From 77565f690705bb3d597890aeefacbe48081452c2 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 09:49:31 -0600 Subject: [PATCH 1/8] Iterate over package building --- .github/workflows/build_and_publish.yml | 4 +- ansible/playbook.yml | 4 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 3 +- apps/fg_vpn/mix.exs | 5 +-- apps/fg_wall/README.md | 3 +- apps/fg_wall/mix.exs | 5 +-- config/config.exs | 1 + config/prod.exs | 4 +- config/releases.exs | 37 +++++++++++++++---- mix.exs | 5 ++- pkg/debian/DEBIAN/control | 4 +- .../lib/systemd/system/fireguard.service | 12 ++++++ pkg/debian/DEBIAN/postinst | 37 +++++++++++++------ 14 files changed, 82 insertions(+), 44 deletions(-) create mode 100644 pkg/debian/DEBIAN/lib/systemd/system/fireguard.service diff --git a/.github/workflows/build_and_publish.yml b/.github/workflows/build_and_publish.yml index fc4e6151a..2a48202b4 100644 --- a/.github/workflows/build_and_publish.yml +++ b/.github/workflows/build_and_publish.yml @@ -49,5 +49,5 @@ jobs: with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./fireguard_${{ steps.tag_name.outputs.tag_name }}-1_amd64.deb - asset_name: Ubuntu 20.04 amd64 (deb) - asset_content_type: application/vnd.debian.binary-package + asset_name: Ubuntu_20.04_amd64 + asset_content_type: application/vnd.debian.binary-package diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 3fa095a50..2b3174544 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.0/fireguard_0.1.0-1_amd64.deb - dpkg -i fireguard_0.1.0-1_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.1/Ubuntu.20.04.amd64.deb + dpkg -i Ubuntu.20.04.amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index 2856147bb..5de663d53 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.0", + version: "0.1.1", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index 91e116749..e3f983075 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.0"} + {:fg_vpn, "~> 0.1.1"} ] end ``` @@ -18,4 +18,3 @@ end Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc) and published on [HexDocs](https://hexdocs.pm). Once published, the docs can be found at [https://hexdocs.pm/fg_vpn](https://hexdocs.pm/fg_vpn). - diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index acf34dd69..97b5451ad 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.0", + version: "0.1.1", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", @@ -35,9 +35,6 @@ defmodule FgVpn.MixProject do [ {:credo, "~> 1.4", only: [:dev, :test], runtime: false}, {:excoveralls, "~> 0.13", only: :test} - # {:dep_from_hexpm, "~> 0.3.0"}, - # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"}, - # {:sibling_app_in_umbrella, in_umbrella: true} ] end end diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index 874d8a0b8..be2411253 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.0"} + {:fg_wall, "~> 0.1.1"} ] end ``` @@ -18,4 +18,3 @@ end Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc) and published on [HexDocs](https://hexdocs.pm). Once published, the docs can be found at [https://hexdocs.pm/fg_wall](https://hexdocs.pm/fg_wall). - diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index b43504452..935b34a27 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.0", + version: "0.1.1", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", @@ -35,9 +35,6 @@ defmodule FgWall.MixProject do [ {:credo, "~> 1.4", only: [:dev, :test], runtime: false}, {:excoveralls, "~> 0.13", only: :test} - # {:dep_from_hexpm, "~> 0.3.0"}, - # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"}, - # {:sibling_app_in_umbrella, in_umbrella: true} ] end end diff --git a/config/config.exs b/config/config.exs index c1b5c0bec..b64aa8d23 100644 --- a/config/config.exs +++ b/config/config.exs @@ -29,6 +29,7 @@ config :fg_vpn, pubkey: "JId8GN8iPmdQXOLSdcsSkaW4i60e1/rpHB/03rsaKBk=" # Configures the endpoint +# These will be overridden at runtime in production by config/releases.exs config :fg_http, FgHttpWeb.Endpoint, url: [host: "localhost"], secret_key_base: "5OVYJ83AcoQcPmdKNksuBhJFBhjHD1uUa9mDOHV/6EIdBQ6pXksIhkVeWIzFk5SD", diff --git a/config/prod.exs b/config/prod.exs index a75fc47b2..4e3c0de38 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -9,9 +9,7 @@ import Config # manifest is generated by the `mix phx.digest` task, # which you should run after static files are built and # before starting your production server. -config :fg_http, FgHttpWeb.Endpoint, - url: [host: "example.com", port: 80], - cache_static_manifest: "priv/static/cache_manifest.json" +config :fg_http, FgHttpWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json" # Do not print debug messages in production config :logger, level: :info diff --git a/config/releases.exs b/config/releases.exs index 827d9a96f..6df47254b 100644 --- a/config/releases.exs +++ b/config/releases.exs @@ -4,31 +4,52 @@ # remember to add this file to your .gitignore. import Config +config_file_path = "/opt/fireguard/config.json" +json_data = File.read!(config_file_path) +json_config = Jason.decode!(json_data) + database_url = - System.get_env("DATABASE_URL") || + System.get_env("DATABASE_URL") || json_config["database_url"] || raise """ - environment variable DATABASE_URL is missing. + config option database_url or environment variable DATABASE_URL is missing. For example: ecto://USER:PASS@HOST/DATABASE """ secret_key_base = - System.get_env("SECRET_KEY_BASE") || + System.get_env("SECRET_KEY_BASE") || json_config["secret_key_base"] || raise """ - environment variable SECRET_KEY_BASE is missing. - You can generate one by calling: mix phx.gen.secret + config option secret_key_base or environment variable SECRET_KEY_BASE is missing. """ +live_view_signing_salt = + System.get_env("LIVE_VIEW_SIGNING_SALT") || json_config["live_view_signing_salt"] || + raise """ + config option live_view_signing_salt or environment variable LIVE_VIEW_SIGNING_SALT is + missing. + """ + +pool_size = String.to_integer(json_config["pool_size"] || System.get_env("POOL_SIZE") || "10") + +listen_port = + String.to_integer(json_config["listen_port"] || System.get_env("LISTEN_PORT") || "4000") + +listen_host = json_config["listen_host"] || System.get_env("LISTEN_HOST") || "localhost" + config :fg_http, FgHttp.Repo, # ssl: true, url: database_url, - pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10") + pool_size: pool_size config :fg_http, FgHttpWeb.Endpoint, http: [ - port: String.to_integer(System.get_env("PORT") || "4000"), + port: listen_port, transport_options: [socket_opts: [:inet6]] ], - secret_key_base: secret_key_base + url: [host: listen_host, port: listen_port], + secret_key_base: secret_key_base, + live_view: [ + signing_salt: live_view_signing_salt + ] # ## Using releases (Elixir v1.9+) # diff --git a/mix.exs b/mix.exs index bef9bc518..a114ad460 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.0", + version: "0.1.1", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ @@ -41,7 +41,8 @@ defmodule FireguardUmbrella.MixProject do defp deps do [ {:excoveralls, "~> 0.13", only: :test}, - {:mix_test_watch, "~> 1.0", only: :dev, runtime: false} + {:mix_test_watch, "~> 1.0", only: :dev, runtime: false}, + {:jason, "~> 1.0"} ] end end diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index bbef9bf31..be4502899 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,8 +1,8 @@ Package: fireguard -Version: 0.1.0-1 +Version: 0.1.1-1 Architecture: amd64 Maintainer: CloudFire, LLC -Depends: wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) +Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) Section: net Priority: optional Homepage: https://cloudfire.network diff --git a/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service b/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service new file mode 100644 index 000000000..6c7ce29c6 --- /dev/null +++ b/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service @@ -0,0 +1,12 @@ +[Unit] +Description=FireGuard +After=network.target + +[Service] +Restart=on-failure +RestartSec=1 +User=fireguard +ExecStart=/opt/fireguard/bin/fireguard start + +[Install] +WantedBy=multi-user.target diff --git a/pkg/debian/DEBIAN/postinst b/pkg/debian/DEBIAN/postinst index d2a5a7f79..6df7f5c07 100755 --- a/pkg/debian/DEBIAN/postinst +++ b/pkg/debian/DEBIAN/postinst @@ -1,4 +1,5 @@ #!/usr/bin/env bash +set -e # FireGuard package post-install script @@ -6,22 +7,34 @@ # 2. Bootstrap DB # 3. Generate WireGuard interface and config +# Add fireguard user if not exists +id fireguard +if [[ ?$ -ne 0 ]]; then + adduser --system fireguard +fi + touch /opt/fireguard/config.yml -chown root:root /opt/fireguard/config.yml +chown fireguard:fireguard /opt/fireguard/config.yml chmod 0600 /opt/fireguard/config.yml -live_reload_signing_salt="$(opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(32)")" -secret_key_base="$(/opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(64)")" +live_reload_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" db_user=fireguard -db_password="$(opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(12)")" +db_password="$(openssl rand -base64 8)" -sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" -sudo -i -u postgres psql -c "CREATE DATABASE fireguard;" -sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_user};" +sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true +sudo -i -u postgres psql -c "CREATE DATABASE fireguard;" || true +sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_user};" || true -cat <> /opt/fireguard/config.yml -live_reload_signing_salt: ${live_reload_signing_salt} -secret_key_base: ${secret_key_base} -db_user: ${db_user} -db_password: ${db_password} +cat <> /opt/fireguard/config.json +{ + "live_reload_signing_salt": "${live_reload_signing_salt}", + "secret_key_base": "${secret_key_base}", + "database_url": "ecto://${db_user}:${db_password}@localhost/fireguard", + "listen_port": 4000, + "listen_host": "localhost" +} EOT + +systemctl enable fireguard +systemctl start fireguard From 38fbcd395a9f533b9374aa42a797ac2a3d14a357 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 10:14:20 -0600 Subject: [PATCH 2/8] test-pkg-build --- .github/workflows/build_and_publish.yml | 4 ++-- .rgignore | 1 + ansible/playbook.yml | 4 ++-- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- 10 files changed, 12 insertions(+), 11 deletions(-) create mode 100644 .rgignore diff --git a/.github/workflows/build_and_publish.yml b/.github/workflows/build_and_publish.yml index 2a48202b4..a25abbe90 100644 --- a/.github/workflows/build_and_publish.yml +++ b/.github/workflows/build_and_publish.yml @@ -49,5 +49,5 @@ jobs: with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./fireguard_${{ steps.tag_name.outputs.tag_name }}-1_amd64.deb - asset_name: Ubuntu_20.04_amd64 - asset_content_type: application/vnd.debian.binary-package + asset_name: fireguard_amd64.deb + asset_content_type: application/vnd.debian.binary-package diff --git a/.rgignore b/.rgignore new file mode 100644 index 000000000..d8b83df9c --- /dev/null +++ b/.rgignore @@ -0,0 +1 @@ +package-lock.json diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2b3174544..87d3be916 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.1/Ubuntu.20.04.amd64.deb - dpkg -i Ubuntu.20.04.amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.2/fireguard_amd64.deb + dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index 5de663d53..313c3912d 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.1", + version: "0.1.2", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index e3f983075..8710e9866 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.1"} + {:fg_vpn, "~> 0.1.2"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index 97b5451ad..b85e5cf14 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.1", + version: "0.1.2", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index be2411253..bfe2a8a13 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.1"} + {:fg_wall, "~> 0.1.2"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index 935b34a27..e73e1c6bc 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.1", + version: "0.1.2", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/mix.exs b/mix.exs index a114ad460..b0fae2e69 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.1", + version: "0.1.2", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index be4502899..9da2db325 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.1-1 +Version: 0.1.2-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) From 3b17a9bb6ed1e57784287c1ec85b3360aa5516bf Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 10:45:52 -0600 Subject: [PATCH 3/8] remove Dockerfile smoke test --- pkg/Dockerfile | 5 ----- pkg/debian/DEBIAN/lib/systemd/system/fireguard.service | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/pkg/Dockerfile b/pkg/Dockerfile index 766ceec00..068938a57 100644 --- a/pkg/Dockerfile +++ b/pkg/Dockerfile @@ -54,9 +54,4 @@ RUN mix release fireguard RUN mkdir -p pkg/debian/opt RUN mv _build/prod/rel/fireguard pkg/debian/opt/fireguard -# Smoke test built binary -ENV DATABASE_URL ecto://dummy@localhost/dummy -ENV SECRET_KEY_BASE dummy -RUN ./pkg/debian/opt/fireguard/bin/fireguard eval 'IO.puts "Hello World!"' - RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service b/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service index 6c7ce29c6..317431e9c 100644 --- a/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service +++ b/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service @@ -1,6 +1,6 @@ [Unit] Description=FireGuard -After=network.target +After=postgresql.service [Service] Restart=on-failure From a32fd3ec96a0388255cf55ea540a99827933581a Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 10:46:48 -0600 Subject: [PATCH 4/8] Bump ver --- ansible/playbook.yml | 2 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 87d3be916..4f3dd3469 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.2/fireguard_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.3/fireguard_amd64.deb dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index 313c3912d..823daf64c 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.2", + version: "0.1.3", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index 8710e9866..5d1e618ec 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.2"} + {:fg_vpn, "~> 0.1.3"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index b85e5cf14..89d4ae111 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.2", + version: "0.1.3", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index bfe2a8a13..0ab017834 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.2"} + {:fg_wall, "~> 0.1.3"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index e73e1c6bc..2e63d0fe1 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.2", + version: "0.1.3", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/mix.exs b/mix.exs index b0fae2e69..4bd06889f 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.2", + version: "0.1.3", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index 9da2db325..fb5e9af58 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.2-1 +Version: 0.1.3-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) From 07e8984949bef69b7e9fced11b91207fa43b9dcb Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 20:30:48 -0600 Subject: [PATCH 5/8] Better package layout --- ansible/playbook.yml | 2 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- pkg/debian/{DEBIAN => }/lib/systemd/system/fireguard.service | 0 9 files changed, 8 insertions(+), 8 deletions(-) rename pkg/debian/{DEBIAN => }/lib/systemd/system/fireguard.service (100%) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 4f3dd3469..c52ff4567 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.3/fireguard_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.4/fireguard_amd64.deb dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index 823daf64c..ef891a23c 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.3", + version: "0.1.4", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index 5d1e618ec..bce13ffa2 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.3"} + {:fg_vpn, "~> 0.1.4"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index 89d4ae111..655ba88d5 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.3", + version: "0.1.4", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index 0ab017834..bf15072f1 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.3"} + {:fg_wall, "~> 0.1.4"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index 2e63d0fe1..e70b7bf4c 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.3", + version: "0.1.4", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/mix.exs b/mix.exs index 4bd06889f..c2af208a3 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.3", + version: "0.1.4", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index fb5e9af58..c47e301cb 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.3-1 +Version: 0.1.4-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) diff --git a/pkg/debian/DEBIAN/lib/systemd/system/fireguard.service b/pkg/debian/lib/systemd/system/fireguard.service similarity index 100% rename from pkg/debian/DEBIAN/lib/systemd/system/fireguard.service rename to pkg/debian/lib/systemd/system/fireguard.service From 6d01a0d1419b22318a6b3b6ddca869c0c31ed629 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 20:55:24 -0600 Subject: [PATCH 6/8] fix user check --- ansible/playbook.yml | 2 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- pkg/debian/DEBIAN/postinst | 6 ++++-- 9 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index c52ff4567..ca2d2356d 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.4/fireguard_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.5/fireguard_amd64.deb dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index ef891a23c..60309cc9b 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.4", + version: "0.1.5", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index bce13ffa2..037065726 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.4"} + {:fg_vpn, "~> 0.1.5"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index 655ba88d5..8684eaf17 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.4", + version: "0.1.5", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index bf15072f1..80478d8b7 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.4"} + {:fg_wall, "~> 0.1.5"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index e70b7bf4c..9ac5f29c3 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.4", + version: "0.1.5", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/mix.exs b/mix.exs index c2af208a3..e9b2eb35c 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.4", + version: "0.1.5", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index c47e301cb..03dc43dfd 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.4-1 +Version: 0.1.5-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) diff --git a/pkg/debian/DEBIAN/postinst b/pkg/debian/DEBIAN/postinst index 6df7f5c07..a673d90ea 100755 --- a/pkg/debian/DEBIAN/postinst +++ b/pkg/debian/DEBIAN/postinst @@ -8,8 +8,10 @@ set -e # 3. Generate WireGuard interface and config # Add fireguard user if not exists -id fireguard -if [[ ?$ -ne 0 ]]; then +if id fireguard &>/dev/null; then + echo "fireguard user exists... not creating." +else + echo "creating system user fireguard" adduser --system fireguard fi From 1f7a15a8dd04af6dbb0155d9003a01f148f4aa4a Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 21:20:00 -0600 Subject: [PATCH 7/8] fix user creation --- ansible/playbook.yml | 2 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- pkg/debian/DEBIAN/postinst | 4 ++-- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index ca2d2356d..7aeb625bb 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.5/fireguard_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.6/fireguard_amd64.deb dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index 60309cc9b..c32246da6 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.5", + version: "0.1.6", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index 037065726..06c670f76 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.5"} + {:fg_vpn, "~> 0.1.6"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index 8684eaf17..16df1d57e 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.5", + version: "0.1.6", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index 80478d8b7..d2c41d142 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.5"} + {:fg_wall, "~> 0.1.6"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index 9ac5f29c3..0b88a104a 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.5", + version: "0.1.6", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/mix.exs b/mix.exs index e9b2eb35c..ee787de4b 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.5", + version: "0.1.6", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index 03dc43dfd..0aa1fbdfd 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.5-1 +Version: 0.1.6-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) diff --git a/pkg/debian/DEBIAN/postinst b/pkg/debian/DEBIAN/postinst index a673d90ea..9452cfa38 100755 --- a/pkg/debian/DEBIAN/postinst +++ b/pkg/debian/DEBIAN/postinst @@ -12,11 +12,11 @@ if id fireguard &>/dev/null; then echo "fireguard user exists... not creating." else echo "creating system user fireguard" - adduser --system fireguard + useradd --system fireguard fi touch /opt/fireguard/config.yml -chown fireguard:fireguard /opt/fireguard/config.yml +chown fireguard:root /opt/fireguard/config.yml chmod 0600 /opt/fireguard/config.yml live_reload_signing_salt="$(openssl rand -base64 24)" From a3b4d7865ae3bda8c4e1afd78953315e63a383ef Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 4 Nov 2020 22:01:41 -0600 Subject: [PATCH 8/8] service starts --- ansible/playbook.yml | 2 +- apps/fg_http/mix.exs | 2 +- apps/fg_vpn/README.md | 2 +- apps/fg_vpn/mix.exs | 2 +- apps/fg_wall/README.md | 2 +- apps/fg_wall/mix.exs | 2 +- config/releases.exs | 4 ++-- mix.exs | 2 +- pkg/debian/DEBIAN/control | 2 +- pkg/debian/DEBIAN/postinst | 6 +++--- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 7aeb625bb..5281de07a 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -38,5 +38,5 @@ tasks: - name: Install FireGuard deb shell: | - wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.6/fireguard_amd64.deb + wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.7/fireguard_amd64.deb dpkg -i fireguard_amd64.deb diff --git a/apps/fg_http/mix.exs b/apps/fg_http/mix.exs index c32246da6..76896374d 100644 --- a/apps/fg_http/mix.exs +++ b/apps/fg_http/mix.exs @@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do def project do [ app: :fg_http, - version: "0.1.6", + version: "0.1.7", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_vpn/README.md b/apps/fg_vpn/README.md index 06c670f76..87f7181c7 100644 --- a/apps/fg_vpn/README.md +++ b/apps/fg_vpn/README.md @@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_vpn, "~> 0.1.6"} + {:fg_vpn, "~> 0.1.7"} ] end ``` diff --git a/apps/fg_vpn/mix.exs b/apps/fg_vpn/mix.exs index 16df1d57e..38398eb1a 100644 --- a/apps/fg_vpn/mix.exs +++ b/apps/fg_vpn/mix.exs @@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do def project do [ app: :fg_vpn, - version: "0.1.6", + version: "0.1.7", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/apps/fg_wall/README.md b/apps/fg_wall/README.md index d2c41d142..5426267a7 100644 --- a/apps/fg_wall/README.md +++ b/apps/fg_wall/README.md @@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:fg_wall, "~> 0.1.6"} + {:fg_wall, "~> 0.1.7"} ] end ``` diff --git a/apps/fg_wall/mix.exs b/apps/fg_wall/mix.exs index 0b88a104a..345b9bd1c 100644 --- a/apps/fg_wall/mix.exs +++ b/apps/fg_wall/mix.exs @@ -4,7 +4,7 @@ defmodule FgWall.MixProject do def project do [ app: :fg_wall, - version: "0.1.6", + version: "0.1.7", build_path: "../../_build", config_path: "../../config/config.exs", deps_path: "../../deps", diff --git a/config/releases.exs b/config/releases.exs index 6df47254b..a37f8e150 100644 --- a/config/releases.exs +++ b/config/releases.exs @@ -28,10 +28,10 @@ live_view_signing_salt = missing. """ -pool_size = String.to_integer(json_config["pool_size"] || System.get_env("POOL_SIZE") || "10") +pool_size = json_config["pool_size"] || String.to_integer(System.get_env("POOL_SIZE") || "10") listen_port = - String.to_integer(json_config["listen_port"] || System.get_env("LISTEN_PORT") || "4000") + json_config["listen_port"] || String.to_integer(System.get_env("LISTEN_PORT") || "4000") listen_host = json_config["listen_host"] || System.get_env("LISTEN_HOST") || "localhost" diff --git a/mix.exs b/mix.exs index ee787de4b..1a56dc26d 100644 --- a/mix.exs +++ b/mix.exs @@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do def project do [ apps_path: "apps", - version: "0.1.6", + version: "0.1.7", start_permanent: Mix.env() == :prod, test_coverage: [tool: ExCoveralls], preferred_cli_env: [ diff --git a/pkg/debian/DEBIAN/control b/pkg/debian/DEBIAN/control index 0aa1fbdfd..37a0be9cf 100644 --- a/pkg/debian/DEBIAN/control +++ b/pkg/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: fireguard -Version: 0.1.6-1 +Version: 0.1.7-1 Architecture: amd64 Maintainer: CloudFire, LLC Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2) diff --git a/pkg/debian/DEBIAN/postinst b/pkg/debian/DEBIAN/postinst index 9452cfa38..ca8de9709 100755 --- a/pkg/debian/DEBIAN/postinst +++ b/pkg/debian/DEBIAN/postinst @@ -16,10 +16,10 @@ else fi touch /opt/fireguard/config.yml -chown fireguard:root /opt/fireguard/config.yml +chown -R fireguard:root /opt/fireguard chmod 0600 /opt/fireguard/config.yml -live_reload_signing_salt="$(openssl rand -base64 24)" +live_view_signing_salt="$(openssl rand -base64 24)" secret_key_base="$(openssl rand -base64 48)" db_user=fireguard db_password="$(openssl rand -base64 8)" @@ -30,7 +30,7 @@ sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_ cat <> /opt/fireguard/config.json { - "live_reload_signing_salt": "${live_reload_signing_salt}", + "live_view_signing_salt": "${live_view_signing_salt}", "secret_key_base": "${secret_key_base}", "database_url": "ecto://${db_user}:${db_password}@localhost/fireguard", "listen_port": 4000,