chore(portal): Update Gateways deploy UI (#4352)

Closes #4019

<img width="1728" alt="Screenshot 2024-03-27 at 14 53 30"
src="https://github.com/firezone/firezone/assets/1877644/a2b8850e-49b7-4379-9851-5cb5453018d5">

<img width="1728" alt="Screenshot 2024-03-27 at 14 53 32"
src="https://github.com/firezone/firezone/assets/1877644/5b35c045-6db8-4522-bba8-794d68eae879">

elixir/apps/web/lib/web/live/sites/new_token.ex

@@ -125,6 +125,49 @@ defmodule Web.Sites.NewToken do
                 >enable IPv6 in the Docker daemon</.link>.
               </p>
             </:tab>
+            <:tab
+              id="binary-instructions"
+              label="Manually"
+              phx_click="tab_selected"
+              selected={@selected_tab == "binary-instructions"}
+            >
+              <p class="p-4">
+                <.link
+                  href="https://www.github.com/firezone/firezone/releases?utm_source=deploy_gateway"
+                  target="_blank"
+                  class={link_style()}
+                >
+                  Download the latest binary
+                </.link>
+                from GitHub releases to your server and make sure the following environment variables are set:
+              </p>
+
+              <.code_block
+                id="code-sample-binary1"
+                class="w-full text-xs whitespace-pre-line"
+                phx-no-format
+                phx-update="ignore"
+              ><%= manual_command(@env) %></.code_block>
+
+              <p class="p-4">
+                See
+                <.link
+                  href="https://www.firezone.dev/kb/deploy/gateways#environment_variables"
+                  target="_blank"
+                  class={link_style()}
+                >
+                  the Gateway docs
+                </.link>
+                for a full list of environment variables.
+              </p>
+
+              <p class="p-4">
+                <strong>Important:</strong>
+                You'll need to make sure that the <code>iptables</code>
+                and <code>ip6tables</code>
+                commands are available on your system.
+              </p>
+            </:tab>
           </.tabs>
 
           <div id="connection-status" class="flex justify-between items-center">
@@ -164,10 +207,8 @@ defmodule Web.Sites.NewToken do
       end
 
     [
-      {"FIREZONE_ID", Ecto.UUID.generate()},
       {"FIREZONE_TOKEN", encoded_token},
-      api_url_override,
-      {"RUST_LOG", "info"}
+      api_url_override
     ]
     |> Enum.reject(&is_nil/1)
   end
@@ -199,113 +240,14 @@ defmodule Web.Sites.NewToken do
 
   defp systemd_command(env) do
     """
-    ( install_firezone() {
+    #{Enum.map_join(env, " \\\n", fn {key, value} -> "#{key}=\"#{value}\"" end)} \\
+      bash <(curl -fsSL https://raw.githubusercontent.com/firezone/firezone/main/scripts/gateway-systemd-install.sh)
+    """
+  end
 
-    # Create firezone user and group
-    sudo groupadd -f firezone
-    id -u firezone > /dev/null 2>&1 || sudo useradd -r -g firezone -s /sbin/nologin firezone
-
-    # Create systemd unit file
-    cat << EOF | sudo tee /etc/systemd/system/firezone-gateway.service
-    [Unit]
-    Description=Firezone Gateway
-    After=network.target
-    Documentation=https://www.firezone.dev/kb
-
-    [Service]
-    Type=simple
-    #{Enum.map_join(env, "\n", fn {key, value} -> "Environment=\"#{key}=#{value}\"" end)}
-    ExecStartPre=/usr/local/bin/firezone-gateway-init
-    ExecStart=/usr/bin/sudo \\\\
-      --preserve-env=FIREZONE_NAME,FIREZONE_ID,FIREZONE_TOKEN,FIREZONE_API_URL,RUST_LOG \\\\
-      -u firezone \\\\
-      -g firezone \\\\
-      /usr/local/bin/firezone-gateway
-    TimeoutStartSec=3s
-    TimeoutStopSec=15s
-    Restart=always
-    RestartSec=7
-
-    [Install]
-    WantedBy=multi-user.target
-    EOF
-
-    # Create ExecStartPre script
-    cat << EOF | sudo tee /usr/local/bin/firezone-gateway-init
-    #!/bin/sh
-
-    set -ue
-
-    # Download latest version of the gateway if it doesn't already exist
-    if [ ! -e /usr/local/bin/firezone-gateway ]; then
-      echo "/usr/local/bin/firezone-gateway not found. Downloading latest version..."
-      FIREZONE_VERSION=\\$(curl -Ls \\\\
-        -H "Accept: application/vnd.github+json" \\\\
-        -H "X-GitHub-Api-Version: 2022-11-28" \\\\
-        "https://api.github.com/repos/firezone/firezone/releases/latest" | grep '"tag_name":' | sed 's/.*"tag_name": "\\([^"]*\\).*/\\1/'
-      )
-      [ "\\$FIREZONE_VERSION" = "" ] && echo "[Error] Cannot fetch latest version. Rate-limited by GitHub?" && exit 1
-      echo "Downloading Firezone Gateway version \\$FIREZONE_VERSION"
-      arch=\\$(uname -m)
-      case \\$arch in
-        aarch64)
-          bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm64"
-          ;;
-        armv7l)
-          bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm"
-          ;;
-        x86_64)
-          bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-x64"
-          ;;
-        *)
-          echo "Unsupported architecture"
-          exit 1
-      esac
-      curl -Ls \\$bin_url -o /usr/local/bin/firezone-gateway
-    else
-      echo "/usr/local/bin/firezone-gateway found. Skipping download."
-    fi
-
-    # Set proper capabilities and permissions on each start
-    chgrp firezone /usr/local/bin/firezone-gateway
-    chmod 0750 /usr/local/bin/firezone-gateway
-    setcap 'cap_net_admin+eip' /usr/local/bin/firezone-gateway
-    mkdir -p /var/lib/firezone
-    chown firezone:firezone /var/lib/firezone
-    chmod 0775 /var/lib/firezone
-
-    # Enable masquerading for ethernet and wireless interfaces
-    iptables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i tun-firezone -j ACCEPT
-    iptables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o tun-firezone -j ACCEPT
-    iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
-    iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
-    ip6tables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i tun-firezone -j ACCEPT
-    ip6tables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o tun-firezone -j ACCEPT
-    ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
-    ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
-
-    # Enable packet forwarding
-    sysctl -w net.ipv4.ip_forward=1
-    sysctl -w net.ipv4.conf.all.src_valid_mark=1
-    sysctl -w net.ipv6.conf.all.disable_ipv6=0
-    sysctl -w net.ipv6.conf.all.forwarding=1
-    sysctl -w net.ipv6.conf.default.forwarding=1
-    EOF
-
-    # Make ExecStartPre script executable
-    sudo chmod +x /usr/local/bin/firezone-gateway-init
-
-    # Reload systemd
-    sudo systemctl daemon-reload
-
-    # Enable the service to start on boot
-    sudo systemctl enable firezone-gateway
-
-    # Start the service
-    sudo systemctl start firezone-gateway
-
-    }
-    install_firezone )
+  defp manual_command(env) do
+    """
+    #{Enum.map_join(env, "\n", fn {key, value} -> "#{key}=#{value}" end)})
     """
   end
 

elixir/apps/web/test/web/live/sites/new_token_test.exs

@@ -31,8 +31,10 @@ defmodule Web.Live.Sites.NewTokenTest do
     assert html =~ "docker run"
     assert html =~ "Waiting for connection..."
 
-    assert Regex.run(~r/FIREZONE_ID=([^& ]+)/, html) |> List.last()
-    token = Regex.run(~r/FIREZONE_TOKEN=([^& ]+)/, html) |> List.last() |> String.trim(""")
+    token =
+      Regex.run(~r/FIREZONE_TOKEN=([^&\n ]+)/, html)
+      |> List.last()
+      |> String.trim(""")
 
     :ok = Domain.Gateways.subscribe_to_gateways_presence_in_group(group)
     context = Fixtures.Auth.build_context(type: :gateway_group)