github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

500/fix redirect local auth (#509)

Browse Source 
* Allow config of ext url; show this after create-admin

* Use opts for ueberauth

* weird nil error

* get_env vs fetch_env

* Use integer

* Try new external_url thingo

* Fix callback_url

* Fix path suffix

* Fix markdownlint hiccup

* fix create admin

* Differentiate phoenix_port

* cron note; installscript fix; minor fqdn fixes

* Send full node obj to app_env

* Add db pass to config file
This commit is contained in:
Jamil
2022-04-05 14:43:00 -07:00
committed by GitHub
parent 49b5296f6d
commit 4fa5bedf1b
24 changed files with 1037 additions and 1088 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1807
apps/fz_http/assets/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
apps/fz_http/lib/fz_http/shared_validators.ex
View File

@@ -45,7 +45,7 @@ defmodule FzHttp.SharedValidators do
[]
catch
ip ->
[{field, "is invalid: #{String.trim(ip)} is not a valid fqdn or IPv4 / IPv6 address"}]
[{field, "is invalid: #{String.trim(ip)} is not a valid FQDN or IPv4 / IPv6 address"}]
end
end)
end

5
apps/fz_http/lib/fz_http/telemetry.ex
View File

@@ -127,7 +127,10 @@ defmodule FzHttp.Telemetry do
end
defp fqdn do
Application.fetch_env!(:fz_http, :url_host)
:fz_http
|> Application.fetch_env!(FzHttpWeb.Endpoint)
|> Keyword.get(:url)
|> Keyword.get(:host)
end
defp distinct_id do

4
apps/fz_http/mix.exs
View File

@@ -58,14 +58,14 @@ defmodule FzHttp.MixProject do
[
{:fz_common, in_umbrella: true},
{:decimal, "~> 2.0"},
{:phoenix, "~> 1.6.0-rc.0", override: true},
{:phoenix, "~> 1.6"},
{:cloak, "~> 1.1"},
{:cloak_ecto, "~> 1.2"},
{:excoveralls, "~> 0.14", only: :test},
{:floki, ">= 0.0.0", only: :test},
{:guardian, "~> 2.0"},
{:guardian_db, "~> 2.0"},
{:ueberauth, "~> 0.6"},
{:ueberauth, "~> 0.7"},
{:ueberauth_google, "~> 0.10"},
{:ueberauth_okta, "~> 0.2"},
{:ueberauth_identity, "~> 0.3"},

6
apps/fz_http/test/fz_http/devices_test.exs
View File

@@ -224,7 +224,7 @@ defmodule FzHttp.DevicesTest do
{:error, changeset} = Devices.update_device(device, @invalid_endpoint_ipv4_attrs)
assert changeset.errors[:endpoint] == {
"is invalid: 265.1.1.1 is not a valid fqdn or IPv4 / IPv6 address",
"is invalid: 265.1.1.1 is not a valid FQDN or IPv4 / IPv6 address",
[]
}
end
@@ -249,7 +249,7 @@ defmodule FzHttp.DevicesTest do
{:error, changeset} = Devices.update_device(device, @invalid_endpoint_ipv6_attrs)
assert changeset.errors[:endpoint] == {
"is invalid: deadbeef::1 is not a valid fqdn or IPv4 / IPv6 address",
"is invalid: deadbeef::1 is not a valid FQDN or IPv4 / IPv6 address",
[]
}
end
@@ -258,7 +258,7 @@ defmodule FzHttp.DevicesTest do
{:error, changeset} = Devices.update_device(device, @invalid_endpoint_host_attrs)
assert changeset.errors[:endpoint] == {
"is invalid: can't have this is not a valid fqdn or IPv4 / IPv6 address",
"is invalid: can't have this is not a valid FQDN or IPv4 / IPv6 address",
[]
}
end

6
config/config.exs
View File

@@ -49,7 +49,6 @@ config :fz_http, FzHttpWeb.Authentication,
config :fz_http,
telemetry_id: "543aae08-5a2b-428d-b704-2956dd3f5a57",
url_host: "firezone.dev",
wireguard_endpoint: nil,
wireguard_dns: "1.1.1.1, 1.0.0.1",
wireguard_allowed_ips: "0.0.0.0/0, ::/0",
@@ -96,8 +95,11 @@ config :fz_vpn,
# Configures the endpoint
# These will be overridden at runtime in production by config/releases.exs
external_url = "http://localhost:4000"
%{host: host, scheme: scheme, port: port, path: path} = URI.parse(external_url)
config :fz_http, FzHttpWeb.Endpoint,
url: [host: "localhost"],
url: [host: host, port: port, scheme: scheme, path: path],
render_errors: [view: FzHttpWeb.ErrorView, accepts: ~w(html json)],
pubsub_server: FzHttp.PubSub

9
config/dev.exs
View File

@@ -31,7 +31,6 @@ config :fz_http, FzHttpWeb.Endpoint,
http: [port: 4000],
debug_errors: true,
code_reloader: true,
url: [host: "localhost", scheme: "http"],
check_origin: ["//127.0.0.1", "//localhost"],
watchers: [
node: [
@@ -67,7 +66,13 @@ google_auth_enabled = (System.get_env("GOOGLE_AUTH_ENABLED") && true) || false
# Configure strategies
identity_strategy =
{:identity, {Ueberauth.Strategy.Identity, [callback_methods: ["POST"], uid_field: :email]}}
{:identity,
{Ueberauth.Strategy.Identity,
[
callback_methods: ["POST"],
callback_url: "http://localhost:1111/auth/identity/callback",
uid_field: :email
]}}
okta_strategy = {:okta, {Ueberauth.Strategy.Okta, []}}
google_strategy = {:google, {Ueberauth.Strategy.Google, []}}

7
config/prod.exs
View File

@@ -50,7 +50,12 @@ config :fz_http,
config :ueberauth, Ueberauth,
providers: [
{:identity, {Ueberauth.Strategy.Identity, [callback_methods: ["POST"], uid_field: :email]}},
{:identity,
{Ueberauth.Strategy.Identity,
[
callback_methods: ["POST"],
uid_field: :email
]}},
{:okta, {Ueberauth.Strategy.Okta, []}},
{:google, {Ueberauth.Strategy.Google, []}}
]

22
config/releases.exs
View File

@@ -14,8 +14,7 @@ database_pool = String.to_integer(System.fetch_env!("DATABASE_POOL"))
database_ssl = FzString.to_boolean(System.fetch_env!("DATABASE_SSL"))
database_ssl_opts = Jason.decode!(System.fetch_env!("DATABASE_SSL_OPTS"))
database_parameters = Jason.decode!(System.fetch_env!("DATABASE_PARAMETERS"))
port = String.to_integer(System.fetch_env!("PHOENIX_PORT"))
url_host = System.fetch_env!("URL_HOST")
phoenix_port = String.to_integer(System.fetch_env!("PHOENIX_PORT"))
admin_email = System.fetch_env!("ADMIN_EMAIL")
default_admin_password = System.fetch_env!("DEFAULT_ADMIN_PASSWORD")
wireguard_interface_name = System.fetch_env!("WIREGUARD_INTERFACE_NAME")
@@ -38,6 +37,7 @@ wireguard_endpoint = System.fetch_env!("WIREGUARD_ENDPOINT")
telemetry_enabled = FzString.to_boolean(System.fetch_env!("TELEMETRY_ENABLED"))
telemetry_id = System.fetch_env!("TELEMETRY_ID")
guardian_secret_key = System.fetch_env!("GUARDIAN_SECRET_KEY")
external_url = System.fetch_env!("EXTERNAL_URL")
# Local auth
local_auth_enabled = FzString.to_boolean(System.fetch_env!("LOCAL_AUTH_ENABLED"))
@@ -122,10 +122,12 @@ config :fz_http, FzHttp.Vault,
}
]
%{host: host, path: path, port: port, scheme: scheme} = URI.parse(external_url)
config :fz_http, FzHttpWeb.Endpoint,
http: [ip: {127, 0, 0, 1}, port: port],
url: [host: url_host, scheme: "http"],
check_origin: ["//127.0.0.1", "//localhost", "//#{url_host}"],
http: [ip: {127, 0, 0, 1}, port: phoenix_port],
url: [host: host, scheme: scheme, port: port, path: path],
check_origin: ["//127.0.0.1", "//localhost", "//#{host}"],
server: true,
secret_key_base: secret_key_base,
live_view: [
@@ -163,9 +165,9 @@ config :fz_http,
wireguard_ipv6_network: wireguard_ipv6_network,
wireguard_ipv6_address: wireguard_ipv6_address,
wireguard_mtu: wireguard_mtu,
wireguard_endpoint: wireguard_endpoint,
telemetry_module: telemetry_module,
telemetry_id: telemetry_id,
url_host: url_host,
connectivity_checks_enabled: connectivity_checks_enabled,
connectivity_checks_interval: connectivity_checks_interval,
admin_email: admin_email,
@@ -173,7 +175,13 @@ config :fz_http,
# Configure strategies
identity_strategy =
{:identity, {Ueberauth.Strategy.Identity, [callback_methods: ["POST"], uid_field: :email]}}
{:identity,
{Ueberauth.Strategy.Identity,
[
callback_methods: ["POST"],
callback_url: "#{external_url}/auth/identity/callback",
uid_field: :email
]}}
okta_strategy = {:okta, {Ueberauth.Strategy.Okta, []}}
google_strategy = {:google, {Ueberauth.Strategy.Google, []}}

49
docs/Gemfile.lock
View File

@@ -10,7 +10,7 @@ GIT
GEM
remote: https://rubygems.org/
specs:
activesupport (6.0.4.4)
activesupport (6.0.4.7)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
@@ -23,10 +23,9 @@ GEM
execjs
coffee-script-source (1.11.1)
colorator (1.1.0)
commonmarker (0.17.13)
ruby-enum (~> 0.5)
concurrent-ruby (1.1.9)
dnsruby (1.61.7)
commonmarker (0.23.4)
concurrent-ruby (1.1.10)
dnsruby (1.61.9)
simpleidn (~> 0.1)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
@@ -35,7 +34,7 @@ GEM
ffi (>= 1.15.0)
eventmachine (1.2.7)
execjs (2.8.1)
faraday (1.9.3)
faraday (1.10.0)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
@@ -58,15 +57,15 @@ GEM
faraday-patron (1.0.0)
faraday-rack (1.0.0)
faraday-retry (1.0.3)
ffi (1.15.4)
ffi (1.15.5)
forwardable-extended (2.6.0)
gemoji (3.0.1)
github-pages (223)
github-pages (225)
github-pages-health-check (= 1.17.9)
jekyll (= 3.9.0)
jekyll-avatar (= 0.7.0)
jekyll-coffeescript (= 1.1.1)
jekyll-commonmark-ghpages (= 0.1.6)
jekyll-commonmark-ghpages (= 0.2.0)
jekyll-default-layout (= 0.1.4)
jekyll-feed (= 0.15.1)
jekyll-gist (= 1.5.0)
@@ -80,7 +79,7 @@ GEM
jekyll-relative-links (= 0.6.1)
jekyll-remote-theme (= 0.4.3)
jekyll-sass-converter (= 1.5.2)
jekyll-seo-tag (= 2.7.1)
jekyll-seo-tag (= 2.8.0)
jekyll-sitemap (= 1.4.0)
jekyll-swiss (= 1.0.0)
jekyll-theme-architect (= 0.2.0)
@@ -136,12 +135,12 @@ GEM
jekyll-coffeescript (1.1.1)
coffee-script (~> 2.2)
coffee-script-source (~> 1.11.1)
jekyll-commonmark (1.3.1)
commonmarker (~> 0.14)
jekyll (>= 3.7, < 5.0)
jekyll-commonmark-ghpages (0.1.6)
commonmarker (~> 0.17.6)
jekyll-commonmark (~> 1.2)
jekyll-commonmark (1.4.0)
commonmarker (~> 0.22)
jekyll-commonmark-ghpages (0.2.0)
commonmarker (~> 0.23.4)
jekyll (~> 3.9.0)
jekyll-commonmark (~> 1.4.0)
rouge (>= 2.0, < 4.0)
jekyll-default-layout (0.1.4)
jekyll (~> 3.0)
@@ -173,7 +172,7 @@ GEM
rubyzip (>= 1.3.0, < 3.0)
jekyll-sass-converter (1.5.2)
sass (~> 3.4)
jekyll-seo-tag (2.7.1)
jekyll-seo-tag (2.8.0)
jekyll (>= 3.8, < 5.0)
jekyll-sitemap (1.4.0)
jekyll (>= 3.7, < 5.0)
@@ -231,7 +230,7 @@ GEM
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
liquid (4.0.3)
listen (3.7.0)
listen (3.7.1)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
mercenary (0.3.6)
@@ -241,11 +240,11 @@ GEM
jekyll-seo-tag (~> 2.1)
minitest (5.15.0)
multipart-post (2.1.1)
nokogiri (1.13.0-arm64-darwin)
nokogiri (1.13.3-arm64-darwin)
racc (~> 1.4)
nokogiri (1.13.0-x86_64-darwin)
nokogiri (1.13.3-x86_64-darwin)
racc (~> 1.4)
octokit (4.21.0)
octokit (4.22.0)
faraday (>= 0.9)
sawyer (~> 0.8.0, >= 0.5.3)
pathutil (0.16.2)
@@ -253,13 +252,11 @@ GEM
public_suffix (4.0.6)
racc (1.6.0)
rake (13.0.6)
rb-fsevent (0.11.0)
rb-fsevent (0.11.1)
rb-inotify (0.10.1)
ffi (~> 1.0)
rexml (3.2.5)
rouge (3.26.0)
ruby-enum (0.9.0)
i18n
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
safe_yaml (1.0.5)
@@ -282,9 +279,9 @@ GEM
thread_safe (~> 0.1)
unf (0.1.4)
unf_ext
unf_ext (0.0.8)
unf_ext (0.0.8.1)
unicode-display_width (1.8.0)
zeitwerk (2.5.3)
zeitwerk (2.5.4)
PLATFORMS
arm64-darwin-20

7
docs/docs/administer/upgrade.md
View File

@@ -25,6 +25,13 @@ To upgrade Firezone, follow these steps:
Occasionally problems arise. If you hit any, please let us know by [filing an
issue](https://github.com/firezone/firezone/issues/new/choose).
## Upgrading from 0.3.1 to >= 0.3.2
The configuration option `default['firezone']['fqdn']` has been removed in favor
of `default['firezone']['external_url']`. Please set this to the
publicly-accessible URL of your Firezone web portal. If left unspecified it will
default to `https://` + the FQDN of your server.
## Upgrading from 0.2.x to 0.3.x
**Note**: Starting with version 0.3.0, Firezone no longer stores device private

6
docs/docs/deploy/server.md
View File

@@ -56,8 +56,8 @@ If the Automatic Install fails, try these steps to install Firezone manually.
```ruby
# Auto-generated based on the server's hostname.
# Set this to the FQDN used to access the Web UI.
default['firezone']['fqdn'] = 'firezone.example.com'
# Set this to the URL used to access the Firezone Web UI.
default['firezone']['external_url'] = 'https://firezone.example.com'
# Specify the path to your SSL cert and private key.
# If set to nil (default), a self-signed cert will be generated for you.
@@ -72,7 +72,7 @@ If the Automatic Install fails, try these steps to install Firezone manually.
`sudo firezone-ctl reconfigure`.
1. Finally, create an admin user with `sudo firezone-ctl create-or-reset-admin`.
The login credentials will be printed to the console output.
1. Now you should be able to sign in to the web UI at the FQDN you specified in
1. Now you should be able to sign in to the web UI at the URL you specified in
step 5 above, e.g. `https://firezone.example.com`
Find solutions to common issues during deployment in [Troubleshoot]({%link docs/administer/troubleshoot.md%}).

16
docs/docs/deploy/supported-platforms.md
View File

@@ -25,9 +25,9 @@ Firezone currently supports the following platforms:
| Red Hat Enterprise Linux 9 | `amd64` `arm64` | **Fully-supported** | See [RHEL 9 Notes](#rhel-9-notes) |
| Debian 10 | `amd64` `arm64` | **Fully-supported** | See [Debian 10 Notes](#debian-10-notes)|
| Debian 11 | `amd64` `arm64` | **Fully-supported** | Works as-is |
| Fedora 33 | `amd64` `arm64` | **Fully-supported** | Works as-is |
| Fedora 34 | `amd64` `arm64` | **Fully-supported** | Works as-is |
| Fedora 35 | `amd64` `arm64` | **Fully-supported** | Works as-is |
| Fedora 33 | `amd64` `arm64` | **Fully-supported** | See [Fedora Notes](#fedora-notes) |
| Fedora 34 | `amd64` `arm64` | **Fully-supported** | See [Fedora Notes](#fedora-notes) |
| Fedora 35 | `amd64` `arm64` | **Fully-supported** | See [Fedora Notes](#fedora-notes) |
| Ubuntu 18.04 | `amd64` `arm64` | **Fully-supported** | See [Ubuntu 18.04 Notes](#ubuntu-1804-notes) |
| Ubuntu 20.04 | `amd64` `arm64` | **Fully-supported** | Works as-is |
| openSUSE Leap 15.3 | `amd64` | **Fully-supported** | See [openSUSE Notes](#opensuse-notes) |
@@ -97,6 +97,16 @@ install the WireGuard kernel module, however. See [CentOS 8 Notes
Use the package for CentOS 9.
## Fedora Notes
On fresh Fedora installations you'll probably need to install a cron
implementation to support the logrotate functionality, otherwise
you may receive errors about a missing `/etc/cron.hourly` directory.
```shell
yum install cronie-anacron
```
## Ubuntu 18.04 Notes
Kernel upgrade to 5.4+ required:

5
docs/docs/reference/configuration-file.md
View File

@@ -13,10 +13,11 @@ Shown below is a complete listing of the configuration options available in
`/etc/firezone/firezone.rb`.
<!-- markdownlint-disable MD013 -->
<!-- markdownlint-disable MD034 -->
| option | description | default value |
| ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- |
| `default['firezone']['fqdn']` | FQDN of this Firezone instance. | `(node['fqdn'] || node['hostname']).downcase` |
| `default['firezone']['external_url']` | URL used to access the web portal of this Firezone instance. | `"https://#{node['fqdn'] || node['hostname']}"` |
| `default['firezone']['config_directory']` | Top-level directory for Firezone configuration. | `'/etc/firezone'` |
| `default['firezone']['install_directory']` | Top-level directory to install Firezone to. | `'/opt/firezone'` |
| `default['firezone']['app_directory']` | Top-level directory to install the Firezone web application. | `"#{node['firezone']['install_directory']}/embedded/service/firezone"` |
@@ -102,6 +103,7 @@ Shown below is a complete listing of the configuration options available in
| `default['firezone']['postgresql']['shmall']` | Postgresql shmall in bytes. | `4194304` |
| `default['firezone']['postgresql']['work_mem']` | Postgresql working memory size. | `'8MB'` |
| `default['firezone']['database']['user']` | Specifies the username Firezone will use to connect to the DB. | `node['firezone']['postgresql']['username']` |
| `default['firezone']['database']['password']` | If using an external DB, specifies the password Firezone will use to connect to the DB. | `'change_me'` |
| `default['firezone']['database']['name']` | Database that Firezone will use. Will be created if it doesn't exist. | `'firezone'` |
| `default['firezone']['database']['host']` | Database host that Firezone will connect to. | `node['firezone']['postgresql']['listen_address']` |
| `default['firezone']['database']['port']` | Database port that Firezone will connect to. | `node['firezone']['postgresql']['port']` |
@@ -162,3 +164,4 @@ Shown below is a complete listing of the configuration options available in
| `default['firezone']['connectivity_checks']['interval']` | Interval between connectivity checks in seconds. | `3_600` |
<!-- markdownlint-enable MD013 -->
<!-- markdownlint-enable MD034 -->

16
mix.lock
View File

@@ -11,21 +11,21 @@
"cowboy_telemetry": {:hex, :cowboy_telemetry, "0.3.1", "ebd1a1d7aff97f27c66654e78ece187abdc646992714164380d8a041eda16754", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3a6efd3366130eab84ca372cbd4a7d3c3a97bdfcfb4911233b035d117063f0af"},
"cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"},
"credo": {:hex, :credo, "1.6.4", "ddd474afb6e8c240313f3a7b0d025cc3213f0d171879429bf8535d7021d9ad78", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "c28f910b61e1ff829bffa056ef7293a8db50e87f2c57a9b5c3f57eee124536b7"},
"db_connection": {:hex, :db_connection, "2.4.1", "6411f6e23f1a8b68a82fa3a36366d4881f21f47fc79a9efb8c615e62050219da", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ea36d226ec5999781a9a8ad64e5d8c4454ecedc7a4d643e4832bf08efca01f00"},
"db_connection": {:hex, :db_connection, "2.4.2", "f92e79aff2375299a16bcb069a14ee8615c3414863a6fef93156aee8e86c2ff3", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "4fe53ca91b99f55ea249693a0229356a08f4d1a7931d8ffa79289b145fe83668"},
"decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},
"dialyxir": {:hex, :dialyxir, "1.1.0", "c5aab0d6e71e5522e77beff7ba9e08f8e02bad90dfbeffae60eaf0cb47e29488", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "07ea8e49c45f15264ebe6d5b93799d4dd56a44036cf42d0ad9c960bc266c0b9a"},
"earmark_parser": {:hex, :earmark_parser, "1.4.20", "89970db71b11b6b89759ce16807e857df154f8df3e807b2920a8c39834a9e5cf", [:mix], [], "hexpm", "1eb0d2dabeeeff200e0d17dc3048a6045aab271f73ebb82e416464832eb57bdd"},
"ecto": {:hex, :ecto, "3.7.1", "a20598862351b29f80f285b21ec5297da1181c0442687f9b8329f0445d228892", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "d36e5b39fc479e654cffd4dbe1865d9716e4a9b6311faff799b6f90ab81b8638"},
"earmark_parser": {:hex, :earmark_parser, "1.4.25", "2024618731c55ebfcc5439d756852ec4e85978a39d0d58593763924d9a15916f", [:mix], [], "hexpm", "56749c5e1c59447f7b7a23ddb235e4b3defe276afc220a6227237f3efe83f51e"},
"ecto": {:hex, :ecto, "3.7.2", "44c034f88e1980754983cc4400585970b4206841f6f3780967a65a9150ef09a8", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "a600da5772d1c31abbf06f3e4a1ffb150e74ed3e2aa92ff3cee95901657a874e"},
"ecto_network": {:hex, :ecto_network, "1.3.0", "1e77fa37c20e0f6a426d3862732f3317b0fa4c18f123d325f81752a491d7304e", [:mix], [{:ecto_sql, ">= 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:phoenix_html, ">= 0.0.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.14.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "053a5e46ef2837e8ea5ea97c82fa0f5494699209eddd764e663c85f11b2865bd"},
"ecto_sql": {:hex, :ecto_sql, "3.7.2", "55c60aa3a06168912abf145c6df38b0295c34118c3624cf7a6977cd6ce043081", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.4.0 or ~> 0.5.0 or ~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0 or ~> 0.16.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3c218ea62f305dcaef0b915fb56583195e7b91c91dcfb006ba1f669bfacbff2a"},
"elixir_make": {:hex, :elixir_make, "0.6.3", "bc07d53221216838d79e03a8019d0839786703129599e9619f4ab74c8c096eac", [:mix], [], "hexpm", "f5cbd651c5678bcaabdbb7857658ee106b12509cd976c2c2fca99688e1daf716"},
"erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
"ex_doc": {:hex, :ex_doc, "0.28.2", "e031c7d1a9fc40959da7bf89e2dc269ddc5de631f9bd0e326cbddf7d8085a9da", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "51ee866993ffbd0e41c084a7677c570d0fc50cb85c6b5e76f8d936d9587fa719"},
"ex_doc": {:hex, :ex_doc, "0.28.3", "6eea2f69995f5fba94cd6dd398df369fe4e777a47cd887714a0976930615c9e6", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "05387a6a2655b5f9820f3f627450ed20b4325c25977b2ee69bed90af6688e718"},
"excoveralls": {:hex, :excoveralls, "0.14.4", "295498f1ae47bdc6dce59af9a585c381e1aefc63298d48172efaaa90c3d251db", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "e3ab02f2df4c1c7a519728a6f0a747e71d7d6e846020aae338173619217931c1"},
"file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
"floki": {:hex, :floki, "0.32.0", "f915dc15258bc997d49be1f5ef7d3992f8834d6f5695270acad17b41f5bcc8e2", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "1c5a91cae1fd8931c26a4826b5e2372c284813904c8bacb468b5de39c7ececbd"},
"floki": {:hex, :floki, "0.32.1", "dfe3b8db3b793939c264e6f785bca01753d17318d144bd44b407fb3493acaa87", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "d4b91c713e4a784a3f7b1e3cc016eefc619f6b1c3898464222867cafd3c681a3"},
"gettext": {:hex, :gettext, "0.19.1", "564953fd21f29358e68b91634799d9d26989f8d039d7512622efb3c3b1c97892", [:mix], [], "hexpm", "10c656c0912b8299adba9b061c06947511e3f109ab0d18b44a866a4498e77222"},
"guardian": {:hex, :guardian, "2.2.1", "5a4a949fd46eac79ef37f074ada7d1ef82e274bc99e335c286e042f5383f4f80", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "09b5c4d08f18524bd33ffe49617003cbca9f617237e23b5f42223cda61c5f052"},
"guardian": {:hex, :guardian, "2.2.3", "23fca9ed3583f3d517d17a33b179814167d987e7127cf6a30a191945e2ae7d6b", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "048bb7bafecd692208b01b4c0a919dd6865937a631332a6236674b9b4e898c63"},
"guardian_db": {:hex, :guardian_db, "2.1.0", "ec95a9d99cdd1e550555d09a7bb4a340d8887aad0697f594590c2fd74be02426", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0 or ~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "f8e7d543ac92c395f3a7fd5acbe6829faeade57d688f7562e2f0fca8f94a0d70"},
"hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~>2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
"hammer": {:hex, :hammer, "6.0.0", "72ec6fff10e9d63856968988a22ee04c4d6d5248071ddccfbda50aa6c455c1d7", [:mix], [{:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}], "hexpm", "d8e1ec2e534c4aae508b906759e077c3c1eb3e2b9425235d4b7bbab0b016210a"},
@@ -38,13 +38,13 @@
"jason": {:hex, :jason, "1.3.0", "fa6b82a934feb176263ad2df0dbd91bf633d4a46ebfdffea0c8ae82953714946", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "53fc1f51255390e0ec7e50f9cb41e751c260d065dcba2bf0d08dc51a4002c2ac"},
"jose": {:hex, :jose, "1.11.2", "f4c018ccf4fdce22c71e44d471f15f723cb3efab5d909ab2ba202b5bf35557b3", [:mix, :rebar3], [], "hexpm", "98143fbc48d55f3a18daba82d34fe48959d44538e9697c08f34200fa5f0947d2"},
"makeup": {:hex, :makeup, "1.1.0", "6b67c8bc2882a6b6a445859952a602afc1a41c2e08379ca057c0f525366fc3ca", [:mix], [{:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "0a45ed501f4a8897f580eabf99a2e5234ea3e75a4373c8a52824f6e873be57a6"},
"makeup_elixir": {:hex, :makeup_elixir, "0.15.2", "dc72dfe17eb240552857465cc00cce390960d9a0c055c4ccd38b70629227e97c", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.1", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "fd23ae48d09b32eff49d4ced2b43c9f086d402ee4fd4fcb2d7fad97fa8823e75"},
"makeup_elixir": {:hex, :makeup_elixir, "0.16.0", "f8c570a0d33f8039513fbccaf7108c5d750f47d8defd44088371191b76492b0b", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "28b2cbdc13960a46ae9a8858c4bebdec3c9a6d7b4b9e7f4ed1502f8159f338e7"},
"makeup_erlang": {:hex, :makeup_erlang, "0.1.1", "3fcb7f09eb9d98dc4d208f49cc955a34218fc41ff6b84df7c75b3e6e533cc65f", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "174d0809e98a4ef0b3309256cbf97101c6ec01c4ab0b23e926a9e17df2077cbb"},
"metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
"mime": {:hex, :mime, "2.0.2", "0b9e1a4c840eafb68d820b0e2158ef5c49385d17fb36855ac6e7e087d4b1dcc5", [:mix], [], "hexpm", "e6a3f76b4c277739e36c2e21a2c640778ba4c3846189d5ab19f97f126df5f9b7"},
"mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
"mix_test_watch": {:hex, :mix_test_watch, "1.1.0", "330bb91c8ed271fe408c42d07e0773340a7938d8a0d281d57a14243eae9dc8c3", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}], "hexpm", "52b6b1c476cbb70fd899ca5394506482f12e5f6b0d6acff9df95c7f1e0812ec3"},
"nimble_parsec": {:hex, :nimble_parsec, "1.2.2", "b99ca56bbce410e9d5ee4f9155a212e942e224e259c7ebbf8f2c86ac21d4fa3c", [:mix], [], "hexpm", "98d51bd64d5f6a2a9c6bb7586ee8129e27dfaab1140b5a4753f24dac0ba27d2f"},
"nimble_parsec": {:hex, :nimble_parsec, "1.2.3", "244836e6e3f1200c7f30cb56733fd808744eca61fd182f731eac4af635cc6d0b", [:mix], [], "hexpm", "c8d789e39b9131acf7b99291e93dae60ab48ef14a7ee9d58c6964f59efb570b0"},
"oauth2": {:hex, :oauth2, "2.0.0", "338382079fe16c514420fa218b0903f8ad2d4bfc0ad0c9f988867dfa246731b0", [:mix], [{:hackney, "~> 1.13", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "881b8364ac7385f9fddc7949379cbe3f7081da37233a1aa7aab844670a91e7e7"},
"parse_trans": {:hex, :parse_trans, "3.3.1", "16328ab840cc09919bd10dab29e431da3af9e9e7e7e6f0089dd5a2d2820011d8", [:rebar3], [], "hexpm", "07cd9577885f56362d414e8c4c4e6bdf10d43a8767abb92d24cbe8b24c54888b"},
"phoenix": {:hex, :phoenix, "1.6.6", "281c8ce8dccc9f60607346b72cdfc597c3dde134dd9df28dff08282f0b751754", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:phoenix_view, "~> 1.0", [hex: :phoenix_view, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "807bd646e64cd9dc83db016199715faba72758e6db1de0707eef0a2da4924364"},

90
omnibus/Gemfile.lock
View File

@@ -6,17 +6,17 @@ GEM
ast (2.4.2)
awesome_print (1.9.2)
aws-eventstream (1.2.0)
aws-partitions (1.543.0)
aws-sdk-core (3.125.0)
aws-partitions (1.571.0)
aws-sdk-core (3.130.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.53.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sdk-kms (1.55.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.110.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sdk-s3 (1.113.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sigv4 (1.4.0)
@@ -36,12 +36,12 @@ GEM
solve (~> 4.0)
thor (>= 0.20)
builder (3.2.4)
chef (16.17.18)
chef (16.17.51)
addressable
bcrypt_pbkdf (~> 1.1)
bundler (>= 1.10)
chef-config (= 16.17.18)
chef-utils (= 16.17.18)
chef-config (= 16.17.51)
chef-utils (= 16.17.51)
chef-vault
chef-zero (>= 14.0.11)
diff-lcs (>= 1.2.4, < 1.4.0)
@@ -74,9 +74,9 @@ GEM
tty-table (~> 0.11)
uuidtools (>= 2.1.5, < 3.0)
chef-cleanroom (1.0.4)
chef-config (16.17.18)
chef-config (16.17.51)
addressable
chef-utils (= 16.17.18)
chef-utils (= 16.17.51)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
@@ -84,7 +84,7 @@ GEM
chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
chef-utils (16.17.18)
chef-utils (16.17.51)
chef-vault (4.1.5)
chef-zero (15.0.11)
ffi-yajl (~> 2.2)
@@ -96,10 +96,10 @@ GEM
citrus (3.0.2)
cleanroom (1.0.0)
coderay (1.1.3)
concurrent-ruby (1.1.9)
concurrent-ruby (1.1.10)
contracts (0.16.1)
diff-lcs (1.3)
ed25519 (1.2.4)
ed25519 (1.3.0)
erubi (1.10.0)
erubis (2.7.0)
faraday (1.4.3)
@@ -117,7 +117,7 @@ GEM
faraday-net_http_persistent (1.2.0)
faraday_middleware (1.2.0)
faraday (~> 1.0)
ffi (1.15.4)
ffi (1.15.5)
ffi-libarchive (1.1.3)
ffi (~> 1.0)
ffi-yajl (2.4.0)
@@ -131,7 +131,7 @@ GEM
highline (2.0.3)
httpclient (2.8.3)
iniparse (1.5.0)
inspec-core (4.52.9)
inspec-core (4.56.19)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
@@ -144,7 +144,7 @@ GEM
parallel (~> 1.9)
parslet (>= 1.5, < 2.0)
pry (~> 0.13)
rspec (>= 3.9, < 3.11)
rspec (>= 3.9, <= 3.11)
rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 3.0)
semverse (~> 3.0)
@@ -156,7 +156,7 @@ GEM
tty-table (~> 0.10)
iostruct (0.0.4)
ipaddress (0.8.3)
jmespath (1.4.0)
jmespath (1.6.1)
json (2.6.1)
kitchen-vagrant (1.11.0)
test-kitchen (>= 1.4, < 4)
@@ -166,7 +166,7 @@ GEM
tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6)
tty-prompt (~> 0.20)
license_scout (1.2.13)
license_scout (1.2.15)
ffi-yajl (~> 2.2)
mixlib-shellout (>= 2.2, < 4.0)
toml-rb (>= 1, < 3)
@@ -204,7 +204,7 @@ GEM
net-ssh (>= 2.6.5)
net-ssh-gateway (>= 1.2.0)
nori (2.6.0)
octokit (4.21.0)
octokit (4.22.0)
faraday (>= 0.9)
sawyer (~> 0.8.0, >= 0.5.3)
ohai (16.17.0)
@@ -233,13 +233,13 @@ GEM
pedump
ruby-progressbar (~> 1.7)
thor (>= 0.18, < 2.0)
parallel (1.21.0)
parser (3.0.3.2)
parallel (1.22.1)
parser (3.1.1.0)
ast (~> 2.4.1)
parslet (1.8.2)
pastel (0.8.0)
tty-color (~> 0.5)
pedump (0.6.3)
pedump (0.6.5)
awesome_print
iostruct (>= 0.0.4)
multipart-post (>= 2.0.0)
@@ -252,37 +252,37 @@ GEM
method_source (~> 1.0)
public_suffix (4.0.6)
rack (2.2.3)
rainbow (3.0.0)
regexp_parser (2.2.0)
rainbow (3.1.1)
regexp_parser (2.2.1)
retryable (3.0.5)
rexml (3.2.5)
rspec (3.10.0)
rspec-core (~> 3.10.0)
rspec-expectations (~> 3.10.0)
rspec-mocks (~> 3.10.0)
rspec-core (3.10.1)
rspec-support (~> 3.10.0)
rspec-expectations (3.10.1)
rspec (3.11.0)
rspec-core (~> 3.11.0)
rspec-expectations (~> 3.11.0)
rspec-mocks (~> 3.11.0)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-support (~> 3.11.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.10.2)
rspec-mocks (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-support (3.10.3)
rubocop (1.24.0)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
rubocop (1.26.1)
parallel (~> 1.10)
parser (>= 3.0.0.0)
parser (>= 3.1.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
rubocop-ast (>= 1.15.0, < 2.0)
rubocop-ast (>= 1.16.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.15.0)
parser (>= 3.0.1.1)
rubocop-ast (1.16.0)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
@@ -315,18 +315,18 @@ GEM
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (1.1.0)
toml-rb (2.1.0)
thor (1.2.1)
toml-rb (2.1.2)
citrus (~> 3.0, > 3.0)
tomlrb (1.3.0)
train-core (3.8.6)
train-core (3.8.9)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
train-winrm (0.2.12)
train-winrm (0.2.13)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)

29
omnibus/cookbooks/firezone/attributes/default.rb
View File

@@ -25,10 +25,21 @@ require 'etc'
# These are used by the other items below. More app-specific top-level
# attributes are further down in this file.
# The fully qualified domain name. Will use the node's fqdn if nothing is
# specified. Used for generating URLs that point back to this application
# and for securing the Websocket connections to the UI.
default['firezone']['fqdn'] = (node['fqdn'] || node['hostname']).downcase
# ## External URL (REQUIRED)
#
# This will be used to generate URLs for outbound emails, websocket connections
# and OAuth redirects.
# and host headers that nginx passes along. If using a custom path, scheme, or port,
# you may want to change this, e.g. http://firezone.example.com:1234/custom-root-prefix/
default['firezone']['external_url'] = "https://#{node['fqdn'] || node['hostname']}"
# Email for the primary admin user.
default['firezone']['admin_email'] = 'firezone@localhost'
# The maximum number of devices a user can have.
# Max: 100
# Default: 10
default['firezone']['max_devices_per_user'] = 10
default['firezone']['config_directory'] = '/etc/firezone'
default['firezone']['install_directory'] = '/opt/firezone'
@@ -37,13 +48,6 @@ default['firezone']['log_directory'] = '/var/log/firezone'
default['firezone']['var_directory'] = '/var/opt/firezone'
default['firezone']['user'] = 'firezone'
default['firezone']['group'] = 'firezone'
# Email for the primary admin user.
default['firezone']['admin_email'] = 'firezone@localhost'
# The maximum number of devices a user can have.
# Max: 100
# Default: 10
default['firezone']['max_devices_per_user'] = 10
# The outgoing interface name.
# This is where tunneled traffic will exit the WireGuard tunnel.
@@ -56,7 +60,7 @@ default['firezone']['fips_enabled'] = nil
# ## Global Logging Settings
#
# Enable or disable logging. Set this to false to disable all Firezone logs.
# Enable or disable logging. Set this to false to disable Firezone logs.
default['firezone']['logging']['enabled'] = true
# ## Enterprise
@@ -184,7 +188,6 @@ default['firezone']['nginx']['rate_limiting_zone_name'] = 'firezone'
default['firezone']['nginx']['rate_limiting_backoff'] = '10m'
default['firezone']['nginx']['rate_limit'] = '10r/s'
# ## Postgres
# ### Use the bundled Postgres instance (default, recommended):

9
omnibus/cookbooks/firezone/libraries/config.rb
View File

@@ -203,9 +203,13 @@ class Firezone
# rubocop:disable Metrics/MethodLength
# rubocop:disable Metrics/AbcSize
def self.app_env(attributes, reject = [])
# rubocop:disable Metrics/CyclomaticComplexity
def self.app_env(node, reject = [])
attributes = node['firezone']
attributes = attributes.reject { |k| reject.include?(k) }
fqdn_url = "https://#{attributes['fqdn'] || node['fqdn'] || node['hostname']}"
# NOTE: All these variables must be Strings
env = {
'EGRESS_INTERFACE' => attributes['egress_interface'],
@@ -221,7 +225,7 @@ class Firezone
'DATABASE_SSL_OPTS' => attributes['database']['ssl_opts'].to_json,
'DATABASE_PARAMETERS' => attributes['database']['parameters'].to_json,
'PHOENIX_PORT' => attributes['phoenix']['port'].to_s,
'URL_HOST' => attributes['fqdn'],
'EXTERNAL_URL' => attributes['external_url'] || fqdn_url,
'ADMIN_EMAIL' => attributes['admin_email'],
'WIREGUARD_INTERFACE_NAME' => attributes['wireguard']['interface_name'],
'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s,
@@ -272,6 +276,7 @@ class Firezone
env
end
# rubocop:enable Metrics/CyclomaticComplexity
# rubocop:enable Metrics/MethodLength
# rubocop:enable Metrics/AbcSize

2
omnibus/cookbooks/firezone/recipes/app.rb
View File

@@ -53,6 +53,6 @@ end
execute 'database schema' do
command 'bin/firezone eval "FzHttp.Release.migrate"'
cwd node['firezone']['app_directory']
environment(Firezone::Config.app_env(node['firezone']))
environment(Firezone::Config.app_env(node))
user node['firezone']['user']
end

7
omnibus/cookbooks/firezone/recipes/create_admin.rb
View File

@@ -23,17 +23,20 @@ include_recipe 'firezone::config'
execute 'create_admin' do
command 'bin/firezone rpc "FzHttp.Release.create_admin_user"'
cwd node['firezone']['app_directory']
environment(Firezone::Config.app_env(node['firezone']))
environment(Firezone::Config.app_env(node))
user node['firezone']['user']
end
log 'admin_created' do
external_url =
node['firezone']['external_url'] || "https://#{node['firezone']['fqdn'] || node['fqdn'] || node['hostname']}"
msg = <<~MSG
=================================================================================
Firezone user created! Save this information because it will NOT be shown again.
Use this to sign in to the Web UI.
Use these credentials to sign in to the web UI at #{external_url}.
Email: #{node['firezone']['admin_email']}
Password: #{node['firezone']['default_admin_password']}

4
omnibus/cookbooks/firezone/recipes/phoenix.rb
View File

@@ -44,7 +44,7 @@ template 'phoenix.nginx.conf' do
variables(nginx: node['firezone']['nginx'],
logging_enabled: node['firezone']['logging']['enabled'],
phoenix: node['firezone']['phoenix'],
fqdn: node['firezone']['fqdn'],
fqdn: URI.parse(node['firezone']['external_url']).host,
fips_enabled: node['firezone']['fips_enabled'],
ssl: node['firezone']['ssl'],
app_directory: node['firezone']['app_directory'])
@@ -53,7 +53,7 @@ end
if node['firezone']['phoenix']['enabled']
component_runit_service 'phoenix' do
runit_attributes(
env: Firezone::Config.app_env(node['firezone']),
env: Firezone::Config.app_env(node),
finish: true
)
package 'firezone'

7
omnibus/cookbooks/firezone/recipes/ssl.rb
View File

@@ -56,11 +56,12 @@ if node['firezone']['ssl']['enabled']
# No certificate has been supplied; generate one
else
ssl_keyfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.key")
ssl_crtfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.crt")
host = URI.parse(node['firezone']['external_url']).host
ssl_keyfile = File.join(firezone_ca_dir, "#{host}.key")
ssl_crtfile = File.join(firezone_ca_dir, "#{host}.crt")
openssl_x509_certificate ssl_crtfile do
common_name node['firezone']['fqdn']
common_name host
org node['firezone']['ssl']['company_name']
org_unit node['firezone']['ssl']['organizational_unit_name']
country node['firezone']['ssl']['country_name']

2
omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb
View File

@@ -8,5 +8,5 @@ ST = <%= node['firezone']['ssl']['state_name'] %>
L = <%= node['firezone']['ssl']['locality_name'] %>
O = <%= node['firezone']['ssl']['company_name'] %>
OU = <%= node['firezone']['ssl']['organizational_unit_name'] %>
CN = <%= node['firezone']['fqdn'] %>
CN = <%= URI.parse(node['firezone']['external_url']).host %>
emailAddress = <%= node['firezone']['ssl']['email_address'] %>

8
scripts/install.sh
View File

@@ -80,15 +80,15 @@ mapReleaseToDistro() {
elif [[ "$hostinfo" =~ .*"Fedora 33".* && "$hostinfo" =~ .*"x86" ]]; then
image_sub_string="fedora33-x64"
elif [[ "$hostinfo" =~ .*"Fedora 33".* && "$hostinfo" =~ .*"arm64" ]]; then
image_sub_string="fedora33-x64"
image_sub_string="fedora33-arm64"
elif [[ "$hostinfo" =~ .*"Fedora 34".* && "$hostinfo" =~ .*"x86" ]]; then
image_sub_string="fedora34-x64"
elif [[ "$hostinfo" =~ .*"Fedora 34".* && "$hostinfo" =~ .*"arm64" ]]; then
image_sub_string="fedora34-x64"
image_sub_string="fedora34-arm64"
elif [[ "$hostinfo" =~ .*"Fedora Linux 35".* && "$hostinfo" =~ .*"x86" ]]; then
image_sub_string="fedora35-x64"
elif [[ "$hostinfo" =~ .*"Fedora Linux 35".* && "$hostinfo" =~ .*"arm64" ]]; then
image_sub_string="fedora35-x64"
image_sub_string="fedora35-arm64"
elif [[ "$hostinfo" =~ .*"Ubuntu 18.04".* && "$hostinfo" =~ .*"x86" ]]; then
image_sub_string="ubuntu1804-x64"
elif [[ "$hostinfo" =~ .*"Ubuntu 18.04".* && "$hostinfo" =~ .*"arm64" ]]; then
@@ -144,7 +144,7 @@ installAndDownloadArtifact() {
firezoneSetup() {
conf="/opt/firezone/embedded/cookbooks/firezone/attributes/default.rb"
sudo sed -i "s/firezone@localhost/$1/" $conf
sudo sed -i "s/default\['firezone']\['fqdn'].*/default['firezone']['fqdn'] = '$public_ip'/" $conf
sudo sed -i "s/default\['firezone']\['external_url'].*/default['firezone']['external_url'] = 'https://$public_ip'/" $conf
sudo firezone-ctl reconfigure
sudo firezone-ctl create-or-reset-admin
}