From e3b9214a9713853be2d74cd205ff983a5a3a4b7c Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:27:15 -0700 Subject: [PATCH 01/42] Testing debs again --- .ci/build_deb.sh | 9 ++ .ci/install_runtimes.sh | 4 +- .github/workflows/ci.yml | 109 ++++++++++++------ .tool-versions | 1 - apps/cf_common/lib/config_file.ex | 26 ----- apps/cf_common/lib/fake_file.ex | 23 ---- apps/cf_common/test/config_file_test.exs | 37 ------ config/releases.exs | 38 +++--- pkg/ubuntu-18.04/DEBIAN/control | 11 ++ pkg/ubuntu-18.04/DEBIAN/postinst | 103 +++++++++++++++++ pkg/ubuntu-18.04/DEBIAN/templates | 11 ++ .../lib/systemd/system/cloudfire.service | 18 +++ scripts/init_config.sh | 30 ----- scripts/install.sh | 42 ------- 14 files changed, 242 insertions(+), 220 deletions(-) create mode 100755 .ci/build_deb.sh delete mode 100644 apps/cf_common/lib/config_file.ex delete mode 100644 apps/cf_common/lib/fake_file.ex delete mode 100644 apps/cf_common/test/config_file_test.exs create mode 100644 pkg/ubuntu-18.04/DEBIAN/control create mode 100755 pkg/ubuntu-18.04/DEBIAN/postinst create mode 100644 pkg/ubuntu-18.04/DEBIAN/templates create mode 100644 pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service delete mode 100755 scripts/init_config.sh delete mode 100755 scripts/install.sh diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh new file mode 100755 index 000000000..75f11c47b --- /dev/null +++ b/.ci/build_deb.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +set -e + +od=$(pwd) +mkdir -p pkg/${MATRIX_OS}/opt/bin +rsync --delete -a _build/prod/rel/bakeware/cloudfire pkg/${MATRIX_OS}/opt/bin/ +cd pkg +dpkg-deb --build ${MATRIX_OS} +mv -f ${MATRIX_OS}.deb ../cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb diff --git a/.ci/install_runtimes.sh b/.ci/install_runtimes.sh index b23e72732..7f9a24abb 100755 --- a/.ci/install_runtimes.sh +++ b/.ci/install_runtimes.sh @@ -3,9 +3,9 @@ set -e os_name='ubuntu~bionic' -curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~${os_name}_${arch}.deb +curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~${os_name}_${MATRIX_ARCH}.deb curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~${os_name}_all.deb gdebi --non-interactive *.deb curl -sL https://deb.nodesource.com/setup_14.x | bash - -apt-get install -y -q gcc g++ make nodejs cargo +apt-get install -y -q gcc g++ make nodejs diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ca039bf1..c97000fef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,10 +13,13 @@ jobs: POSTGRES_HOST: localhost GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} MATRIX_OS: ubuntu-18.04 - arch: amd64 + MATRIX_ARCH: amd64 + strategy: + matrix: + postgres: [9.6, 10, 11, 12, 13] services: postgres: - image: postgres:13 + image: postgres:${{ matrix.postgres }} ports: - 5432:5432 env: @@ -61,13 +64,14 @@ jobs: runs-on: ubuntu-18.04 name: Build on {{ matrix.arch }} env: - arch: ${{ matrix.arch }} + MATRIX_ARCH: ${{ matrix.arch }} MIX_ENV: prod strategy: matrix: include: - arch: amd64 - - arch: arm64 + # XXX: This currently takes upwards of 10 minutes or more. Disabling for now + # - arch: arm64 steps: - uses: actions/checkout@v2 @@ -79,47 +83,82 @@ jobs: sudo -E bash -c '.ci/build_release.sh' # arm64 build - # XXX: This currently takes upwards of 10 minutes or more. Disabling for - # now. - # - uses: uraimo/run-on-arch-action@v2.0.10 - # if: ${{ matrix.arch == 'arm64' }} - # name: Run on arm64 - # with: - # arch: aarch64 - # install: | - # # No obvious way to load a script file here, so needs inlining :-( - # apt-get update -q -y - # apt-get install -q -y gcc g++ make curl gdebi zstd - # - # curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb - # curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~ubuntu~bionic_all.deb - # gdebi --non-interactive esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb - # gdebi --non-interactive elixir_1.12.0-1~ubuntu~bionic_all.deb - # - # curl -sL https://deb.nodesource.com/setup_14.x | bash - - # apt-get install -y -q nodejs - # dockerRunArgs: | - # --volume "${PWD}:/app" - # distro: ubuntu18.04 - # env: | - # arch: arm64 - # githubToken: ${{ github.token }} - # run: | - # cd /app - # bash -c '.ci/build_release.sh' + - uses: uraimo/run-on-arch-action@v2.0.10 + if: ${{ matrix.arch == 'arm64' }} + with: + arch: aarch64 + install: | + # No obvious way to load a script file here, so needs inlining :-( + apt-get update -q -y + apt-get install -q -y gcc g++ make curl gdebi zstd + + curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb + curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~ubuntu~bionic_all.deb + gdebi --non-interactive esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb + gdebi --non-interactive elixir_1.12.0-1~ubuntu~bionic_all.deb + + curl -sL https://deb.nodesource.com/setup_14.x | bash - + apt-get install -y -q nodejs + dockerRunArgs: | + --volume "${PWD}:/app" + distro: ubuntu18.04 + env: | + arch: arm64 + githubToken: ${{ github.token }} + run: | + cd /app + bash -c '.ci/build_release.sh' - uses: actions/upload-artifact@v2 with: name: cloudfire-${{ matrix.arch }} path: _build/prod/rel/bakeware/cloudfire - functional-test: + build-deb: needs: build-linux runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-18.04] + include: + - arch: amd64 + # - arch: arm64 + os: [ubuntu-18.04, ubuntu-20.04] + services: + postgres: + image: postgres:13 + ports: + - 5432:5432 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: actions/checkout@v2 + - uses: actions/download-artifact@v2 + with: + name: cloudfire-${{ matrix.arch }} + - run: .ci/build_deb.sh + - uses: actions/upload-artifact@v2 + with: + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + + functional-test: + needs: build-deb + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - arch: amd64 + # - arch: arm64 + os: [ubuntu-18.04, ubuntu-20.04] + env: + MATRIX_ARCH: ${{ matrix.arch }} MATRIX_OS: ${{ matrix.os }} services: postgres: @@ -138,7 +177,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - name: cloudfire-amd64 + name: cloudfire-${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package env: diff --git a/.tool-versions b/.tool-versions index 7d8c873e8..3c8e6982c 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,4 +1,3 @@ erlang 24.0.3 elixir 1.12.1-otp-24 nodejs lts -rust system diff --git a/apps/cf_common/lib/config_file.ex b/apps/cf_common/lib/config_file.ex deleted file mode 100644 index 0657a4539..000000000 --- a/apps/cf_common/lib/config_file.ex +++ /dev/null @@ -1,26 +0,0 @@ -defmodule CfCommon.ConfigFile do - @moduledoc """ - Common config file operations. - """ - - def load! do - %{} = Jason.decode!(file_module().read!(config_path())) - end - - def write!(config) do - config_path() - |> file_module().write!(Jason.encode!(config), [:write]) - end - - def exists? do - file_module().exists?(config_path()) - end - - defp config_path do - System.fetch_env!("HOME") <> "/.cloudfire/config.json" - end - - defp file_module do - Application.fetch_env!(:cf_common, :config_file_module) - end -end diff --git a/apps/cf_common/lib/fake_file.ex b/apps/cf_common/lib/fake_file.ex deleted file mode 100644 index 3ec88d4bc..000000000 --- a/apps/cf_common/lib/fake_file.ex +++ /dev/null @@ -1,23 +0,0 @@ -defmodule CfCommon.FakeFile do - @moduledoc """ - Provides mocked file operations for testing ConfigFile - """ - - @json ~s({ - "database_url": "ecto://postgres:postgres@127.0.0.1/cloudfire", - "secret_key_base": "fMjyDw9RpP5+f8klEmeEWnBQKd2H7uKH/PQpOTug6vybretclzaE1k4Y3O2Bw8lX", - "live_view_signing_salt": "EHcSipS+bFTFYMbFmvVR8lAuwYyfqcTE", - "db_encryption_key": "8Wgh3dPubt6q4Y1PlYRuG9v50zQE+QTUzh8mJnkw+jc=", - "ssl_cert_file": "$HOME/.cloudfire/ssl/cert.pem", - "ssl_key_file": "$HOME/.cloudfire/ssl/key.pem", - "url_host": "localhost", - "wg_server_key": "KDp9lQ6OAi/VrfgYo5VIAqCJFs1Gs55GZRDoA7W8500=", - "https_listen_port": "8800", - "https_listen_address": "127.0.0.1", - "wg_listen_port": "51820" - }) - - def read!(_), do: @json - def write!(_, _, [:write]), do: :ok - def exists?(_), do: true -end diff --git a/apps/cf_common/test/config_file_test.exs b/apps/cf_common/test/config_file_test.exs deleted file mode 100644 index f973a0c27..000000000 --- a/apps/cf_common/test/config_file_test.exs +++ /dev/null @@ -1,37 +0,0 @@ -defmodule CfCommon.ConfigFileTest do - use ExUnit.Case, async: true - - alias CfCommon.ConfigFile - - @expected_config %{ - "database_url" => "ecto://postgres:postgres@127.0.0.1/cloudfire", - "secret_key_base" => "fMjyDw9RpP5+f8klEmeEWnBQKd2H7uKH/PQpOTug6vybretclzaE1k4Y3O2Bw8lX", - "live_view_signing_salt" => "EHcSipS+bFTFYMbFmvVR8lAuwYyfqcTE", - "db_encryption_key" => "8Wgh3dPubt6q4Y1PlYRuG9v50zQE+QTUzh8mJnkw+jc=", - "ssl_cert_file" => "$HOME/.cloudfire/ssl/cert.pem", - "ssl_key_file" => "$HOME/.cloudfire/ssl/key.pem", - "url_host" => "localhost", - "wg_server_key" => "KDp9lQ6OAi/VrfgYo5VIAqCJFs1Gs55GZRDoA7W8500=", - "https_listen_port" => "8800", - "https_listen_address" => "127.0.0.1", - "wg_listen_port" => "51820" - } - - describe "load!" do - test "loads stubbed config" do - assert ConfigFile.load!() == @expected_config - end - end - - describe "write!" do - test "returns :ok" do - assert ConfigFile.write!(@expected_config) == :ok - end - end - - describe "exists?" do - test "returns true" do - assert ConfigFile.exists?() - end - end -end diff --git a/config/releases.exs b/config/releases.exs index 84d624d9a..b2be8f544 100644 --- a/config/releases.exs +++ b/config/releases.exs @@ -3,33 +3,23 @@ # although such is generally not recommended and you have to # remember to add this file to your .gitignore. import Config -alias CfCommon.{CLI, ConfigFile} - -unless ConfigFile.exists?() do - raise(~s""" - Config file ~/.cloudfire/config.json not found. Try initializing a default one with: - - curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/init_config.sh | bash - - """) -end - -config_file = ConfigFile.load!() +alias CfCommon.CLI # Required environment variables -database_url = Map.fetch!(config_file, "database_url") -secret_key_base = Map.fetch!(config_file, "secret_key_base") -live_view_signing_salt = Map.fetch!(config_file, "live_view_signing_salt") -ssl_cert_file = Map.fetch!(config_file, "ssl_cert_file") -ssl_key_file = Map.fetch!(config_file, "ssl_key_file") +database_url = System.fetch_env!("DATABASE_URL") +secret_key_base = System.fetch_env!("SECRET_KEY_BASE") +live_view_signing_salt = System.fetch_env!("LIVE_VIEW_SIGNING_SALT") +ssl_cert_file = System.fetch_env!("SSL_CERT_FILE") +ssl_key_file = System.fetch_env!("SSL_KEY_FILE") disable_signup = - case config_file["disable_signup"] do + case System.get_env("DISABLE_SIGNUP") do d when d in ["1", "yes"] -> true _ -> false end ssl_ca_cert_file = - case config_file["ssl_ca_cert_file"] do + case System.get_env("SSL_CA_CERT_FILE") do "" -> nil s = _ -> s end @@ -41,10 +31,10 @@ default_egress_address = # Optional environment variables pool_size = max(:erlang.system_info(:logical_processors_available), 10) queue_target = 500 -https_listen_port = String.to_integer(Map.get(config_file, "https_listen_port", "8800")) -wg_listen_port = Map.get(config_file, "wg_listen_port", "51820") -wg_endpoint_address = Map.get(config_file, "wg_endpoint_address", default_egress_address) -url_host = Map.get(config_file, "url_host", "localhost") +https_listen_port = String.to_integer(System.get_env("HTTPS_LISTEN_PORT", "8800")) +wg_listen_port = System.get_env("WG_LISTEN_PORT", "51820") +wg_endpoint_address = System.get_env("WG_ENDPOINT_ADDRESS", default_egress_address) +url_host = System.get_env("URL_HOST", "localhost") config :cf_http, disable_signup: disable_signup @@ -76,7 +66,7 @@ config :cf_http, CfHttpWeb.Endpoint, config :cf_vpn, vpn_endpoint: wg_endpoint_address <> ":" <> wg_listen_port, - private_key: Map.fetch!(config_file, "wg_server_key") |> String.trim() + private_key: File.read!("/opt/cloudfire/server.key") |> String.trim() # ## Using releases (Elixir v1.9+) # @@ -96,7 +86,7 @@ config :cf_http, CfHttp.Vault, # # In Cloak 2.0, this will be the default iv length for AES.GCM. tag: "AES.GCM.V1", - key: Base.decode64!(Map.fetch!(config_file, "db_encryption_key")), + key: Base.decode64!(System.fetch_env!("DB_ENCRYPTION_KEY")), iv_length: 12 } ] diff --git a/pkg/ubuntu-18.04/DEBIAN/control b/pkg/ubuntu-18.04/DEBIAN/control new file mode 100644 index 000000000..5cd8a7356 --- /dev/null +++ b/pkg/ubuntu-18.04/DEBIAN/control @@ -0,0 +1,11 @@ +Package: cloudfire +Version: 0.1.7-1 +Architecture: amd64 +Maintainer: CloudFire, LLC +Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.2), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 12+214ubuntu0.1), iptables (>= 1.8.4-3ubuntu2) +Section: net +Priority: optional +Homepage: https://cloudfire.network +Description: Web UI + Firewall manager for WireGuard™ + Provides a web-based UI that allows you to configure WireGuard™ VPN tunnels and + set up firewall rules for your devices. diff --git a/pkg/ubuntu-18.04/DEBIAN/postinst b/pkg/ubuntu-18.04/DEBIAN/postinst new file mode 100755 index 000000000..eae65db08 --- /dev/null +++ b/pkg/ubuntu-18.04/DEBIAN/postinst @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +set -e + +# CloudFire package post-install script + +# 1. Generate secrets +# 2. Bootstrap DB +# 3. Generate WireGuard interface and config + +# Add cloudfire user if not exists +if id cloudfire &>/dev/null; then + echo "cloudfire user exists... not creating." +else + echo "creating system user cloudfire" + useradd --system cloudfire +fi + +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_user=cloudfire + +# base64 includes forward slashes which are problematic in the +# db_url connect string, so use hex. +db_password="$(openssl rand -hex 16)" + +db_key="$(openssl rand -base64 32)" + +# Setup DB +# XXX: Remove || true and detect actual failures +sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true +sudo -i -u postgres psql -c "CREATE DATABASE cloudfire;" || true +sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true + +# Write CloudFire SSL files +mkdir -p /opt/cloudfire/ssl +chown -R cloudfire:root /opt/cloudfire/ssl +hostname=$(hostname) +openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout /opt/cloudfire/ssl/key.pem \ + -out /opt/cloudfire/ssl/cert.pem \ + -days 365 -subj "/CN=${hostname}" +chmod 0600 /opt/cloudfire/ssl/key.pem +chmod 0644 /opt/cloudfire/ssl/cert.pem + +# Write CloudFire config files +touch /opt/cloudfire/config.env +chmod 0600 /opt/cloudfire/config.env +chown -R cloudfire:root /opt/cloudfire +cat <> /opt/cloudfire/config.env +# This file is loaded into CloudFire's Environment upon launch to configure it. + +# This is used to ensure secure communication with the live web views. +# Re-generate this with "openssl rand -base64 24". All existing web views will +# need to be refreshed. +LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}" + +# This is used to secure cookies among other things. +# You can regenerate this with "openssl rand -base64 48". All existing clients +# will be signed out. +SECRET_KEY_BASE="${secret_key_base}" + +# The URL to connect to your DB. Assumes the database has been created and this +# user has privileges to create and modify tables. +DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire" + +# The HTTPS port to listen on. Defaults to 8800. +HTTPS_LISTEN_PORT=8800 + +# The address to bind the HTTPS server to. Defaults to "127.0.0.1" +HTTPS_LISTEN_ADDRESS=127.0.0.1 + +# The WireGuard port to listen on. Defaults to 51820. +WG_LISTEN_PORT=51820 + +# The address for the WireGuard endpoint. Defaults to the address of the +# default egress interface if not set. +WG_ENDPOINT_ADDRESS= + +# The Base64-encoded key for encrypted database fields. +DB_ENCRYPTION_KEY=${db_key} + +# SSL certificate file and key path. Self-signed certs are generated for you on +# install, but it's highly recommended to replace these with valid certs. +# Free certs can be obtained at https://letsencrypt.org. +SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem +SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem + +# Path to the intermediate certificates file. (usually not required) +# SSL_CA_CERT_FILE= + +# Host to use for generating links back to the application, such as in +# outbound emails. Defaults to "localhost". +# URL_HOST=${hostname} + +# For security, it's recommended to leave signups disabled and instead create +# users via the CLI. +DISABLE_SIGNUP=yes +EOT + +umask 077 +wg genkey > /opt/cloudfire/server.key +chown cloudfire:root /opt/cloudfire/server.key diff --git a/pkg/ubuntu-18.04/DEBIAN/templates b/pkg/ubuntu-18.04/DEBIAN/templates new file mode 100644 index 000000000..a87b06715 --- /dev/null +++ b/pkg/ubuntu-18.04/DEBIAN/templates @@ -0,0 +1,11 @@ +Template: cloudfire/config +Type: note +Description: config file + CloudFire's config file is located at /opt/cloudfire/config.yml. Only root + should be able to view and edit this file. Random secrets and passwords have + been generated and saved for you already. + +Template: cloudfire/access +Type: note +Description: access instructions + CloudFire has been installed successfully and is running on port 8443! diff --git a/pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service b/pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service new file mode 100644 index 000000000..f79151fbc --- /dev/null +++ b/pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudFire +Requires=postgresql.service +After=postgresql.service + +[Service] +Restart=on-failure +RestartSec=1 +User=cloudfire +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH +EnvironmentFile=/opt/cloudfire/config.env +ExecStartPre=/opt//bin/cloudfire eval "CfHttp.Release.migrate" +ExecStart=/opt/cloudfire/bin/cloudfire start +ExecStartPost=sleep 5 +ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" + +[Install] +WantedBy=multi-user.target diff --git a/scripts/init_config.sh b/scripts/init_config.sh deleted file mode 100755 index 0063a0818..000000000 --- a/scripts/init_config.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash -set -e - -mkdir -p $HOME/.cloudfire/ssl -hostname=$(hostname) -openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ - -keyout $HOME/.cloudfire/ssl/key.pem \ - -out $HOME/.cloudfire/ssl/cert.pem \ - -days 365 -subj "/CN=${hostname}" -chmod 0600 $HOME/.cloudfire/ssl/key.pem -chmod 0644 $HOME/.cloudfire/ssl/cert.pem -secret_key_base="$(openssl rand -base64 48)" -live_view_signing_salt="$(openssl rand -base64 24)" -db_encryption_key="$(openssl rand -base64 32)" -wg_server_key="$(wg genkey)" -config="$HOME/.cloudfire/config.json" -touch $config -chmod 0600 $config -cat <> $config -{ - "database_url": "ecto://postgres:postgres@127.0.0.1/cloudfire", - "secret_key_base": "${secret_key_base}", - "live_view_signing_salt": "${live_view_signing_salt}", - "db_encryption_key": "${db_encryption_key}", - "ssl_cert_file": "${HOME}/.cloudfire/ssl/cert.pem", - "ssl_key_file": "${HOME}/.cloudfire/ssl/key.pem", - "url_host": "${hostname}", - "wg_server_key": "$(wg genkey)" -} -EOT diff --git a/scripts/install.sh b/scripts/install.sh deleted file mode 100755 index ef3ea9883..000000000 --- a/scripts/install.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env bash -set -e - -# 1. Detect OS -# 2. -# 3. Download latest release -# 4. Set capabilities with sudo -# 5. Init config file -# 6. Display welcome message: - # - Edit config to configure your DB access and SSL certs - # - Add to PATH - # - How to launch CloudFire -bin="$HOME/.cloudfire/bin/cloudfire" -os=`uname` -if [ ! $os = "Linux" ]; then - echo "${os} unsupported. Only Linux is supported." - exit -1 -fi - - -# Exit if already installed -if [ -f $bin ]; then - echo "${bin} exists. Aborting. If you'd like to upgrade your installation run\ - $bin --upgrade" - exit 0 -fi - -echo 'Initializing default configuration...' -if [ -f "init_config.sh" ]; then - ./init_config.sh -else - curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/init_config.sh | bash - -fi - -echo 'Downloading the latest release...' -# XXX: Detect architecture and download appropriate binary -mkdir -p $HOME/.cloudfire/bin -curl https://github.com/CloudFire-LLC/cloudfire/releases/download/latest/cloudfire_amd64 > $bin - -# Ambient capabilities handles this -# echo 'Setting Linux capabilities on the binary... sudo is required' -# sudo bash -c "setcap 'cap_net_admin,cap_net_raw,cap_dac_read_search' $bin" From 492a578bc0ecaf06055317b15f23053b197eed01 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:38:43 -0700 Subject: [PATCH 02/42] Fix build_deb script --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 75f11c47b..ad174edea 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -3,7 +3,7 @@ set -e od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin -rsync --delete -a _build/prod/rel/bakeware/cloudfire pkg/${MATRIX_OS}/opt/bin/ +mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/bin/cloudfire cd pkg dpkg-deb --build ${MATRIX_OS} mv -f ${MATRIX_OS}.deb ../cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb From 1d0c2bd3130bff8a938d019ade8a96ff9ed00967 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:41:38 -0700 Subject: [PATCH 03/42] update README with old instructions --- README.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 4d8533dc5..1576cde42 100644 --- a/README.md +++ b/README.md @@ -45,22 +45,18 @@ For now, `cloudfire` assumes these apps are all running on the same host. Prerequisites: 1. Postgresql Server 9.6 or higher. Access can be configured in - `~/.cloudfire/config.json` after installation. + `/opt/cloudfire/config.env` after installation. 2. `wg`, `openssl`, `ip`, and `iptables` must be in your PATH. -Then you can install `cloudfire` with: - -`curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/install.sh | bash -` - -This will download the `cloudfire` binary, initialize the config directory, and -print further instructions to the console. +Then you can install `cloudfire` by [downloading the appropriate package +from the releases page](https://github.com/CloudFire-LLC/cloudfire/releases). ## Creating additional admin users You may create additional admin users with the following command: ```bash -cloudfire rpc 'CfHttp.Users.create_user( +/opt/cloudfire/bin/cloudfire rpc 'CfHttp.Users.create_user( email: "USER_EMAIL", password: "USER_PASSWORD", password_confirmation: "USER_PASSWORD" From af143b3494801faba0a5edfdc8aedc949d66ff85 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:47:06 -0700 Subject: [PATCH 04/42] Remove postgres dependency when building --- .github/workflows/ci.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c97000fef..9529d29a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,19 +123,6 @@ jobs: - arch: amd64 # - arch: arm64 os: [ubuntu-18.04, ubuntu-20.04] - services: - postgres: - image: postgres:13 - ports: - - 5432:5432 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 From 078105b7d104343d2c431624f5ebb55ba7747cd2 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:49:51 -0700 Subject: [PATCH 05/42] Functional test across the whole matrix --- .ci/functional_test.sh | 31 ++++++++++++++----------------- .github/workflows/ci.yml | 3 ++- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index 2f3263de6..992c5872f 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -1,27 +1,24 @@ #!/usr/bin/env bash -set -e +set -x -chmod +x cloudfire +sudo apt-get update +sudo apt-get install -y postgresql \ + wireguard iptables net-tools curl ca-certificates +sudo systemctl start postgresql +sudo dpkg -i cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb -# Needed because binaries built with Bakeware assume directory exists -mkdir $HOME/.cache - -echo "Initializing default config..." -curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/${GITHUB_SHA}/scripts/init_config.sh | bash - - -# Create DB -export PGPASSWORD=postgres # used by psql -sudo -E -u postgres psql -d postgres -h localhost -c "CREATE DATABASE cloudfire;" - -# Start by running migrations always -./cloudfire eval "CfHttp.Release.migrate" - -# Start in the background -./cloudfire & +echo "Enabling service..." +sudo systemctl start cloudfire # Wait for app to start sleep 10 +echo "Service status..." +sudo systemctl status cloudfire.service + +echo "Printing service logs..." +sudo journalctl -u cloudfire.service + echo "Trying to load homepage..." curl -i -vvv -k https://$(hostname):8800/ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9529d29a0..904589232 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -139,6 +139,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: + postgres: [9.6, 10, 11, 12, 13] include: - arch: amd64 # - arch: arm64 @@ -149,7 +150,7 @@ jobs: MATRIX_OS: ${{ matrix.os }} services: postgres: - image: postgres:13 + image: postgres:${{ matrix.postgres }} ports: - 5432:5432 env: From 607548aa33585770624bdbb9a8008b6240fd7ad2 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 15:50:55 -0700 Subject: [PATCH 06/42] Add missing ENV --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 904589232..ad0192989 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,6 +123,9 @@ jobs: - arch: amd64 # - arch: arm64 os: [ubuntu-18.04, ubuntu-20.04] + env: + MATRIX_OS: ${{ matrix.os }} + MATRIX_ARCH: ${{ matrix.arch }} steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 From 1bc6b6092cb2e047b1503813420ba968e5c47d43 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 16:28:52 -0700 Subject: [PATCH 07/42] Why is the file missing? --- .ci/build_deb.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index ad174edea..c6885baa7 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash -set -e +set -xe + +pwd +ls -l od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin From 4a42f3b7bed62d4f055f534329c45618dccabfed Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 16:51:30 -0700 Subject: [PATCH 08/42] why is the dir nested --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index c6885baa7..80ce9c907 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -2,7 +2,7 @@ set -xe pwd -ls -l +ls -l cloudfire od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin From 411c150989b8a79e898d2a52035d976852954ba7 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 17:53:27 -0700 Subject: [PATCH 09/42] recursive --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 80ce9c907..448dfba2c 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -2,7 +2,7 @@ set -xe pwd -ls -l cloudfire +ls -lR cloudfire od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin From b03afeac38332009ebf19fb8e5fa4e063f32cde5 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 17:55:37 -0700 Subject: [PATCH 10/42] Try using path as well --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad0192989..46db7db49 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -131,6 +131,7 @@ jobs: - uses: actions/download-artifact@v2 with: name: cloudfire-${{ matrix.arch }} + path: cloudfire-${{ matrix.arch }} - run: .ci/build_deb.sh - uses: actions/upload-artifact@v2 with: @@ -168,6 +169,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: + path: cloudfire-${{ matrix.os }}_${{ matrix.arch }}.deb name: cloudfire-${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package From 5c0f33e895db9a81edf2f59608830c7ba12a02e1 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 18:04:59 -0700 Subject: [PATCH 11/42] This should work --- .ci/build_deb.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 448dfba2c..96c9fdf59 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash set -xe -pwd -ls -lR cloudfire +ls -lR od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin From 2a28b742c8ebfd4cc31e82130fed75bc1952815e Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 21:37:36 -0700 Subject: [PATCH 12/42] LS --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46db7db49..2edfaea74 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -133,6 +133,8 @@ jobs: name: cloudfire-${{ matrix.arch }} path: cloudfire-${{ matrix.arch }} - run: .ci/build_deb.sh + - run: | + ls -lR - uses: actions/upload-artifact@v2 with: name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb @@ -150,8 +152,8 @@ jobs: os: [ubuntu-18.04, ubuntu-20.04] env: - MATRIX_ARCH: ${{ matrix.arch }} MATRIX_OS: ${{ matrix.os }} + MATRIX_ARCH: ${{ matrix.arch }} services: postgres: image: postgres:${{ matrix.postgres }} From 18380a5651cdeb6a405ff5cc1deae00946c3eb51 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 21:43:37 -0700 Subject: [PATCH 13/42] Why does this keep reverting --- apps/cf_vpn/lib/cf_vpn/cli/live.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/cf_vpn/lib/cf_vpn/cli/live.ex b/apps/cf_vpn/lib/cf_vpn/cli/live.ex index dc05c7d27..924867231 100644 --- a/apps/cf_vpn/lib/cf_vpn/cli/live.ex +++ b/apps/cf_vpn/lib/cf_vpn/cli/live.ex @@ -18,7 +18,7 @@ defmodule CfVpn.CLI.Live do import CfCommon.CLI def setup do - # create_interface() + create_interface() setup_iptables() up_interface() end @@ -26,7 +26,7 @@ defmodule CfVpn.CLI.Live do def teardown do down_interface() teardown_iptables() - # delete_interface() + delete_interface() end @doc """ From 5e6fe6dafb997abbc3c5679e51ea908336a6d38d Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 21:47:10 -0700 Subject: [PATCH 14/42] d'oh underscore --- .ci/build_deb.sh | 2 -- .github/workflows/ci.yml | 6 ++---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 96c9fdf59..2a970f83e 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash set -xe -ls -lR - od=$(pwd) mkdir -p pkg/${MATRIX_OS}/opt/bin mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/bin/cloudfire diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2edfaea74..e9ee2a060 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -133,8 +133,6 @@ jobs: name: cloudfire-${{ matrix.arch }} path: cloudfire-${{ matrix.arch }} - run: .ci/build_deb.sh - - run: | - ls -lR - uses: actions/upload-artifact@v2 with: name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb @@ -171,8 +169,8 @@ jobs: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - path: cloudfire-${{ matrix.os }}_${{ matrix.arch }}.deb - name: cloudfire-${{ matrix.os }}_${{ matrix.arch }}.deb + path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package env: From 8a065771c7cceabbbdf8abdf4fa4accb7080a522 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:05:23 -0700 Subject: [PATCH 15/42] Add arch to debian package dirs --- .ci/build_deb.sh | 10 ++++++---- .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 9 files changed, 6 insertions(+), 4 deletions(-) rename pkg/{ubuntu-18.04 => ubuntu-18.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-18.04 => ubuntu-18.04_amd64}/DEBIAN/postinst (100%) rename pkg/{ubuntu-18.04 => ubuntu-18.04_amd64}/DEBIAN/templates (100%) rename pkg/{ubuntu-18.04 => ubuntu-18.04_amd64}/lib/systemd/system/cloudfire.service (100%) rename pkg/{ubuntu-20.04 => ubuntu-20.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-20.04 => ubuntu-20.04_amd64}/DEBIAN/postinst (100%) rename pkg/{ubuntu-20.04 => ubuntu-20.04_amd64}/DEBIAN/templates (100%) rename pkg/{ubuntu-20.04 => ubuntu-20.04_amd64}/lib/systemd/system/cloudfire.service (100%) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 2a970f83e..f72689d19 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -2,8 +2,10 @@ set -xe od=$(pwd) -mkdir -p pkg/${MATRIX_OS}/opt/bin -mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/bin/cloudfire +mkdir -p pkg/${MATRIX_OS}/opt/cloudfire/bin +mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/cloudfire/bin/cloudfire cd pkg -dpkg-deb --build ${MATRIX_OS} -mv -f ${MATRIX_OS}.deb ../cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb +dpkg-deb --build ${MATRIX_OS}_${MATRIX_ARCH} +mv -f *.deb ../ + +ls -lR ../ diff --git a/pkg/ubuntu-18.04/DEBIAN/control b/pkg/ubuntu-18.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-18.04/DEBIAN/control rename to pkg/ubuntu-18.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-18.04/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-18.04/DEBIAN/postinst rename to pkg/ubuntu-18.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu-18.04/DEBIAN/templates b/pkg/ubuntu-18.04_amd64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-18.04/DEBIAN/templates rename to pkg/ubuntu-18.04_amd64/DEBIAN/templates diff --git a/pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service b/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-18.04/lib/systemd/system/cloudfire.service rename to pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service diff --git a/pkg/ubuntu-20.04/DEBIAN/control b/pkg/ubuntu-20.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-20.04/DEBIAN/control rename to pkg/ubuntu-20.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-20.04/DEBIAN/postinst b/pkg/ubuntu-20.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-20.04/DEBIAN/postinst rename to pkg/ubuntu-20.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu-20.04/DEBIAN/templates b/pkg/ubuntu-20.04_amd64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-20.04/DEBIAN/templates rename to pkg/ubuntu-20.04_amd64/DEBIAN/templates diff --git a/pkg/ubuntu-20.04/lib/systemd/system/cloudfire.service b/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-20.04/lib/systemd/system/cloudfire.service rename to pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service From fa9ba62d7dd40ecaf3d22eb73ca9c96718a0e081 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:16:16 -0700 Subject: [PATCH 16/42] name file properly --- .ci/build_deb.sh | 4 +--- .github/workflows/ci.yml | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index f72689d19..92ac6012a 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -6,6 +6,4 @@ mkdir -p pkg/${MATRIX_OS}/opt/cloudfire/bin mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/cloudfire/bin/cloudfire cd pkg dpkg-deb --build ${MATRIX_OS}_${MATRIX_ARCH} -mv -f *.deb ../ - -ls -lR ../ +mv -f *.deb ../cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9ee2a060..911f5ec7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,10 +16,15 @@ jobs: MATRIX_ARCH: amd64 strategy: matrix: - postgres: [9.6, 10, 11, 12, 13] + postgres: + - postgres:9.6 + - postgres:10 + - postgres:11 + - postgres:12 + - postgres:13 services: postgres: - image: postgres:${{ matrix.postgres }} + image: ${{ matrix.postgres }} ports: - 5432:5432 env: @@ -143,7 +148,12 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - postgres: [9.6, 10, 11, 12, 13] + postgres: + - postgres:9.6 + - postgres:10 + - postgres:11 + - postgres:12 + - postgres:13 include: - arch: amd64 # - arch: arm64 @@ -154,7 +164,7 @@ jobs: MATRIX_ARCH: ${{ matrix.arch }} services: postgres: - image: postgres:${{ matrix.postgres }} + image: ${{ matrix.postgres }} ports: - 5432:5432 env: From fc2d94a7dc8e2eae5f8d6a792c7e85466dfd0d7f Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:29:37 -0700 Subject: [PATCH 17/42] Come on deb --- .ci/build_deb.sh | 10 +++++----- .ci/functional_test.sh | 5 ++++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 92ac6012a..64c1db637 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash set -xe -od=$(pwd) -mkdir -p pkg/${MATRIX_OS}/opt/cloudfire/bin +prefix=$MATRIX_OS_$MATRIX_ARCH + +mkdir -p pkg/$prefix/opt/cloudfire/bin mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/cloudfire/bin/cloudfire -cd pkg -dpkg-deb --build ${MATRIX_OS}_${MATRIX_ARCH} -mv -f *.deb ../cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb +dpkg-deb --build pkg/$prefix +mv -f $prefix.deb ../cloudfire_$prefix.deb diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index 992c5872f..64f32a72e 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -5,7 +5,10 @@ sudo apt-get update sudo apt-get install -y postgresql \ wireguard iptables net-tools curl ca-certificates sudo systemctl start postgresql -sudo dpkg -i cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb + +file=cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb +file $file +sudo dpkg -i $file echo "Enabling service..." sudo systemctl start cloudfire From fca1b290dd5ad207cbf25e49291d5b9287852d06 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:31:35 -0700 Subject: [PATCH 18/42] doh --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 64c1db637..8e9419ef4 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -xe -prefix=$MATRIX_OS_$MATRIX_ARCH +prefix=${MATRIX_OS}_${MATRIX_ARCH} mkdir -p pkg/$prefix/opt/cloudfire/bin mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/cloudfire/bin/cloudfire From 2224263925837464b1ab60fb2063a6fd6539b444 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:33:04 -0700 Subject: [PATCH 19/42] get the prefix right --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 8e9419ef4..1bb8f6338 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -4,6 +4,6 @@ set -xe prefix=${MATRIX_OS}_${MATRIX_ARCH} mkdir -p pkg/$prefix/opt/cloudfire/bin -mv cloudfire-${MATRIX_ARCH} pkg/${MATRIX_OS}/opt/cloudfire/bin/cloudfire +mv cloudfire-${MATRIX_ARCH} pkg/$prefix/opt/cloudfire/bin/cloudfire dpkg-deb --build pkg/$prefix mv -f $prefix.deb ../cloudfire_$prefix.deb From e7d05d39e54a39e67748a100ec525298d86671f5 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:35:36 -0700 Subject: [PATCH 20/42] build deb properly --- .ci/build_deb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index 1bb8f6338..bc1bc654a 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -6,4 +6,4 @@ prefix=${MATRIX_OS}_${MATRIX_ARCH} mkdir -p pkg/$prefix/opt/cloudfire/bin mv cloudfire-${MATRIX_ARCH} pkg/$prefix/opt/cloudfire/bin/cloudfire dpkg-deb --build pkg/$prefix -mv -f $prefix.deb ../cloudfire_$prefix.deb +mv pkg/$prefix.deb ./cloudfire_$prefix.deb From bd72b4ad16982e9fd50f412c3c32834a7873f4a7 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 8 Jul 2021 22:50:12 -0700 Subject: [PATCH 21/42] try relative path for download artifact --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 911f5ec7c..da1cad974 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -136,12 +136,12 @@ jobs: - uses: actions/download-artifact@v2 with: name: cloudfire-${{ matrix.arch }} - path: cloudfire-${{ matrix.arch }} + path: ./cloudfire-${{ matrix.arch }} - run: .ci/build_deb.sh - uses: actions/upload-artifact@v2 with: name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: needs: build-deb @@ -179,8 +179,8 @@ jobs: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package env: From 2b5f2fba2cf1c22695c009b412089546c4e639e1 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 08:08:46 -0700 Subject: [PATCH 22/42] Try no name --- .github/workflows/ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index da1cad974..60885a261 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -140,8 +140,7 @@ jobs: - run: .ci/build_deb.sh - uses: actions/upload-artifact@v2 with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: needs: build-deb @@ -178,9 +177,6 @@ jobs: steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 - with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package env: From 801a78d94b0d1dcf64c31080378d7e6cd1dfc617 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 08:49:15 -0700 Subject: [PATCH 23/42] weird artifact shit --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60885a261..52b3da472 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -140,6 +140,7 @@ jobs: - run: .ci/build_deb.sh - uses: actions/upload-artifact@v2 with: + name: deb path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: @@ -177,6 +178,11 @@ jobs: steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 + with: + name: deb + path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + - run: | + ls -l cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb - run: sudo apt-get install -q -y wireguard - name: Test Install package env: From 85aa6ca90b141231ffcf3a6a78fcce3ab738fdce Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 08:49:55 -0700 Subject: [PATCH 24/42] I think I figured it out --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52b3da472..24f5f5423 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -180,9 +180,9 @@ jobs: - uses: actions/download-artifact@v2 with: name: deb - path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: ./ - run: | - ls -l cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + ls -lR cloudfire* - run: sudo apt-get install -q -y wireguard - name: Test Install package env: From f9002ce943a9ae057a6a24b864f7e9b05bc840af Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:07:16 -0700 Subject: [PATCH 25/42] Getting closer --- pkg/ubuntu-18.04_amd64/DEBIAN/control | 2 +- pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service | 2 +- pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/control b/pkg/ubuntu-18.04_amd64/DEBIAN/control index 5cd8a7356..655954c83 100644 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/control +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/control @@ -2,7 +2,7 @@ Package: cloudfire Version: 0.1.7-1 Architecture: amd64 Maintainer: CloudFire, LLC -Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.2), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 12+214ubuntu0.1), iptables (>= 1.8.4-3ubuntu2) +Depends: net-tools (>= 1.60+git20161116.90da8a0-1ubuntu1), systemd (>= 237-3ubuntu10.48), openssl (>= 1.1.1-1ubuntu2.1~18.04.9), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 9.6), iptables (>= 1.6.1-2ubuntu2) Section: net Priority: optional Homepage: https://cloudfire.network diff --git a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service index f79151fbc..cdcd9e867 100644 --- a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service @@ -9,7 +9,7 @@ RestartSec=1 User=cloudfire AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env -ExecStartPre=/opt//bin/cloudfire eval "CfHttp.Release.migrate" +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start ExecStartPost=sleep 5 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" diff --git a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service index f79151fbc..cdcd9e867 100644 --- a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service @@ -9,7 +9,7 @@ RestartSec=1 User=cloudfire AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env -ExecStartPre=/opt//bin/cloudfire eval "CfHttp.Release.migrate" +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start ExecStartPost=sleep 5 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" From 77fe9056bed7b2a1afe91fa48c386d69bf60a0ce Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:13:02 -0700 Subject: [PATCH 26/42] Try publishing a release --- .github/workflows/ci.yml | 72 +++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24f5f5423..5f74db3e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -140,7 +140,7 @@ jobs: - run: .ci/build_deb.sh - uses: actions/upload-artifact@v2 with: - name: deb + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: @@ -179,7 +179,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - name: deb + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} path: ./ - run: | ls -lR cloudfire* @@ -188,35 +188,39 @@ jobs: env: DEBIAN_FRONTEND: noninteractive run: .ci/functional_test.sh - # - # publish: - # needs: functional-test - # runs-on: ${{ matrix.os }} - # strategy: - # matrix: - # os: [ubuntu-20.04] - # if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') - # steps: - # - name: Create Release - # id: create_release - # uses: actions/create-release@v1 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # tag_name: ${{ github.ref }} - # release_name: Release ${{ github.ref }} - # draft: false - # prerelease: true - # - uses: actions/download-artifact@v2 - # with: - # name: cloudfire-deb - # - name: Upload Release Asset - # id: upload-release-asset - # uses: actions/upload-release-asset@v1 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ steps.create_release.outputs.upload_url }} - # asset_path: ./cloudfire_${{ github.sha }}-1_${{ matrix.os }}_amd64.deb - # asset_name: cloudfire_${{ matrix.os }}_amd64.deb - # asset_content_type: application/vnd.debian.binary-package + + publish-deb: + needs: functional-test + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - arch: amd64 + # - arch: arm64 + os: [ubuntu-18.04, ubuntu-20.04] + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + steps: + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: true + - uses: actions/download-artifact@v2 + with: + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} + path: ./ + - name: Upload Release Asset + id: upload-release-asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + asset_name: ${{ matrix.os }}_${{ matrix.arch }} + asset_content_type: application/vnd.debian.binary-package From 44803f74a8d4f881e6fd755cf24134e8588b431c Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:25:58 -0700 Subject: [PATCH 27/42] Cleanup postinst --- .ci/build_deb.sh | 1 + .ci/functional_test.sh | 1 - .github/workflows/ci.yml | 19 ------------------- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 6 +++--- 4 files changed, 4 insertions(+), 23 deletions(-) diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh index bc1bc654a..50241b379 100755 --- a/.ci/build_deb.sh +++ b/.ci/build_deb.sh @@ -4,6 +4,7 @@ set -xe prefix=${MATRIX_OS}_${MATRIX_ARCH} mkdir -p pkg/$prefix/opt/cloudfire/bin +chmod +x cloudfire-${MATRIX_ARCH} mv cloudfire-${MATRIX_ARCH} pkg/$prefix/opt/cloudfire/bin/cloudfire dpkg-deb --build pkg/$prefix mv pkg/$prefix.deb ./cloudfire_$prefix.deb diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index 64f32a72e..82a3798c4 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -7,7 +7,6 @@ sudo apt-get install -y postgresql \ sudo systemctl start postgresql file=cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb -file $file sudo dpkg -i $file echo "Enabling service..." diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5f74db3e5..a0aec6f55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,12 +148,6 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - postgres: - - postgres:9.6 - - postgres:10 - - postgres:11 - - postgres:12 - - postgres:13 include: - arch: amd64 # - arch: arm64 @@ -162,19 +156,6 @@ jobs: env: MATRIX_OS: ${{ matrix.os }} MATRIX_ARCH: ${{ matrix.arch }} - services: - postgres: - image: ${{ matrix.postgres }} - ports: - - 5432:5432 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index eae65db08..3fd7cd2da 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -28,9 +28,9 @@ db_key="$(openssl rand -base64 32)" # Setup DB # XXX: Remove || true and detect actual failures -sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true -sudo -i -u postgres psql -c "CREATE DATABASE cloudfire;" || true -sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true +su postgres -c 'psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true' +su postgres -c 'psql -c "CREATE DATABASE cloudfire;" || true' +su postgres -c 'psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true' # Write CloudFire SSL files mkdir -p /opt/cloudfire/ssl From 4e3d177a0f4733eefd585cead2b987b21bf60534 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:38:22 -0700 Subject: [PATCH 28/42] fix quote issue --- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index 3fd7cd2da..d10527bec 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -28,9 +28,9 @@ db_key="$(openssl rand -base64 32)" # Setup DB # XXX: Remove || true and detect actual failures -su postgres -c 'psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true' -su postgres -c 'psql -c "CREATE DATABASE cloudfire;" || true' -su postgres -c 'psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true' +su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD ${db_password};' || true" +su postgres -c "psql -c 'CREATE DATABASE cloudfire;' || true" +su postgres -c "psql -c 'GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};' || true" # Write CloudFire SSL files mkdir -p /opt/cloudfire/ssl From 1ab72cd29eb50019fd2b7ffe78ff79b607cab5e5 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:50:53 -0700 Subject: [PATCH 29/42] wrap password in quotes --- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index d10527bec..00dee0e7f 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -28,7 +28,7 @@ db_key="$(openssl rand -base64 32)" # Setup DB # XXX: Remove || true and detect actual failures -su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD ${db_password};' || true" +su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD \"${db_password}\";' || true" su postgres -c "psql -c 'CREATE DATABASE cloudfire;' || true" su postgres -c "psql -c 'GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};' || true" From c5c1cc22f7682057107a9d3d5f8d9827401d65bd Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:52:24 -0700 Subject: [PATCH 30/42] proper quote --- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index 00dee0e7f..7e0f17dd3 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -28,7 +28,7 @@ db_key="$(openssl rand -base64 32)" # Setup DB # XXX: Remove || true and detect actual failures -su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD \"${db_password}\";' || true" +su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD \\'${db_password}\\';' || true" su postgres -c "psql -c 'CREATE DATABASE cloudfire;' || true" su postgres -c "psql -c 'GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};' || true" From d9f322394f519d93e082eb0c5a9de80db11066ca Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 09:56:34 -0700 Subject: [PATCH 31/42] Fix postinst quotes --- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index 7e0f17dd3..17cb8b10a 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -28,9 +28,9 @@ db_key="$(openssl rand -base64 32)" # Setup DB # XXX: Remove || true and detect actual failures -su postgres -c "psql -c 'CREATE ROLE ${db_user} WITH LOGIN PASSWORD \\'${db_password}\\';' || true" -su postgres -c "psql -c 'CREATE DATABASE cloudfire;' || true" -su postgres -c "psql -c 'GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};' || true" +su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true" +su postgres -c "psql -c \"CREATE DATABASE cloudfire;\" || true" +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};\" || true" # Write CloudFire SSL files mkdir -p /opt/cloudfire/ssl From eda46bb2a1df98defacf55dc6251aa170d357f5e Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 10:17:01 -0700 Subject: [PATCH 32/42] bin sleep --- pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service | 2 +- pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service index cdcd9e867..774566ee8 100644 --- a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=sleep 5 +ExecStartPost=/bin/sleep 5 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] diff --git a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service index cdcd9e867..774566ee8 100644 --- a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=sleep 5 +ExecStartPost=/bin/sleep 5 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] From 405757a2f02d224b6d3f79fe1691b5c6a4c3af27 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 10:31:14 -0700 Subject: [PATCH 33/42] Why failing --- pkg/ubuntu-18.04_amd64/DEBIAN/postinst | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst index 17cb8b10a..519ded256 100755 --- a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst +++ b/pkg/ubuntu-18.04_amd64/DEBIAN/postinst @@ -1,5 +1,7 @@ #!/usr/bin/env bash -set -e +set -xe + +ls -la /opt/cloudfire/bin # CloudFire package post-install script @@ -7,6 +9,9 @@ set -e # 2. Bootstrap DB # 3. Generate WireGuard interface and config +# All created files are 0600 by default +umask 077 + # Add cloudfire user if not exists if id cloudfire &>/dev/null; then echo "cloudfire user exists... not creating." @@ -34,19 +39,15 @@ su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_use # Write CloudFire SSL files mkdir -p /opt/cloudfire/ssl -chown -R cloudfire:root /opt/cloudfire/ssl hostname=$(hostname) openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ -keyout /opt/cloudfire/ssl/key.pem \ -out /opt/cloudfire/ssl/cert.pem \ -days 365 -subj "/CN=${hostname}" -chmod 0600 /opt/cloudfire/ssl/key.pem -chmod 0644 /opt/cloudfire/ssl/cert.pem + +wg genkey > /opt/cloudfire/server.key # Write CloudFire config files -touch /opt/cloudfire/config.env -chmod 0600 /opt/cloudfire/config.env -chown -R cloudfire:root /opt/cloudfire cat <> /opt/cloudfire/config.env # This file is loaded into CloudFire's Environment upon launch to configure it. @@ -98,6 +99,6 @@ SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem DISABLE_SIGNUP=yes EOT -umask 077 -wg genkey > /opt/cloudfire/server.key -chown cloudfire:root /opt/cloudfire/server.key +# Set perms +chown -R cloudfire:root /opt/cloudfire +chmod 0644 /opt/cloudfire/ssl/cert.pem From 8f394ae724529f7669997c5e29b40dae4db48d59 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:05:31 -0700 Subject: [PATCH 34/42] Debian build reworking --- .ci/build_deb.sh | 10 -- .ci/build_release.sh | 13 --- .ci/build_ubuntu_18.04.sh | 20 ++++ .ci/build_ubuntu_20.04.sh | 20 ++++ .ci/functional_test.sh | 6 +- .github/workflows/ci.yml | 86 +++++++-------- .tool-versions | 2 +- mix.exs | 5 +- mix.lock | 1 - pkg/{Dockerfile => Dockerfile.amazonlinux_2} | 0 pkg/Dockerfile.centos_7 | 62 +++++++++++ pkg/Dockerfile.centos_8 | 62 +++++++++++ pkg/Dockerfile.debian_10 | 62 +++++++++++ pkg/Dockerfile.redhat_7 | 62 +++++++++++ pkg/Dockerfile.redhat_8 | 62 +++++++++++ pkg/Dockerfile.ubuntu_18.04 | 68 ++++++++++++ pkg/Dockerfile.ubuntu_20.04 | 67 +++++++++++ .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 pkg/ubuntu_18.04_arm64/DEBIAN/control | 11 ++ pkg/ubuntu_18.04_arm64/DEBIAN/postinst | 104 ++++++++++++++++++ .../DEBIAN/templates | 0 .../lib/systemd/system/cloudfire.service | 0 .../DEBIAN/control | 0 .../DEBIAN/postinst | 0 pkg/ubuntu_20.04_amd64/DEBIAN/templates | 11 ++ .../lib/systemd/system/cloudfire.service | 18 +++ pkg/ubuntu_20.04_arm64/DEBIAN/control | 11 ++ pkg/ubuntu_20.04_arm64/DEBIAN/postinst | 102 +++++++++++++++++ pkg/ubuntu_20.04_arm64/DEBIAN/templates | 11 ++ .../lib/systemd/system/cloudfire.service | 18 +++ 33 files changed, 815 insertions(+), 79 deletions(-) delete mode 100755 .ci/build_deb.sh delete mode 100755 .ci/build_release.sh create mode 100755 .ci/build_ubuntu_18.04.sh create mode 100755 .ci/build_ubuntu_20.04.sh rename pkg/{Dockerfile => Dockerfile.amazonlinux_2} (100%) create mode 100644 pkg/Dockerfile.centos_7 create mode 100644 pkg/Dockerfile.centos_8 create mode 100644 pkg/Dockerfile.debian_10 create mode 100644 pkg/Dockerfile.redhat_7 create mode 100644 pkg/Dockerfile.redhat_8 create mode 100644 pkg/Dockerfile.ubuntu_18.04 create mode 100644 pkg/Dockerfile.ubuntu_20.04 rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/postinst (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/DEBIAN/templates (100%) rename pkg/{ubuntu-18.04_amd64 => ubuntu_18.04_amd64}/lib/systemd/system/cloudfire.service (100%) create mode 100644 pkg/ubuntu_18.04_arm64/DEBIAN/control create mode 100755 pkg/ubuntu_18.04_arm64/DEBIAN/postinst rename pkg/{ubuntu-20.04_amd64 => ubuntu_18.04_arm64}/DEBIAN/templates (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_18.04_arm64}/lib/systemd/system/cloudfire.service (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_20.04_amd64}/DEBIAN/control (100%) rename pkg/{ubuntu-20.04_amd64 => ubuntu_20.04_amd64}/DEBIAN/postinst (100%) create mode 100644 pkg/ubuntu_20.04_amd64/DEBIAN/templates create mode 100644 pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service create mode 100644 pkg/ubuntu_20.04_arm64/DEBIAN/control create mode 100755 pkg/ubuntu_20.04_arm64/DEBIAN/postinst create mode 100644 pkg/ubuntu_20.04_arm64/DEBIAN/templates create mode 100644 pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service diff --git a/.ci/build_deb.sh b/.ci/build_deb.sh deleted file mode 100755 index 50241b379..000000000 --- a/.ci/build_deb.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -set -xe - -prefix=${MATRIX_OS}_${MATRIX_ARCH} - -mkdir -p pkg/$prefix/opt/cloudfire/bin -chmod +x cloudfire-${MATRIX_ARCH} -mv cloudfire-${MATRIX_ARCH} pkg/$prefix/opt/cloudfire/bin/cloudfire -dpkg-deb --build pkg/$prefix -mv pkg/$prefix.deb ./cloudfire_$prefix.deb diff --git a/.ci/build_release.sh b/.ci/build_release.sh deleted file mode 100755 index a17402632..000000000 --- a/.ci/build_release.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -set -e - -od=$(pwd) -mix local.hex --force && mix local.rebar --force -mix do deps.get, deps.compile -cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error -cd $od -npm run --prefix apps/cf_http/assets deploy -cd apps/cf_http -mix phx.digest -cd $od -mix release --overwrite --force diff --git a/.ci/build_ubuntu_18.04.sh b/.ci/build_ubuntu_18.04.sh new file mode 100755 index 000000000..32297722e --- /dev/null +++ b/.ci/build_ubuntu_18.04.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +OS="ubuntu_18.04" +ARCH=${MATRIX_ARCH:-`uname -m`} +PKG_DIR="${OS}_${ARCH}" +PKG_FILE="${PKG_DIR}.deb" +IMAGE="${OS}_${ARCH}:latest" + +docker build \ + -t $IMAGE \ + -f pkg/Dockerfile.$OS \ + --platform linux/$ARCH \ + --build-arg PKG_DIR=$PKG_DIR \ + --progress plain \ + . + +CID=$(docker create $IMAGE) +mkdir -p _build +docker cp $CID:/build/pkg/$PKG_FILE ./_build/ diff --git a/.ci/build_ubuntu_20.04.sh b/.ci/build_ubuntu_20.04.sh new file mode 100755 index 000000000..e702ea62b --- /dev/null +++ b/.ci/build_ubuntu_20.04.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +OS="ubuntu_20.04" +ARCH=${MATRIX_ARCH:-`uname -m`} +PKG_DIR="${OS}_${ARCH}" +PKG_FILE="${PKG_DIR}.deb" +IMAGE="${OS}_${ARCH}:latest" + +docker build \ + -t $IMAGE \ + -f pkg/Dockerfile.$OS \ + --platform linux/$ARCH \ + --build-arg PKG_DIR=$PKG_DIR \ + --progress plain \ + . + +CID=$(docker create $IMAGE) +mkdir -p _build +docker cp $CID:/build/pkg/$PKG_FILE ./_build/cloudfire_$PKG_FILE diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index 82a3798c4..5039d4c4e 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -2,12 +2,10 @@ set -x sudo apt-get update -sudo apt-get install -y postgresql \ +sudo apt-get install -y -q postgresql \ wireguard iptables net-tools curl ca-certificates sudo systemctl start postgresql - -file=cloudfire_${MATRIX_OS}_${MATRIX_ARCH}.deb -sudo dpkg -i $file +sudo dpkg -i *.deb echo "Enabling service..." sudo systemctl start cloudfire diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a0aec6f55..850a99119 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,15 +64,25 @@ jobs: name: test screenshots path: apps/cf_http/screenshots - build-linux: + build: needs: unit-integration-test - runs-on: ubuntu-18.04 - name: Build on {{ matrix.arch }} + runs-on: ubuntu-20.04 + name: Build env: MATRIX_ARCH: ${{ matrix.arch }} + MATRIX_OS: ${{ matrix.os }} MIX_ENV: prod strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # XXX: This currently takes upwards of 10 minutes or more. Disabling for now @@ -82,10 +92,7 @@ jobs: # amd64 build - if: ${{ matrix.arch == 'amd64' }} - run: | - sudo apt-get install -q -y zstd gdebi - sudo -E bash -c '.ci/install_runtimes.sh' - sudo -E bash -c '.ci/build_release.sh' + run: .ci/build_${{ matrix.os }}.sh # arm64 build - uses: uraimo/run-on-arch-action@v2.0.10 @@ -116,69 +123,56 @@ jobs: - uses: actions/upload-artifact@v2 with: - name: cloudfire-${{ matrix.arch }} - path: _build/prod/rel/bakeware/cloudfire - - build-deb: - needs: build-linux - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - arch: amd64 - # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] - env: - MATRIX_OS: ${{ matrix.os }} - MATRIX_ARCH: ${{ matrix.arch }} - steps: - - uses: actions/checkout@v2 - - uses: actions/download-artifact@v2 - with: - name: cloudfire-${{ matrix.arch }} - path: ./cloudfire-${{ matrix.arch }} - - run: .ci/build_deb.sh - - uses: actions/upload-artifact@v2 - with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} - path: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb + path: _build/cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb functional-test: - needs: build-deb - runs-on: ${{ matrix.os }} + needs: build + runs-on: ubuntu-20.04 strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] - env: MATRIX_OS: ${{ matrix.os }} MATRIX_ARCH: ${{ matrix.arch }} + DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: - name: cloudfire_${{ matrix.os }}_${{ matrix.arch }} + name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb path: ./ - - run: | - ls -lR cloudfire* - - run: sudo apt-get install -q -y wireguard - name: Test Install package - env: - DEBIAN_FRONTEND: noninteractive run: .ci/functional_test.sh - publish-deb: + publish: needs: functional-test - runs-on: ${{ matrix.os }} + runs-on: ubuntu-20.04 strategy: matrix: + os: + # - amazonlinux_2 + # - debian_10 + - ubuntu_18.04 + - ubuntu_20.04 + # - redhat_7 + # - redhat_8 + # - centos_7 + # - centos_8 include: - arch: amd64 # - arch: arm64 - os: [ubuntu-18.04, ubuntu-20.04] if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') steps: - name: Create Release diff --git a/.tool-versions b/.tool-versions index 3c8e6982c..709b34441 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,3 @@ erlang 24.0.3 -elixir 1.12.1-otp-24 +elixir 1.12.2-otp-24 nodejs lts diff --git a/mix.exs b/mix.exs index ed1810868..cc6b8c87b 100644 --- a/mix.exs +++ b/mix.exs @@ -22,15 +22,13 @@ defmodule CloudfireUmbrella.MixProject do default_release: :cloudfire, releases: [ cloudfire: [ - # Don't seem to be needed for bakeware releases - # include_executables_for: [:unix], + include_executables_for: [:unix], validate_compile_env: false, applications: [ cf_http: :permanent, cf_wall: :permanent, cf_vpn: :permanent ], - steps: [:assemble, &Bakeware.assemble/1], cookie: System.get_env("ERL_COOKIE") ] ] @@ -44,7 +42,6 @@ defmodule CloudfireUmbrella.MixProject do # Run "mix help deps" for examples and options. defp deps do [ - {:bakeware, "~> 0.2.0", runtime: false}, {:excoveralls, "~> 0.13", only: :test}, {:mix_test_watch, "~> 1.0", only: :dev, runtime: false}, {:dialyxir, "~> 1.0", only: [:dev], runtime: false} diff --git a/mix.lock b/mix.lock index 5b6652d65..2d0999c3c 100644 --- a/mix.lock +++ b/mix.lock @@ -1,6 +1,5 @@ %{ "argon2_elixir": {:hex, :argon2_elixir, "2.4.0", "2a22ea06e979f524c53b42b598fc6ba38cdcbc977a155e33e057732cfb1fb311", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "4ea82e183cf8e7f66dab1f767fedcfe6a195e140357ef2b0423146b72e0a551d"}, - "bakeware": {:hex, :bakeware, "0.2.0", "e2efb323cc25e857ac2869f0d25a92cac55ed6e1f53399cb5c035d211d27d5ce", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "cad65fcf20162d60c2a159238d1ebfa1f9763b5d671b0992caf1777be42fe3ae"}, "bamboo": {:hex, :bamboo, "1.7.1", "7f0946e8c9081ce10d347cdba33c247c7c1c4f7dddc194ab0633603ef879bbdf", [:mix], [{:hackney, ">= 1.15.2", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.4", [hex: :mime, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.1", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "5fb34c3ab638fc409deec47c1e91f9d78ad95bf22ccb153588b434e1ff1aa730"}, "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"}, "certifi": {:hex, :certifi, "2.6.1", "dbab8e5e155a0763eea978c913ca280a6b544bfa115633fa20249c3d396d9493", [:rebar3], [], "hexpm", "524c97b4991b3849dd5c17a631223896272c6b0af446778ba4675a1dff53bb7e"}, diff --git a/pkg/Dockerfile b/pkg/Dockerfile.amazonlinux_2 similarity index 100% rename from pkg/Dockerfile rename to pkg/Dockerfile.amazonlinux_2 diff --git a/pkg/Dockerfile.centos_7 b/pkg/Dockerfile.centos_7 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.centos_7 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.centos_8 b/pkg/Dockerfile.centos_8 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.centos_8 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.debian_10 b/pkg/Dockerfile.debian_10 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.debian_10 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.redhat_7 b/pkg/Dockerfile.redhat_7 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.redhat_7 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.redhat_8 b/pkg/Dockerfile.redhat_8 new file mode 100644 index 000000000..774e50bb1 --- /dev/null +++ b/pkg/Dockerfile.redhat_8 @@ -0,0 +1,62 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release cloudfire + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build debian diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04 new file mode 100644 index 000000000..d97296a57 --- /dev/null +++ b/pkg/Dockerfile.ubuntu_18.04 @@ -0,0 +1,68 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-bionic-20210325 + +# Overridden by build script +ARG PKG_DIR + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + gdebi \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - +RUN apt-get install -y --no-install-recommends nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +COPY apps/cf_common/mix.exs ./apps/cf_common/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN echo "How about that pkg dir huh: $PKG_DIR" +RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/Dockerfile.ubuntu_20.04 b/pkg/Dockerfile.ubuntu_20.04 new file mode 100644 index 000000000..95a6a7443 --- /dev/null +++ b/pkg/Dockerfile.ubuntu_20.04 @@ -0,0 +1,67 @@ +# This Dockerfile builds release packages. +# **NOTE**: This is not recommended, as it's possible the deployment +# production environment will diff from the image environment here, +# even if the OS and kernel versions match. +# As such, this script has been deprecated in favor of building the release +# in the production environment. +FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-focal-20210325 + +# Overridden by build script +ARG PKG_DIR + +# Setup to run build script +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q && \ + apt-get install -y --no-install-recommends \ + gdebi \ + ca-certificates \ + build-essential \ + git \ + dpkg-dev \ + libssl-dev \ + automake \ + gnupg \ + curl \ + autoconf \ + libncurses5-dev \ + unzip \ + zlib1g-dev \ + locales && \ + apt-get clean && \ + rm -rf /tmp/* /var/tmp/* +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \ + locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - +RUN apt-get install nodejs + +ENV MIX_ENV prod +WORKDIR /build + +RUN mix local.hex --force && \ + mix local.rebar --force +COPY mix.exs mix.lock ./ +COPY config config +COPY apps/cf_http/mix.exs ./apps/cf_http/ +COPY apps/cf_wall/mix.exs ./apps/cf_wall/ +COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/ +COPY apps/cf_common/mix.exs ./apps/cf_common/ +RUN mix do deps.get, deps.compile + +COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/ +RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error +COPY apps/cf_http/priv apps/cf_http/priv +COPY apps/cf_http/assets apps/cf_http/assets +RUN npm run --prefix ./apps/cf_http/assets deploy && \ + cd apps/cf_http && mix phx.digest + +COPY . . +RUN mix release + +RUN mkdir -p pkg/debian/opt +RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire + +RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/control b/pkg/ubuntu_18.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/control rename to pkg/ubuntu_18.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/postinst b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/postinst rename to pkg/ubuntu_18.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu-18.04_amd64/DEBIAN/templates b/pkg/ubuntu_18.04_amd64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-18.04_amd64/DEBIAN/templates rename to pkg/ubuntu_18.04_amd64/DEBIAN/templates diff --git a/pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-18.04_amd64/lib/systemd/system/cloudfire.service rename to pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/control b/pkg/ubuntu_18.04_arm64/DEBIAN/control new file mode 100644 index 000000000..2976c311c --- /dev/null +++ b/pkg/ubuntu_18.04_arm64/DEBIAN/control @@ -0,0 +1,11 @@ +Package: cloudfire +Version: 0.1.7-1 +Architecture: arm64 +Maintainer: CloudFire, LLC +Depends: net-tools (>= 1.60+git20161116.90da8a0-1ubuntu1), systemd (>= 237-3ubuntu10.48), openssl (>= 1.1.1-1ubuntu2.1~18.04.9), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 9.6), iptables (>= 1.6.1-2ubuntu2) +Section: net +Priority: optional +Homepage: https://cloudfire.network +Description: Web UI + Firewall manager for WireGuard™ + Provides a web-based UI that allows you to configure WireGuard™ VPN tunnels and + set up firewall rules for your devices. diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/postinst b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst new file mode 100755 index 000000000..519ded256 --- /dev/null +++ b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +set -xe + +ls -la /opt/cloudfire/bin + +# CloudFire package post-install script + +# 1. Generate secrets +# 2. Bootstrap DB +# 3. Generate WireGuard interface and config + +# All created files are 0600 by default +umask 077 + +# Add cloudfire user if not exists +if id cloudfire &>/dev/null; then + echo "cloudfire user exists... not creating." +else + echo "creating system user cloudfire" + useradd --system cloudfire +fi + +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_user=cloudfire + +# base64 includes forward slashes which are problematic in the +# db_url connect string, so use hex. +db_password="$(openssl rand -hex 16)" + +db_key="$(openssl rand -base64 32)" + +# Setup DB +# XXX: Remove || true and detect actual failures +su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true" +su postgres -c "psql -c \"CREATE DATABASE cloudfire;\" || true" +su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};\" || true" + +# Write CloudFire SSL files +mkdir -p /opt/cloudfire/ssl +hostname=$(hostname) +openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout /opt/cloudfire/ssl/key.pem \ + -out /opt/cloudfire/ssl/cert.pem \ + -days 365 -subj "/CN=${hostname}" + +wg genkey > /opt/cloudfire/server.key + +# Write CloudFire config files +cat <> /opt/cloudfire/config.env +# This file is loaded into CloudFire's Environment upon launch to configure it. + +# This is used to ensure secure communication with the live web views. +# Re-generate this with "openssl rand -base64 24". All existing web views will +# need to be refreshed. +LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}" + +# This is used to secure cookies among other things. +# You can regenerate this with "openssl rand -base64 48". All existing clients +# will be signed out. +SECRET_KEY_BASE="${secret_key_base}" + +# The URL to connect to your DB. Assumes the database has been created and this +# user has privileges to create and modify tables. +DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire" + +# The HTTPS port to listen on. Defaults to 8800. +HTTPS_LISTEN_PORT=8800 + +# The address to bind the HTTPS server to. Defaults to "127.0.0.1" +HTTPS_LISTEN_ADDRESS=127.0.0.1 + +# The WireGuard port to listen on. Defaults to 51820. +WG_LISTEN_PORT=51820 + +# The address for the WireGuard endpoint. Defaults to the address of the +# default egress interface if not set. +WG_ENDPOINT_ADDRESS= + +# The Base64-encoded key for encrypted database fields. +DB_ENCRYPTION_KEY=${db_key} + +# SSL certificate file and key path. Self-signed certs are generated for you on +# install, but it's highly recommended to replace these with valid certs. +# Free certs can be obtained at https://letsencrypt.org. +SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem +SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem + +# Path to the intermediate certificates file. (usually not required) +# SSL_CA_CERT_FILE= + +# Host to use for generating links back to the application, such as in +# outbound emails. Defaults to "localhost". +# URL_HOST=${hostname} + +# For security, it's recommended to leave signups disabled and instead create +# users via the CLI. +DISABLE_SIGNUP=yes +EOT + +# Set perms +chown -R cloudfire:root /opt/cloudfire +chmod 0644 /opt/cloudfire/ssl/cert.pem diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/templates b/pkg/ubuntu_18.04_arm64/DEBIAN/templates similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/templates rename to pkg/ubuntu_18.04_arm64/DEBIAN/templates diff --git a/pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service similarity index 100% rename from pkg/ubuntu-20.04_amd64/lib/systemd/system/cloudfire.service rename to pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/control b/pkg/ubuntu_20.04_amd64/DEBIAN/control similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/control rename to pkg/ubuntu_20.04_amd64/DEBIAN/control diff --git a/pkg/ubuntu-20.04_amd64/DEBIAN/postinst b/pkg/ubuntu_20.04_amd64/DEBIAN/postinst similarity index 100% rename from pkg/ubuntu-20.04_amd64/DEBIAN/postinst rename to pkg/ubuntu_20.04_amd64/DEBIAN/postinst diff --git a/pkg/ubuntu_20.04_amd64/DEBIAN/templates b/pkg/ubuntu_20.04_amd64/DEBIAN/templates new file mode 100644 index 000000000..a87b06715 --- /dev/null +++ b/pkg/ubuntu_20.04_amd64/DEBIAN/templates @@ -0,0 +1,11 @@ +Template: cloudfire/config +Type: note +Description: config file + CloudFire's config file is located at /opt/cloudfire/config.yml. Only root + should be able to view and edit this file. Random secrets and passwords have + been generated and saved for you already. + +Template: cloudfire/access +Type: note +Description: access instructions + CloudFire has been installed successfully and is running on port 8443! diff --git a/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service new file mode 100644 index 000000000..774566ee8 --- /dev/null +++ b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudFire +Requires=postgresql.service +After=postgresql.service + +[Service] +Restart=on-failure +RestartSec=1 +User=cloudfire +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH +EnvironmentFile=/opt/cloudfire/config.env +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" +ExecStart=/opt/cloudfire/bin/cloudfire start +ExecStartPost=/bin/sleep 5 +ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" + +[Install] +WantedBy=multi-user.target diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/control b/pkg/ubuntu_20.04_arm64/DEBIAN/control new file mode 100644 index 000000000..5dab5cfae --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/control @@ -0,0 +1,11 @@ +Package: cloudfire +Version: 0.1.7-1 +Architecture: arm64 +Maintainer: CloudFire, LLC +Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.2), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 12+214ubuntu0.1), iptables (>= 1.8.4-3ubuntu2) +Section: net +Priority: optional +Homepage: https://cloudfire.network +Description: Web UI + Firewall manager for WireGuard™ + Provides a web-based UI that allows you to configure WireGuard VPN tunnels and + set up firewall rules for your devices. diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/postinst b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst new file mode 100755 index 000000000..1550a4ebe --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst @@ -0,0 +1,102 @@ +#!/usr/bin/env bash +set -e + +# CloudFire package post-install script + +# 1. Generate secrets +# 2. Bootstrap DB +# 3. Generate WireGuard interface and config + +# Add cloudfire user if not exists +if id cloudfire &>/dev/null; then + echo "cloudfire user exists... not creating." +else + echo "creating system user cloudfire" + useradd --system cloudfire +fi + +# Generate app secrets +live_view_signing_salt="$(openssl rand -base64 24)" +secret_key_base="$(openssl rand -base64 48)" +db_user=cloudfire + +# base64 includes forward slashes which are problematic in the +# db_url connect string, so use hex. +db_password="$(openssl rand -hex 16)" + +db_key="$(openssl rand -base64 32)" + +# Setup DB +sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true +sudo -i -u postgres psql -c "CREATE DATABASE cloudfire;" || true +sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true + +# Write CloudFire SSL files +mkdir -p /opt/cloudfire/ssl +chown -R cloudfire:root /opt/cloudfire/ssl +hostname=$(hostname) +openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \ + -keyout /opt/cloudfire/ssl/key.pem \ + -out /opt/cloudfire/ssl/cert.pem \ + -days 365 -subj "/CN=${hostname}" +chmod 0600 /opt/cloudfire/ssl/key.pem +chmod 0644 /opt/cloudfire/ssl/cert.pem + +# Write CloudFire config files +touch /opt/cloudfire/config.env +chmod 0600 /opt/cloudfire/config.env +chown -R cloudfire:root /opt/cloudfire +cat <> /opt/cloudfire/config.env +# This file is loaded into CloudFire's Environment upon launch to configure it. + +# This is used to ensure secure communication with the live web views. +# Re-generate this with "openssl rand -base64 24". All existing web views will +# need to be refreshed. +LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}" + +# This is used to secure cookies among other things. +# You can regenerate this with "openssl rand -base64 48". All existing clients +# will be signed out. +SECRET_KEY_BASE="${secret_key_base}" + +# The URL to connect to your DB. Assumes the database has been created and this +# user has privileges to create and modify tables. +DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire" + +# The HTTPS port to listen on. Defaults to 8800. +HTTPS_LISTEN_PORT=8800 + +# The address to bind the HTTPS server to. Defaults to "127.0.0.1" +HTTPS_LISTEN_ADDRESS=127.0.0.1 + +# The WireGuard port to listen on. Defaults to 51820. +WG_LISTEN_PORT=51820 + +# The address for the WireGuard endpoint. Defaults to the address of the +# default egress interface if not set. +WG_ENDPOINT_ADDRESS= + +# The Base64-encoded key for encrypted database fields. +DB_ENCRYPTION_KEY=${db_key} + +# SSL certificate file and key path. Self-signed certs are generated for you on +# install, but it's highly recommended to replace these with valid certs. +# Free certs can be obtained at https://letsencrypt.org. +SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem +SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem + +# Path to the intermediate certificates file. (usually not required) +# SSL_CA_CERT_FILE= + +# Host to use for generating links back to the application, such as in +# outbound emails. Defaults to "localhost". +# URL_HOST=${hostname} + +# For security, it's recommended to leave signups disabled and instead create +# users via the CLI. +DISABLE_SIGNUP=yes +EOT + +umask 077 +wg genkey > /opt/cloudfire/server.key +chown cloudfire:root /opt/cloudfire/server.key diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/templates b/pkg/ubuntu_20.04_arm64/DEBIAN/templates new file mode 100644 index 000000000..a87b06715 --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/DEBIAN/templates @@ -0,0 +1,11 @@ +Template: cloudfire/config +Type: note +Description: config file + CloudFire's config file is located at /opt/cloudfire/config.yml. Only root + should be able to view and edit this file. Random secrets and passwords have + been generated and saved for you already. + +Template: cloudfire/access +Type: note +Description: access instructions + CloudFire has been installed successfully and is running on port 8443! diff --git a/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service new file mode 100644 index 000000000..774566ee8 --- /dev/null +++ b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudFire +Requires=postgresql.service +After=postgresql.service + +[Service] +Restart=on-failure +RestartSec=1 +User=cloudfire +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH +EnvironmentFile=/opt/cloudfire/config.env +ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" +ExecStart=/opt/cloudfire/bin/cloudfire start +ExecStartPost=/bin/sleep 5 +ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" + +[Install] +WantedBy=multi-user.target From 8e023241b92683da5000178e955c99d2422a585d Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:14:56 -0700 Subject: [PATCH 35/42] Fix dockerfile discrepancies --- pkg/Dockerfile.ubuntu_18.04 | 1 - pkg/Dockerfile.ubuntu_20.04 | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04 index d97296a57..d8c04f622 100644 --- a/pkg/Dockerfile.ubuntu_18.04 +++ b/pkg/Dockerfile.ubuntu_18.04 @@ -64,5 +64,4 @@ RUN mix release RUN mkdir -p pkg/debian/opt RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire -RUN echo "How about that pkg dir huh: $PKG_DIR" RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/Dockerfile.ubuntu_20.04 b/pkg/Dockerfile.ubuntu_20.04 index 95a6a7443..aaf2b74f3 100644 --- a/pkg/Dockerfile.ubuntu_20.04 +++ b/pkg/Dockerfile.ubuntu_20.04 @@ -35,8 +35,8 @@ ENV LANG en_US.UTF-8 ENV LANGUAGE en_US:en ENV LC_ALL en_US.UTF-8 -RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - -RUN apt-get install nodejs +RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - +RUN apt-get install -y --no-install-recommends nodejs ENV MIX_ENV prod WORKDIR /build From 09ca2de1cf7e1f9af989125a4030f053f6037dba Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:23:04 -0700 Subject: [PATCH 36/42] FUCKING GITHUB ACTIONS --- .ci/build_ubuntu_18.04.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ci/build_ubuntu_18.04.sh b/.ci/build_ubuntu_18.04.sh index 32297722e..2c1961d4c 100755 --- a/.ci/build_ubuntu_18.04.sh +++ b/.ci/build_ubuntu_18.04.sh @@ -18,3 +18,5 @@ docker build \ CID=$(docker create $IMAGE) mkdir -p _build docker cp $CID:/build/pkg/$PKG_FILE ./_build/ + +echo "Listing build dir: $(ls _build)" From cf4ca4a6ce79739b5645156b1d14497d95e027d8 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:33:57 -0700 Subject: [PATCH 37/42] Add docker cache --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 850a99119..1d05fb6f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,6 +89,12 @@ jobs: # - arch: arm64 steps: - uses: actions/checkout@v2 + - uses: satackey/action-docker-layer-caching@v0.0.11 + continue-on-error: false + with: + key: docker-cache-${{ github.sha }} + restore-keys: | + docker-cache- # amd64 build - if: ${{ matrix.arch == 'amd64' }} From 5ef8abd53b392c85121f24b8b7ed7f9497d39d2c Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:34:54 -0700 Subject: [PATCH 38/42] fix remove --- .ci/build_ubuntu_18.04.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.ci/build_ubuntu_18.04.sh b/.ci/build_ubuntu_18.04.sh index 2c1961d4c..519992384 100755 --- a/.ci/build_ubuntu_18.04.sh +++ b/.ci/build_ubuntu_18.04.sh @@ -17,6 +17,4 @@ docker build \ CID=$(docker create $IMAGE) mkdir -p _build -docker cp $CID:/build/pkg/$PKG_FILE ./_build/ - -echo "Listing build dir: $(ls _build)" +docker cp $CID:/build/pkg/$PKG_FILE ./_build/cloudfire_$PKG_FILE From 38717e221c52edcfef8fddb2b9a0286cdf9f1b9a Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 15:48:09 -0700 Subject: [PATCH 39/42] structure deb appropriately --- pkg/Dockerfile.ubuntu_18.04 | 4 ++-- pkg/Dockerfile.ubuntu_20.04 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04 index d8c04f622..0ab0ecedf 100644 --- a/pkg/Dockerfile.ubuntu_18.04 +++ b/pkg/Dockerfile.ubuntu_18.04 @@ -61,7 +61,7 @@ RUN npm run --prefix ./apps/cf_http/assets deploy && \ COPY . . RUN mix release -RUN mkdir -p pkg/debian/opt -RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire +RUN mkdir -p pkg/$PKG_DIR/opt +RUN mv _build/prod/rel/cloudfire pkg/$PKG_DIR/opt/cloudfire RUN cd pkg && dpkg-deb --build $PKG_DIR diff --git a/pkg/Dockerfile.ubuntu_20.04 b/pkg/Dockerfile.ubuntu_20.04 index aaf2b74f3..51db7b1fe 100644 --- a/pkg/Dockerfile.ubuntu_20.04 +++ b/pkg/Dockerfile.ubuntu_20.04 @@ -61,7 +61,7 @@ RUN npm run --prefix ./apps/cf_http/assets deploy && \ COPY . . RUN mix release -RUN mkdir -p pkg/debian/opt -RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire +RUN mkdir -p pkg/$PKG_DIR/opt +RUN mv _build/prod/rel/cloudfire pkg/$PKG_DIR/opt/cloudfire RUN cd pkg && dpkg-deb --build $PKG_DIR From ef79c7fa58d2ecf96b07d05032d8843d37794231 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 16:05:07 -0700 Subject: [PATCH 40/42] sleep 8 --- pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service | 2 +- pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service | 2 +- pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service | 2 +- pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service index 774566ee8..9a9fc1d4e 100644 --- a/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=/bin/sleep 5 +ExecStartPost=/bin/sleep 8 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] diff --git a/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service index 774566ee8..9a9fc1d4e 100644 --- a/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=/bin/sleep 5 +ExecStartPost=/bin/sleep 8 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] diff --git a/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service index 774566ee8..9a9fc1d4e 100644 --- a/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=/bin/sleep 5 +ExecStartPost=/bin/sleep 8 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] diff --git a/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service index 774566ee8..9a9fc1d4e 100644 --- a/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service +++ b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service @@ -11,7 +11,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH EnvironmentFile=/opt/cloudfire/config.env ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate" ExecStart=/opt/cloudfire/bin/cloudfire start -ExecStartPost=/bin/sleep 5 +ExecStartPost=/bin/sleep 8 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user" [Install] From 251673ee7ca9c2d4d108c9d91c4a15510e36c73b Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Fri, 9 Jul 2021 16:08:06 -0700 Subject: [PATCH 41/42] logo change --- apps/cf_http/assets/static/logo.svg | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/cf_http/assets/static/logo.svg b/apps/cf_http/assets/static/logo.svg index bc06cd0ed..24d14fafc 100644 --- a/apps/cf_http/assets/static/logo.svg +++ b/apps/cf_http/assets/static/logo.svg @@ -1,13 +1,13 @@ - + - Slice + Group Created with Sketch. - - CloudFire + + FireZone