Iterate over package building

.github/workflows/build_and_publish.yml

@@ -49,5 +49,5 @@ jobs:
         with:
           upload_url: ${{ steps.create_release.outputs.upload_url }}
           asset_path: ./fireguard_${{ steps.tag_name.outputs.tag_name }}-1_amd64.deb
-          asset_name: Ubuntu 20.04 amd64 (deb)
-          asset_content_type: application/vnd.debian.binary-package
+          asset_name: Ubuntu_20.04_amd64
+        asset_content_type: application/vnd.debian.binary-package

ansible/playbook.yml

@@ -38,5 +38,5 @@
   tasks:
     - name: Install FireGuard deb
       shell: |
-        wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.0/fireguard_0.1.0-1_amd64.deb
-        dpkg -i fireguard_0.1.0-1_amd64.deb
+        wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.1/Ubuntu.20.04.amd64.deb
+        dpkg -i Ubuntu.20.04.amd64.deb

apps/fg_http/mix.exs

@@ -4,7 +4,7 @@ defmodule FgHttp.MixProject do
   def project do
     [
       app: :fg_http,
-      version: "0.1.0",
+      version: "0.1.1",
       build_path: "../../_build",
       config_path: "../../config/config.exs",
       deps_path: "../../deps",

apps/fg_vpn/README.md

@@ -10,7 +10,7 @@ by adding `fg_vpn` to your list of dependencies in `mix.exs`:
 ```elixir
 def deps do
   [
-    {:fg_vpn, "~> 0.1.0"}
+    {:fg_vpn, "~> 0.1.1"}
   ]
 end
 ```
@@ -18,4 +18,3 @@ end
 Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc)
 and published on [HexDocs](https://hexdocs.pm). Once published, the docs can
 be found at [https://hexdocs.pm/fg_vpn](https://hexdocs.pm/fg_vpn).
-

apps/fg_vpn/mix.exs

@@ -4,7 +4,7 @@ defmodule FgVpn.MixProject do
   def project do
     [
       app: :fg_vpn,
-      version: "0.1.0",
+      version: "0.1.1",
       build_path: "../../_build",
       config_path: "../../config/config.exs",
       deps_path: "../../deps",
@@ -35,9 +35,6 @@ defmodule FgVpn.MixProject do
     [
       {:credo, "~> 1.4", only: [:dev, :test], runtime: false},
       {:excoveralls, "~> 0.13", only: :test}
-      # {:dep_from_hexpm, "~> 0.3.0"},
-      # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"},
-      # {:sibling_app_in_umbrella, in_umbrella: true}
     ]
   end
 end

apps/fg_wall/README.md

@@ -10,7 +10,7 @@ by adding `fg_wall` to your list of dependencies in `mix.exs`:
 ```elixir
 def deps do
   [
-    {:fg_wall, "~> 0.1.0"}
+    {:fg_wall, "~> 0.1.1"}
   ]
 end
 ```
@@ -18,4 +18,3 @@ end
 Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc)
 and published on [HexDocs](https://hexdocs.pm). Once published, the docs can
 be found at [https://hexdocs.pm/fg_wall](https://hexdocs.pm/fg_wall).
-

apps/fg_wall/mix.exs

@@ -4,7 +4,7 @@ defmodule FgWall.MixProject do
   def project do
     [
       app: :fg_wall,
-      version: "0.1.0",
+      version: "0.1.1",
       build_path: "../../_build",
       config_path: "../../config/config.exs",
       deps_path: "../../deps",
@@ -35,9 +35,6 @@ defmodule FgWall.MixProject do
     [
       {:credo, "~> 1.4", only: [:dev, :test], runtime: false},
       {:excoveralls, "~> 0.13", only: :test}
-      # {:dep_from_hexpm, "~> 0.3.0"},
-      # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"},
-      # {:sibling_app_in_umbrella, in_umbrella: true}
     ]
   end
 end

config/config.exs

@@ -29,6 +29,7 @@ config :fg_vpn,
   pubkey: "JId8GN8iPmdQXOLSdcsSkaW4i60e1/rpHB/03rsaKBk="
 
 # Configures the endpoint
+# These will be overridden at runtime in production by config/releases.exs
 config :fg_http, FgHttpWeb.Endpoint,
   url: [host: "localhost"],
   secret_key_base: "5OVYJ83AcoQcPmdKNksuBhJFBhjHD1uUa9mDOHV/6EIdBQ6pXksIhkVeWIzFk5SD",

config/prod.exs

@@ -9,9 +9,7 @@ import Config
 # manifest is generated by the `mix phx.digest` task,
 # which you should run after static files are built and
 # before starting your production server.
-config :fg_http, FgHttpWeb.Endpoint,
-  url: [host: "example.com", port: 80],
-  cache_static_manifest: "priv/static/cache_manifest.json"
+config :fg_http, FgHttpWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
 
 # Do not print debug messages in production
 config :logger, level: :info

config/releases.exs

@@ -4,31 +4,52 @@
 # remember to add this file to your .gitignore.
 import Config
 
+config_file_path = "/opt/fireguard/config.json"
+json_data = File.read!(config_file_path)
+json_config = Jason.decode!(json_data)
+
 database_url =
-  System.get_env("DATABASE_URL") ||
+  System.get_env("DATABASE_URL") || json_config["database_url"] ||
     raise """
-    environment variable DATABASE_URL is missing.
+    config option database_url or environment variable DATABASE_URL is missing.
     For example: ecto://USER:PASS@HOST/DATABASE
     """
 
 secret_key_base =
-  System.get_env("SECRET_KEY_BASE") ||
+  System.get_env("SECRET_KEY_BASE") || json_config["secret_key_base"] ||
     raise """
-    environment variable SECRET_KEY_BASE is missing.
-    You can generate one by calling: mix phx.gen.secret
+    config option secret_key_base or environment variable SECRET_KEY_BASE is missing.
     """
 
+live_view_signing_salt =
+  System.get_env("LIVE_VIEW_SIGNING_SALT") || json_config["live_view_signing_salt"] ||
+    raise """
+    config option live_view_signing_salt or environment variable LIVE_VIEW_SIGNING_SALT is
+    missing.
+    """
+
+pool_size = String.to_integer(json_config["pool_size"] || System.get_env("POOL_SIZE") || "10")
+
+listen_port =
+  String.to_integer(json_config["listen_port"] || System.get_env("LISTEN_PORT") || "4000")
+
+listen_host = json_config["listen_host"] || System.get_env("LISTEN_HOST") || "localhost"
+
 config :fg_http, FgHttp.Repo,
   # ssl: true,
   url: database_url,
-  pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10")
+  pool_size: pool_size
 
 config :fg_http, FgHttpWeb.Endpoint,
   http: [
-    port: String.to_integer(System.get_env("PORT") || "4000"),
+    port: listen_port,
     transport_options: [socket_opts: [:inet6]]
   ],
-  secret_key_base: secret_key_base
+  url: [host: listen_host, port: listen_port],
+  secret_key_base: secret_key_base,
+  live_view: [
+    signing_salt: live_view_signing_salt
+  ]
 
 # ## Using releases (Elixir v1.9+)
 #

mix.exs

@@ -8,7 +8,7 @@ defmodule FireguardUmbrella.MixProject do
   def project do
     [
       apps_path: "apps",
-      version: "0.1.0",
+      version: "0.1.1",
       start_permanent: Mix.env() == :prod,
       test_coverage: [tool: ExCoveralls],
       preferred_cli_env: [
@@ -41,7 +41,8 @@ defmodule FireguardUmbrella.MixProject do
   defp deps do
     [
       {:excoveralls, "~> 0.13", only: :test},
-      {:mix_test_watch, "~> 1.0", only: :dev, runtime: false}
+      {:mix_test_watch, "~> 1.0", only: :dev, runtime: false},
+      {:jason, "~> 1.0"}
     ]
   end
 end

pkg/debian/DEBIAN/control

@@ -1,8 +1,8 @@
 Package: fireguard
-Version: 0.1.0-1
+Version: 0.1.1-1
 Architecture: amd64
 Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
-Depends: wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2)
+Depends: systemd (>= 245.4-4ubuntu3.3), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2)
 Section: net
 Priority: optional
 Homepage: https://cloudfire.network

pkg/debian/DEBIAN/lib/systemd/system/fireguard.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=FireGuard
+After=network.target
+
+[Service]
+Restart=on-failure
+RestartSec=1
+User=fireguard
+ExecStart=/opt/fireguard/bin/fireguard start
+
+[Install]
+WantedBy=multi-user.target

pkg/debian/DEBIAN/postinst

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -e
 
 # FireGuard package post-install script
 
@@ -6,22 +7,34 @@
 # 2. Bootstrap DB
 # 3. Generate WireGuard interface and config
 
+# Add fireguard user if not exists
+id fireguard
+if [[ ?$ -ne 0 ]]; then
+  adduser --system fireguard
+fi
+
 touch /opt/fireguard/config.yml
-chown root:root /opt/fireguard/config.yml
+chown fireguard:fireguard /opt/fireguard/config.yml
 chmod 0600 /opt/fireguard/config.yml
 
-live_reload_signing_salt="$(opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(32)")"
-secret_key_base="$(/opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(64)")"
+live_reload_signing_salt="$(openssl rand -base64 24)"
+secret_key_base="$(openssl rand -base64 48)"
 db_user=fireguard
-db_password="$(opt/fireguard/bin/fireguard eval "FgHttp.release.gen_secret(12)")"
+db_password="$(openssl rand -base64 8)"
 
-sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';"
-sudo -i -u postgres psql -c "CREATE DATABASE fireguard;"
-sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_user};"
+sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true
+sudo -i -u postgres psql -c "CREATE DATABASE fireguard;" || true
+sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to ${db_user};" || true
 
-cat <<EOT >> /opt/fireguard/config.yml
-live_reload_signing_salt: ${live_reload_signing_salt}
-secret_key_base: ${secret_key_base}
-db_user: ${db_user}
-db_password: ${db_password}
+cat <<EOT >> /opt/fireguard/config.json
+{
+  "live_reload_signing_salt": "${live_reload_signing_salt}",
+  "secret_key_base": "${secret_key_base}",
+  "database_url": "ecto://${db_user}:${db_password}@localhost/fireguard",
+  "listen_port": 4000,
+  "listen_host": "localhost"
+}
 EOT
+
+systemctl enable fireguard
+systemctl start fireguard