From 8f394ae724529f7669997c5e29b40dae4db48d59 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:05:31 -0700 Subject: [PATCH] Debian build reworking --- .ci/build_deb.sh | 10 -- .ci/build_release.sh | 13 --- .ci/build_ubuntu_18.04.sh | 20 ++++ .ci/build_ubuntu_20.04.sh | 20 ++++ .ci/functional_test.sh | 6 +- .github/workflows/ci.yml | 86 +++++++-------- .tool-versions | 2 +- mix.exs | 5 +- mix.lock | 1 - pkg/{Dockerfile => Dockerfile.amazonlinux_2} | 0 pkg/Dockerfile.centos_7 | 62 +++++++++++ pkg/Dockerfile.centos_8 | 62 +++++++++++ pkg/Dockerfile.debian_10 | 62 +++++++++++ pkg/Dockerfile.redhat_7 | 62 +++++++++++ pkg/Dockerfile.redhat_8 | 62 +++++++++++ pkg/Dockerfile.ubuntu_18.04 | 68 ++++++++++++ pkg/Dockerfile.ubuntu_20.04 | 67 +++++++++++ .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 pkg/ubuntu_18.04_arm64/DEBIAN/control | 11 ++ pkg/ubuntu_18.04_arm64/DEBIAN/postinst | 104 ++++++++++++++++++ .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 pkg/ubuntu_20.04_amd64/DEBIAN/templates | 11 ++ .../lib/systemd/system/cloudfire.service | 18 +++ pkg/ubuntu_20.04_arm64/DEBIAN/control | 11 ++ pkg/ubuntu_20.04_arm64/DEBIAN/postinst | 102 +++++++++++++++++ pkg/ubuntu_20.04_arm64/DEBIAN/templates | 11 ++ .../lib/systemd/system/cloudfire.service | 18 +++ 33 files changed, 815 insertions(+), 79 deletions(-) delete mode 100755 .ci/build_deb.sh delete mode 100755 .ci/build_release.sh create mode 100755 .ci/build_ubuntu_18.04.sh create mode 100755 .ci/build_ubuntu_20.04.sh rename pkg/{Dockerfile => Dockerfile.amazonlinux_2} (100%) create mode 100644 pkg/Dockerfile.centos_7 create mode 100644 pkg/Dockerfile.centos_8 create mode 100644 pkg/Dockerfile.debian_10 create mode 100644 pkg/Dockerfile.redhat_7 create mode 100644 pkg/Dockerfile.redhat_8 create mode 100644 pkg/Dockerfile.ubuntu_18.04 create mode 100644 pkg/Dockerfile.ubuntu_20.04 rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/postinst (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/templates (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/lib/systemd/system/cloudfire.service (100%) create mode 100644 pkg/ubuntu_18.04_arm64/DEBIAN/control create mode 100755 pkg/ubuntu_18.04_arm64/DEBIAN/postinst rename pkg/{ubuntu-20.04_amd64 => ubuntu_18.04_arm64}/DEBIAN/templates (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_18.04_arm64}/lib/systemd/system/cloudfire.service (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_20.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_20.04_amd64}/DEBIAN/postinst (100%) create mode 100644 pkg/ubuntu_20.04_amd64/DEBIAN/templates create mode 100644 pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service create mode 100644 pkg/ubuntu_20.04_arm64/DEBIAN/control create mode 100755 pkg/ubuntu_20.04_arm64/DEBIAN/postinst create mode 100644 pkg/ubuntu_20.04_arm64/DEBIAN/templates create mode 100644 pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh deleted file mode 100755 index 50241b379..000000000 --- a/.ci/build_deb.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -set -xe - -prefix=${MATRIX_OS}_${MATRIX_ARCH} - -mkdir -p pkg/$prefix/opt/cloudfire/bin -chmod +x cloudfire-${MATRIX_ARCH} -mv cloudfire-${MATRIX_ARCH} pkg/$prefix/opt/cloudfire/bin/cloudfire -dpkg-deb --build pkg/$prefix -mv pkg/$prefix.deb ./cloudfire_$prefix.deb diff --git a/.ci/build_release.sh b/.ci/build_release.sh deleted file mode 100755 index a17402632..000000000 --- a/.ci/build_release.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -set -e - -od=$(pwd) -mix local.hex --force && mix local.rebar --force -mix do deps.get, deps.compile -cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error -cd $od -npm run --prefix apps/cf_http/assets deploy -cd apps/cf_http -mix phx.digest -cd $od -mix release --overwrite --force diff --git a/.ci/build_ubuntu_18.04.sh b/.ci/build_ubuntu_18.04.sh new file mode 100755 index 000000000..32297722e --- /dev/null +++ b/.ci/build_ubuntu_18.04.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +OS="ubuntu_18.04" +ARCH=${MATRIX_ARCH:-`uname -m`} +PKG_DIR="${OS}_${ARCH}" +PKG_FILE="${PKG_DIR}.deb" +IMAGE="${OS}_${ARCH}:latest" + +docker build \ + -t $IMAGE \ + -f pkg/Dockerfile.$OS \ + --platform linux/$ARCH \ + --build-arg PKG_DIR=$PKG_DIR \ + --progress plain \ + . + +CID=$(docker create $IMAGE) +mkdir -p _build +docker cp $CID:/build/pkg/$PKG_FILE ./_build/ diff --git a/.ci/build_ubuntu_20.04.sh b/.ci/build_ubuntu_20.04.sh new file mode 100755 index 000000000..e702ea62b --- /dev/null +++ b/.ci/build_ubuntu_20.04.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +OS="ubuntu_20.04" +ARCH=${MATRIX_ARCH:-`uname -m`} +PKG_DIR="${OS}_${ARCH}" +PKG_FILE="${PKG_DIR}.deb" +IMAGE="${OS}_${ARCH}:latest" + +docker build \ + -t $IMAGE \ + -f pkg/Dockerfile.$OS \ + --platform linux/$ARCH \ + --build-arg PKG_DIR=$PKG_DIR \ + --progress plain \ + . + +CID=$(docker create $IMAGE) +mkdir -p _build +docker cp $CID:/build/pkg/$PKG_FILE ./_build/cloudfire_$PKG_FILE diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index 82a3798c4..5039d4c4e 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -2,12 +2,10 @@ set -x sudo apt-get update -sudo apt-get install -y postgresql \ +sudo apt-get install -y -q postgresql \ wireguard iptables net-tools curl ca-certificates sudo systemctl start postgresql - -file=cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb -sudo dpkg -i $file +sudo dpkg -i *.deb echo "Enabling service..." sudo systemctl start cloudfire diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a0aec6f55..850a99119 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,15 +64,25 @@ jobs: name: test screenshots path: apps/cf_http/screenshots - build-linux: + build: needs: unit-integration-test - runs-on: ubuntu-18.04 - name: Build on {{ matrix.arch }} + runs-on: ubuntu-20.04 + name: Build env: MATRIX_ARCH: ${{ matrix.arch }} + MATRIX_OS: ${{ matrix.os }} MIX_ENV: prod strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # XXX: This currently takes upwards of 10 minutes or more. Disabling for now @@ -82,10 +92,7 @@ jobs: # amd64 build - if: ${{ matrix.arch == 'amd64' }} - run: | - sudo apt-get install -q -y zstd gdebi - sudo -E bash -c '.ci/install_runtimes.sh' - sudo -E bash -c '.ci/build_release.sh' + run: .ci/build_${{ matrix.os }}.sh # arm64 build - uses: uraimo/run-on-arch-action@v2.0.10 @@ -116,69 +123,56 @@ jobs: - uses: actions/upload-artifact@v2 with: - name: cloudfire-${{ matrix.arch }} - path: _build/prod/rel/bakeware/cloudfire - - build-deb: - needs: build-linux - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - arch: amd64 - # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] - env: - MATRIX_OS: ${{ matrix.os }} - MATRIX_ARCH: ${{ matrix.arch }} - steps: - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 - with: - name: cloudfire-${{ matrix.arch }} - path: ./cloudfire-${{ matrix.arch }} - - run: .ci/build_deb.sh - - uses: actions/upload-artifact@v2 - with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} - path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: _build/cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: - needs: build-deb - runs-on: ${{ matrix.os }} + needs: build + runs-on: ubuntu-20.04 strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] - env: MATRIX_OS: ${{ matrix.os }} MATRIX_ARCH: ${{ matrix.arch }} + DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb path: ./ - - run: | - ls -lR cloudfire* - - run: sudo apt-get install -q -y wireguard - name: Test Install package - env: - DEBIAN_FRONTEND: noninteractive run: .ci/functional_test.sh - publish-deb: + publish: needs: functional-test - runs-on: ${{ matrix.os }} + runs-on: ubuntu-20.04 strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') steps: - name: Create Release diff --git a/.tool-versions b/.tool-versions index 3c8e6982c..709b34441 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,3 @@ erlang 24.0.3 -elixir 1.12.1-otp-24 +elixir 1.12.2-otp-24 nodejs lts diff --git a/mix.exs b/mix.exs index ed1810868..cc6b8c87b 100644 --- a/mix.exs +++ b/mix.exs @@ -22,15 +22,13 @@ defmodule CloudfireUmbrella.MixProject do default_release: :cloudfire, releases: [ cloudfire: [ - # Don't seem to be needed for bakeware releases - # include_executables_for: [:unix], + include_executables_for: [:unix], validate_compile_env: false, applications: [ cf_http: :permanent, cf_wall: :permanent, cf_vpn: :permanent ], - steps: [:assemble, &Bakeware.assemble/1], cookie: System.get_env("ERL_COOKIE") ] ] @@ -44,7 +42,6 @@ defmodule CloudfireUmbrella.MixProject do # Run "mix help deps" for examples and options. defp deps do [ - {:bakeware, "~> 0.2.0", runtime: false}, {:excoveralls, "~> 0.13", only: :test}, {:mix_test_watch, "~> 1.0", only: :dev, runtime: false}, {:dialyxir, "~> 1.0", only: [:dev], runtime: false} diff --git a/mix.lock b/mix.lock index 5b6652d65..2d0999c3c 100644 --- a/mix.lock +++ b/mix.lock @@ -1,6 +1,5 @@ %{ "argon2_elixir": {:hex, :argon2_elixir, "2.4.0", "2a22ea06e979f524c53b42b598fc6ba38cdcbc977a155e33e057732cfb1fb311", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "4ea82e183cf8e7f66dab1f767fedcfe6a195e140357ef2b0423146b72e0a551d"}, - "bakeware": {:hex, :bakeware, "0.2.0", "e2efb323cc25e857ac2869f0d25a92cac55ed6e1f53399cb5c035d211d27d5ce", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "cad65fcf20162d60c2a159238d1ebfa1f9763b5d671b0992caf1777be42fe3ae"}, "bamboo": {:hex, :bamboo, "1.7.1", "7f0946e8c9081ce10d347cdba33c247c7c1c4f7dddc194ab0633603ef879bbdf", [:mix], [{:hackney, ">= 1.15.2", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.4", [hex: :mime, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.1", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "5fb34c3ab638fc409deec47c1e91f9d78ad95bf22ccb153588b434e1ff1aa730"}, "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"}, "certifi": {:hex, :certifi, "2.6.1", "dbab8e5e155a0763eea978c913ca280a6b544bfa115633fa20249c3d396d9493", [:rebar3], [], "hexpm", "524c97b4991b3849dd5c17a631223896272c6b0af446778ba4675a1dff53bb7e"}, diff --git a/pkg/Dockerfile b/pkg/Dockerfile.amazonlinux_2 similarity index 100% rename from pkg/Dockerfile rename to pkg/Dockerfile.amazonlinux_2 diff --git a/pkg/Dockerfile.centos_7 b/pkg/Dockerfile.centos_7 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.centos_7 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.centos_8 b/pkg/Dockerfile.centos_8 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.centos_8 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.debian_10 b/pkg/Dockerfile.debian_10 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.debian_10 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.redhat_7 b/pkg/Dockerfile.redhat_7 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.redhat_7 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.redhat_8 b/pkg/Dockerfile.redhat_8 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.redhat_8 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04 new file mode 100644 index 000000000..d97296a57 --- /dev/null +++ b/pkg/Dockerfile.ubuntu_18.04 @@ -0,0 +1,68 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-bionic-20210325 + +# Overridden by build script +ARG PKG_DIR + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + gdebi \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - +RUN apt-get install -y --no-install-recommends nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +COPY apps/cf_common/mix.exs ./apps/cf_common/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN echo "How about that pkg dir huh: $PKG_DIR" +RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/Dockerfile.ubuntu_20.04 b/pkg/Dockerfile.ubuntu_20.04 new file mode 100644 index 000000000..95a6a7443 --- /dev/null +++ b/pkg/Dockerfile.ubuntu_20.04 @@ -0,0 +1,67 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-focal-20210325 + +# Overridden by build script +ARG PKG_DIR + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + gdebi \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +COPY apps/cf_common/mix.exs ./apps/cf_common/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/control b/pkg/ubuntu_18.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/control rename to pkg/ubuntu_18.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/postinst rename to pkg/ubuntu_18.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/templates b/pkg/ubuntu_18.04_amd64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/templates rename to pkg/ubuntu_18.04_amd64/DEBIAN/templates diff --git a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service rename to pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/control b/pkg/ubuntu_18.04_arm64/DEBIAN/control new file mode 100644 index 000000000..2976c311c --- /dev/null +++ b/pkg/ubuntu_18.04_arm64/DEBIAN/control @@ -0,0 +1,11 @@ +Package: cloudfire +Version: 0.1.7-1 +Architecture: arm64 +Maintainer: CloudFire, LLC +Depends: net-tools (>= 1.60+git20161116.90da8a0-1ubuntu1), systemd (>= 237-3ubuntu10.48), openssl (>= 1.1.1-1ubuntu2.1~18.04.9), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 9.6), iptables (>= 1.6.1-2ubuntu2) +Section: net +Priority: optional +Homepage: https://cloudfire.network +Description: Web UI + Firewall manager for WireGuard™ + Provides a web-based UI that allows you to configure WireGuard™ VPN tunnels and + set up firewall rules for your devices. diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/postinst b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst new file mode 100755 index 000000000..519ded256 --- /dev/null +++ b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +set -xe + +ls -la /opt/cloudfire/bin + +# CloudFire package post-install script + +# 1. Generate secrets +# 2. Bootstrap DB +# 3. Generate WireGuard interface and config + +# All created files are 0600 by default +umask 077 + +# Add cloudfire user if not exists +if id cloudfire &>/dev/null; then + echo "cloudfire user exists... not creating." +else + echo "creating system user cloudfire" + useradd --system cloudfire +fi + +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_user=cloudfire + +# base64 includes forward slashes which are problematic in the +# db_url connect string, so use hex. +db_password="$(openssl rand -hex 16)" + +db_key="$(openssl rand -base64 32)" + +# Setup DB +# XXX: Remove || true and detect actual failures +su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true" +su postgres -c "psql -c \"CREATE DATABASE cloudfire;\" || true" +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};\" || true" + +# Write CloudFire SSL files +mkdir -p /opt/cloudfire/ssl +hostname=$(hostname) +openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout /opt/cloudfire/ssl/key.pem \ + -out /opt/cloudfire/ssl/cert.pem \ + -days 365 -subj "/CN=${hostname}" + +wg genkey > /opt/cloudfire/server.key + +# Write CloudFire config files +cat <> /opt/cloudfire/config.env +# This file is loaded into CloudFire's Environment upon launch to configure it. + +# This is used to ensure secure communication with the live web views. +# Re-generate this with "openssl rand -base64 24". All existing web views will +# need to be refreshed. +LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}" + +# This is used to secure cookies among other things. +# You can regenerate this with "openssl rand -base64 48". All existing clients +# will be signed out. +SECRET_KEY_BASE="${secret_key_base}" + +# The URL to connect to your DB. Assumes the database has been created and this +# user has privileges to create and modify tables. +DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire" + +# The HTTPS port to listen on. Defaults to 8800. +HTTPS_LISTEN_PORT=8800 + +# The address to bind the HTTPS server to. Defaults to "127.0.0.1" +HTTPS_LISTEN_ADDRESS=127.0.0.1 + +# The WireGuard port to listen on. Defaults to 51820. +WG_LISTEN_PORT=51820 + +# The address for the WireGuard endpoint. Defaults to the address of the +# default egress interface if not set. +WG_ENDPOINT_ADDRESS= + +# The Base64-encoded key for encrypted database fields. +DB_ENCRYPTION_KEY=${db_key} + +# SSL certificate file and key path. Self-signed certs are generated for you on +# install, but it's highly recommended to replace these with valid certs. +# Free certs can be obtained at https://letsencrypt.org. +SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem +SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem + +# Path to the intermediate certificates file. (usually not required) +# SSL_CA_CERT_FILE= + +# Host to use for generating links back to the application, such as in +# outbound emails. Defaults to "localhost". +# URL_HOST=${hostname} + +# For security, it's recommended to leave signups disabled and instead create +# users via the CLI. +DISABLE_SIGNUP=yes +EOT + +# Set perms +chown -R cloudfire:root /opt/cloudfire +chmod 0644 /opt/cloudfire/ssl/cert.pem diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/templates b/pkg/ubuntu_18.04_arm64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/templates rename to pkg/ubuntu_18.04_arm64/DEBIAN/templates diff --git a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service rename to pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/control b/pkg/ubuntu_20.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/control rename to pkg/ubuntu_20.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/postinst b/pkg/ubuntu_20.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/postinst rename to pkg/ubuntu_20.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu_20.04_amd64/DEBIAN/templates b/pkg/ubuntu_20.04_amd64/DEBIAN/templates new file mode 100644 index 000000000..a87b06715 --- /dev/null +++ b/pkg/ubuntu_20.04_amd64/DEBIAN/templates @@ -0,0 +1,11 @@ +Template: cloudfire/config +Type: note +Description: config file + CloudFire's config file is located at /opt/cloudfire/config.yml. Only root + should be able to view and edit this file. Random secrets and passwords have + been generated and saved for you already. + +Template: cloudfire/access +Type: note +Description: access instructions + CloudFire has been installed successfully and is running on port 8443! diff --git a/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service new file mode 100644 index 000000000..774566ee8 --- /dev/null +++ b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudFire +Requires=postgresql.service +After=postgresql.service + +[Service] +Restart=on-failure +RestartSec=1 +User=cloudfire +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH +EnvironmentFile=/opt/cloudfire/config.env +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" +ExecStart=/opt/cloudfire/bin/cloudfire start +ExecStartPost=/bin/sleep 5 +ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" + +[Install] +WantedBy=multi-user.target diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/control b/pkg/ubuntu_20.04_arm64/DEBIAN/control new file mode 100644 index 000000000..5dab5cfae --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/control @@ -0,0 +1,11 @@ +Package: cloudfire +Version: 0.1.7-1 +Architecture: arm64 +Maintainer: CloudFire, LLC +Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.2), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 12+214ubuntu0.1), iptables (>= 1.8.4-3ubuntu2) +Section: net +Priority: optional +Homepage: https://cloudfire.network +Description: Web UI + Firewall manager for WireGuard™ + Provides a web-based UI that allows you to configure WireGuard VPN tunnels and + set up firewall rules for your devices. diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/postinst b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst new file mode 100755 index 000000000..1550a4ebe --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst @@ -0,0 +1,102 @@ +#!/usr/bin/env bash +set -e + +# CloudFire package post-install script + +# 1. Generate secrets +# 2. Bootstrap DB +# 3. Generate WireGuard interface and config + +# Add cloudfire user if not exists +if id cloudfire &>/dev/null; then + echo "cloudfire user exists... not creating." +else + echo "creating system user cloudfire" + useradd --system cloudfire +fi + +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_user=cloudfire + +# base64 includes forward slashes which are problematic in the +# db_url connect string, so use hex. +db_password="$(openssl rand -hex 16)" + +db_key="$(openssl rand -base64 32)" + +# Setup DB +sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true +sudo -i -u postgres psql -c "CREATE DATABASE cloudfire;" || true +sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true + +# Write CloudFire SSL files +mkdir -p /opt/cloudfire/ssl +chown -R cloudfire:root /opt/cloudfire/ssl +hostname=$(hostname) +openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout /opt/cloudfire/ssl/key.pem \ + -out /opt/cloudfire/ssl/cert.pem \ + -days 365 -subj "/CN=${hostname}" +chmod 0600 /opt/cloudfire/ssl/key.pem +chmod 0644 /opt/cloudfire/ssl/cert.pem + +# Write CloudFire config files +touch /opt/cloudfire/config.env +chmod 0600 /opt/cloudfire/config.env +chown -R cloudfire:root /opt/cloudfire +cat <> /opt/cloudfire/config.env +# This file is loaded into CloudFire's Environment upon launch to configure it. + +# This is used to ensure secure communication with the live web views. +# Re-generate this with "openssl rand -base64 24". All existing web views will +# need to be refreshed. +LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}" + +# This is used to secure cookies among other things. +# You can regenerate this with "openssl rand -base64 48". All existing clients +# will be signed out. +SECRET_KEY_BASE="${secret_key_base}" + +# The URL to connect to your DB. Assumes the database has been created and this +# user has privileges to create and modify tables. +DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire" + +# The HTTPS port to listen on. Defaults to 8800. +HTTPS_LISTEN_PORT=8800 + +# The address to bind the HTTPS server to. Defaults to "127.0.0.1" +HTTPS_LISTEN_ADDRESS=127.0.0.1 + +# The WireGuard port to listen on. Defaults to 51820. +WG_LISTEN_PORT=51820 + +# The address for the WireGuard endpoint. Defaults to the address of the +# default egress interface if not set. +WG_ENDPOINT_ADDRESS= + +# The Base64-encoded key for encrypted database fields. +DB_ENCRYPTION_KEY=${db_key} + +# SSL certificate file and key path. Self-signed certs are generated for you on +# install, but it's highly recommended to replace these with valid certs. +# Free certs can be obtained at https://letsencrypt.org. +SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem +SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem + +# Path to the intermediate certificates file. (usually not required) +# SSL_CA_CERT_FILE= + +# Host to use for generating links back to the application, such as in +# outbound emails. Defaults to "localhost". +# URL_HOST=${hostname} + +# For security, it's recommended to leave signups disabled and instead create +# users via the CLI. +DISABLE_SIGNUP=yes +EOT + +umask 077 +wg genkey > /opt/cloudfire/server.key +chown cloudfire:root /opt/cloudfire/server.key diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/templates b/pkg/ubuntu_20.04_arm64/DEBIAN/templates new file mode 100644 index 000000000..a87b06715 --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/templates @@ -0,0 +1,11 @@ +Template: cloudfire/config +Type: note +Description: config file + CloudFire's config file is located at /opt/cloudfire/config.yml. Only root + should be able to view and edit this file. Random secrets and passwords have + been generated and saved for you already. + +Template: cloudfire/access +Type: note +Description: access instructions + CloudFire has been installed successfully and is running on port 8443! diff --git a/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service new file mode 100644 index 000000000..774566ee8 --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudFire +Requires=postgresql.service +After=postgresql.service + +[Service] +Restart=on-failure +RestartSec=1 +User=cloudfire +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH +EnvironmentFile=/opt/cloudfire/config.env +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" +ExecStart=/opt/cloudfire/bin/cloudfire start +ExecStartPost=/bin/sleep 5 +ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" + +[Install] +WantedBy=multi-user.target