From 7026dd72c081126c3dd67fa77f0f11cc063716e1 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 26 Jan 2022 18:42:31 -0800 Subject: [PATCH 1/2] Add device default configs to config file --- apps/fz_http/lib/fz_http/devices.ex | 22 ++++++++------- apps/fz_http/lib/fz_http/devices/device.ex | 14 +++++----- apps/fz_http/lib/fz_http/settings.ex | 2 +- apps/fz_http/lib/fz_http/settings/setting.ex | 6 ++-- .../live/device_live/form_component.ex | 4 +-- .../live/device_live/form_component.html.heex | 16 +++++------ .../live/device_live/show.html.heex | 6 ++-- .../fz_http_web/live/device_live/show_live.ex | 2 +- .../live/setting_live/default.html.heex | 8 +++--- .../live/setting_live/default_live.ex | 17 ++++++++++- .../20211116173236_create_settings.exs | 4 +-- ...211217003247_add_persistent_keepalives.exs | 2 +- ...127021835_rename_persistent_keepalives.exs | 23 +++++++++++++++ apps/fz_http/test/fz_http/settings_test.exs | 6 ++-- .../live/device_live/show_test.exs | 28 +++++++++---------- .../live/setting_live/default_test.exs | 2 +- apps/fz_vpn/lib/fz_vpn/cli/live.ex | 4 +-- apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex | 4 +-- apps/fz_vpn/test/fz_vpn/cli/sandbox_test.exs | 4 +-- config/config.exs | 3 ++ config/releases.exs | 6 ++++ docs/docs/reference/configuration-file.md | 3 ++ .../cookbooks/firezone/attributes/default.rb | 13 +++++++++ .../cookbooks/firezone/libraries/config.rb | 3 ++ 24 files changed, 135 insertions(+), 67 deletions(-) create mode 100644 apps/fz_http/priv/repo/migrations/20220127021835_rename_persistent_keepalives.exs diff --git a/apps/fz_http/lib/fz_http/devices.ex b/apps/fz_http/lib/fz_http/devices.ex index 11169fc2f..ba1c3d413 100644 --- a/apps/fz_http/lib/fz_http/devices.ex +++ b/apps/fz_http/lib/fz_http/devices.ex @@ -138,7 +138,8 @@ defmodule FzHttp.Devices do def allowed_ips(device) do if device.use_default_allowed_ips do - Settings.default_device_allowed_ips() + Settings.default_device_allowed_ips() || + Application.fetch_env!(:fz_http, :wireguard_allowed_ips) else device.allowed_ips end @@ -146,7 +147,7 @@ defmodule FzHttp.Devices do def dns_servers(device) do if device.use_default_dns_servers do - Settings.default_device_dns_servers() + Settings.default_device_dns_servers() || Application.fetch_env!(:fz_http, :wireguard_dns) else device.dns_servers end @@ -172,11 +173,12 @@ defmodule FzHttp.Devices do end end - def persistent_keepalives(device) do - if device.use_default_persistent_keepalives do - Settings.default_device_persistent_keepalives() + def persistent_keepalive(device) do + if device.use_default_persistent_keepalive do + Settings.default_device_persistent_keepalive() || + Application.fetch_env!(:fz_http, :persistent_keepalive) else - device.persistent_keepalives + device.persistent_keepalive end end @@ -186,7 +188,7 @@ defmodule FzHttp.Devices do use_default_dns_servers use_default_endpoint use_default_mtu - use_default_persistent_keepalives + use_default_persistent_keepalive )a |> Enum.map(fn field -> {field, Device.field(changeset, field)} end) |> Map.new() @@ -206,7 +208,7 @@ defmodule FzHttp.Devices do PublicKey = #{device.server_public_key} AllowedIPs = #{allowed_ips(device)} Endpoint = #{endpoint(device)}:#{wireguard_port} - #{persistent_keepalives_config(device)} + #{persistent_keepalive_config(device)} """ end @@ -231,8 +233,8 @@ defmodule FzHttp.Devices do end end - defp persistent_keepalives_config(device) do - pk = persistent_keepalives(device) + defp persistent_keepalive_config(device) do + pk = persistent_keepalive(device) if is_nil(pk) do "" diff --git a/apps/fz_http/lib/fz_http/devices/device.ex b/apps/fz_http/lib/fz_http/devices/device.ex index 841672ce1..b3a97e78c 100644 --- a/apps/fz_http/lib/fz_http/devices/device.ex +++ b/apps/fz_http/lib/fz_http/devices/device.ex @@ -28,10 +28,10 @@ defmodule FzHttp.Devices.Device do field :use_default_dns_servers, :boolean, read_after_writes: true, default: true field :use_default_endpoint, :boolean, read_after_writes: true, default: true field :use_default_mtu, :boolean, read_after_writes: true, default: true - field :use_default_persistent_keepalives, :boolean, read_after_writes: true, default: true + field :use_default_persistent_keepalive, :boolean, read_after_writes: true, default: true field :endpoint, :string field :mtu, :integer - field :persistent_keepalives, :integer + field :persistent_keepalive, :integer field :allowed_ips, :string field :dns_servers, :string field :private_key, FzHttp.Encrypted.Binary @@ -73,12 +73,12 @@ defmodule FzHttp.Devices.Device do :use_default_dns_servers, :use_default_endpoint, :use_default_mtu, - :use_default_persistent_keepalives, + :use_default_persistent_keepalive, :allowed_ips, :dns_servers, :endpoint, :mtu, - :persistent_keepalives, + :persistent_keepalive, :remote_ip, :ipv4, :ipv6, @@ -106,20 +106,20 @@ defmodule FzHttp.Devices.Device do :dns_servers, :endpoint, :mtu, - :persistent_keepalives + :persistent_keepalive ]) |> validate_omitted_if_default([ :allowed_ips, :dns_servers, :endpoint, - :persistent_keepalives, + :persistent_keepalive, :mtu ]) |> validate_list_of_ips_or_cidrs(:allowed_ips) |> validate_list_of_ips(:dns_servers) |> validate_no_duplicates(:dns_servers) |> validate_fqdn_or_ip(:endpoint) - |> validate_number(:persistent_keepalives, + |> validate_number(:persistent_keepalive, greater_than_or_equal_to: 0, less_than_or_equal_to: 120 ) diff --git a/apps/fz_http/lib/fz_http/settings.ex b/apps/fz_http/lib/fz_http/settings.ex index 2b1342df5..a1f8f0219 100644 --- a/apps/fz_http/lib/fz_http/settings.ex +++ b/apps/fz_http/lib/fz_http/settings.ex @@ -15,7 +15,7 @@ defmodule FzHttp.Settings do default.device.dns_servers default.device.endpoint default.device.mtu - default.device.persistent_keepalives + default.device.persistent_keepalive security.require_auth_for_vpn_frequency )) diff --git a/apps/fz_http/lib/fz_http/settings/setting.ex b/apps/fz_http/lib/fz_http/settings/setting.ex index 2526cbc6f..a0175d2d1 100644 --- a/apps/fz_http/lib/fz_http/settings/setting.ex +++ b/apps/fz_http/lib/fz_http/settings/setting.ex @@ -23,7 +23,7 @@ defmodule FzHttp.Settings.Setting do ] @mtu_range 576..1500 - @persistent_keepalives_range 0..120 + @persistent_keepalive_range 0..120 schema "settings" do field :key, :string @@ -69,8 +69,8 @@ defmodule FzHttp.Settings.Setting do validate_range(changeset, @mtu_range) end - defp validate_kv_pair(changeset, "default.device.persistent_keepalives") do - validate_range(changeset, @persistent_keepalives_range) + defp validate_kv_pair(changeset, "default.device.persistent_keepalive") do + validate_range(changeset, @persistent_keepalive_range) end defp validate_kv_pair(changeset, "security.require_auth_for_vpn_frequency") do diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex index 3c2f2d617..4a20a97f3 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex @@ -23,8 +23,8 @@ defmodule FzHttpWeb.DeviceLive.FormComponent do |> assign(:default_device_endpoint, default_device_endpoint) |> assign(:default_device_mtu, default_device_mtu) |> assign( - :default_device_persistent_keepalives, - Settings.default_device_persistent_keepalives() + :default_device_persistent_keepalive, + Settings.default_device_persistent_keepalive() ) |> assign(:changeset, changeset)} end diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex index ed9c95c43..57f843205 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex @@ -121,35 +121,35 @@
- <%= label f, :use_default_persistent_keepalives, "Use Default Persistent Keepalives", class: "label" %> + <%= label f, :use_default_persistent_keepalive, "Use Default Persistent Keepalive", class: "label" %>

- Default: <%= @default_device_persistent_keepalives %> + Default: <%= @default_device_persistent_keepalive %>

- <%= label f, :persistent_keepalives, "Persistent Keepalives", class: "label" %> + <%= label f, :persistent_keepalive, "Persistent Keepalive", class: "label" %>

Interval for WireGuard - persistent keepalives. A value of 0 disables this. Leave this disabled + persistent keepalive. A value of 0 disables this. Leave this disabled unless you're experiencing NAT or firewall traversal problems.

- <%= text_input f, :persistent_keepalives, class: "input", disabled: @use_default_persistent_keepalives %> + <%= text_input f, :persistent_keepalive, class: "input", disabled: @use_default_persistent_keepalive %>

- <%= error_tag f, :persistent_keepalives %> + <%= error_tag f, :persistent_keepalive %>

diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex index 10d0d623d..e17e51e57 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex @@ -69,12 +69,12 @@ - Persistent Keepalives + Persistent Keepalive - <%= if @persistent_keepalives == 0 do %> + <%= if @persistent_keepalive == 0 do %> Disabled <% else %> - Every <%= @persistent_keepalives %> seconds + Every <%= @persistent_keepalive %> seconds <% end %> diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex b/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex index 36eb51faf..d719cad29 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex @@ -88,7 +88,7 @@ defmodule FzHttpWeb.DeviceLive.Show do dns_servers: Devices.dns_servers(device), endpoint: Devices.endpoint(device), mtu: Devices.mtu(device), - persistent_keepalives: Devices.persistent_keepalives(device), + persistent_keepalive: Devices.persistent_keepalive(device), config: Devices.as_config(device) ) else diff --git a/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex b/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex index 84bf80b42..5b3f319be 100644 --- a/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex @@ -38,11 +38,11 @@ <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, - label_text: "Persistent Keepalives", + label_text: "Persistent Keepalive", placeholder: "0", - changeset: @changesets["default.device.persistent_keepalives"], - help_text: @help_texts.persistent_keepalives, - id: :persistent_keepalives_form_component) %> + changeset: @changesets["default.device.persistent_keepalive"], + help_text: @help_texts.persistent_keepalive, + id: :persistent_keepalive_form_component) %> <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, diff --git a/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex b/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex index e6468134b..bd73855d6 100644 --- a/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex +++ b/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex @@ -22,7 +22,7 @@ defmodule FzHttpWeb.SettingLive.Default do IPv4 or IPv6 address that devices will be configured to connect to. Defaults to this server's public IP if not set. """, - persistent_keepalives: """ + persistent_keepalive: """ Interval in seconds to send persistent keepalive packets. Most users won't need to change this. Set to 0 or leave blank to disable. Leave this blank if you're unsure what this means. """, @@ -47,6 +47,18 @@ defmodule FzHttpWeb.SettingLive.Default do Application.fetch_env!(:fz_http, :wireguard_mtu) end + defp dns_placeholder do + Application.fetch_env!(:fz_http, :wireguard_dns) + end + + defp allowed_ips_placeholder do + Application.fetch_env!(:fz_http, :wireguard_allowed_ips) + end + + defp persistent_keepalive_placeholder do + Application.fetch_env!(:fz_http, :wireguard_persistent_keepalive) + end + defp load_changesets do Settings.to_list("default.") |> Map.new(fn setting -> {setting.key, Settings.change_setting(setting)} end) @@ -61,6 +73,9 @@ defmodule FzHttpWeb.SettingLive.Default do |> assign(:help_texts, @help_texts) |> assign(:endpoint_placeholder, endpoint_placeholder()) |> assign(:mtu_placeholder, mtu_placeholder()) + |> assign(:dns_placeholder, dns_placeholder()) + |> assign(:allowed_ips_placeholder, allowed_ips_placeholder()) + |> assign(:persistent_keepalive_placeholder, persistent_keepalive_placeholder()) |> assign(:page_title, "Default Settings") else not_authorized(socket) diff --git a/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs b/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs index b3c06bb3b..a6be559d7 100644 --- a/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs +++ b/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs @@ -17,8 +17,8 @@ defmodule FzHttp.Repo.Migrations.CreateSettings do execute """ INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ - ('default.device.dns_servers', '1.1.1.1, 1.0.0.1', '#{now}', '#{now}'), - ('default.device.allowed_ips', '0.0.0.0/0, ::/0', '#{now}', '#{now}'), + ('default.device.dns_servers', null, '#{now}', '#{now}'), + ('default.device.allowed_ips', null, '#{now}', '#{now}'), ('default.device.endpoint', null, '#{now}', '#{now}') """ end diff --git a/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs b/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs index 909e7a122..bcb9b4a84 100644 --- a/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs +++ b/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs @@ -11,7 +11,7 @@ defmodule FzHttp.Repo.Migrations.AddPersistentKeepalives do execute """ INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ - ('default.device.persistent_keepalives', 0, '#{now}', '#{now}') + ('default.device.persistent_keepalives', null, '#{now}', '#{now}') """ end end diff --git a/apps/fz_http/priv/repo/migrations/20220127021835_rename_persistent_keepalives.exs b/apps/fz_http/priv/repo/migrations/20220127021835_rename_persistent_keepalives.exs new file mode 100644 index 000000000..9c116badd --- /dev/null +++ b/apps/fz_http/priv/repo/migrations/20220127021835_rename_persistent_keepalives.exs @@ -0,0 +1,23 @@ +defmodule FzHttp.Repo.Migrations.RenamePersistentKeepalives do + use Ecto.Migration + + def change do + execute( + """ + UPDATE settings + SET key = 'default.device.persistent_keepalive' + WHERE key = 'default.device.persistent_keepalives' + """, + """ + UPDATE settings + SET key = 'default.device.persistent_keepalives' + WHERE key = 'default.device.persistent_keepalive' + """ + ) + + rename table(:devices), :persistent_keepalives, to: :persistent_keepalive + + rename table(:devices), :use_default_persistent_keepalives, + to: :use_default_persistent_keepalive + end +end diff --git a/apps/fz_http/test/fz_http/settings_test.exs b/apps/fz_http/test/fz_http/settings_test.exs index 630c89f3d..40dae5ef4 100644 --- a/apps/fz_http/test/fz_http/settings_test.exs +++ b/apps/fz_http/test/fz_http/settings_test.exs @@ -20,14 +20,14 @@ defmodule FzHttp.SettingsTest do "default.device.dns_servers" => "8.8.8.8", "default.device.allowed_ips" => "::/0", "default.device.endpoint" => "172.10.10.10", - "default.device.persistent_keepalives" => "20", + "default.device.persistent_keepalive" => "20", "default.device.mtu" => "1280" }, %{ "default.device.dns_servers" => "8.8.8.8", "default.device.allowed_ips" => "::/0", "default.device.endpoint" => "foobar.example.com", - "default.device.persistent_keepalives" => "15", + "default.device.persistent_keepalive" => "15", "default.device.mtu" => "1420" } ] @@ -35,7 +35,7 @@ defmodule FzHttp.SettingsTest do "default.device.dns_servers" => "foobar", "default.device.allowed_ips" => nil, "default.device.endpoint" => "foobar", - "default.device.persistent_keepalives" => "-120", + "default.device.persistent_keepalive" => "-120", "default.device.mtu" => "1501" } diff --git a/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs b/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs index 0a0c01e53..558705838 100644 --- a/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs +++ b/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs @@ -33,14 +33,14 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do @mtu_unchanged %{ "device" => %{"use_default_mtu" => "true", "mtu" => "1280"} } - @persistent_keepalives_change %{ + @persistent_keepalive_change %{ "device" => %{ - "use_default_persistent_keepalives" => "false", - "persistent_keepalives" => "120" + "use_default_persistent_keepalive" => "false", + "persistent_keepalive" => "120" } } - @persistent_keepalives_unchanged %{ - "device" => %{"use_default_persistent_keepalives" => "true", "persistent_keepalives" => "5"} + @persistent_keepalive_unchanged %{ + "device" => %{"use_default_persistent_keepalive" => "true", "persistent_keepalive" => "5"} } @default_allowed_ips_change %{ "device" => %{"use_default_allowed_ips" => "false"} @@ -54,8 +54,8 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do @default_mtu_change %{ "device" => %{"use_default_mtu" => "false"} } - @default_persistent_keepalives_change %{ - "device" => %{"use_default_persistent_keepalives" => "false"} + @default_persistent_keepalive_change %{ + "device" => %{"use_default_persistent_keepalive" => "false"} } test "shows device details", %{authed_conn: conn, device: device} do @@ -148,7 +148,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do assert test_view =~ "must not be present" end - test "prevents persistent_keepalives changes when use_default_persistent_keepalives is true", + test "prevents persistent_keepalive changes when use_default_persistent_keepalive is true", %{ authed_conn: conn, device: device @@ -159,7 +159,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do test_view = view |> form("#edit-device") - |> render_submit(@persistent_keepalives_unchanged) + |> render_submit(@persistent_keepalive_unchanged) assert test_view =~ "must not be present" end @@ -224,13 +224,13 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do assert html =~ "MTU = 1280" end - test "allows persistent_keepalives changes", %{authed_conn: conn, device: device} do + test "allows persistent_keepalive changes", %{authed_conn: conn, device: device} do path = Routes.device_show_path(conn, :edit, device) {:ok, view, _html} = live(conn, path) view |> form("#edit-device") - |> render_submit(@persistent_keepalives_change) + |> render_submit(@persistent_keepalive_change) flash = assert_redirected(view, Routes.device_show_path(conn, :show, device)) assert flash["info"] == "Device updated successfully." @@ -307,17 +307,17 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do """ end - test "on use_default_persistent_keepalives change", %{authed_conn: conn, device: device} do + test "on use_default_persistent_keepalive change", %{authed_conn: conn, device: device} do path = Routes.device_show_path(conn, :edit, device) {:ok, view, _html} = live(conn, path) test_view = view |> form("#edit-device") - |> render_change(@default_persistent_keepalives_change) + |> render_change(@default_persistent_keepalive_change) assert test_view =~ """ - \ + \ """ end end diff --git a/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs b/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs index dc9fb6755..10ce46909 100644 --- a/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs +++ b/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs @@ -40,7 +40,7 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do """ assert html =~ """ - id="persistent_keepalives_form_component"\ + id="persistent_keepalive_form_component"\ """ end diff --git a/apps/fz_vpn/lib/fz_vpn/cli/live.ex b/apps/fz_vpn/lib/fz_vpn/cli/live.ex index 4c56591c0..3fc8cd460 100644 --- a/apps/fz_vpn/lib/fz_vpn/cli/live.ex +++ b/apps/fz_vpn/lib/fz_vpn/cli/live.ex @@ -63,8 +63,8 @@ defmodule FzVpn.CLI.Live do show("latest-handshakes") end - def show_persistent_keepalives do - show("persistent-keepalives") + def show_persistent_keepalive do + show("persistent-keepalive") end def show_transfer do diff --git a/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex b/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex index 3516214b9..ca57d9d95 100644 --- a/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex +++ b/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex @@ -18,7 +18,7 @@ defmodule FzVpn.CLI.Sandbox do transfer: 1.21 MiB received, 39.30 MiB sent """ @show_latest_handshakes "4 seconds ago" - @show_persistent_keepalives "every 25 seconds" + @show_persistent_keepalive "every 25 seconds" @show_transfer "4.60 MiB received, 59.21 MiB sent" @default_returned "" @@ -63,7 +63,7 @@ defmodule FzVpn.CLI.Sandbox do end def show_latest_handshakes, do: @show_latest_handshakes - def show_persistent_keepalives, do: @show_persistent_keepalives + def show_persistent_keepalive, do: @show_persistent_keepalive def show_transfer, do: @show_transfer # Generate extremely fake keys in Sandbox mode diff --git a/apps/fz_vpn/test/fz_vpn/cli/sandbox_test.exs b/apps/fz_vpn/test/fz_vpn/cli/sandbox_test.exs index 33f49589c..d50fd91c9 100644 --- a/apps/fz_vpn/test/fz_vpn/cli/sandbox_test.exs +++ b/apps/fz_vpn/test/fz_vpn/cli/sandbox_test.exs @@ -40,8 +40,8 @@ defmodule FzVpn.CLI.SandboxTest do assert cli().show_latest_handshakes() == "4 seconds ago" end - test "show_persistent_keepalives" do - assert cli().show_persistent_keepalives() == "every 25 seconds" + test "show_persistent_keepalive" do + assert cli().show_persistent_keepalive() == "every 25 seconds" end test "show_transfer" do diff --git a/config/config.exs b/config/config.exs index 4ef37fe23..dab7ccffe 100644 --- a/config/config.exs +++ b/config/config.exs @@ -43,6 +43,9 @@ config :posthog, config :fz_http, url_host: "firezone.dev", + wireguard_dns: "1.1.1.1, 1.0.0.1", + wireguard_allowed_ips: "0.0.0.0/0, ::/0", + wireguard_persistent_keepalive: 0, wireguard_ipv4_enabled: true, wireguard_ipv4_network: "10.3.2.0/24", wireguard_ipv4_address: "10.3.2.1", diff --git a/config/releases.exs b/config/releases.exs index 94f05ea9f..6050600da 100644 --- a/config/releases.exs +++ b/config/releases.exs @@ -21,6 +21,9 @@ nft_path = System.fetch_env!("NFT_PATH") wg_path = System.fetch_env!("WG_PATH") egress_interface = System.fetch_env!("EGRESS_INTERFACE") wireguard_public_key = System.fetch_env!("WIREGUARD_PUBLIC_KEY") +wireguard_dns = System.fetch_env!("WIREGUARD_DNS") +wireguard_allowed_ips = System.fetch_env!("WIREGUARD_ALLOWED_IPS") +wireguard_persistent_keepalive = System.fetch_env!("WIREGUARD_PERSISTENT_KEEPALIVE") wireguard_ipv4_enabled = FzString.to_boolean(System.fetch_env!("WIREGUARD_IPV4_ENABLED")) wireguard_ipv4_network = System.fetch_env!("WIREGUARD_IPV4_NETWORK") wireguard_ipv4_address = System.fetch_env!("WIREGUARD_IPV4_ADDRESS") @@ -107,6 +110,9 @@ config :fz_vpn, cli: FzVpn.CLI.Live config :fz_http, + wireguard_dns: wireguard_dns, + wireguard_allowed_ips: wireguard_allowed_ips, + wireguard_persistent_keepalive: wireguard_persistent_keepalive, wireguard_ipv4_enabled: wireguard_ipv4_enabled, wireguard_ipv4_network: wireguard_ipv4_network, wireguard_ipv4_address: wireguard_ipv4_address, diff --git a/docs/docs/reference/configuration-file.md b/docs/docs/reference/configuration-file.md index 026f1738f..024f9f59f 100644 --- a/docs/docs/reference/configuration-file.md +++ b/docs/docs/reference/configuration-file.md @@ -113,6 +113,9 @@ Shown below is a complete listing of the configuration options available in | `default['firezone']['wireguard']['interface_name']` | WireGuard interface name. | `'wg-firezone'` | | `default['firezone']['wireguard']['port']` | WireGuard listen port. | `51820` | | `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU. | `1420` | +| `default['firezone']['wireguard']['dns']` | Default DNS servers to use for generated device configurations. | `'1.1.1.1, 1.0.0.1'` | +| `default['firezone']['wireguard']['allowed_ips']` | Default AllowedIPs to use for generated device configurations. | `'0.0.0.0/0, ::/0'` | +| `default['firezone']['wireguard']['persistent_keepalive']` | Default PersistentKeepalive setting for generated device configurations. A value of 0 disables. | `0` | | `default['firezone']['wireguard']['ipv4']['enabled']` | Enable or disable IPv4 for WireGuard network. | `true` | | `default['firezone']['wireguard']['ipv4']['network']` | WireGuard network IPv4 address pool. | `'10.3.2.0/24'` | | `default['firezone']['wireguard']['ipv4']['address']` | WireGuard interface IPv4 address. Must be within WireGuard address pool. | `'10.3.2.1'` | diff --git a/omnibus/cookbooks/firezone/attributes/default.rb b/omnibus/cookbooks/firezone/attributes/default.rb index 293bfaad6..112c6ae21 100644 --- a/omnibus/cookbooks/firezone/attributes/default.rb +++ b/omnibus/cookbooks/firezone/attributes/default.rb @@ -214,6 +214,19 @@ default['firezone']['wireguard']['port'] = 51820 # WireGuard interface MTU default['firezone']['wireguard']['mtu'] = 1420 +# Default AllowedIPs to use for generated device configs. Default is to +# route all traffic through the tunnel: '0.0.0.0/0, ::/0' +default['firezone']['wireguard']['allowed_ips'] = '0.0.0.0/0, ::/0' + +# Default DNS servers to use for generated device configs. Default is +# CloudFlare DNS, '1.1.1.1, 1.0.0.1' +default['firezone']['wireguard']['dns'] = '1.1.1.1, 1.0.0.1' + +# Default PersistentKeepalive setting to use for generated device configs. +# See https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence +# Default is 0 which disables PersistentKeepalive. +default['firezone']['wireguard']['persistent_keepalive'] = 0 + # Enable or disable IPv4 connectivity in your WireGuard network. Default enabled. default['firezone']['wireguard']['ipv4']['enabled'] = true diff --git a/omnibus/cookbooks/firezone/libraries/config.rb b/omnibus/cookbooks/firezone/libraries/config.rb index 85acd3f65..be7867adf 100644 --- a/omnibus/cookbooks/firezone/libraries/config.rb +++ b/omnibus/cookbooks/firezone/libraries/config.rb @@ -238,6 +238,9 @@ class Firezone 'WIREGUARD_INTERFACE_NAME' => attributes['wireguard']['interface_name'], 'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s, 'WIREGUARD_MTU' => attributes['wireguard']['mtu'].to_s, + 'WIREGUARD_DNS' => attributes['wireguard']['dns'].to_s, + 'WIREGUARD_ALLOWED_IPS' => attributes['wireguard']['allowed_ips'].to_s, + 'WIREGUARD_PERSISTENT_KEEPALIVE' => attributes['wireguard']['persistent_keepalive'].to_s, 'WIREGUARD_PUBLIC_KEY' => attributes['wireguard_public_key'], 'WIREGUARD_IPV4_ENABLED' => attributes['wireguard']['ipv4']['enabled'].to_s, 'WIREGUARD_IPV4_NETWORK' => attributes['wireguard']['ipv4']['network'], From 7101503f4d2370cf0cb136af262244aaee7b7ea2 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Thu, 27 Jan 2022 15:10:20 -0800 Subject: [PATCH 2/2] Expose device defaults in config file --- apps/fz_http/lib/fz_http/devices.ex | 78 ++++++++++++------- apps/fz_http/lib/fz_http/devices/device.ex | 16 ++-- apps/fz_http/lib/fz_http/settings.ex | 2 +- apps/fz_http/lib/fz_http/settings/setting.ex | 3 +- .../live/device_live/form_component.ex | 2 +- .../live/device_live/form_component.html.heex | 14 ++-- .../live/device_live/show.html.heex | 2 +- .../fz_http_web/live/device_live/show_live.ex | 2 +- .../live/setting_live/default.html.heex | 12 +-- .../live/setting_live/default_live.ex | 2 +- .../20211116173236_create_settings.exs | 21 +++-- ...211217003247_add_persistent_keepalives.exs | 13 +++- .../20220111004847_add_mtu_to_devices.exs | 13 +++- ...220127191440_rename_dns_servers_to_dns.exs | 21 +++++ apps/fz_http/test/fz_http/devices_test.exs | 30 +++---- apps/fz_http/test/fz_http/settings_test.exs | 10 +-- .../live/device_live/show_test.exs | 30 +++---- .../live/setting_live/default_test.exs | 36 +++++---- .../support/fixtures/settings_fixtures.ex | 2 +- config/config.exs | 1 + config/releases.exs | 1 + docs/docs/reference/configuration-file.md | 7 +- .../cookbooks/firezone/attributes/default.rb | 19 +++-- .../cookbooks/firezone/libraries/config.rb | 1 + 24 files changed, 206 insertions(+), 132 deletions(-) create mode 100644 apps/fz_http/priv/repo/migrations/20220127191440_rename_dns_servers_to_dns.exs diff --git a/apps/fz_http/lib/fz_http/devices.ex b/apps/fz_http/lib/fz_http/devices.ex index ba1c3d413..b775a945e 100644 --- a/apps/fz_http/lib/fz_http/devices.ex +++ b/apps/fz_http/lib/fz_http/devices.ex @@ -136,6 +136,20 @@ defmodule FzHttp.Devices do end) end + def new_device do + change_device(%Device{}) + end + + def endpoint(device) do + if device.use_default_endpoint do + Settings.default_device_endpoint() || + Application.fetch_env!(:fz_http, :wireguard_endpoint) || + ConnectivityChecks.endpoint() + else + device.endpoint + end + end + def allowed_ips(device) do if device.use_default_allowed_ips do Settings.default_device_allowed_ips() || @@ -145,29 +159,19 @@ defmodule FzHttp.Devices do end end - def dns_servers(device) do - if device.use_default_dns_servers do - Settings.default_device_dns_servers() || Application.fetch_env!(:fz_http, :wireguard_dns) + def dns(device) do + if device.use_default_dns do + Settings.default_device_dns() || + Application.fetch_env!(:fz_http, :wireguard_dns) else - device.dns_servers - end - end - - def new_device do - change_device(%Device{}) - end - - def endpoint(device) do - if device.use_default_endpoint do - Settings.default_device_endpoint() || ConnectivityChecks.endpoint() - else - device.endpoint + device.dns end end def mtu(device) do if device.use_default_mtu do - Settings.default_device_mtu() + Settings.default_device_mtu() || + Application.fetch_env!(:fz_http, :wireguard_mtu) else device.mtu end @@ -176,7 +180,7 @@ defmodule FzHttp.Devices do def persistent_keepalive(device) do if device.use_default_persistent_keepalive do Settings.default_device_persistent_keepalive() || - Application.fetch_env!(:fz_http, :persistent_keepalive) + Application.fetch_env!(:fz_http, :wireguard_persistent_keepalive) else device.persistent_keepalive end @@ -185,7 +189,7 @@ defmodule FzHttp.Devices do def defaults(changeset) do ~w( use_default_allowed_ips - use_default_dns_servers + use_default_dns use_default_endpoint use_default_mtu use_default_persistent_keepalive @@ -202,11 +206,11 @@ defmodule FzHttp.Devices do PrivateKey = #{device.private_key} Address = #{inet(device)} #{mtu_config(device)} - #{dns_servers_config(device)} + #{dns_config(device)} [Peer] PublicKey = #{device.server_public_key} - AllowedIPs = #{allowed_ips(device)} + #{allowed_ips_config(device)} Endpoint = #{endpoint(device)}:#{wireguard_port} #{persistent_keepalive_config(device)} """ @@ -226,44 +230,58 @@ defmodule FzHttp.Devices do defp mtu_config(device) do m = mtu(device) - if is_nil(m) do + if field_empty?(m) do "" else "MTU = #{m}" end end + defp allowed_ips_config(device) do + a = allowed_ips(device) + + if field_empty?(a) do + "" + else + "AllowedIPs = #{a}" + end + end + defp persistent_keepalive_config(device) do pk = persistent_keepalive(device) - if is_nil(pk) do + if field_empty?(pk) do "" else "PersistentKeepalive = #{pk}" end end - defp dns_servers_config(device) when is_struct(device) do - dns_servers = dns_servers(device) + defp dns_config(device) when is_struct(device) do + dns = dns(device) - if dns_servers_empty?(dns_servers) do + if field_empty?(dns) do "" else - "DNS = #{dns_servers}" + "DNS = #{dns}" end end - defp dns_servers_empty?(nil), do: true + defp field_empty?(nil), do: true - defp dns_servers_empty?(dns_servers) when is_binary(dns_servers) do + defp field_empty?(0), do: true + + defp field_empty?(field) when is_binary(field) do len = - dns_servers + field |> String.trim() |> String.length() len == 0 end + defp field_empty?(_), do: false + defp ipv4? do Application.fetch_env!(:fz_http, :wireguard_ipv4_enabled) end diff --git a/apps/fz_http/lib/fz_http/devices/device.ex b/apps/fz_http/lib/fz_http/devices/device.ex index b3a97e78c..75b7e1b34 100644 --- a/apps/fz_http/lib/fz_http/devices/device.ex +++ b/apps/fz_http/lib/fz_http/devices/device.ex @@ -25,7 +25,7 @@ defmodule FzHttp.Devices.Device do field :name, :string field :public_key, :string field :use_default_allowed_ips, :boolean, read_after_writes: true, default: true - field :use_default_dns_servers, :boolean, read_after_writes: true, default: true + field :use_default_dns, :boolean, read_after_writes: true, default: true field :use_default_endpoint, :boolean, read_after_writes: true, default: true field :use_default_mtu, :boolean, read_after_writes: true, default: true field :use_default_persistent_keepalive, :boolean, read_after_writes: true, default: true @@ -33,7 +33,7 @@ defmodule FzHttp.Devices.Device do field :mtu, :integer field :persistent_keepalive, :integer field :allowed_ips, :string - field :dns_servers, :string + field :dns, :string field :private_key, FzHttp.Encrypted.Binary field :server_public_key, :string field :remote_ip, EctoNetwork.INET @@ -70,12 +70,12 @@ defmodule FzHttp.Devices.Device do device |> cast(attrs, [ :use_default_allowed_ips, - :use_default_dns_servers, + :use_default_dns, :use_default_endpoint, :use_default_mtu, :use_default_persistent_keepalive, :allowed_ips, - :dns_servers, + :dns, :endpoint, :mtu, :persistent_keepalive, @@ -103,21 +103,21 @@ defmodule FzHttp.Devices.Device do ]) |> validate_required_unless_default([ :allowed_ips, - :dns_servers, + :dns, :endpoint, :mtu, :persistent_keepalive ]) |> validate_omitted_if_default([ :allowed_ips, - :dns_servers, + :dns, :endpoint, :persistent_keepalive, :mtu ]) |> validate_list_of_ips_or_cidrs(:allowed_ips) - |> validate_list_of_ips(:dns_servers) - |> validate_no_duplicates(:dns_servers) + |> validate_list_of_ips(:dns) + |> validate_no_duplicates(:dns) |> validate_fqdn_or_ip(:endpoint) |> validate_number(:persistent_keepalive, greater_than_or_equal_to: 0, diff --git a/apps/fz_http/lib/fz_http/settings.ex b/apps/fz_http/lib/fz_http/settings.ex index a1f8f0219..22472ae2b 100644 --- a/apps/fz_http/lib/fz_http/settings.ex +++ b/apps/fz_http/lib/fz_http/settings.ex @@ -12,7 +12,7 @@ defmodule FzHttp.Settings do def_settings(~w( default.device.allowed_ips - default.device.dns_servers + default.device.dns default.device.endpoint default.device.mtu default.device.persistent_keepalive diff --git a/apps/fz_http/lib/fz_http/settings/setting.ex b/apps/fz_http/lib/fz_http/settings/setting.ex index a0175d2d1..c67ffb646 100644 --- a/apps/fz_http/lib/fz_http/settings/setting.ex +++ b/apps/fz_http/lib/fz_http/settings/setting.ex @@ -47,7 +47,7 @@ defmodule FzHttp.Settings.Setting do defp validate_setting(changeset), do: changeset - defp validate_kv_pair(changeset, "default.device.dns_servers") do + defp validate_kv_pair(changeset, "default.device.dns") do changeset |> validate_list_of_ips(:value) |> validate_no_duplicates(:value) @@ -55,7 +55,6 @@ defmodule FzHttp.Settings.Setting do defp validate_kv_pair(changeset, "default.device.allowed_ips") do changeset - |> validate_required(:value) |> validate_list_of_ips_or_cidrs(:value) |> validate_no_duplicates(:value) end diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex index 4a20a97f3..22de9d797 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.ex @@ -19,7 +19,7 @@ defmodule FzHttpWeb.DeviceLive.FormComponent do |> assign(assigns) |> assign(Devices.defaults(changeset)) |> assign(:default_device_allowed_ips, Settings.default_device_allowed_ips()) - |> assign(:default_device_dns_servers, Settings.default_device_dns_servers()) + |> assign(:default_device_dns, Settings.default_device_dns()) |> assign(:default_device_endpoint, default_device_endpoint) |> assign(:default_device_mtu, default_device_mtu) |> assign( diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex index 57f843205..3168a8bad 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/form_component.html.heex @@ -38,29 +38,29 @@
- <%= label f, :use_default_dns_servers, "Use Default DNS Servers", class: "label" %> + <%= label f, :use_default_dns, "Use Default DNS Servers", class: "label" %>

- Default: <%= @default_device_dns_servers %> + Default: <%= @default_device_dns %>

- <%= label f, :dns_servers, "DNS Servers", class: "label" %> + <%= label f, :dns, "DNS Servers", class: "label" %>
- <%= text_input f, :dns_servers, class: "input", disabled: @use_default_dns_servers %> + <%= text_input f, :dns, class: "input", disabled: @use_default_dns %>

- <%= error_tag f, :dns_servers %> + <%= error_tag f, :dns %>

diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex index e17e51e57..3e53d0abd 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex @@ -60,7 +60,7 @@ DNS Servers - <%= @dns_servers || "None" %> + <%= @dns || "None" %> diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex b/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex index d719cad29..008c26596 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/show_live.ex @@ -85,7 +85,7 @@ defmodule FzHttpWeb.DeviceLive.Show do user: Users.get_user!(device.user_id), page_title: device.name, allowed_ips: Devices.allowed_ips(device), - dns_servers: Devices.dns_servers(device), + dns: Devices.dns(device), endpoint: Devices.endpoint(device), mtu: Devices.mtu(device), persistent_keepalive: Devices.persistent_keepalive(device), diff --git a/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex b/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex index 5b3f319be..a0500da56 100644 --- a/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/setting_live/default.html.heex @@ -15,7 +15,7 @@ <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, label_text: "Allowed IPs", - placeholder: nil, + placeholder: @allowed_ips_placeholder, changeset: @changesets["default.device.allowed_ips"], help_text: @help_texts.allowed_ips, id: :allowed_ips_form_component) %> @@ -23,10 +23,10 @@ <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, label_text: "DNS Servers", - placeholder: nil, - changeset: @changesets["default.device.dns_servers"], - help_text: @help_texts.dns_servers, - id: :dns_servers_form_component) %> + placeholder: @dns_placeholder, + changeset: @changesets["default.device.dns"], + help_text: @help_texts.dns, + id: :dns_form_component) %> <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, @@ -39,7 +39,7 @@ <%= live_component( FzHttpWeb.SettingLive.DefaultFormComponent, label_text: "Persistent Keepalive", - placeholder: "0", + placeholder: @persistent_keepalive_placeholder, changeset: @changesets["default.device.persistent_keepalive"], help_text: @help_texts.persistent_keepalive, id: :persistent_keepalive_form_component) %> diff --git a/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex b/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex index bd73855d6..38fcf8f91 100644 --- a/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex +++ b/apps/fz_http/lib/fz_http_web/live/setting_live/default_live.ex @@ -13,7 +13,7 @@ defmodule FzHttpWeb.SettingLive.Default do Firezone. Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use 0.0.0.0/0, ::/0 to route all device traffic through this Firezone server. """, - dns_servers: """ + dns: """ Comma-separated list of DNS servers to use for devices. Leaving this blank will omit the DNS section in generated device configs. diff --git a/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs b/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs index a6be559d7..da57c6d83 100644 --- a/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs +++ b/apps/fz_http/priv/repo/migrations/20211116173236_create_settings.exs @@ -15,11 +15,20 @@ defmodule FzHttp.Repo.Migrations.CreateSettings do now = DateTime.utc_now() - execute """ - INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ - ('default.device.dns_servers', null, '#{now}', '#{now}'), - ('default.device.allowed_ips', null, '#{now}', '#{now}'), - ('default.device.endpoint', null, '#{now}', '#{now}') - """ + execute( + """ + INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ + ('default.device.dns_servers', null, '#{now}', '#{now}'), + ('default.device.allowed_ips', null, '#{now}', '#{now}'), + ('default.device.endpoint', null, '#{now}', '#{now}') + """, + """ + DELETE FROM settings WHERE key IN ( + 'default.device.dns_servers', + 'default.device.allowed_ips', + 'default.device.endpoint' + ) + """ + ) end end diff --git a/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs b/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs index bcb9b4a84..4352ef201 100644 --- a/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs +++ b/apps/fz_http/priv/repo/migrations/20211217003247_add_persistent_keepalives.exs @@ -9,9 +9,14 @@ defmodule FzHttp.Repo.Migrations.AddPersistentKeepalives do now = DateTime.utc_now() - execute """ - INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ - ('default.device.persistent_keepalives', null, '#{now}', '#{now}') - """ + execute( + """ + INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ + ('default.device.persistent_keepalives', null, '#{now}', '#{now}') + """, + """ + DELETE FROM settings WHERE key = 'default.device.persistent_keepalives' + """ + ) end end diff --git a/apps/fz_http/priv/repo/migrations/20220111004847_add_mtu_to_devices.exs b/apps/fz_http/priv/repo/migrations/20220111004847_add_mtu_to_devices.exs index 64ee9472b..91715a82b 100644 --- a/apps/fz_http/priv/repo/migrations/20220111004847_add_mtu_to_devices.exs +++ b/apps/fz_http/priv/repo/migrations/20220111004847_add_mtu_to_devices.exs @@ -9,9 +9,14 @@ defmodule FzHttp.Repo.Migrations.AddMtuToDevices do now = DateTime.utc_now() - execute """ - INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ - ('default.device.mtu', null, '#{now}', '#{now}') - """ + execute( + """ + INSERT INTO settings (key, value, inserted_at, updated_at) VALUES \ + ('default.device.mtu', null, '#{now}', '#{now}') + """, + """ + DELETE FROM settings WHERE key = 'default.device.mtu' + """ + ) end end diff --git a/apps/fz_http/priv/repo/migrations/20220127191440_rename_dns_servers_to_dns.exs b/apps/fz_http/priv/repo/migrations/20220127191440_rename_dns_servers_to_dns.exs new file mode 100644 index 000000000..9ab29603a --- /dev/null +++ b/apps/fz_http/priv/repo/migrations/20220127191440_rename_dns_servers_to_dns.exs @@ -0,0 +1,21 @@ +defmodule FzHttp.Repo.Migrations.RenameDnsServersToDns do + use Ecto.Migration + + def change do + execute( + """ + UPDATE settings + SET key = 'default.device.dns' + WHERE key = 'default.device.dns_servers' + """, + """ + UPDATE settings + SET key = 'default.device.dns_servers' + WHERE key = 'default.device.dns' + """ + ) + + rename table(:devices), :dns_servers, to: :dns + rename table(:devices), :use_default_dns_servers, to: :use_default_dns + end +end diff --git a/apps/fz_http/test/fz_http/devices_test.exs b/apps/fz_http/test/fz_http/devices_test.exs index 5333e7727..37ff91b82 100644 --- a/apps/fz_http/test/fz_http/devices_test.exs +++ b/apps/fz_http/test/fz_http/devices_test.exs @@ -110,17 +110,17 @@ defmodule FzHttp.DevicesTest do use_default_allowed_ips: false } - @valid_dns_servers_attrs %{ - use_default_dns_servers: false, - dns_servers: "1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001" + @valid_dns_attrs %{ + use_default_dns: false, + dns: "1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001" } - @invalid_dns_servers_attrs %{ - dns_servers: "8.8.8.8, 1.1.1, 1.0.0, 1.1.1." + @invalid_dns_attrs %{ + dns: "8.8.8.8, 1.1.1, 1.0.0, 1.1.1." } - @duplicate_dns_servers_attrs %{ - dns_servers: "8.8.8.8, 1.1.1.1, 1.1.1.1, ::1, ::1, ::1, ::1, ::1, 8.8.8.8" + @duplicate_dns_attrs %{ + dns: "8.8.8.8, 1.1.1.1, 1.1.1.1, ::1, ::1, ::1, ::1, ::1, 8.8.8.8" } @valid_allowed_ips_attrs %{ @@ -167,9 +167,9 @@ defmodule FzHttp.DevicesTest do assert @attrs = test_device end - test "updates device with valid dns_servers", %{device: device} do - {:ok, test_device} = Devices.update_device(device, @valid_dns_servers_attrs) - assert @valid_dns_servers_attrs = test_device + test "updates device with valid dns", %{device: device} do + {:ok, test_device} = Devices.update_device(device, @valid_dns_attrs) + assert @valid_dns_attrs = test_device end test "updates device with valid ipv4 endpoint", %{device: device} do @@ -214,19 +214,19 @@ defmodule FzHttp.DevicesTest do } end - test "prevents updating device with invalid dns_servers", %{device: device} do - {:error, changeset} = Devices.update_device(device, @invalid_dns_servers_attrs) + test "prevents updating device with invalid dns", %{device: device} do + {:error, changeset} = Devices.update_device(device, @invalid_dns_attrs) - assert changeset.errors[:dns_servers] == { + assert changeset.errors[:dns] == { "is invalid: 1.1.1 is not a valid IPv4 / IPv6 address", [] } end test "prevents assigning duplicate DNS servers", %{device: device} do - {:error, changeset} = Devices.update_device(device, @duplicate_dns_servers_attrs) + {:error, changeset} = Devices.update_device(device, @duplicate_dns_attrs) - assert changeset.errors[:dns_servers] == { + assert changeset.errors[:dns] == { "is invalid: duplicate DNS servers are not allowed: 1.1.1.1, ::1, 8.8.8.8", [] } diff --git a/apps/fz_http/test/fz_http/settings_test.exs b/apps/fz_http/test/fz_http/settings_test.exs index 40dae5ef4..4e86a99fe 100644 --- a/apps/fz_http/test/fz_http/settings_test.exs +++ b/apps/fz_http/test/fz_http/settings_test.exs @@ -4,7 +4,7 @@ defmodule FzHttp.SettingsTest do alias FzHttp.Settings @setting_keys ~w( - default.device.dns_servers + default.device.dns default.device.allowed_ips default.device.endpoint default.device.mtu @@ -17,14 +17,14 @@ defmodule FzHttp.SettingsTest do @valid_settings [ %{ - "default.device.dns_servers" => "8.8.8.8", + "default.device.dns" => "8.8.8.8", "default.device.allowed_ips" => "::/0", "default.device.endpoint" => "172.10.10.10", "default.device.persistent_keepalive" => "20", "default.device.mtu" => "1280" }, %{ - "default.device.dns_servers" => "8.8.8.8", + "default.device.dns" => "8.8.8.8", "default.device.allowed_ips" => "::/0", "default.device.endpoint" => "foobar.example.com", "default.device.persistent_keepalive" => "15", @@ -32,8 +32,8 @@ defmodule FzHttp.SettingsTest do } ] @invalid_settings %{ - "default.device.dns_servers" => "foobar", - "default.device.allowed_ips" => nil, + "default.device.dns" => "foobar", + "default.device.allowed_ips" => "foobar", "default.device.endpoint" => "foobar", "default.device.persistent_keepalive" => "-120", "default.device.mtu" => "1501" diff --git a/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs b/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs index 558705838..44216d543 100644 --- a/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs +++ b/apps/fz_http/test/fz_http_web/live/device_live/show_test.exs @@ -13,12 +13,12 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do @allowed_ips_unchanged %{ "device" => %{"use_default_allowed_ips" => "true", "allowed_ips" => @allowed_ips} } - @dns_servers "8.8.8.8, 8.8.4.4" - @dns_servers_change %{ - "device" => %{"use_default_dns_servers" => "false", "dns_servers" => @dns_servers} + @dns "8.8.8.8, 8.8.4.4" + @dns_change %{ + "device" => %{"use_default_dns" => "false", "dns" => @dns} } - @dns_servers_unchanged %{ - "device" => %{"use_default_dns_servers" => "true", "dns_servers" => @dns_servers} + @dns_unchanged %{ + "device" => %{"use_default_dns" => "true", "dns" => @dns} } @wireguard_endpoint "6.6.6.6" @endpoint_change %{ @@ -45,8 +45,8 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do @default_allowed_ips_change %{ "device" => %{"use_default_allowed_ips" => "false"} } - @default_dns_servers_change %{ - "device" => %{"use_default_dns_servers" => "false"} + @default_dns_change %{ + "device" => %{"use_default_dns" => "false"} } @default_endpoint_change %{ "device" => %{"use_default_endpoint" => "false"} @@ -103,7 +103,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do assert test_view =~ "must not be present" end - test "prevents dns_servers changes when use_default_dns_servers is true", %{ + test "prevents dns changes when use_default_dns is true", %{ authed_conn: conn, device: device } do @@ -113,7 +113,7 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do test_view = view |> form("#edit-device") - |> render_submit(@dns_servers_unchanged) + |> render_submit(@dns_unchanged) assert test_view =~ "must not be present" end @@ -179,19 +179,19 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do assert html =~ "AllowedIPs = #{@allowed_ips}" end - test "allows dns_servers changes", %{authed_conn: conn, device: device} do + test "allows dns changes", %{authed_conn: conn, device: device} do path = Routes.device_show_path(conn, :edit, device) {:ok, view, _html} = live(conn, path) view |> form("#edit-device") - |> render_submit(@dns_servers_change) + |> render_submit(@dns_change) flash = assert_redirected(view, Routes.device_show_path(conn, :show, device)) assert flash["info"] == "Device updated successfully." {:ok, _view, html} = live(conn, path) - assert html =~ "DNS = #{@dns_servers}" + assert html =~ "DNS = #{@dns}" end test "allows endpoint changes", %{authed_conn: conn, device: device} do @@ -265,17 +265,17 @@ defmodule FzHttpWeb.DeviceLive.ShowTest do """ end - test "on use_default_dns_servers change", %{authed_conn: conn, device: device} do + test "on use_default_dns change", %{authed_conn: conn, device: device} do path = Routes.device_show_path(conn, :edit, device) {:ok, view, _html} = live(conn, path) test_view = view |> form("#edit-device") - |> render_change(@default_dns_servers_change) + |> render_change(@default_dns_change) assert test_view =~ """ - \ + \ """ end diff --git a/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs b/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs index 10ce46909..5aa74c136 100644 --- a/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs +++ b/apps/fz_http/test/fz_http_web/live/setting_live/default_test.exs @@ -7,7 +7,7 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do @valid_allowed_ips %{ "setting" => %{"value" => "1.1.1.1"} } - @valid_dns_servers %{ + @valid_dns %{ "setting" => %{"value" => "1.1.1.1"} } @valid_endpoint %{ @@ -17,7 +17,7 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do @invalid_allowed_ips %{ "setting" => %{"value" => "foobar"} } - @invalid_dns_servers %{ + @invalid_dns %{ "setting" => %{"value" => "foobar"} } @invalid_endpoint %{ @@ -32,8 +32,12 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do end test "renders current settings", %{html: html} do - assert html =~ Settings.default_device_allowed_ips() - assert html =~ Settings.default_device_dns_servers() + assert html =~ + (Settings.default_device_allowed_ips() || + Application.fetch_env!(:fz_http, :wireguard_allowed_ips)) + + assert html =~ + (Settings.default_device_dns() || Application.fetch_env!(:fz_http, :wireguard_dns)) assert html =~ """ id="endpoint_form_component"\ @@ -61,11 +65,11 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do """ end - test "shows Save button after dns_servers form is changed", %{view: view} do + test "shows Save button after dns form is changed", %{view: view} do test_view = view - |> element("#dns_servers_form_component") - |> render_change(@valid_dns_servers) + |> element("#dns_form_component") + |> render_change(@valid_dns) assert test_view =~ """ \ @@ -92,20 +96,20 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do refute test_view =~ "is invalid" assert test_view =~ """ - \ + \ """ end - test "updates default dns_servers", %{view: view} do + test "updates default dns", %{view: view} do test_view = view - |> element("#dns_servers_form_component") - |> render_submit(@valid_dns_servers) + |> element("#dns_form_component") + |> render_submit(@valid_dns) refute test_view =~ "is invalid" assert test_view =~ """ - \ + \ """ end @@ -135,16 +139,16 @@ defmodule FzHttpWeb.SettingLive.DefaultTest do """ end - test "prevents invalid dns_servers", %{view: view} do + test "prevents invalid dns", %{view: view} do test_view = view - |> element("#dns_servers_form_component") - |> render_submit(@invalid_dns_servers) + |> element("#dns_form_component") + |> render_submit(@invalid_dns) assert test_view =~ "is invalid" refute test_view =~ """ - attributes['wireguard']['interface_name'], 'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s, 'WIREGUARD_MTU' => attributes['wireguard']['mtu'].to_s, + 'WIREGUARD_ENDPOINT' => attributes['wireguard']['endpoint'].to_s, 'WIREGUARD_DNS' => attributes['wireguard']['dns'].to_s, 'WIREGUARD_ALLOWED_IPS' => attributes['wireguard']['allowed_ips'].to_s, 'WIREGUARD_PERSISTENT_KEEPALIVE' => attributes['wireguard']['persistent_keepalive'].to_s,