github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 02:18:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Expose device defaults in config file

Browse Source
This commit is contained in:
Jamil Bou Kheir
2022-01-27 15:10:20 -08:00
parent 7026dd72c0
commit 7101503f4d
24 changed files with 206 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
apps/fz_http/lib/fz_http/devices.ex
View File

@@ -136,6 +136,20 @@ defmodule FzHttp.Devices do
end)
end
def new_device do
change_device(%Device{})
end
def endpoint(device) do
if device.use_default_endpoint do
Settings.default_device_endpoint() ||
Application.fetch_env!(:fz_http, :wireguard_endpoint) ||
ConnectivityChecks.endpoint()
else
device.endpoint
end
end
def allowed_ips(device) do
if device.use_default_allowed_ips do
Settings.default_device_allowed_ips() ||
@@ -145,29 +159,19 @@ defmodule FzHttp.Devices do
end
end
def dns_servers(device) do
if device.use_default_dns_servers do
Settings.default_device_dns_servers() || Application.fetch_env!(:fz_http, :wireguard_dns)
def dns(device) do
if device.use_default_dns do
Settings.default_device_dns() ||
Application.fetch_env!(:fz_http, :wireguard_dns)
else
device.dns_servers
end
end
def new_device do
change_device(%Device{})
end
def endpoint(device) do
if device.use_default_endpoint do
Settings.default_device_endpoint() || ConnectivityChecks.endpoint()
else
device.endpoint
device.dns
end
end
def mtu(device) do
if device.use_default_mtu do
Settings.default_device_mtu()
Settings.default_device_mtu() ||
Application.fetch_env!(:fz_http, :wireguard_mtu)
else
device.mtu
end
@@ -176,7 +180,7 @@ defmodule FzHttp.Devices do
def persistent_keepalive(device) do
if device.use_default_persistent_keepalive do
Settings.default_device_persistent_keepalive() ||
Application.fetch_env!(:fz_http, :persistent_keepalive)
Application.fetch_env!(:fz_http, :wireguard_persistent_keepalive)
else
device.persistent_keepalive
end
@@ -185,7 +189,7 @@ defmodule FzHttp.Devices do
def defaults(changeset) do
~w(
use_default_allowed_ips
use_default_dns_servers
use_default_dns
use_default_endpoint
use_default_mtu
use_default_persistent_keepalive
@@ -202,11 +206,11 @@ defmodule FzHttp.Devices do
PrivateKey = #{device.private_key}
Address = #{inet(device)}
#{mtu_config(device)}
#{dns_servers_config(device)}
#{dns_config(device)}
[Peer]
PublicKey = #{device.server_public_key}
AllowedIPs = #{allowed_ips(device)}
#{allowed_ips_config(device)}
Endpoint = #{endpoint(device)}:#{wireguard_port}
#{persistent_keepalive_config(device)}
"""
@@ -226,44 +230,58 @@ defmodule FzHttp.Devices do
defp mtu_config(device) do
m = mtu(device)
if is_nil(m) do
if field_empty?(m) do
""
else
"MTU = #{m}"
end
end
defp allowed_ips_config(device) do
a = allowed_ips(device)
if field_empty?(a) do
""
else
"AllowedIPs = #{a}"
end
end
defp persistent_keepalive_config(device) do
pk = persistent_keepalive(device)
if is_nil(pk) do
if field_empty?(pk) do
""
else
"PersistentKeepalive = #{pk}"
end
end
defp dns_servers_config(device) when is_struct(device) do
dns_servers = dns_servers(device)
defp dns_config(device) when is_struct(device) do
dns = dns(device)
if dns_servers_empty?(dns_servers) do
if field_empty?(dns) do
""
else
"DNS = #{dns_servers}"
"DNS = #{dns}"
end
end
defp dns_servers_empty?(nil), do: true
defp field_empty?(nil), do: true
defp dns_servers_empty?(dns_servers) when is_binary(dns_servers) do
defp field_empty?(0), do: true
defp field_empty?(field) when is_binary(field) do
len =
dns_servers
field
|> String.trim()
|> String.length()
len == 0
end
defp field_empty?(_), do: false
defp ipv4? do
Application.fetch_env!(:fz_http, :wireguard_ipv4_enabled)
end

16
apps/fz_http/lib/fz_http/devices/device.ex
View File

@@ -25,7 +25,7 @@ defmodule FzHttp.Devices.Device do
field :name, :string
field :public_key, :string
field :use_default_allowed_ips, :boolean, read_after_writes: true, default: true
field :use_default_dns_servers, :boolean, read_after_writes: true, default: true
field :use_default_dns, :boolean, read_after_writes: true, default: true
field :use_default_endpoint, :boolean, read_after_writes: true, default: true
field :use_default_mtu, :boolean, read_after_writes: true, default: true
field :use_default_persistent_keepalive, :boolean, read_after_writes: true, default: true
@@ -33,7 +33,7 @@ defmodule FzHttp.Devices.Device do
field :mtu, :integer
field :persistent_keepalive, :integer
field :allowed_ips, :string
field :dns_servers, :string
field :dns, :string
field :private_key, FzHttp.Encrypted.Binary
field :server_public_key, :string
field :remote_ip, EctoNetwork.INET
@@ -70,12 +70,12 @@ defmodule FzHttp.Devices.Device do
device
|> cast(attrs, [
:use_default_allowed_ips,
:use_default_dns_servers,
:use_default_dns,
:use_default_endpoint,
:use_default_mtu,
:use_default_persistent_keepalive,
:allowed_ips,
:dns_servers,
:dns,
:endpoint,
:mtu,
:persistent_keepalive,
@@ -103,21 +103,21 @@ defmodule FzHttp.Devices.Device do
])
|> validate_required_unless_default([
:allowed_ips,
:dns_servers,
:dns,
:endpoint,
:mtu,
:persistent_keepalive
])
|> validate_omitted_if_default([
:allowed_ips,
:dns_servers,
:dns,
:endpoint,
:persistent_keepalive,
:mtu
])
|> validate_list_of_ips_or_cidrs(:allowed_ips)
|> validate_list_of_ips(:dns_servers)
|> validate_no_duplicates(:dns_servers)
|> validate_list_of_ips(:dns)
|> validate_no_duplicates(:dns)
|> validate_fqdn_or_ip(:endpoint)
|> validate_number(:persistent_keepalive,
greater_than_or_equal_to: 0,

2
apps/fz_http/lib/fz_http/settings.ex
View File

@@ -12,7 +12,7 @@ defmodule FzHttp.Settings do
def_settings(~w(
default.device.allowed_ips
default.device.dns_servers
default.device.dns
default.device.endpoint
default.device.mtu
default.device.persistent_keepalive

3
apps/fz_http/lib/fz_http/settings/setting.ex
View File

@@ -47,7 +47,7 @@ defmodule FzHttp.Settings.Setting do
defp validate_setting(changeset), do: changeset
defp validate_kv_pair(changeset, "default.device.dns_servers") do
defp validate_kv_pair(changeset, "default.device.dns") do
changeset
|> validate_list_of_ips(:value)
|> validate_no_duplicates(:value)
@@ -55,7 +55,6 @@ defmodule FzHttp.Settings.Setting do
defp validate_kv_pair(changeset, "default.device.allowed_ips") do
changeset
|> validate_required(:value)
|> validate_list_of_ips_or_cidrs(:value)
|> validate_no_duplicates(:value)
end

2
apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex
View File

@@ -19,7 +19,7 @@ defmodule FzHttpWeb.DeviceLive.FormComponent do
|> assign(assigns)
|> assign(Devices.defaults(changeset))
|> assign(:default_device_allowed_ips, Settings.default_device_allowed_ips())
|> assign(:default_device_dns_servers, Settings.default_device_dns_servers())
|> assign(:default_device_dns, Settings.default_device_dns())
|> assign(:default_device_endpoint, default_device_endpoint)
|> assign(:default_device_mtu, default_device_mtu)
|> assign(

14
apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex
View File

@@ -38,29 +38,29 @@
</div>
<div class="field">
<%= label f, :use_default_dns_servers, "Use Default DNS Servers", class: "label" %>
<%= label f, :use_default_dns, "Use Default DNS Servers", class: "label" %>
<div class="control">
<label class="radio">
<%= radio_button f, :use_default_dns_servers, true %>
<%= radio_button f, :use_default_dns, true %>
Yes
</label>
<label class="radio">
<%= radio_button f, :use_default_dns_servers, false %>
<%= radio_button f, :use_default_dns, false %>
No
</label>
</div>
<p class="help">
Default: <%= @default_device_dns_servers %>
Default: <%= @default_device_dns %>
</p>
</div>
<div class="field">
<%= label f, :dns_servers, "DNS Servers", class: "label" %>
<%= label f, :dns, "DNS Servers", class: "label" %>
<div class="control">
<%= text_input f, :dns_servers, class: "input", disabled: @use_default_dns_servers %>
<%= text_input f, :dns, class: "input", disabled: @use_default_dns %>
</div>
<p class="help is-danger">
<%= error_tag f, :dns_servers %>
<%= error_tag f, :dns %>
</p>
</div>

2
apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex
View File

@@ -60,7 +60,7 @@
<tr>
<td><strong>DNS Servers</strong></td>
<td><%= @dns_servers || "None" %></td>
<td><%= @dns || "None" %></td>
</tr>
<tr>

2
apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex
View File

@@ -85,7 +85,7 @@ defmodule FzHttpWeb.DeviceLive.Show do
user: Users.get_user!(device.user_id),
page_title: device.name,
allowed_ips: Devices.allowed_ips(device),
dns_servers: Devices.dns_servers(device),
dns: Devices.dns(device),
endpoint: Devices.endpoint(device),
mtu: Devices.mtu(device),
persistent_keepalive: Devices.persistent_keepalive(device),

12
apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex
View File

@@ -15,7 +15,7 @@
<%= live_component(
FzHttpWeb.SettingLive.DefaultFormComponent,
label_text: "Allowed IPs",
placeholder: nil,
placeholder: @allowed_ips_placeholder,
changeset: @changesets["default.device.allowed_ips"],
help_text: @help_texts.allowed_ips,
id: :allowed_ips_form_component) %>
@@ -23,10 +23,10 @@
<%= live_component(
FzHttpWeb.SettingLive.DefaultFormComponent,
label_text: "DNS Servers",
placeholder: nil,
changeset: @changesets["default.device.dns_servers"],
help_text: @help_texts.dns_servers,
id: :dns_servers_form_component) %>
placeholder: @dns_placeholder,
changeset: @changesets["default.device.dns"],
help_text: @help_texts.dns,
id: :dns_form_component) %>
<%= live_component(
FzHttpWeb.SettingLive.DefaultFormComponent,
@@ -39,7 +39,7 @@
<%= live_component(
FzHttpWeb.SettingLive.DefaultFormComponent,
label_text: "Persistent Keepalive",
placeholder: "0",
placeholder: @persistent_keepalive_placeholder,
changeset: @changesets["default.device.persistent_keepalive"],
help_text: @help_texts.persistent_keepalive,
id: :persistent_keepalive_form_component) %>

2
apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex
View File

@@ -13,7 +13,7 @@ defmodule FzHttpWeb.SettingLive.Default do
Firezone. Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use
<code>0.0.0.0/0, ::/0</code> to route all device traffic through this Firezone server.
""",
dns_servers: """
dns: """
Comma-separated list of DNS servers to use for devices.
Leaving this blank will omit the <code>DNS</code> section in
generated device configs.

21
apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs
View File

@@ -15,11 +15,20 @@ defmodule FzHttp.Repo.Migrations.CreateSettings do
now = DateTime.utc_now()
execute """
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.dns_servers', null, '#{now}', '#{now}'),
('default.device.allowed_ips', null, '#{now}', '#{now}'),
('default.device.endpoint', null, '#{now}', '#{now}')
"""
execute(
"""
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.dns_servers', null, '#{now}', '#{now}'),
('default.device.allowed_ips', null, '#{now}', '#{now}'),
('default.device.endpoint', null, '#{now}', '#{now}')
""",
"""
DELETE FROM settings WHERE key IN (
'default.device.dns_servers',
'default.device.allowed_ips',
'default.device.endpoint'
)
"""
)
end
end

13
apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs
View File

@@ -9,9 +9,14 @@ defmodule FzHttp.Repo.Migrations.AddPersistentKeepalives do
now = DateTime.utc_now()
execute """
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.persistent_keepalives', null, '#{now}', '#{now}')
"""
execute(
"""
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.persistent_keepalives', null, '#{now}', '#{now}')
""",
"""
DELETE FROM settings WHERE key = 'default.device.persistent_keepalives'
"""
)
end
end

13
apps/fz_http/priv/repo/migrations/20220111004847_add_mtu_to_devices.exs
View File

@@ -9,9 +9,14 @@ defmodule FzHttp.Repo.Migrations.AddMtuToDevices do
now = DateTime.utc_now()
execute """
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.mtu', null, '#{now}', '#{now}')
"""
execute(
"""
INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \
('default.device.mtu', null, '#{now}', '#{now}')
""",
"""
DELETE FROM settings WHERE key = 'default.device.mtu'
"""
)
end
end

21
apps/fz_http/priv/repo/migrations/20220127191440_rename_dns_servers_to_dns.exs Normal file
View File

@@ -0,0 +1,21 @@
defmodule FzHttp.Repo.Migrations.RenameDnsServersToDns do
use Ecto.Migration
def change do
execute(
"""
UPDATE settings
SET key = 'default.device.dns'
WHERE key = 'default.device.dns_servers'
""",
"""
UPDATE settings
SET key = 'default.device.dns_servers'
WHERE key = 'default.device.dns'
"""
)
rename table(:devices), :dns_servers, to: :dns
rename table(:devices), :use_default_dns_servers, to: :use_default_dns
end
end

30
apps/fz_http/test/fz_http/devices_test.exs
View File

@@ -110,17 +110,17 @@ defmodule FzHttp.DevicesTest do
use_default_allowed_ips: false
}
@valid_dns_servers_attrs %{
use_default_dns_servers: false,
dns_servers: "1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001"
@valid_dns_attrs %{
use_default_dns: false,
dns: "1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001"
}
@invalid_dns_servers_attrs %{
dns_servers: "8.8.8.8, 1.1.1, 1.0.0, 1.1.1."
@invalid_dns_attrs %{
dns: "8.8.8.8, 1.1.1, 1.0.0, 1.1.1."
}
@duplicate_dns_servers_attrs %{
dns_servers: "8.8.8.8, 1.1.1.1, 1.1.1.1, ::1, ::1, ::1, ::1, ::1, 8.8.8.8"
@duplicate_dns_attrs %{
dns: "8.8.8.8, 1.1.1.1, 1.1.1.1, ::1, ::1, ::1, ::1, ::1, 8.8.8.8"
}
@valid_allowed_ips_attrs %{
@@ -167,9 +167,9 @@ defmodule FzHttp.DevicesTest do
assert @attrs = test_device
end
test "updates device with valid dns_servers", %{device: device} do
{:ok, test_device} = Devices.update_device(device, @valid_dns_servers_attrs)
assert @valid_dns_servers_attrs = test_device
test "updates device with valid dns", %{device: device} do
{:ok, test_device} = Devices.update_device(device, @valid_dns_attrs)
assert @valid_dns_attrs = test_device
end
test "updates device with valid ipv4 endpoint", %{device: device} do
@@ -214,19 +214,19 @@ defmodule FzHttp.DevicesTest do
}
end
test "prevents updating device with invalid dns_servers", %{device: device} do
{:error, changeset} = Devices.update_device(device, @invalid_dns_servers_attrs)
test "prevents updating device with invalid dns", %{device: device} do
{:error, changeset} = Devices.update_device(device, @invalid_dns_attrs)
assert changeset.errors[:dns_servers] == {
assert changeset.errors[:dns] == {
"is invalid: 1.1.1 is not a valid IPv4 / IPv6 address",
[]
}
end
test "prevents assigning duplicate DNS servers", %{device: device} do
{:error, changeset} = Devices.update_device(device, @duplicate_dns_servers_attrs)
{:error, changeset} = Devices.update_device(device, @duplicate_dns_attrs)
assert changeset.errors[:dns_servers] == {
assert changeset.errors[:dns] == {
"is invalid: duplicate DNS servers are not allowed: 1.1.1.1, ::1, 8.8.8.8",
[]
}

10
apps/fz_http/test/fz_http/settings_test.exs
View File

@@ -4,7 +4,7 @@ defmodule FzHttp.SettingsTest do
alias FzHttp.Settings
@setting_keys ~w(
default.device.dns_servers
default.device.dns
default.device.allowed_ips
default.device.endpoint
default.device.mtu
@@ -17,14 +17,14 @@ defmodule FzHttp.SettingsTest do
@valid_settings [
%{
"default.device.dns_servers" => "8.8.8.8",
"default.device.dns" => "8.8.8.8",
"default.device.allowed_ips" => "::/0",
"default.device.endpoint" => "172.10.10.10",
"default.device.persistent_keepalive" => "20",
"default.device.mtu" => "1280"
},
%{
"default.device.dns_servers" => "8.8.8.8",
"default.device.dns" => "8.8.8.8",
"default.device.allowed_ips" => "::/0",
"default.device.endpoint" => "foobar.example.com",
"default.device.persistent_keepalive" => "15",
@@ -32,8 +32,8 @@ defmodule FzHttp.SettingsTest do
}
]
@invalid_settings %{
"default.device.dns_servers" => "foobar",
"default.device.allowed_ips" => nil,
"default.device.dns" => "foobar",
"default.device.allowed_ips" => "foobar",
"default.device.endpoint" => "foobar",
"default.device.persistent_keepalive" => "-120",
"default.device.mtu" => "1501"

30
apps/fz_http/test/fz_http_web/live/device_live/show_test.exs
View File

@@ -13,12 +13,12 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
@allowed_ips_unchanged %{
"device" => %{"use_default_allowed_ips" => "true", "allowed_ips" => @allowed_ips}
}
@dns_servers "8.8.8.8, 8.8.4.4"
@dns_servers_change %{
"device" => %{"use_default_dns_servers" => "false", "dns_servers" => @dns_servers}
@dns "8.8.8.8, 8.8.4.4"
@dns_change %{
"device" => %{"use_default_dns" => "false", "dns" => @dns}
}
@dns_servers_unchanged %{
"device" => %{"use_default_dns_servers" => "true", "dns_servers" => @dns_servers}
@dns_unchanged %{
"device" => %{"use_default_dns" => "true", "dns" => @dns}
}
@wireguard_endpoint "6.6.6.6"
@endpoint_change %{
@@ -45,8 +45,8 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
@default_allowed_ips_change %{
"device" => %{"use_default_allowed_ips" => "false"}
}
@default_dns_servers_change %{
"device" => %{"use_default_dns_servers" => "false"}
@default_dns_change %{
"device" => %{"use_default_dns" => "false"}
}
@default_endpoint_change %{
"device" => %{"use_default_endpoint" => "false"}
@@ -103,7 +103,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
assert test_view =~ "must not be present"
end
test "prevents dns_servers changes when use_default_dns_servers is true", %{
test "prevents dns changes when use_default_dns is true", %{
authed_conn: conn,
device: device
} do
@@ -113,7 +113,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
test_view =
view
|> form("#edit-device")
|> render_submit(@dns_servers_unchanged)
|> render_submit(@dns_unchanged)
assert test_view =~ "must not be present"
end
@@ -179,19 +179,19 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
assert html =~ "AllowedIPs = #{@allowed_ips}"
end
test "allows dns_servers changes", %{authed_conn: conn, device: device} do
test "allows dns changes", %{authed_conn: conn, device: device} do
path = Routes.device_show_path(conn, :edit, device)
{:ok, view, _html} = live(conn, path)
view
|> form("#edit-device")
|> render_submit(@dns_servers_change)
|> render_submit(@dns_change)
flash = assert_redirected(view, Routes.device_show_path(conn, :show, device))
assert flash["info"] == "Device updated successfully."
{:ok, _view, html} = live(conn, path)
assert html =~ "DNS = #{@dns_servers}"
assert html =~ "DNS = #{@dns}"
end
test "allows endpoint changes", %{authed_conn: conn, device: device} do
@@ -265,17 +265,17 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do
"""
end
test "on use_default_dns_servers change", %{authed_conn: conn, device: device} do
test "on use_default_dns change", %{authed_conn: conn, device: device} do
path = Routes.device_show_path(conn, :edit, device)
{:ok, view, _html} = live(conn, path)
test_view =
view
|> form("#edit-device")
|> render_change(@default_dns_servers_change)
|> render_change(@default_dns_change)
assert test_view =~ """
<input class="input" id="edit-device_dns_servers" name="device[dns_servers]" type="text"/>\
<input class="input" id="edit-device_dns" name="device[dns]" type="text"/>\
"""
end

36
apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs
View File

@@ -7,7 +7,7 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
@valid_allowed_ips %{
"setting" => %{"value" => "1.1.1.1"}
}
@valid_dns_servers %{
@valid_dns %{
"setting" => %{"value" => "1.1.1.1"}
}
@valid_endpoint %{
@@ -17,7 +17,7 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
@invalid_allowed_ips %{
"setting" => %{"value" => "foobar"}
}
@invalid_dns_servers %{
@invalid_dns %{
"setting" => %{"value" => "foobar"}
}
@invalid_endpoint %{
@@ -32,8 +32,12 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
end
test "renders current settings", %{html: html} do
assert html =~ Settings.default_device_allowed_ips()
assert html =~ Settings.default_device_dns_servers()
assert html =~
(Settings.default_device_allowed_ips() ||
Application.fetch_env!(:fz_http, :wireguard_allowed_ips))
assert html =~
(Settings.default_device_dns() || Application.fetch_env!(:fz_http, :wireguard_dns))
assert html =~ """
id="endpoint_form_component"\
@@ -61,11 +65,11 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
"""
end
test "shows Save button after dns_servers form is changed", %{view: view} do
test "shows Save button after dns form is changed", %{view: view} do
test_view =
view
|> element("#dns_servers_form_component")
|> render_change(@valid_dns_servers)
|> element("#dns_form_component")
|> render_change(@valid_dns)
assert test_view =~ """
<button class="button is-primary" type="submit">Save</button>\
@@ -92,20 +96,20 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
refute test_view =~ "is invalid"
assert test_view =~ """
<input class="input is-success" id="allowed_ips_form_component_value" name="setting[value]" type="text" value="1.1.1.1"/>\
<input class="input is-success" id="allowed_ips_form_component_value" name="setting[value]" placeholder="0.0.0.0/0, ::/0" type="text" value="1.1.1.1"/>\
"""
end
test "updates default dns_servers", %{view: view} do
test "updates default dns", %{view: view} do
test_view =
view
|> element("#dns_servers_form_component")
|> render_submit(@valid_dns_servers)
|> element("#dns_form_component")
|> render_submit(@valid_dns)
refute test_view =~ "is invalid"
assert test_view =~ """
<input class="input is-success" id="dns_servers_form_component_value" name="setting[value]" type="text" value="1.1.1.1"/>\
<input class="input is-success" id="dns_form_component_value" name="setting[value]" placeholder="1.1.1.1, 1.0.0.1" type="text" value="1.1.1.1"/>\
"""
end
@@ -135,16 +139,16 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do
"""
end
test "prevents invalid dns_servers", %{view: view} do
test "prevents invalid dns", %{view: view} do
test_view =
view
|> element("#dns_servers_form_component")
|> render_submit(@invalid_dns_servers)
|> element("#dns_form_component")
|> render_submit(@invalid_dns)
assert test_view =~ "is invalid"
refute test_view =~ """
<input id="dns_servers_form_component" class="input is-success"\
<input id="dns_form_component" class="input is-success"\
"""
end

2
apps/fz_http/test/support/fixtures/settings_fixtures.ex
View File

@@ -9,7 +9,7 @@ defmodule FzHttp.SettingsFixtures do
@doc """
Generate a setting.
"""
def setting_fixture(key \\ "default.device.dns_servers") do
def setting_fixture(key \\ "default.device.dns") do
Settings.get_setting!(key: key)
end
end

1
config/config.exs
View File

@@ -43,6 +43,7 @@ config :posthog,
config :fz_http,
url_host: "firezone.dev",
wireguard_endpoint: nil,
wireguard_dns: "1.1.1.1, 1.0.0.1",
wireguard_allowed_ips: "0.0.0.0/0, ::/0",
wireguard_persistent_keepalive: 0,

1
config/releases.exs
View File

@@ -31,6 +31,7 @@ wireguard_ipv6_enabled = FzString.to_boolean(System.fetch_env!("WIREGUARD_IPV6_E
wireguard_ipv6_network = System.fetch_env!("WIREGUARD_IPV6_NETWORK")
wireguard_ipv6_address = System.fetch_env!("WIREGUARD_IPV6_ADDRESS")
wireguard_mtu = System.fetch_env!("WIREGUARD_MTU")
wireguard_endpoint = System.fetch_env!("WIREGUARD_ENDPOINT")
telemetry_enabled = FzString.to_boolean(System.fetch_env!("TELEMETRY_ENABLED"))
telemetry_module =

7
docs/docs/reference/configuration-file.md
View File

@@ -112,9 +112,10 @@ Shown below is a complete listing of the configuration options available in
| `default['firezone']['wireguard']['log_rotation']['num_to_keep']` | Number of WireGuard log files to keep. | `10` |
| `default['firezone']['wireguard']['interface_name']` | WireGuard interface name. | `'wg-firezone'` |
| `default['firezone']['wireguard']['port']` | WireGuard listen port. | `51820` |
| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU. | `1420` |
| `default['firezone']['wireguard']['dns']` | Default DNS servers to use for generated device configurations. | `'1.1.1.1, 1.0.0.1'` |
| `default['firezone']['wireguard']['allowed_ips']` | Default AllowedIPs to use for generated device configurations. | `'0.0.0.0/0, ::/0'` |
| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU for this server and for device configurations. | `1420` |
| `default['firezone']['wireguard']['endpoint']` | WireGuard `Endpoint` to use for generating device configurations. If `nil`, defaults to the server's public IP address. | `nil` |
| `default['firezone']['wireguard']['dns']` | WireGuard `DNS` to use for generated device configurations. | `'1.1.1.1, 1.0.0.1'` |
| `default['firezone']['wireguard']['allowed_ips']` | WireGuard `AllowedIPs` to use for generated device configurations. | `'0.0.0.0/0, ::/0'` |
| `default['firezone']['wireguard']['persistent_keepalive']` | Default PersistentKeepalive setting for generated device configurations. A value of 0 disables. | `0` |
| `default['firezone']['wireguard']['ipv4']['enabled']` | Enable or disable IPv4 for WireGuard network. | `true` |
| `default['firezone']['wireguard']['ipv4']['network']` | WireGuard network IPv4 address pool. | `'10.3.2.0/24'` |

19
omnibus/cookbooks/firezone/attributes/default.rb
View File

@@ -209,22 +209,31 @@ default['firezone']['wireguard']['log_rotation']['num_to_keep'] = 10
# The WireGuard interface name Firezone will apply configuration settings to.
default['firezone']['wireguard']['interface_name'] = 'wg-firezone'
# WireGuard listen port
default['firezone']['wireguard']['port'] = 51820
# WireGuard interface MTU
default['firezone']['wireguard']['mtu'] = 1420
# Default AllowedIPs to use for generated device configs. Default is to
# route all traffic through the tunnel: '0.0.0.0/0, ::/0'
# WireGuard endpoint
# By default, the public IP address of this server is used as the Endpoint
# field for generating Device configs. Override this if you wish to change.
default['firezone']['wireguard']['endpoint'] = nil
# Default AllowedIPs to use for generated device configs specified as a comma-separated
# list of IPv4 / IPv6 CIDRs.
# Default is to tunnel all IPv4 and IPv6 traffic with '0.0.0.0/0, ::/0'
default['firezone']['wireguard']['allowed_ips'] = '0.0.0.0/0, ::/0'
# Default DNS servers to use for generated device configs. Default is
# CloudFlare DNS, '1.1.1.1, 1.0.0.1'
# Default DNS servers to use for generated device configs.
# Defaults to CloudFlare's public DNS. Set to nil to omit DNS from generated
# device configurations.
default['firezone']['wireguard']['dns'] = '1.1.1.1, 1.0.0.1'
# Default PersistentKeepalive setting to use for generated device configs.
# See https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
# Default is 0 which disables PersistentKeepalive.
# Set to 0 or nil to disable. Default 0.
default['firezone']['wireguard']['persistent_keepalive'] = 0
# Enable or disable IPv4 connectivity in your WireGuard network. Default enabled.

1
omnibus/cookbooks/firezone/libraries/config.rb
View File

@@ -238,6 +238,7 @@ class Firezone
'WIREGUARD_INTERFACE_NAME' => attributes['wireguard']['interface_name'],
'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s,
'WIREGUARD_MTU' => attributes['wireguard']['mtu'].to_s,
'WIREGUARD_ENDPOINT' => attributes['wireguard']['endpoint'].to_s,
'WIREGUARD_DNS' => attributes['wireguard']['dns'].to_s,
'WIREGUARD_ALLOWED_IPS' => attributes['wireguard']['allowed_ips'].to_s,
'WIREGUARD_PERSISTENT_KEEPALIVE' => attributes['wireguard']['persistent_keepalive'].to_s,