diff --git a/elixir/apps/web/lib/web/live/sites/new_token.ex b/elixir/apps/web/lib/web/live/sites/new_token.ex
index 92f737d28..5ebbdc5ad 100644
--- a/elixir/apps/web/lib/web/live/sites/new_token.ex
+++ b/elixir/apps/web/lib/web/live/sites/new_token.ex
@@ -125,6 +125,49 @@ defmodule Web.Sites.NewToken do
>enable IPv6 in the Docker daemon.
+ <:tab
+ id="binary-instructions"
+ label="Manually"
+ phx_click="tab_selected"
+ selected={@selected_tab == "binary-instructions"}
+ >
+
+ <.link
+ href="https://www.github.com/firezone/firezone/releases?utm_source=deploy_gateway"
+ target="_blank"
+ class={link_style()}
+ >
+ Download the latest binary
+
+ from GitHub releases to your server and make sure the following environment variables are set:
+
+
+ <.code_block
+ id="code-sample-binary1"
+ class="w-full text-xs whitespace-pre-line"
+ phx-no-format
+ phx-update="ignore"
+ ><%= manual_command(@env) %>
+
+
+ See
+ <.link
+ href="https://www.firezone.dev/kb/deploy/gateways#environment_variables"
+ target="_blank"
+ class={link_style()}
+ >
+ the Gateway docs
+
+ for a full list of environment variables.
+
+
+
+ Important:
+ You'll need to make sure that the iptables
+ and ip6tables
+ commands are available on your system.
+
+
@@ -164,10 +207,8 @@ defmodule Web.Sites.NewToken do
end
[
- {"FIREZONE_ID", Ecto.UUID.generate()},
{"FIREZONE_TOKEN", encoded_token},
- api_url_override,
- {"RUST_LOG", "info"}
+ api_url_override
]
|> Enum.reject(&is_nil/1)
end
@@ -199,113 +240,14 @@ defmodule Web.Sites.NewToken do
defp systemd_command(env) do
"""
- ( install_firezone() {
+ #{Enum.map_join(env, " \\\n", fn {key, value} -> "#{key}=\"#{value}\"" end)} \\
+ bash <(curl -fsSL https://raw.githubusercontent.com/firezone/firezone/main/scripts/gateway-systemd-install.sh)
+ """
+ end
- # Create firezone user and group
- sudo groupadd -f firezone
- id -u firezone > /dev/null 2>&1 || sudo useradd -r -g firezone -s /sbin/nologin firezone
-
- # Create systemd unit file
- cat << EOF | sudo tee /etc/systemd/system/firezone-gateway.service
- [Unit]
- Description=Firezone Gateway
- After=network.target
- Documentation=https://www.firezone.dev/kb
-
- [Service]
- Type=simple
- #{Enum.map_join(env, "\n", fn {key, value} -> "Environment=\"#{key}=#{value}\"" end)}
- ExecStartPre=/usr/local/bin/firezone-gateway-init
- ExecStart=/usr/bin/sudo \\\\
- --preserve-env=FIREZONE_NAME,FIREZONE_ID,FIREZONE_TOKEN,FIREZONE_API_URL,RUST_LOG \\\\
- -u firezone \\\\
- -g firezone \\\\
- /usr/local/bin/firezone-gateway
- TimeoutStartSec=3s
- TimeoutStopSec=15s
- Restart=always
- RestartSec=7
-
- [Install]
- WantedBy=multi-user.target
- EOF
-
- # Create ExecStartPre script
- cat << EOF | sudo tee /usr/local/bin/firezone-gateway-init
- #!/bin/sh
-
- set -ue
-
- # Download latest version of the gateway if it doesn't already exist
- if [ ! -e /usr/local/bin/firezone-gateway ]; then
- echo "/usr/local/bin/firezone-gateway not found. Downloading latest version..."
- FIREZONE_VERSION=\\$(curl -Ls \\\\
- -H "Accept: application/vnd.github+json" \\\\
- -H "X-GitHub-Api-Version: 2022-11-28" \\\\
- "https://api.github.com/repos/firezone/firezone/releases/latest" | grep '"tag_name":' | sed 's/.*"tag_name": "\\([^"]*\\).*/\\1/'
- )
- [ "\\$FIREZONE_VERSION" = "" ] && echo "[Error] Cannot fetch latest version. Rate-limited by GitHub?" && exit 1
- echo "Downloading Firezone Gateway version \\$FIREZONE_VERSION"
- arch=\\$(uname -m)
- case \\$arch in
- aarch64)
- bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm64"
- ;;
- armv7l)
- bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm"
- ;;
- x86_64)
- bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-x64"
- ;;
- *)
- echo "Unsupported architecture"
- exit 1
- esac
- curl -Ls \\$bin_url -o /usr/local/bin/firezone-gateway
- else
- echo "/usr/local/bin/firezone-gateway found. Skipping download."
- fi
-
- # Set proper capabilities and permissions on each start
- chgrp firezone /usr/local/bin/firezone-gateway
- chmod 0750 /usr/local/bin/firezone-gateway
- setcap 'cap_net_admin+eip' /usr/local/bin/firezone-gateway
- mkdir -p /var/lib/firezone
- chown firezone:firezone /var/lib/firezone
- chmod 0775 /var/lib/firezone
-
- # Enable masquerading for ethernet and wireless interfaces
- iptables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i tun-firezone -j ACCEPT
- iptables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o tun-firezone -j ACCEPT
- iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
- iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
- ip6tables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i tun-firezone -j ACCEPT
- ip6tables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o tun-firezone -j ACCEPT
- ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
- ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
-
- # Enable packet forwarding
- sysctl -w net.ipv4.ip_forward=1
- sysctl -w net.ipv4.conf.all.src_valid_mark=1
- sysctl -w net.ipv6.conf.all.disable_ipv6=0
- sysctl -w net.ipv6.conf.all.forwarding=1
- sysctl -w net.ipv6.conf.default.forwarding=1
- EOF
-
- # Make ExecStartPre script executable
- sudo chmod +x /usr/local/bin/firezone-gateway-init
-
- # Reload systemd
- sudo systemctl daemon-reload
-
- # Enable the service to start on boot
- sudo systemctl enable firezone-gateway
-
- # Start the service
- sudo systemctl start firezone-gateway
-
- }
- install_firezone )
+ defp manual_command(env) do
+ """
+ #{Enum.map_join(env, "\n", fn {key, value} -> "#{key}=#{value}" end)})
"""
end
diff --git a/elixir/apps/web/test/web/live/sites/new_token_test.exs b/elixir/apps/web/test/web/live/sites/new_token_test.exs
index 5de1d4c22..05d75f3a2 100644
--- a/elixir/apps/web/test/web/live/sites/new_token_test.exs
+++ b/elixir/apps/web/test/web/live/sites/new_token_test.exs
@@ -31,8 +31,10 @@ defmodule Web.Live.Sites.NewTokenTest do
assert html =~ "docker run"
assert html =~ "Waiting for connection..."
- assert Regex.run(~r/FIREZONE_ID=([^& ]+)/, html) |> List.last()
- token = Regex.run(~r/FIREZONE_TOKEN=([^& ]+)/, html) |> List.last() |> String.trim(""")
+ token =
+ Regex.run(~r/FIREZONE_TOKEN=([^&\n ]+)/, html)
+ |> List.last()
+ |> String.trim(""")
:ok = Domain.Gateways.subscribe_to_gateways_presence_in_group(group)
context = Fixtures.Auth.build_context(type: :gateway_group)