firezone](#using-firezone)
* [Troubleshooting](#troubleshooting)
* [Uninstalling](#uninstalling)
* [Getting Support](#getting-support)
* [Developing and Contributing](#developing-and-contributing)
# What is Firezone?
Firezone can be set up in minutes to manage your WireGuard VPN through a simple web interface.
## Features
- **Fast:** [3-4 times](https://wireguard.com/performance/) faster than OpenVPN.
- **Firewall built in:** Uses [nftables](https://netfilter.org) to block
unwanted egress traffic.
- **No dependencies:** All dependencies are bundled thanks to
[Chef Omnibus](https://github.com/chef/omnibus).
- **Secure:** Runs unprivileged. HTTPS enforced. Encrypted cookies.
Firezone is a Linux package to manage your WireGuard VPN through a simple web interface.
![Firezone](./apps/fz_http/assets/static/images/firezone-usage.gif)
## Features
- **Fast:** Uses WireGuard to be [3-4 times](https://wireguard.com/performance/) faster than OpenVPN.
- **No dependencies:** All dependencies are bundled thanks to
[Chef Omnibus](https://github.com/chef/omnibus).
- **Simple:** Takes minutes to set up. Manage via a simple CLI API.
- **Secure:** Runs unprivileged. HTTPS enforced. Encrypted cookies.
- **Firewall included:** Uses Linux [nftables](https://netfilter.org) to block
unwanted egress traffic.
## Anti-features
Firezone is **not:**
- An inbound firewall
- A tool for creating mesh networks
- A full-featured router
- An IPSec or OpenVPN server
# Deploying and Configuring
Firezone is built using [Chef Omnibus](https://github.com/chef/omnibus) which
bundles all dependences into a single distributable `.deb` or `.rpm` for your
distro. All that's needed is Linux kernel 4.19 or newer with proper WireGuard
support. We recommend Linux 5.6 or higher since [it has WireGuard
support](https://lwn.net/ml/linux-kernel/CA+55aFz5EWE9OTbzDoMfsY2ez04Qv9eg0KQhwKfyJY0vFvoD3g@mail.gmail.com/)
built-in.
Firezone consists of a single distributable Linux package that you install and
manage yourself. Management of the Firezone installation is handled by the
`firezone-ctl` utility while management of the VPN and firewall themselves are
handled by the Web UI.
## Requirements
Firezone acts as a frontend to both the WireGuard kernel module and
[netfilter](https://netfilter.org) kernel subsystem. It creates a WireGuard
interface (by default called `wg-firezone`) and
`firezone` netfilter table and adds appropriate routes to the routing
table. Other programs that modify the Linux routing table or netfilter firewall
may interfere with Firezone's operation.
Firezone currently supports the following Linux distributions:
| Name | Status | Notes |
| --- | --- | --- |
| CentOS 7 | **Fully-supported** | Kernel upgrade to `kernel-lt` or `kernel-ml` required. See [this guide](https://medium.com/@nazishalam07/update-centos-kernel-3-10-to-5-13-latest-9462b4f1e62c) for an example. |
| CentOS 8 | **Fully-supported** | Works as-is |
| Ubuntu 18.04 | **Fully-supported** | WireGuard must be installed: `apt install wireguard-dkms`. We also recommend updating the kernel to 5.4 or higher: `apt install linux-image-generic-hwe-18.04` |
| Ubuntu 20.04 | **Fully-supported** | Works as-is |
| Debian 10 | **Fully-supported** | Kernel upgrade required. See [this guide](https://jensd.be/968/linux/install-a-newer-kernel-in-debian-10-buster-stable) for an example. |
| Debian 11 | **Fully-supported** | Works as-is |
| Fedora 33 | **Fully-supported** | Works as-is |
| Fedora 34 | **Fully-supported** | Works as-is |
If your distro isn't listed here please [open an issue](https://github.com/firezone/firezone/issues/new/choose) and let us know.
### SSL
Firezone requires a valid SSL certificate and a matching DNS record to run in
production. We recommend using [Let's Encrypt](https://letsencrypt.org) to
generate a free SSL cert for your domain.
### Security Considerations
Firezone is **beta** software. We highly recommend **limiting network access to
the Web UI** to prevent exposing it to the public Internet.
## Supported Linux Distributions
Firezone currently supports the following distributions:
| Name | Status | Notes |
| --- | --- | --- |
| CentOS 7 | **Fully-supported** | See [CentOS 7 Notes](#centos-7-notes) |
| CentOS 8 | **Fully-supported** | Works as-is |
| Ubuntu 18.04 | **Fully-supported** | See [Ubuntu 18.04 Notes](#ubuntu-1804-notes) |
| Ubuntu 20.04 | **Fully-supported** | Works as-is |
| Debian 10 | **Fully-supported** | See [Debian 10 Notes](#debian-10-notes)|
| Debian 11 | **Fully-supported** | Works as-is |
| Fedora 33 | **Fully-supported** | Works as-is |
| Fedora 34 | **Fully-supported** | Works as-is |
If your distro isn't listed here please
[open an issue](https://github.com/firezone/firezone/issues/new/choose) and let
us know. New distros are being supported on a regular basis and there's a good
chance yours will be added soon.
### CentOS 7 Notes
Kernel upgrade to 4.19+ required. See [this guide
](https://medium.com/@nazishalam07/update-centos-kernel-3-10-to-5-13-latest-9462b4f1e62c)
for an example.
### Ubuntu 18.04 Notes
Kernel upgrade to 4.19+ required. E.g. `apt install linux-image-generic-hwe-18.04`
### Debian 10 Notes
Kernel upgrade to 4.19+ required. See [this guide
](https://jensd.be/968/linux/install-a-newer-kernel-in-debian-10-buster-stable)
for an example.
## Installation Instructions
1. Download the relevant package for your distribution from the [releases page](https://github.com/firezone/firezone/releases).
2. Install with `sudo rpm -i firezone-<version>.rpm` or `sudo dpkg -i firezone-<version>.deb` depending on your distribution.
3. Bootstrap the application with `sudo firezone-ctl reconfigure`. This will initialize config files, set up needed services and generate the default configuration.
4. Edit the default configuration at `/etc/firezone/firezone.rb`. At a minimum, you'll need to make sure `default['firezone']['fqdn']`, `default['firezone']['url_host']`, `default['firezone']['ssl']['certificate']`, and `default['firezone']['ssl']['certificate_key']` are set properly.
5. Reconfigure the application to pick up the new changes: `sudo firezone-ctl reconfigure`.
6. Finally, create an admin user with `sudo firezone-ctl create_admin`. Check the console for the login credentials.
7. Now you should be able to log into the web UI at `https://<your-server-fqdn>`
Assuming you're running Linux kernel 4.19+ on one of the supported distros
listed above, follow these steps to setup and install Firezone:
1. [Install WireGuard](https://www.wireguard.com/install/) for your distro. If using Linux kernel 5.6 or higher, skip
this step.
2. Download the relevant package for your distribution from the
[releases page](https://github.com/firezone/firezone/releases).
3. Install with `sudo rpm -i firezone-*.rpm` or `sudo dpkg -i firezone-*.deb`
depending on your distro.
4. Bootstrap the application with `sudo firezone-ctl reconfigure`. This will initialize config files, set up needed services and generate the default configuration.
5. Edit the default configuration located at `/etc/firezone/firezone.rb`.
At a minimum, you'll need to review the following configuration variables:
```ruby
# Auto-generated based on the server's hostname.
# Set this to the FQDN used to access the Web UI.
default['firezone']['fqdn'] = 'firezone.example.com'
# ...
# Specify the path to your SSL cert and private key.
# If set to nil, a self-signed cert will be generated for you.
default['firezone']['ssl']['certificate'] = '/path/to/cert.pem'
default['firezone']['ssl']['certificate_key'] = '/path/to/key.pem'
```
6. Reconfigure the application to pick up the new changes: `sudo firezone-ctl reconfigure`.
7. Finally, create an admin user with `sudo firezone-ctl create_admin`.
The login credentials will be printed to the console output.
8. Now you should be able to log into the web UI at the FQDN you specified in
step 5 above, e.g. `https://firezone.example.com`
## Configuration File
User-configurable settings can be found in `/etc/firezone/firezone.rb`.
Changing this file **requires re-running** `sudo firezone-ctl reconfigure` to pick up
the changes and apply them to the running system.
# Using Firezone
@@ -132,16 +223,16 @@ Service Management Commands:
Send the services a USR2.
```
User-configurable settings can be found in `/etc/firezone/firezone.rb`.
Changing this file **requires re-running** `sudo firezone-ctl reconfigure` to pick up
the changes and apply them to the running system.
## Troubleshooting
For any problems that arise, a good first bet is to check the Firezone logs.
To view Firezone logs, run `sudo firezone-ctl tail`.
Occasionally, during a `sudo firezone-ctl reconfigure`, the `phoenix` will fail
to start with a `TIMEOUT` error like below:
### Phoenix restart times out
Occasionally, during a `sudo firezone-ctl reconfigure`, the `phoenix` service
will fail to start with a `TIMEOUT` error like below:
```
================================================================================
@@ -159,16 +250,15 @@ Ran /opt/firezone/embedded/bin/sv restart /opt/firezone/service/phoenix returned
```
This happens because of the way phoenix handles input before fully starting up.
To workaround, simply run `sudo firezone-ctl reconfigure` once more everything
To workaround, simply run `sudo firezone-ctl reconfigure` once more and everything
should start fine.
## Uninstalling
To completely remove Firezone and its configuration files, run the [uninstall.sh
script](https://github.com/firezone/firezone/blob/master/scripts/uninstall.sh):
`curl -L https://github.com/firezone/firezone/raw/master/scripts/uninstall.sh | sudo bash -E`
`sudo /bin/bash -c "$(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/uninstall.sh)"
**Warning**: This will irreversibly destroy ALL Firezone data and can't be
undone.
@@ -176,7 +266,7 @@ undone.
# Getting Support
For help, feedback or contributions please join our [Slack group](https://admin.typeform.com/form/rpMtkZw4/create?block=a9c11a46-1dcf-4155-b447-0d8ce5700d5f). We're actively working to improve Firezone, and the Slack group is the best way to coordinate our efforts.
## Developing and Contributing
# Developing and Contributing
- See [CONTRIBUTING.md](CONTRIBUTING.md).
- Report issues and bugs in [this Github project]().

2
apps/fz_http/README.md
View File

@@ -1,3 +1,3 @@
# FzHttp
Phoenix app for managing FireZone.
Phoenix app for managing Firezone.

2
apps/fz_http/lib/fz_http_web/templates/layout/auth.html.heex
View File

@@ -5,7 +5,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<%= csrf_meta_tag() %>
<%= live_title_tag assigns[:page_title] || "FireZone" %>
<%= live_title_tag assigns[:page_title] || "Firezone" %>
<link phx-track-static rel="stylesheet" href={Routes.static_path(@conn, "/css/app.css")} />
<script defer phx-track-static type="text/javascript" src={Routes.static_path(@conn, "/js/app.js")}></script>

4
apps/fz_http/lib/fz_http_web/templates/layout/root.html.heex
View File

@@ -5,7 +5,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<%= csrf_meta_tag() %>
<%= live_title_tag assigns[:page_title], prefix: "FireZone • " %>
<%= live_title_tag assigns[:page_title], prefix: "Firezone • " %>
<link phx-track-static rel="stylesheet" href={Routes.static_path(@conn, "/css/app.css")} />
<script defer phx-track-static type="text/javascript" src={Routes.static_path(@conn, "/js/app.js")}></script>
@@ -64,7 +64,7 @@
<aside class="aside is-placed-left is-expanded">
<div class="aside-tools">
<div class="aside-tools-label">
<span>FireZone</span>
<span>Firezone</span>
</div>
</div>
<div class="menu is-menu-main">

2
apps/fz_wall/lib/fz_wall/cli/live.ex
View File

@@ -3,7 +3,7 @@ defmodule FzWall.CLI.Live do
A low-level module for interacting with the nftables CLI.
Rules operate on the nftables forward chain to deny outgoing packets to
specified IP addresses, ports, and protocols from FireZone device IPs.
specified IP addresses, ports, and protocols from Firezone device IPs.
"""
import FzCommon.CLI

8
docs/index.html
View File

@@ -2,13 +2,13 @@
<html lang="en">
<head>
<meta charset="utf-8">
<title>FireZone: Firewall + Web Gui for WireGuard</title>
<title>Firezone: Firewall + Web Gui for WireGuard</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<main>
<header>
<img class="logo" src="img/logo.svg" alt="FireZone Logo">
<img class="logo" src="img/logo.svg" alt="Firezone Logo">
<nav>
<ul class="nav-links">
<li>
@@ -28,7 +28,7 @@
</header>
<section>
<div class="content">
<h1>FireZone</h1>
<h1>Firezone</h1>
<a name="introduction"></a>
<h2>Introduction</h2>
@@ -45,7 +45,7 @@
</section>
<footer>
<div>
© 2020 FireZone LLC
© 2020 Firezone LLC
</div>
</footer>
</main>

2
mix.exs
View File

@@ -1,6 +1,6 @@
defmodule FirezoneUmbrella.MixProject do
@moduledoc """
Welcome to the FireZone Elixir Umbrella Project
Welcome to the Firezone Elixir Umbrella Project
"""
use Mix.Project

4
omnibus/config/projects/firezone.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright 2021 FireZone
# Copyright 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
#
name "firezone"
maintainer "FireZone"
maintainer "Firezone"
homepage "https://firez.one"
license "Apache-2.0"
license_file "../LICENSE"

2
omnibus/config/software/autoconf.rb
View File

@@ -28,7 +28,7 @@ dependency "m4"
version("2.69") { source sha256: "954bd69b391edc12d6a4a51a2dd1476543da5c6bbf05a95b59dc0dd6fd4c2969" }
version("2.71") { source sha256: "431075ad0bf529ef13cb41e9042c542381103e80015686222b8a9d4abef42a1c" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/autoconf/autoconf-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/autoconf/autoconf-#{version}.tar.gz"
relative_path "autoconf-#{version}"

2
omnibus/config/software/automake.rb
View File

@@ -30,7 +30,7 @@ version("1.16") { source sha256: "80da43bb5665596ee389e6d8b64b4f122ea4b92a685b1d
version("1.15") { source sha256: "7946e945a96e28152ba5a6beb0625ca715c6e32ac55f2e353ef54def0c8ed924" }
version("1.11.2") { source sha256: "c339e3871d6595620760725da61de02cf1c293af8a05b14592d6587ac39ce546" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/automake/automake-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/automake/automake-#{version}.tar.gz"
relative_path "automake-#{version}"

2
omnibus/config/software/bison.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/elixir.rb
View File

@@ -1,7 +1,7 @@
# frozen_string_literal: true
# Copyright 2017 Chef Software, Inc.
# Copyright 2021 FireZone
# Copyright 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/erlang.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright:: Chef Software, Inc.
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/firezone-scripts.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright:: Copyright (c) 2015 GitLab B.V.
# Copyright:: Copyright (c) 2021 FireZone
# Copyright:: Copyright (c) 2021 Firezone
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

2
omnibus/config/software/firezone.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright 2021 FireZone
# Copyright 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/flex.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

4
omnibus/config/software/gawk.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,7 +20,7 @@ default_version "5.1.0"
version("5.1.0") { source sha256: "03a0360edcd84bec156fe211bbc4fc8c78790973ce4e8b990a11d778d40b1a26" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/gawk/gawk-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/gawk/gawk-#{version}.tar.gz"
relative_path "gawk-#{version}"

4
omnibus/config/software/gettext.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ dependency "liblzma"
dependency "icu"
dependency "pkg-config"
source url: "https://mirrors.ocf.berkeley.edu/gnu/gettext/gettext-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/gettext/gettext-#{version}.tar.gz"
version("0.21") do
source sha256: "c77d0da3102aec9c07f43671e60611ebff89a996ef159497ce8e59d075786b12"
end

2
omnibus/config/software/gmp.rb
View File

@@ -23,7 +23,7 @@ version("6.2.1") { source sha256: "eae9326beb4158c386e39a356818031bd28f3124cf91
version("6.1.0") { source sha256: "498449a994efeba527885c10405993427995d3f86b8768d8cdf8d9dd7c6b73e8" }
version("6.0.0a") { source sha256: "7f8e9a804b9c6d07164cf754207be838ece1219425d64e28cfa3e70d5c759aaf" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/gmp/gmp-#{version}.tar.bz2"
source url: "https://mirrors.kernel.org/gnu/gmp/gmp-#{version}.tar.bz2"
if version == "6.0.0a"
# version 6.0.0a expands to 6.0.0

2
omnibus/config/software/libiconv.rb
View File

@@ -30,7 +30,7 @@ dependency "config_guess"
version("1.15") { source sha256: "ccf536620a45458d26ba83887a983b96827001e92a13847b45e4925cc8913178" }
version("1.16") { source sha256: "e6a1b1b589654277ee790cce3734f07876ac4ccfaecbee8afa0b649cf529cc04" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/libiconv/libiconv-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/libiconv/libiconv-#{version}.tar.gz"
relative_path "libiconv-#{version}"

2
omnibus/config/software/libmnl.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright FireZone
# Copyright Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/libnftnl.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright FireZone
# Copyright Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/libtool.rb
View File

@@ -30,7 +30,7 @@ version("2.4.6") { source sha256: "e3bd4d5d3d025a36c21dd6af7ea818a2afcd4dfc1ea5a
version("2.4.2") { source sha256: "b38de44862a987293cd3d8dfae1c409d514b6c4e794ebc93648febf9afc38918" }
version("2.4") { source sha256: "13df57ab63a94e196c5d6e95d64e53262834fe780d5e82c28f177f9f71ddf62e" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/libtool/libtool-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/libtool/libtool-#{version}.tar.gz"
relative_path "libtool-#{version}"

2
omnibus/config/software/linenoise.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright 2012-2014 FireZone
# Copyright 2012-2014 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/m4.rb
View File

@@ -24,7 +24,7 @@ skip_transitive_dependency_licensing true
version("1.4.18") { source sha256: "ab2633921a5cd38e48797bf5521ad259bdc4b979078034a3b790d7fec5493fab" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/m4/m4-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/m4/m4-#{version}.tar.gz"
relative_path "m4-#{version}"

2
omnibus/config/software/ncurses.rb
View File

@@ -35,7 +35,7 @@ version("6.2") { source sha256: "30306e0c76e0f9f1f0de987cf1c82a5c21e1ce6568b9227
version("6.1") { source sha256: "aa057eeeb4a14d470101eff4597d5833dcef5965331be3528c08d99cebaa0d17" }
version("5.9") { source sha256: "9046298fb440324c9d4135ecea7879ffed8546dd1b58e59430ea07a4633f563b" }
source url: "https://mirrors.ocf.berkeley.edu/gnu/ncurses/ncurses-#{version}.tar.gz"
source url: "https://mirrors.kernel.org/gnu/ncurses/ncurses-#{version}.tar.gz"
relative_path "ncurses-#{version}"

2
omnibus/config/software/nftables.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright:: FireZone
# Copyright:: Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/config/software/wireguard-tools.rb
View File

@@ -1,6 +1,6 @@
# frozen_string_literal: true
# Copyright 2021 FireZone
# Copyright 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb
View File

@@ -3,7 +3,7 @@
require "mixlib/shellout"
add_command "reset_network", "Resets nftables, WireGuard interface, "\
"and routing table back to FireZone defaults", 1 do
"and routing table back to Firezone defaults", 1 do
command = %W(
chef-client
-z

2
omnibus/cookbooks/firezone/files/default/ctl-commands/version.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright:: Copyright (c) 2019 Chef Software, Inc.
# Copyright:: Copyright (c) 2021 FireZone, Inc.
# Copyright:: Copyright (c) 2021 Firezone, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

12
omnibus/cookbooks/firezone/libraries/config.rb
View File

@@ -70,42 +70,42 @@ class Firezone
Chef::Log.warn 'Using secret_key_base from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['secret_key_base']
else
Chef::Log.warn 'No secret_key_base set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No secret_key_base set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(48)
end
live_view_signing_salt = if node['firezone'] && node['firezone']['live_view_signing_salt']
Chef::Log.warn 'Using live_view_signing_salt from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['live_view_signing_salt']
else
Chef::Log.warn 'No live_view_signing_salt set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No live_view_signing_salt set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(24)
end
cookie_signing_salt = if node['firezone'] && node['firezone']['cookie_signing_salt']
Chef::Log.warn 'Using cookie_signing_salt from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['cookie_signing_salt']
else
Chef::Log.warn 'No cookie_signing_salt set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No cookie_signing_salt set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(6)
end
wireguard_private_key = if node['firezone'] && node['firezone']['wireguard_private_key']
Chef::Log.warn 'Using wireguard_private_key from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['wireguard_private_key']
else
Chef::Log.warn 'No wireguard_private_key set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No wireguard_private_key set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
`#{node['firezone']['install_directory']}/embedded/bin/wg genkey`.chomp
end
database_encryption_key = if node['firezone'] && node['firezone']['database_encryption_key']
Chef::Log.warn 'Using database_encryption_key from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['database_encryption_key']
else
Chef::Log.warn 'No database_encryption_key set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No database_encryption_key set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(32)
end
default_admin_password = if node['firezone'] && node['firezone']['default_admin_password']
Chef::Log.warn 'Using default_admin_password from firezone.json. This value should really be managed in secrets.json. Writing to secrets.json.'
node['firezone']['default_admin_password']
else
Chef::Log.warn 'No default_admin_password set! Generating and writing one to secrets.json. If this FireZone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
Chef::Log.warn 'No default_admin_password set! Generating and writing one to secrets.json. If this Firezone installation has multiple hosts, you must duplicate the secrets.json file exactly across all hosts.'
SecureRandom.base64(8)
end

2
omnibus/cookbooks/firezone/metadata.rb
View File

@@ -1,5 +1,5 @@
name 'firezone'
maintainer 'FireZone'
maintainer 'Firezone'
maintainer_email 'infra@firez.one'
license 'Apache-2.0'
description 'Installs/Configures firezone'

2
omnibus/cookbooks/firezone/recipes/config.rb
View File

@@ -3,7 +3,7 @@
# Recipe:: config
#
# Copyright:: 2014 Chef Software, Inc.
# Copyright:: 2021 FireZone
# Copyright:: 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/cookbooks/firezone/recipes/create_admin.rb
View File

@@ -31,7 +31,7 @@ log 'admin_created' do
msg = <<~MSG
=================================================================================
FireZone user created! Save this information because it will NOT be shown again.
Firezone user created! Save this information because it will NOT be shown again.
Use this to log into the Web UI.

2
omnibus/cookbooks/firezone/recipes/database.rb
View File

@@ -3,7 +3,7 @@
# Recipe:: database
#
# Copyright:: 2014 Chef Software, Inc.
# Copyright:: 2021 FireZone
# Copyright:: 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/cookbooks/firezone/recipes/default.rb
View File

@@ -3,7 +3,7 @@
# Cookbook:: firezone
# Recipe:: default
#
# Copyright:: 2021, FireZone, All Rights Reserved.
# Copyright:: 2021, Firezone, All Rights Reserved.
include_recipe "firezone::config"
include_recipe "firezone::setcap"

4
omnibus/cookbooks/firezone/recipes/network.rb
View File

@@ -3,10 +3,10 @@
# Cookbook:: firezone
# Recipe:: network
#
# Copyright:: 2021, FireZone, All Rights Reserved.
# Copyright:: 2021, Firezone, All Rights Reserved.
# Set up wireguard interface, default routes, and firewall
# rules so that FireZone can run without a hitch.
# rules so that Firezone can run without a hitch.
#
# This recipe basically performs the work of wg-quick without having to
# have a configuration file.

2
omnibus/cookbooks/firezone/recipes/phoenix.rb
View File

@@ -4,7 +4,7 @@
# Recipe:: phoenix
#
# Copyright:: 2014 Chef Software, Inc.
# Copyright:: 2021 FireZone
# Copyright:: 2021 Firezone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
omnibus/cookbooks/firezone/recipes/setcap.rb
View File

@@ -3,7 +3,7 @@
# Cookbook:: firezone
# Recipe:: setcap
#
# Copyright:: 2021, FireZone, All Rights Reserved.
# Copyright:: 2021, Firezone, All Rights Reserved.
# Set capabilities for executables so they can be run without
# root privileges.

2
omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
View File

@@ -77,7 +77,7 @@ server {
}
<% if @nginx['cache']['enable'] -%>
# TODO: Is this useful to FireZone?
# TODO: Is this useful to Firezone?
location ~ ^/api/v1/cookbooks/.*/versions/.*(/download)?$ {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;

10
omnibus/package-scripts/firezone/postinst.old
View File

@@ -1,6 +1,6 @@
#!/bin/sh
set -e
# FireZone package post-install script
# Firezone package post-install script
#
# Perform necessary firezone setup steps
# after package is installed.
@@ -18,7 +18,7 @@ set -e
#
# set_capabilities()
# {
# # Allow FireZone to control wireguard interface and firewall
# # Allow Firezone to control wireguard interface and firewall
# setcap cap_net_raw,cap_net_admin+eip ${install_dir}/embedded/bin/wg
# setcap cap_net_raw,cap_net_admin+eip ${install_dir}/embedded/bin/nft
# }
@@ -67,7 +67,7 @@ set -e
# chown firezone:root ${install_dir}/embedded/etc/firezone/secret
# chmod 770 ${install_dir}/embedded/etc/firezone/secret
#
# # Write FireZone SSL files
# # Write Firezone SSL files
# ssl_key_file=${install_dir}/embedded/etc/firezone/secret/key.pem
# ssl_cert_file=${install_dir}/embedded/etc/firezone/cert.pem
# hostname=$(hostname)
@@ -86,14 +86,14 @@ set -e
# db_key="$(openssl rand -base64 32)"
# wg_server_key="$(wg genkey)"
#
# # Write FireZone config file
# # Write Firezone config file
# if [ -f ${install_dir}/embedded/etc/firezone/secret/secrets.env ]; then
# echo "config file exists; not creating"
# else
#
# umask 037
# cat <<EOT > ${install_dir}/embedded/etc/firezone/secret/secrets.env
# # This file is loaded into FireZone's Environment upon launch to configure it.
# # This file is loaded into Firezone's Environment upon launch to configure it.
#
# # Warning: changing anything here can result in data loss. Make sure you know
# # what you're doing!

1
scripts/uninstall.sh
View File

@@ -1,5 +1,4 @@
#!/bin/sh
set -ex
echo 'Removing all Firezone configuration data...'
firezone-ctl cleanse yes