Move elixir code to a subfolder (#1631)

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+elixir/ @AndrewDryga
+www/ @jamilbk
+rust/ @conectado

.github/workflows/elixir.yml

@@ -1,15 +1,25 @@
 name: Elixir
 on:
   pull_request:
-    branches:
-      - cloud
+    paths:
+      - "elixir/**"
   push:
     branches:
-      - cloud
+      - master
+    paths:
+      - "elixir/**"
+
+# Cancel old workflow runs if new code is pushed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   unit-test:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     env:
       MIX_ENV: test
       POSTGRES_HOST: localhost
@@ -28,23 +38,18 @@ jobs:
           --health-timeout 5s
           --health-retries 5
     steps:
-      - name: Install package dependencies
-        run: |
-          sudo apt-get install -q -y \
-            net-tools \
-            wireguard
-      - uses: actions/checkout@v3
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "25"
           elixir-version: "1.14"
+      - uses: actions/checkout@v3
       - uses: actions/cache@v3
         name: Elixir Deps Cache
         env:
           cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
         with:
-          path: deps
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/deps
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ env.cache-name }}-
       - uses: actions/cache@v3
@@ -52,8 +57,8 @@ jobs:
         env:
           cache-name: cache-elixir-build-${{ env.MIX_ENV }}
         with:
-          path: _build
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/_build
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
       - name: Install Dependencies
         run: mix deps.get --only $MIX_ENV
       - name: Compile Dependencies
@@ -75,26 +80,30 @@ jobs:
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository && (success() || failure()) }}
         with:
           name: Elixir Unit Test Report
-          path: _build/test/lib/*/test-junit-report.xml
+          path: elixir/_build/test/lib/*/test-junit-report.xml
           reporter: java-junit
   type-check:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     env:
       MIX_ENV: dev
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@v3
       - uses: erlef/setup-beam@v1
+        id: setup-beam
         with:
           otp-version: "25"
           elixir-version: "1.14"
+      - uses: actions/checkout@v3
       - uses: actions/cache@v3
         name: Elixir Deps Cache
         env:
           cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
         with:
-          path: deps
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/deps
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ env.cache-name }}-
       - uses: actions/cache@v3
@@ -102,8 +111,8 @@ jobs:
         env:
           cache-name: cache-elixir-build-${{ env.MIX_ENV }}
         with:
-          path: _build
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/_build
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
       - name: Install Dependencies
         run: mix deps.get --only $MIX_ENV
       - name: Compile Dependencies
@@ -113,6 +122,7 @@ jobs:
       # Don't cache PLTs based on mix.lock hash, as Dialyzer can incrementally update even old ones
       # Cache key based on Elixir & Erlang version (also useful when running in matrix)
       - name: Restore PLT cache
+        id: plt_cache
         uses: actions/cache@v3
         env:
           cache-name: cache-erlang-plt-${{ env.MIX_ENV }}
@@ -120,7 +130,7 @@ jobs:
           key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
           restore-keys: |
             ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt
-          path: priv/plts
+          path: elixir/priv/plts
       - name: Create PLTs
         if: steps.plt_cache.outputs.cache-hit != 'true'
         run: mix dialyzer --plt
@@ -128,22 +138,25 @@ jobs:
         run: mix dialyzer --format dialyxir
   static-analysis:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     env:
       MIX_ENV: test
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@v3
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "25"
           elixir-version: "1.14"
+      - uses: actions/checkout@v3
       - uses: actions/cache@v3
         name: Elixir Deps Cache
         env:
           cache-name: cache-elixir-deps-${{ env.MIX_ENV }}
         with:
-          path: deps
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/deps
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ env.cache-name }}-
       - uses: actions/cache@v3
@@ -151,8 +164,8 @@ jobs:
         env:
           cache-name: cache-elixir-build-${{ env.MIX_ENV }}
         with:
-          path: _build
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/_build
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
       - name: Install Dependencies
         run: mix deps.get --only $MIX_ENV
       - name: Compile Dependencies
@@ -165,10 +178,14 @@ jobs:
         run: mix credo --strict
   migrations-and-seed-test:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     env:
       MIX_ENV: dev
       POSTGRES_HOST: localhost
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      MASTER_BRANCH: cloud
     services:
       postgres:
         image: postgres:15
@@ -183,16 +200,13 @@ jobs:
           --health-timeout 5s
           --health-retries 5
     steps:
+      - uses: actions/checkout@v3
       - name: Install package dependencies
         run: |
           sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
           wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
           sudo apt update
-          sudo apt-get install -q -y \
-            net-tools \
-            wireguard \
-            postgresql-client
-      - uses: actions/checkout@v3
+          sudo apt-get install -q -y postgresql-client
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "25"
@@ -202,8 +216,8 @@ jobs:
         env:
           cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
         with:
-          path: deps
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/deps
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ env.cache-name }}-
       - uses: actions/cache@v3
@@ -211,37 +225,37 @@ jobs:
         env:
           cache-name: cache-elixir-build-${{ env.MIX_ENV }}
         with:
-          path: _build
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/_build
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
       - name: Install Dependencies
         run: mix deps.get --only $MIX_ENV
       - name: Compile
         run: mix compile
-      - name: Download master branch DB dump
-        id: download-artifact
-        uses: dawidd6/action-download-artifact@v2
-        if: "!contains(github.ref, 'master')"
-        with:
-          branch: master
-          name: db-dump
-          path: apps/domain/priv/repo/
-          search_artifacts: true
-          workflow_conclusion: completed
-          if_no_artifact_found: fail
+      # - name: Download master branch DB dump
+      #   id: download-artifact
+      #   uses: dawidd6/action-download-artifact@v2
+      #   if: !contains(github.ref, env.MASTER_BRANCH)
+      #   with:
+      #     branch: ${{ env.MASTER_BRANCH }}
+      #     name: db-dump
+      #     path: elixir/apps/domain/priv/repo/
+      #     search_artifacts: true
+      #     workflow_conclusion: completed
+      #     if_no_artifact_found: fail
       - name: Create Database
         run: |
           mix ecto.create
-      - name: Restore DB dump
-        if: "!contains(github.ref, 'master')"
-        env:
-          PGPASSWORD: postgres
-        run: |
-          mix ecto.load
-      - name: Run new migrations
-        run: |
-          mix ecto.migrate
+      # - name: Restore DB dump
+      #   if: !contains(github.ref, env.MASTER_BRANCH)
+      #   env:
+      #     PGPASSWORD: postgres
+      #   run: |
+      #     mix ecto.load
+      # - name: Run new migrations
+      #   run: |
+      #     mix ecto.migrate
       - name: Dump DB
-        if: "contains(github.ref, 'master')"
+        if: contains(github.ref, env.MASTER_BRANCH)
         env:
           PGPASSWORD: postgres
         run: |
@@ -251,15 +265,18 @@ jobs:
             --no-acl \
             --no-owner
       - name: Upload master branch DB dump
-        if: "contains(github.ref, 'master')"
+        if: contains(github.ref, env.MASTER_BRANCH)
         uses: actions/upload-artifact@v3
         with:
           name: db-dump
-          path: apps/domain/priv/repo/structure.sql
+          path: elixir/apps/domain/priv/repo/structure.sql
       - name: Run Seed
         run: mix ecto.seed
   acceptance-test:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     env:
       MIX_ENV: test
       POSTGRES_HOST: localhost
@@ -290,40 +307,20 @@ jobs:
         ports:
           - 8200:8200/tcp
         options: --cap-add=IPC_LOCK
-      saml-idp:
-        image: vihangk1/docker-test-saml-idp:latest
-        env:
-          SIMPLESAMLPHP_SP_ENTITY_ID: "urn:firezone.dev:firezone-app"
-          SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: "http://localhost:13000/auth/saml/sp/consume/mysamlidp"
-          SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE: "http://localhost:13000/auth/saml/sp/logout/mysamlidp"
-          SIMPLESAMLPHP_SP_NAME_ID_FORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-          SIMPLESAMLPHP_SP_NAME_ID_ATTRIBUTE: "email"
-          SIMPLESAMLPHP_IDP_AUTH: "example-userpass"
-        ports:
-          - 8400:8080/tcp
-          - 8443:8443/tcp
     steps:
       - uses: nanasess/setup-chromedriver@v1
-      - run: |
-          export DISPLAY=:99
-          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
-      - name: Install package dependencies
-        run: |
-          sudo apt-get install -q -y \
-            net-tools \
-            wireguard
-      - uses: actions/checkout@v3
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "25"
           elixir-version: "1.14"
+      - uses: actions/checkout@v3
       - uses: actions/cache@v3
         name: Elixir Deps Cache
         env:
           cache-name: cache-elixir-deps-${{ env.MIX_ENV }}-${{ env.MIX_ENV }}
         with:
-          path: deps
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/deps
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ env.cache-name }}-
       - uses: actions/cache@v3
@@ -331,22 +328,25 @@ jobs:
         env:
           cache-name: cache-elixir-build-${{ env.MIX_ENV }}
         with:
-          path: _build
-          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }}
+          path: elixir/_build
+          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/elixir/mix.lock') }}
       - uses: actions/cache@v3
         name: Yarn Deps Cache
         env:
           cache-name: cache-yarn-build-${{ env.MIX_ENV }}
         with:
-          path: apps/web/assets/node_modules
+          path: elixir/apps/web/assets/node_modules
           key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
       - uses: actions/cache@v3
         name: Assets Cache
         env:
           cache-name: cache-assets-build-${{ env.MIX_ENV }}
         with:
-          path: apps/web/priv/static/dist
+          path: elixir/apps/web/priv/static/dist
           key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
+      - run: |
+          export DISPLAY=:99
+          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
       - name: Install Dependencies
         run: mix deps.get --only $MIX_ENV
       - name: Compile Dependencies
@@ -384,16 +384,19 @@ jobs:
         uses: actions/upload-artifact@v3
         with:
           name: screenshots
-          path: apps/web/screenshots
+          path: elixir/apps/web/screenshots
       - name: Test Report
         uses: dorny/test-reporter@v1
         if: ${{ github.event.pull_request.head.repo.full_name == github.repository && (success() || failure()) }}
         with:
           name: Elixir Acceptance Test Report
-          path: _build/test/lib/*/test-junit-report.xml
+          path: elixir/_build/test/lib/*/test-junit-report.xml
           reporter: java-junit
   container-build:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./elixir
     permissions:
       contents: read
     needs:
@@ -403,19 +406,19 @@ jobs:
       REGISTRY: ghcr.io
       IMAGE_NAME: ${{ github.repository }}
     steps:
-      - uses: actions/checkout@v3
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+      - uses: actions/checkout@v3
       - name: Build and push Docker image
         uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64
           build-args: |
             VERSION=0.0.0-dev.${{ github.sha }}
-          file: Dockerfile.prod
-          context: .
+          context: elixir/
+          file: elixir/Dockerfile
           push: false
           tags: ${{ github.ref_type }}-${{ github.ref_name }}
       # TODO: add a sanity check to make sure the image is actually built

.github/workflows/static_analysis.yml

@@ -16,19 +16,19 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: '16'
-          cache: 'yarn'
+          node-version: "16"
+          cache: "yarn"
           cache-dependency-path: |
-            apps/web/assets/yarn.lock
+            elixir/apps/web/assets/yarn.lock
             www/yarn.lock
       - uses: actions/setup-python@v2
         with:
-          python-version: '3.9'
+          python-version: "3.9"
       - id: setup-beam
         uses: erlef/setup-beam@v1
         with:
-          otp-version: '25'
-          elixir-version: '1.14'
+          otp-version: "25"
+          elixir-version: "1.14"
       - uses: actions/cache@v3
         name: Elixir Deps Cache
         env:

.gitignore

@@ -1,54 +1,15 @@
 # macOS cruft
 .DS_Store
 
-priv/pki/authorities/local/
-
-# The directory Mix will write compiled artifacts to.
-/_build/
-
-# Temporary files
-/tmp/
-
-# If you run "mix test --cover", coverage assets end up here.
-/cover/
-
-# The directory Mix downloads your dependencies sources to.
-/deps/
-
-# Where 3rd-party dependencies like ExDoc output generated docs.
-/doc/
-
 # Ignore .fetch files in case you like to edit your project deps locally.
 /.fetch
 
-# If the VM crashes, it generates a dump, let's ignore it too.
-erl_crash.dump
-
 # Also ignore archive artifacts (built via "mix archive.build").
 *.ez
 
 # If NPM crashes, it generates a log, let's ignore it too.
 npm-debug.log
 
-# The directory NPM downloads your dependencies sources to.
-/assets/node_modules/
-
-# Since we are building assets from assets/,
-# we ignore priv/static. You may want to comment
-# this depending on your deployment strategy.
-/priv/static/
-
-# Dialyxir output
-/priv/plts/
-
-# ElixirLS generates an .elixir_ls folder for user settings
-.elixir_ls
-
-# VSCode generates a .vscode folder for workspace settings
-.vscode
-
-/.vagrant
-
 *.log
 *.sw?
 
@@ -59,12 +20,3 @@ npm-debug.log
 # Built packages
 /*.deb
 /*.rpm
-
-# Test screenshots
-apps/*/screenshots
-
-# WG configs generated in acceptance tests
-*.conf
-
-# Uploads
-apps/web/priv/static/uploads

Dockerfile.dev

@@ -1,61 +0,0 @@
-# This Dockerfile builds a development image to use for local development work
-
-FROM firezone/elixir:1.14.3-otp-25.2.1
-
-# Install dev dependencies / convenience tools
-RUN apk add \
-    yarn \
-    build-base \
-    git \
-    python3 \
-    curl \
-    net-tools \
-    iproute2 \
-    nftables \
-    inotify-tools \
-    ca-certificates \
-    sudo \
-    nodejs
-
-WORKDIR /var/app
-
-ARG GIT_SHA=DEV
-ARG MIX_ENV=dev
-ARG DATABASE_HOST
-ARG DATABASE_PORT
-ARG DATABASE_NAME
-ARG DATABASE_USER
-ARG DATABASE_PASSWORD
-
-ENV GIT_SHA=$GIT_SHA
-ENV MIX_ENV=$MIX_ENV
-ENV DATABASE_HOST=$DATABASE_HOST
-ENV DATABASE_PORT=$DATABASE_PORT
-ENV DATABASE_NAME=$DATABASE_NAME
-ENV DATABASE_USER=$DATABASE_USER
-ENV DATABASE_PASSWORD=$DATABASE_PASSWORD
-
-RUN mix local.hex --force && mix local.rebar --force
-
-COPY apps/domain/mix.exs /var/app/apps/web/mix.exs
-COPY apps/web/mix.exs /var/app/apps/web/mix.exs
-COPY apps/api/mix.exs /var/app/apps/api/mix.exs
-COPY mix.exs /var/app/mix.exs
-COPY mix.lock /var/app/mix.lock
-RUN mix do deps.get, deps.compile, compile
-
-# Copy more granular, dependency management files first to prevent
-# busting the Docker build cache unnecessarily
-COPY apps/web/assets/package.json /var/app/apps/web/assets/package.json
-COPY apps/web/assets/yarn.lock /var/app/apps/web/assets/yarn.lock
-RUN cd apps/web/assets && mix do assets.setup, assets.deploy
-
-COPY config /var/app/config
-COPY apps /var/app/apps
-RUN cd apps/web && mix phx.gen.cert
-
-COPY scripts/dev_start.sh /var/app/dev_start.sh
-
-EXPOSE 51820/udp
-
-CMD ["/var/app/dev_start.sh"]

docker-compose.desktop.yml

@@ -1,87 +0,0 @@
-# Example compose file for a running a local Firezone instance on
-# macOS or Windows.
-#
-# Note: This file is meant to serve as a template. Please modify it
-# according to your needs. Read more about Docker Compose:
-#
-# https://docs.docker.com/compose/compose-file/
-#
-#
-x-deploy: &default-deploy
-  restart_policy:
-    condition: unless-stopped
-    delay: 5s
-    window: 120s
-  update_config:
-    order: start-first
-
-version: '3.7'
-
-services:
-  caddy:
-    image: caddy:2
-    volumes:
-      - ${FZ_INSTALL_DIR:-.}/caddy:/data/caddy
-    ports:
-      - 80:80
-      - 443:443
-    # See Caddy's documentation for customizing the Caddyfile
-    # https://caddyserver.com/docs/quick-starts/reverse-proxy
-    command:
-      - /bin/sh
-      - -c
-      - |
-        cat <<EOF > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile
-
-        https:// {
-          log
-          reverse_proxy * 172.25.0.100:${PHOENIX_PORT:-13000}
-          ${TLS_OPTS:-}
-        }
-        EOF
-    deploy:
-      <<: *default-deploy
-
-  firezone:
-    image: firezone/firezone:${VERSION:-latest}
-    ports:
-      - ${WIREGUARD_PORT:-51820}:${WIREGUARD_PORT:-51820}/udp
-    env_file:
-      # This should contain a list of env vars for configuring Firezone.
-      # See https://www.firezone.dev/docs/reference/env-vars for more info.
-      - ${FZ_INSTALL_DIR:-.}/.env
-    volumes:
-      # IMPORTANT: Persists WireGuard private key and other data. If
-      # /var/firezone/private_key exists when Firezone starts, it is
-      # used as the WireGuard private. Otherwise, one is generated.
-      - ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
-    cap_add:
-      # Needed for WireGuard and firewall support.
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      # Needed for masquerading and NAT.
-      - net.ipv6.conf.all.disable_ipv6=0
-      - net.ipv4.ip_forward=1
-      - net.ipv6.conf.all.forwarding=1
-    depends_on:
-      - postgres
-    deploy:
-      <<: *default-deploy
-
-  postgres:
-    image: postgres:15
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: ${DATABASE_NAME:-firezone}
-      POSTGRES_USER: ${DATABASE_USER:-postgres}
-      POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
-    deploy:
-      <<: *default-deploy
-      update_config:
-        order: stop-first
-
-# Postgres needs a named volume to prevent perms issues on non-linux platforms
-volumes:
-  postgres-data:

docker-compose.prod.yml

@@ -1,101 +0,0 @@
-# Example compose file for production deployment on Linux.
-#
-# Note: This file is meant to serve as a template. Please modify it
-# according to your needs. Read more about Docker Compose:
-#
-# https://docs.docker.com/compose/compose-file/
-#
-#
-x-deploy: &default-deploy
-  restart_policy:
-    condition: unless-stopped
-    delay: 5s
-    window: 120s
-  update_config:
-    order: start-first
-
-version: '3.7'
-
-services:
-  caddy:
-    image: caddy:2
-    volumes:
-      - ${FZ_INSTALL_DIR:-.}/caddy:/data/caddy
-    # See Caddy's documentation for customizing this line
-    # https://caddyserver.com/docs/quick-starts/reverse-proxy
-    command:
-      - /bin/sh
-      - -c
-      - |
-        cat <<EOF > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile
-
-        https:// {
-          log
-          reverse_proxy * 172.25.0.100:${PHOENIX_PORT:-13000}
-          ${TLS_OPTS:-}
-        }
-        EOF
-    network_mode: "host"
-    deploy:
-      <<: *default-deploy
-
-  firezone:
-    image: firezone/firezone:${VERSION:-latest}
-    ports:
-      - ${WIREGUARD_PORT:-51820}:${WIREGUARD_PORT:-51820}/udp
-    env_file:
-      # This should contain a list of env vars for configuring Firezone.
-      # See https://www.firezone.dev/docs/reference/env-vars for more info.
-      - ${FZ_INSTALL_DIR:-.}/.env
-    volumes:
-      # IMPORTANT: Persists WireGuard private key and other data. If
-      # /var/firezone/private_key exists when Firezone starts, it is
-      # used as the WireGuard private. Otherwise, one is generated.
-      - ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
-    cap_add:
-      # Needed for WireGuard and firewall support.
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      # Needed for masquerading and NAT.
-      - net.ipv6.conf.all.disable_ipv6=0
-      - net.ipv4.ip_forward=1
-      - net.ipv6.conf.all.forwarding=1
-    depends_on:
-      - postgres
-    networks:
-      firezone-network:
-        ipv4_address: 172.25.0.100
-        ipv6_address: 2001:3990:3990::99
-
-    deploy:
-      <<: *default-deploy
-
-  postgres:
-    image: postgres:15
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: ${DATABASE_NAME:-firezone}
-      POSTGRES_USER: ${DATABASE_USER:-postgres}
-      POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
-    networks:
-      - firezone-network
-    deploy:
-      <<: *default-deploy
-      update_config:
-        order: stop-first
-
-# Postgres needs a named volume to prevent perms issues on non-linux platforms
-volumes:
-  postgres-data:
-
-networks:
-  firezone-network:
-    enable_ipv6: true
-    driver: bridge
-    ipam:
-      config:
-        - subnet: 172.25.0.0/16
-        - subnet: 2001:3990:3990::/64
-          gateway: 2001:3990:3990::1

elixir/.dockerignore

@@ -1,3 +1,4 @@
+# Elixir
 apps/web/assets/node_modules
 apps/web/priv/static/dist
 apps/web/priv/cert
@@ -5,6 +6,12 @@ apps/api/priv/static/dist
 apps/api/priv/cert
 _build
 **/cover
+
+# Documentation
 docs
+
+# MacOS
 .DS_Store
+
+# Git
 .git

elixir/.gitignore

@@ -0,0 +1,40 @@
+# macOS cruft
+.DS_Store
+
+# HTTPS dev certs
+priv/pki/authorities/local/
+
+# The directory Mix will write compiled artifacts to.
+_build/
+
+# If you run "mix test --cover", coverage assets end up here.
+cover/
+
+# The directory Mix downloads your dependencies sources to.
+deps/
+
+# If the VM crashes, it generates a dump, let's ignore it too.
+erl_crash.dump
+
+# If NPM crashes, it generates a log, let's ignore it too.
+npm-debug.log
+
+# The directory NPM downloads your dependencies sources to.
+/assets/node_modules/
+
+# Since we are building assets from assets/,
+# we ignore priv/static. You may want to comment
+# this depending on your deployment strategy.
+/priv/static/
+
+# Dialyxir output
+/priv/plts/
+
+# Test screenshots
+apps/*/screenshots
+
+# WG configs generated in acceptance tests
+*.conf
+
+# Uploads
+apps/web/priv/static/uploads