refactor(headless-client): change CLI args for the IPC daemon (#4604)

Closes #4515

docker-compose.yml

@@ -297,6 +297,7 @@ services:
       args:
         # TODO: Fix after #4516 lands
         PACKAGE: firezone-linux-client
+    # Add "standalone" to the command here once PR $4604 merges
     image: ${CLIENT_IMAGE:-us-east1-docker.pkg.dev/firezone-staging/firezone/dev/client}:${CLIENT_TAG:-main}
     cap_add:
       - NET_ADMIN

rust/headless-client/Cargo.toml

@@ -25,8 +25,8 @@ firezone-cli-utils = { workspace = true }
 futures = "0.3.30"
 nix = { version =  "0.28.0", features = ["user"] }
 resolv-conf = "0.7.0"
-secrecy = { workspace = true }
 serde_json = "1.0.115"
+secrecy = { workspace = true }
 tokio-util = { version = "0.7.10", features = ["codec"] }
 tracing = { workspace = true }
 

rust/headless-client/README.md

@@ -28,7 +28,7 @@ To run the headless Client:
 1. Now, you can start the client with:
 
 ```
-./firezone-headless-client
+./firezone-headless-client standalone
 ```
 
 If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`

rust/headless-client/src/lib.rs

@@ -21,7 +21,8 @@ mod windows {
     use clap::Parser;
 
     pub async fn run() -> anyhow::Result<()> {
-        let _cli = super::Cli::parse();
+        let cli = super::Cli::parse();
+        let _cmd = cli.command();
         Ok(())
     }
 }
@@ -32,11 +33,8 @@ pub use windows::run;
 #[derive(clap::Parser)]
 #[command(author, version, about, long_about = None)]
 struct Cli {
-    /// Don't act as a CLI Client, act as a tunnel for a GUI Client
-    ///
-    /// This is not supported and will change in the near future.
-    #[arg(long, hide = true, default_value = "false")]
-    pub act_as_tunnel: bool,
+    #[command(subcommand)]
+    command: Option<Cmd>,
 
     #[arg(
         short = 'u',
@@ -71,3 +69,18 @@ struct Cli {
     #[arg(short, long, env = "MAX_PARTITION_TIME")]
     max_partition_time: Option<humantime::Duration>,
 }
+
+impl Cli {
+    fn command(&self) -> Cmd {
+        // Needed for backwards compatibility with old Docker images
+        self.command.unwrap_or(Cmd::Standalone)
+    }
+}
+
+#[derive(clap::Subcommand, Clone, Copy)]
+enum Cmd {
+    /// Listen for IPC connections and act as a privileged tunnel process for a GUI client
+    Daemon,
+    /// Act as a CLI-only Client, don't listen for IPC connections
+    Standalone,
+}

rust/headless-client/src/linux.rs

@@ -1,4 +1,4 @@
-use super::Cli;
+use super::{Cli, Cmd};
 use anyhow::{Context, Result};
 use clap::Parser;
 use connlib_client_shared::{file_logger, Callbacks, Session, Sockets};
@@ -28,10 +28,9 @@ pub async fn run() -> Result<()> {
     let (layer, _handle) = cli.log_dir.as_deref().map(file_logger::layer).unzip();
     setup_global_subscriber(layer);
 
-    if cli.act_as_tunnel {
-        run_tunnel(cli).await
-    } else {
-        run_standalone(cli).await
+    match cli.command() {
+        Cmd::Daemon => run_daemon(cli).await,
+        Cmd::Standalone => run_standalone(cli).await,
     }
 }
 
@@ -175,7 +174,7 @@ fn parse_resolvectl_output(s: &str) -> Vec<IpAddr> {
         .collect()
 }
 
-async fn run_tunnel(_cli: Cli) -> Result<()> {
+async fn run_daemon(_cli: Cli) -> Result<()> {
     let sock_path = dirs::runtime_dir()
         .context("Failed to get `runtime_dir`")?
         .join("dev.firezone.client_ipc");